Preparations for renaming `master` to `stable`
[akkoma] / docs / installation / netbsd_en.md
1 # Installing on NetBSD
2
3 ## Required software
4
5 pkgin should have been installed by the NetBSD installer if you selected
6 the right options. If it isn't installed, install it using pkg_add.
7
8 Note that `postgresql11-contrib` is needed for the Postgres extensions
9 Pleroma uses.
10
11 The `mksh` shell is needed to run the Elixir `mix` script.
12
13 `# pkgin install acmesh elixir git-base git-docs mksh nginx postgresql11-server postgresql11-client postgresql11-contrib sudo`
14
15 You can also build these packages using pkgsrc:
16 ```
17 databases/postgresql11-contrib
18 databases/postgresql11-client
19 databases/postgresql11-server
20 devel/git-base
21 devel/git-docs
22 lang/elixir
23 security/acmesh
24 security/sudo
25 shells/mksh
26 www/nginx
27 ```
28
29 Copy the rc.d scripts to the right directory:
30
31 ```
32 # cp /usr/pkg/share/examples/rc.d/nginx /usr/pkg/share/examples/rc.d/pgsql /etc/rc.d
33 ```
34
35 Add nginx and Postgres to `/etc/rc.conf`:
36
37 ```
38 nginx=YES
39 pgsql=YES
40 ```
41
42 ## Configuring postgres
43
44 First, run `# /etc/rc.d/pgsql start`. Then, `$ sudo -Hu pgsql -g pgsql createdb`.
45
46 ## Configuring Pleroma
47
48 Create a user for Pleroma:
49
50 ```
51 # groupadd pleroma
52 # useradd -d /home/pleroma -m -g pleroma -s /usr/pkg/bin/mksh pleroma
53 # echo 'export LC_ALL="en_GB.UTF-8"' >> /home/pleroma/.profile
54 # su -l pleroma -c $SHELL
55 ```
56
57 Clone the repository:
58
59 ```
60 $ cd /home/pleroma
61 $ git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
62 ```
63
64 Configure Pleroma. Note that you need a domain name at this point:
65
66 ```
67 $ cd /home/pleroma/pleroma
68 $ mix deps.get
69 $ mix pleroma.instance gen # You will be asked a few questions here.
70 ```
71
72 Since Postgres is configured, we can now initialize the database. There should
73 now be a file in `config/setup_db.psql` that makes this easier. Edit it, and
74 *change the password* to a password of your choice. Make sure it is secure, since
75 it'll be protecting your database. Now initialize the database:
76
77 ```
78 $ sudo -Hu pgsql -g pgsql psql -f config/setup_db.psql
79 ```
80
81 Postgres allows connections from all users without a password by default. To
82 fix this, edit `/usr/pkg/pgsql/data/pg_hba.conf`. Change every `trust` to
83 `password`.
84
85 Once this is done, restart Postgres with `# /etc/rc.d/pgsql restart`.
86
87 Run the database migrations.
88 You will need to do this whenever you update with `git pull`:
89
90 ```
91 $ MIX_ENV=prod mix ecto.migrate
92 ```
93
94 ## Configuring nginx
95
96 Install the example configuration file
97 `/home/pleroma/pleroma/installation/pleroma.nginx` to
98 `/usr/pkg/etc/nginx.conf`.
99
100 Note that it will need to be wrapped in a `http {}` block. You should add
101 settings for the nginx daemon outside of the http block, for example:
102
103 ```
104 user nginx nginx;
105 error_log /var/log/nginx/error.log;
106 worker_processes 4;
107
108 events {
109 }
110 ```
111
112 Edit the defaults:
113
114 * Change `ssl_certificate` and `ssl_trusted_certificate` to
115 `/etc/nginx/tls/fullchain`.
116 * Change `ssl_certificate_key` to `/etc/nginx/tls/key`.
117 * Change `example.tld` to your instance's domain name.
118
119 ## Configuring acme.sh
120
121 We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
122
123 First, get your account fingerprint:
124
125 ```
126 $ sudo -Hu nginx -g nginx acme.sh --register-account
127 ```
128
129 You need to add the following to your nginx configuration for the server
130 running on port 80:
131
132 ```
133 location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
134 default_type text/plain;
135 return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
136 }
137 ```
138
139 Replace the string after after `$1.` with your fingerprint.
140
141 Start nginx:
142
143 ```
144 # /etc/rc.d/nginx start
145 ```
146
147 It should now be possible to issue a cert (replace `example.com`
148 with your domain name):
149
150 ```
151 $ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless
152 ```
153
154 Let's add auto-renewal to `/etc/daily.local`
155 (replace `example.com` with your domain):
156
157 ```
158 /usr/pkg/bin/sudo -Hu nginx -g nginx \
159 /usr/pkg/sbin/acme.sh -r \
160 -d example.com \
161 --cert-file /etc/nginx/tls/cert \
162 --key-file /etc/nginx/tls/key \
163 --ca-file /etc/nginx/tls/ca \
164 --fullchain-file /etc/nginx/tls/fullchain \
165 --stateless
166 ```
167
168 ## Creating a startup script for Pleroma
169
170 Copy the startup script to the correct location and make sure it's executable:
171
172 ```
173 # cp /home/pleroma/pleroma/installation/netbsd/rc.d/pleroma /etc/rc.d/pleroma
174 # chmod +x /etc/rc.d/pleroma
175 ```
176
177 Add the following to `/etc/rc.conf`:
178
179 ```
180 pleroma=YES
181 pleroma_home="/home/pleroma"
182 pleroma_user="pleroma"
183 ```
184
185 Run `# /etc/rc.d/pleroma start` to start Pleroma.
186
187 ## Conclusion
188
189 Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running.
190
191 If you need further help, contact niaa on freenode.
192
193 Make sure your time is in sync, or other instances will receive your posts with
194 incorrect timestamps. You should have ntpd running.
195
196 ## Instances running NetBSD
197
198 * <https://catgirl.science>