akkoma/docs/installation/netbsd_en.md

5.5 KiB
Raw Blame History

Installing on NetBSD

{! backend/installation/generic_dependencies.include !}

Installing software used in this guide

pkgin should have been installed by the NetBSD installer if you selected the right options. If it isn't installed, install it using pkg_add.

Note that postgresql11-contrib is needed for the Postgres extensions Pleroma uses.

The mksh shell is needed to run the Elixir mix script.

# pkgin install acmesh elixir git-base git-docs mksh nginx postgresql11-server postgresql11-client postgresql11-contrib sudo ffmpeg4 ImageMagick

You can also build these packages using pkgsrc:

databases/postgresql11-contrib
databases/postgresql11-client
databases/postgresql11-server
devel/git-base
devel/git-docs
devel/cmake
lang/elixir
security/acmesh
security/sudo
shells/mksh
www/nginx

Copy the rc.d scripts to the right directory:

# cp /usr/pkg/share/examples/rc.d/nginx /usr/pkg/share/examples/rc.d/pgsql /etc/rc.d

Add nginx and Postgres to /etc/rc.conf:

nginx=YES
pgsql=YES

Configuring postgres

First, run # /etc/rc.d/pgsql start. Then, $ sudo -Hu pgsql -g pgsql createdb.

Install media / graphics packages (optional, see docs/installation/optional/media_graphics_packages.md)

# pkgin install ImageMagick ffmpeg4 p5-Image-ExifTool

Configuring Pleroma

Create a user for Pleroma:

# groupadd pleroma
# useradd -d /home/pleroma -m -g pleroma -s /usr/pkg/bin/mksh pleroma
# echo 'export LC_ALL="en_GB.UTF-8"' >> /home/pleroma/.profile
# su -l pleroma -c $SHELL

Clone the repository:

$ cd /home/pleroma
$ git clone -b stable https://git.pleroma.social/pleroma/pleroma.git

Configure Pleroma. Note that you need a domain name at this point:

$ cd /home/pleroma/pleroma
$ mix deps.get
$ MIX_ENV=prod mix pleroma.instance gen # You will be asked a few questions here.

Since Postgres is configured, we can now initialize the database. There should now be a file in config/setup_db.psql that makes this easier. Edit it, and change the password to a password of your choice. Make sure it is secure, since it'll be protecting your database. Now initialize the database:

$ sudo -Hu pgsql -g pgsql psql -f config/setup_db.psql

Postgres allows connections from all users without a password by default. To fix this, edit /usr/pkg/pgsql/data/pg_hba.conf. Change every trust to password.

Once this is done, restart Postgres with # /etc/rc.d/pgsql restart.

Run the database migrations. You will need to do this whenever you update with git pull:

$ MIX_ENV=prod mix ecto.migrate

Configuring nginx

Install the example configuration file /home/pleroma/pleroma/installation/pleroma.nginx to /usr/pkg/etc/nginx.conf.

Note that it will need to be wrapped in a http {} block. You should add settings for the nginx daemon outside of the http block, for example:

user                    nginx  nginx;
error_log               /var/log/nginx/error.log;
worker_processes        4;

events {
}

Edit the defaults:

  • Change ssl_certificate and ssl_trusted_certificate to /etc/nginx/tls/fullchain.
  • Change ssl_certificate_key to /etc/nginx/tls/key.
  • Change example.tld to your instance's domain name.

Refer to the Hardening your instance document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.

Configuring acme.sh

We'll be using acme.sh in Stateless Mode for TLS certificate renewal.

First, get your account fingerprint:

$ sudo -Hu nginx -g nginx acme.sh --register-account

You need to add the following to your nginx configuration for the server running on port 80:

  location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
    default_type text/plain;
    return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
  }

Replace the string after after $1. with your fingerprint.

Start nginx:

# /etc/rc.d/nginx start

It should now be possible to issue a cert (replace example.com with your domain name):

$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless

Let's add auto-renewal to /etc/daily.local (replace example.com with your domain):

/usr/pkg/bin/sudo -Hu nginx -g nginx \
    /usr/pkg/sbin/acme.sh -r \
    -d example.com \
    --cert-file /etc/nginx/tls/cert \
    --key-file /etc/nginx/tls/key \
    --ca-file /etc/nginx/tls/ca \
    --fullchain-file /etc/nginx/tls/fullchain \
    --stateless

Creating a startup script for Pleroma

Copy the startup script to the correct location and make sure it's executable:

# cp /home/pleroma/pleroma/installation/netbsd/rc.d/pleroma /etc/rc.d/pleroma
# chmod +x /etc/rc.d/pleroma

Add the following to /etc/rc.conf:

pleroma=YES
pleroma_home="/home/pleroma"
pleroma_user="pleroma"

Run # /etc/rc.d/pleroma start to start Pleroma.

Conclusion

Restart nginx with # /etc/rc.d/nginx restart and you should be up and running.

Make sure your time is in sync, or other instances will receive your posts with incorrect timestamps. You should have ntpd running.

Instances running NetBSD

Further reading

{! backend/installation/further_reading.include !}

Questions

Questions about the installation or didnt it work as it should be, ask in #pleroma:libera.chat via Matrix or #pleroma on libera.chat via IRC.