Go to file
Denis 'GNUtoo' Carikli 8c09af074b
Fix IPv4 netmask
Running dhclient on eth0 gives a /16, and this is necessary anyway to
reach the gateway.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
2023-10-03 15:08:04 +02:00
.gitignore Provide the service source code on the web page 2023-10-03 15:08:03 +02:00
COPYING Add license 2023-09-12 21:56:04 +02:00
Makefile.am Provide the service source code on the web page 2023-10-03 15:08:03 +02:00
README README: document missing files 2023-09-19 22:43:49 +02:00
autogen.sh Make the domain configurable 2023-09-13 07:21:20 +02:00
configure.ac Fix IPv4 netmask 2023-10-03 15:08:04 +02:00
first-boot.sh.tmpl Add script to run on first boot 2023-09-18 22:30:52 +02:00
index.html.tmpl Provide the service source code on the web page 2023-10-03 15:08:03 +02:00
mumble-vm-machine.scm.tmpl Make the VM SSH address configurable 2023-09-18 22:37:48 +02:00
mumble-vm-system.scm.tmpl Add nss-certs 2023-10-03 15:08:04 +02:00
mumble-vm.xml Update mumble-vm.xml to match the one deployed at Libre en Communs 2023-10-02 21:25:08 +02:00
wireguard-post-up.sh.tmpl Add Public IP address through WireGuard 2023-09-18 22:30:52 +02:00

README

Deployment
==========
To build the virtual machine image you can use the following command:
$ ./autogen.sh && ./configure && make

You can also check the configure option for configuring it for testing
on another infrastructure (for instance by using another domain).

To build an image you will also need at least id_ed25519.pub and
signing-key.pub:

- id_ed25519.pub can be genreated with the ssh-keygen -t ed25519
  command. See the ssh-keygen manual ('man 1 ssh-keygen') for more
  details. If you're not confortable with that, backup your ~/.ssh
  folder first.

- signing-key.pub can be generated with the 'guix archive
  --generate-key' command.  See the "Invoking guix archive" in the
  Guix manual for more details[1].
  https://guix.gnu.org/en/manual/en/guix.html#Invoking-guix-archive

Other files are optional:

- id_ed25519: It is used for guix deploy. It is also generated by
  ssh-keygen. A good idea is to have a symlink to it in order not to
  have scp copy it to the target machine by mistake as it is the SSH
  private key. Using separate SSH keys for separate machines also help
  limiting the damage when such accident happen.

- id_wireguard: This is the wireguard private key. It can be generated
  with the 'wg genkey > id_wireguard' command. See the wg manual ('man
  8 wg') for more detail.


Note that letsencrypt has a limit of about 5 certificates per week, so
it's a good idea to use test domains before deployments.

Once the image is booted:
- You will need to login inside and run the following command:
  # first-boot.sh
- You then need to set the root password.

License
=======
This project is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This project is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this project.  If not, see <http://www.gnu.org/licenses/>.