The registration form for the pubnix can only accept one ssh key. This means that, incase you need another key, or you have a key in a format that isnt supported by the form (anything that isn't rsa/ed25519/ecdsa), you need to input one key in a supported format first, and then modify it later after first login.
+If you don't have a key with a format that is supported, go through the Generating an SSH key to create a supported one.
+After you ssh with the key, run the following
+$ nano ~/.ssh/authorized_keys
+<the ssh key you gave for signup>
+<add your new key here>
+Control+xNote: If you have multiple keys, you might need to use the -i flag to specify the right key to use like this:
+$ ssh -i ~/.ssh/id_keyyougaveforpubnix USERNAME@p.projectsegfau.ltAdditionally, if your key is in the PuTTY format, you need to convert it to the OpenSSH one with PuTTYGen.
diff --git a/Adding_information_about_yourself_on_the_Pubnix.html b/Adding_information_about_yourself_on_the_Pubnix.html new file mode 100644 index 0000000..3491517 --- /dev/null +++ b/Adding_information_about_yourself_on_the_Pubnix.html @@ -0,0 +1,39 @@ + + +To add information about yourself, that can be displayed in the /pubnix/users page, you need to edit the meta-info.toml file in your home directory.
# open nano or your preferred text editor
+nano ~/meta-info.toml
+
+# edit the file as noted in the syntax section and exit
+# (Ctrl+O then Enter to save and Ctrl+X to exit in nano while
+# Escape then type ":wq" and hit Enter in Vim)The information can also be accessed in JSON format at https://publapi.p.projectsegfau.lt/users. Keep in mind that it takes a few seconds for the text to refresh due to caching.
All fields must be formatted as literal fields.
+fullname - Self-explanatory, although if you're not comfortable using your real name due to legal or privacy reasons, you can use a name you go by online or left blank.gemini - Defaulting to your gemini webspace in the pubnix, although if you do hosted your gemini website on others (including sourcehut pages) you can just replace itwebsite - Defaulting to the default pubnix web URL, but if you're hosting your website somewhere else, just point into it.description - Blank by default, plaintext text-only bio of yourself.email - Blank by default, but if you're comfortable sharing your email address you can fill in.matrix - Blank by default, but if your main Matrix homeserver is in the Project Segfault's servers (via the pubnix Authentik SSO) it should be formatted as @user:projectsegfau.lt.fediverse - Defaulting to blank, the profile URL of your fediverse profile minus the protocol specifier.location - PLEASE DO NOT LEAK YOUR FULL ADDRESS! Defaulting to blank, the location where you're currently residingfullname = "Example User"
+gemini = "p.projectsegfau.lt/~user"
+website = "https://user.p.projectsegfau.lt"
+description = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua."
+email = "user@email.tld"
+matrix = "@ajhalili2006:your.homeserver.tld"
+fediverse = "your.ap-homeserver.tld"
+location = "The Swaggon, Boatem Village, HCS8"test
diff --git a/Credits.html b/Credits.html new file mode 100644 index 0000000..44a5e8f --- /dev/null +++ b/Credits.html @@ -0,0 +1,27 @@ + + +We at Project Segfault are nothing without our team, the wonderful community and of course the donators who keep the ball rolling, and we hope to give credit to some of these incredible people through this page.
+If you have donated and want your name to be listed here, please contact us!
diff --git a/Generating_an_SSH_key.html b/Generating_an_SSH_key.html new file mode 100644 index 0000000..27a509a --- /dev/null +++ b/Generating_an_SSH_key.html @@ -0,0 +1,29 @@ + + +An SSH key is a public-private keypair that allows you to remotely access servers, in this case, the pubnix.
+It is mandatory for pubnix registration since its the only secure way to let users access the pubnix.
+Generating it is simple, and does not need a lot.
+SSH is pre-installed on most systems. If it isn't, install it via your package manager.
+From Windows 10 1809 onwards, ssh is built in to powershell.
+For older versions of windows, you need to use putty to do so.
+You can find a guide on it in the Digital Ocean Docs.
+After that run the following in the terminal (or powershell.exe on windows)
+ssh-keygen -t ed25519
Here, we recommend using ed25519 since its the latest and greatest format, however the default format (RSA) works too!
+You can accept the defaults for the prompts, and add a password if you want to.
+The password is an additional security layer, which would be needed to unlock the key.
+Now, you can submit the <generated-key-name>.pub file in the pubnix registration form.
+Note: the form only takes one key, but you can add more later by just appending them to ~/.ssh/authorized_keys
Getting started with the pubnix is really simple!
+Firstly, you need to generate an SSH key, if you don't already have one.
+Instructions on how to generate a key can be found on the Generating an SSH key article.
+Now, you can signup on the Pubnix Registration page on the website.
+Note: You can only use numbers and lowercase letters for your pubnix username due to usersite limitations.
+To prevent abuse, we manually check all registrations.
+If it takes more than 24 hours, feel free to contact us.
+Once your registration is approved, you will get an email from us stating the same.
+To login, as mentioned in the email, run
+ssh USERNAME@p.projectsegfau.lt
If you have multiple ssh keys, you might need to add this flag:
+-i .ssh/KEY_USED_TO_SIGNUP_FOR_PUBNIX
At this point, you can get the password used for logging in to the Pubnix from your browser, or RDP and for signing up to other Project Segfault services with Pubnix by running this command:
+cat ~/pass
You should save the password locally and remove it from the pubnix as soon as possible.
+With the basics setup, you can now host websites, install packages and chat on IRC using the Pubnix!
+You can also fill details about yourself for other members to see, and add another SSH key to be able to access the Pubnix from another machine!
diff --git a/Host_a_website.html b/Host_a_website.html new file mode 100644 index 0000000..5e108bc --- /dev/null +++ b/Host_a_website.html @@ -0,0 +1,23 @@ + + +So you have a website and you want to host it. Great! Let's get started.
+First of all, we use Caddy for web server because of its simplicity. You can install any web server you want using the Nix package manager, however, you will receive no support from us when you go that path. Maybe you have experience with nginx, which is cool, but we use Caddy here.
+By default, we have a Caddy web server running with the configuration in ~/Caddyfile.
+We also have a few QoL aliases such as rc (reload caddy), ft (format Caddyfile), vt (validate Caddyfile). Your Caddy web server listens on `~/.webserver.sock`.
+Any webserver you install needs to listen on `~/.webserver.sock`. If you don't, it will not be recognized by the master Caddy server.
+The default Caddy configuration checks ~/public_html for static files. It also has PHP and CGI capability out of the box, so you can run a PHP website if you want to do that. (PHP 8.2)
+Every user also gets access to *-username.p.projectsegfau.lt for hosting more applications.
+For example, you can host your own web app on mywebapp-username.p.projectsegfau.lt, while your main website is on username.p.projectsegfau.lt.
+To create a new configuration for a subdomain, just append the following to the Caddyfile:
+http://webapp-username.p.projectsegfau.lt {
+ bind unix/.webserver.sock
+ reverse_proxy localhost:port
+}Along with your pubnix account, you get access to our IRC bouncer, soju. Soju is a modern IRC bouncer, which supports the new IRCv3 extensions.
+Our soju instance uses the pubnix's PAM for authentication, meaning it uses the same password as your pubnix user.
+Your current password can be found at ~/pass. Just like any other services, you can get it with cat ~/pass command. You can change it by running passwd.
The IRC client we recommend is weechat. However, there are many other clients out there as well which you can try out.
+Weechat is pre-installed on the pubnix. After running it, you will be presented with a TUI (text user interface).
+Now, you can add the server with the following command:
+/server add soju p.projectsegfau.lt/6697 -ssl -username=YOUR_USERNAME -password=YOUR_PASSWORD -autoconnect
Now, install soju.py plugin, which will pre-configure a lot of stuff for you
+/set script.scripts.download_enabled on
+ /script install soju.py
+
+You can also install the following plugins that help a lot with daily usage of weechat:
/script install go.py
+/script install autosort.pyPast this, you need to enable the IRCv3 features:
+/set irc.server_default.capabilities account-notify,away-notify,cap-notify,chghost,extended-join,invite-notify,multi-prefix,server-time,userhost-in-names
+/saveNow, close weechat with /quit, and re-open it. At this point, you will be connected to our soju instance and see the MOTD.
To do so, you have to message the BouncerServ. The example below is for libera.chat, one of the most popular IRC networks. It shouldn't be very different for other networks
/msg BouncerServ network create -addr irc.libera.chat -name LiberaChat -username YOUR_USERNAME_ON_IRC_NETWORK -pass YOUR_IRC_NETWORK_PASS -realname "Self Explanatory" -enabled true
After creating all your networks, re-open weechat again, and it should be loaded. Switch to the pane of the specific network or a channel in that network to join other rooms in that network. You can easily do this with go.py:
+/go <autocomplete>
After adding all your channels, you can sort them using autosort.py:
+/autosort
+
+By default, it sorts network-wise + alphabetically.
+If you want to use an IRC client that does not directly support bouncer connections, you can use it as a regular IRC server to connect to and add a connection for each network you connect to and use chat messages to configure everything.
+The table below contains the necessary details on connecting via your client of choice without the required IRCv3 extensions for bouncer support. See also the upstream project's documentation about client-specific configurations and workarounds.
+| Host | +p.projectsegfau.lt |
+
| Port | +6697 (with TLS enabled) |
+
| Username | +username/networkname@preferred-client-name (for example user/irc.libera.chat@observatory) |
+
| Password | +Your pubnix user password (differs from your SSO account) | +
This will autoconfigure an IRC connection to the network and set up the username mapping to automatically remove the networkname prefix from the messages. If you are using multiple connections at the same time, use a different client name for each connection so that the history playback works for each, and you do not get the messages mixed up.
When connecting to the network via the bouncer, you will get a "local" connection to the bouncer and the bouncer will connect to the actual network (e.g. irc.libera.chat) and not log you in yet since it has no information about your user. Also, the connection is plain by default, but you can change all that later, and it will remember the settings.
+You can manage the bouncer with BouncerServ
+You can configure NickServ login, use SASL or configure a certfp login (in this case the bouncer will simply create a new cert for each connection you use), also you can query the user (sasl status) and network status (network status) and make the bouncer connect to the network again (network update).
Anything that the bouncer does not connect will reflect in the network status of the actual connection so when you type /whois username to the IRC client console, you will what connection you have to the actual network like TLS status, registered user, hostname cloak and so on.
In the rare case when the IRC client does not support setting an ident string, you cannot set the target networkname at all, then you still can connect to multiple networks and use the different messages and channels, however the channels and users will be prefixed by the networkname so that you get everything in a single client connection. The only IRC client I have observed this behaviour is Revolution IRC on Android, there is no known way to configure the bouncer connection correctly (if anybody knows one, please let me know)
India Node is a self-hosted server hosted in Mumbai, India by Arya for Project Segfault.
+It runs Proxmox VE as its hypervisor
+
The server is an old laptop repurposed to be a server.
+As with using Proxmox, the virtualization backend is QEMU/KVM.
+The server is almost entirely virtualized, avoiding running anything on bare metal.
+
IN01 is the main VM on the India Node where privacy frontends for the Asia region are run, along with all non-privacy frontend and internal services
+
No worries! The Project Segfault Pubnix has the Nix package manager installed, meaning that you can install a package in your user only. This allows for all the users to run basically whatever they want without requiring us to install it.
+Step one is to find the package you want in nixpkgs. You can search packages at NixOS' search site.
+Additionally, you can also search for packages from the CLI. For that, you can run:
+nix search nixpkgs (package)
Note: Incase you used the nix search method, the package name will not include the legacyPackages.x86_64-linux part.
+If you find the package you wanted on there, you can run:
+nix-env -iA nixpkgs.(package)
and it will be installed! For example, you can run:
+nix-env -iA nixpkgs.neofetch
and when that's complete
+neofetch
will work on your user! If you want to install a package for only your session, you can run:
+nix-shell -p (package)
To list all your local installed packages, you can run:
+nix-env -q
And for all globally installed packages, you can run:
+apt list --installed
Finally, to remove a package, you can run:
+nix-env -e (package)
This article only includes the common commands. Check out the Ubuntu vs. NixOS page on the NixOS Wiki to get a cheatsheet on more!
diff --git a/Iperf3.html b/Iperf3.html new file mode 100644 index 0000000..a1e23a9 --- /dev/null +++ b/Iperf3.html @@ -0,0 +1,51 @@ + + +Iperf3 is a tool which can be used to measure how fast your connection to our servers is.
+We run iperf3 instances on all our nodes.
+To test, run the following:
+# Replace anything between the brackets with the data provided in the table below.
+
+iperf3 -p [ port ] -c [ address ] # Upload
+
+iperf3 -R -p [ port ] -c [ address ] # DownloadUnfortunately, there can only be one connection to the server at a time with iperf3 (though this shouldn't be a problem in most cases)
++
| Server | +Address | +Port | +
|---|---|---|
| Pubnix | +p.projectsegfau.lt | +5202 | +
| Pizza1 | +pizza1.projectsegfau.lt | +5201 | +
| IN Node | +in.projectsegfau.lt | +5201 | +
| US Node | +us.projectsegfau.lt | +5201 | +
Along with cockpit and ssh, you can also access the pubnix via RDP. We went with (X)RDP instead of VNC due to it being more performant and secure.
+To do so, first install an RDP client. You can use Remmina on Linux and BSD. On Windows you can use the builtin Remote Desktop Connection Utility.
+You can connect to p.projectsegfau.lt from the Quick Connect menu on Remmina. Once the connection is established, you will be prompted for your login credentials for the pubnix.
For those who recently get their registration approved for the pubnix, a password is generated as part of the onboarding process and they are stored at ~/pass and you can get its content with cat ~/pass.
Once you are logged in, you will be dropped into XFCE. This is our default DE but you can install any X11 DE/WM you like from Nix and use it.
+To specify the DE/WM you want to use, you can use the .xsession file.
+# .xsession
+exec startxfce4You can replace startxfce4 with the DE/WM of your choice.
+Below is a table of common DE/WMs and their command names. If you're having issues after signing in, try running command -v <startup-command> and use that path to binary in .xession file as mentioned above.
+
| DE/WM | +Command | +
|---|---|
| XFCE | +startxfce4 | +
| KDE | +startplasma-x11 | +
| Cinnamon | +cinnamon | +
| i3 | +i3 | +
| BSPWM | +bspwm | +
| Qtile | +qtile start -b x11 | +
We run a Cockpit instance on the pubnix, which you can use at https://cockpit.p.projectsegfau.lt.
+This allows you to run commands, manage Podman containers etc right from your browser.
+All you need is your password. You use your SSH key for authentication when you SSH into the pubnix, so you'll need to do that first.
+When you're in, run cat ~/pass and you will see your password. You use this password for logging in with Cockpit.
+Once you've entered your password, you should probably save it in your password manager.
diff --git a/Main_Page.html b/Main_Page.html new file mode 100644 index 0000000..e955340 --- /dev/null +++ b/Main_Page.html @@ -0,0 +1,11 @@ + + +Redirecting to home, if this isnt happening, click this \ No newline at end of file diff --git a/Matrix.html b/Matrix.html new file mode 100644 index 0000000..7011752 --- /dev/null +++ b/Matrix.html @@ -0,0 +1,25 @@ + + +Matrix is an open network for secure, decentralized communication.
+We used to host an instance of the Matrix server, synapse, however, it has been discontinued along with Soleil Levant's decommissioning
However, we now have a small team-only matrix synapse server for internal use (like moderation, notifier bots etc.).
Additionally, we still host 3 clients for you to use other matrix servers with (ie. Element, Hydrogen and Cinny)
+Element is the flagship client of the matrix protocol.
+It supports basically every feature available on matrix but has slight performance issues on weaker hardware.
+Hydrogen is a minimal matrix client made by the makers of Element.
+It doesn't support all of matrix's features, but has most of the important ones.
+This is a really good option in case you are on older hardware.
+Cinny is a matrix client made to look like discord.
+It supports most of the features of matrix, but not all that element supports.
+This is a good option in case you are moving away from discord and want something that looks similar to it.
diff --git a/Nerd-1.html b/Nerd-1.html new file mode 100644 index 0000000..3206188 --- /dev/null +++ b/Nerd-1.html @@ -0,0 +1,31 @@ + + +Nerd-1 is the primary VPS running privacy frontends for North and South America.
+Its located in Racknerd's Los Angeles DC2, and seems to use the colocation services of Multacom Corporation (according to the ASN).
+This server was bought from Racknerd (hence the name Nerd-1), after we ran out of credits on Digital Ocean where it was initially setup.
+Along with this migration, we renamed this node to Nerd-1 from the rather boring US Node
+It was purchased on 11th August 2023 and was paid for an entire year (lowest we could do with the VPS we chose).
+
Pizza-1 is the primary VPS running privacy frontends for Europe and Africa, as well as our fallback server for anything mission-critical
+
+ Pizza-1 was initially a virtual server we bought from BuyVM on July 8, 2022, after having issues with the previous Hebergnity VPS.
+It was named Pizza-1 due to the virtual server being sold as a "KVM Slice".
+Later, in November 2023, we moved to Nonic, a British company and subsidiary of Oxide.Host, with servers in the Netherlands.
+This was because we couldn't scale up the VPS on BuyVM in a way that was financially sustainable for us.
+However, due to Nonic's really weird rules regarding frivolous DMCA complaints, we moved to the German service provider, Avoro.
+Pizza-1 is regarded as the most reliable server in Project Segfault, and therefore takes on the mission-critical task of running the master authoritative DNS server (ns1.projectsegfau.lt) using Knot-DNS. It also runs the Privacy Frontends for EU region.
+
+ This page documents the security practices we take.
+If something we do is missing from the list, or you want us to add something that improves Project Segfault's security, email contact@projectsegfau.lt (preferably with PGP) or contact a sysadmin over matrix/xmpp.
+So you have a Pubnix account, and now want to use some of our other great services? This is made extremely easy by using a shared OAuth portal for most of our services which require login.
+This is done by using our Authentik server for Pubnix users, which can be accessed at https://auth.p.projectsegfau.lt
+The default password for this is the same one as your Pubnix user, which can be retrieved from your home directory by running cat ~/pass.
Now, you can open any of the following of our services, and you should be able to use the login with authentik option to have a synchronized account across our services!
+| FreshRSS | +
| HedgeDoc | +
| Vikunja | +
| Gitea | +
| Wiki | +
You can also access this list from the homepage of Authentik, which can even act as a small dashboard if you so please.
diff --git a/Soleil_Levant.html b/Soleil_Levant.html new file mode 100644 index 0000000..7fb3db5 --- /dev/null +++ b/Soleil_Levant.html @@ -0,0 +1,35 @@ + + +DECOMISSIONED DUE TO RAID ARRAY FAILURE
+Soleil Levant was a server hosted in France for Project Segfault.
+It was our most powerful server, and ran a large majority of our services.
+
It ran Proxmox VE as its hypervisor.
+In mid-August, a disk on the server failed. This however was fixed after a 24 hour downtime (by getting the disk from someone the server host knew) and a backup restore for just our matrix instance which experienced slight database corruption.
+After this, soleil ran relatively fine for a while, till 12/09/2023, when the server host noticed one of the drives were clicking again, and after investigation realized it went into a degraded state.
+However, the spare drives we bought after the first disk failure didn't work since the LSI Hardware RAID was serialized to work with only hitachi drives (the drives we got had same part number and such but was from HP).
+Later, when we got another hitachi drive from the same person, RAID failed to re build since 2 more drives failed. At this point, we thought we would just delete everything and restore from backup on a new ZFS, but then the LSI HBA we had didn't support IT firmware (so we basically cant disable raid and use the drives separately). This was the final nail in the coffin, and soleil levant was officially shutdown on 16/09/2023 due to these issues.
+We however, didn't have any good server in the EU, so we had to move everything to our India server.
+Along with that, we had to discontinue matrix which was too big.
+++change of plans, i'll just fully retire Soleil Levant. it fucks me up mentally and financially and i don't feel like spending another sleepless night trying to get the server up when the most likely situation is that the entire RAID array is fucked and i'd need to replace every single disk + get an HBA for ZFS since i cant flash the raid card.
+i know it's not the outcome you guys wanted but i need to focus on my health, sorry again
+we'll make a blog post when everybody will be online and everything we want to back up is backed up but yeah.
+
Message from MrLeRien (the server host) on our status page on 16/09/2023, when the server was discontinued
+The server was a Hitachi Compute Rack 210H, with dual socket Intel Xeon E5-2690s.
+It has 320 GiB of memory, and a raid 5 array with 4 TB of usable space.
+As with using Proxmox, the virtualization backend was QEMU/KVM.
+The server was almost entirely virtualized, avoiding running anything on bare metal.
diff --git a/Status_VPS.html b/Status_VPS.html new file mode 100644 index 0000000..9198208 --- /dev/null +++ b/Status_VPS.html @@ -0,0 +1,21 @@ + + +The Status VPS was a cloud server purchased from OVH which ran our status page and a VPN for our team members (for linux ISOs, of course).
+Decomissioned since Status page has been moved to the homeserver of someone Arya and Midou know
+Project Segfault bought this VPS in response to our previous status VPS becoming unavailable after the VMWare Exsi ransomware affecting Hebergnity.
+This VPS ran Uptime Kuma on status.projectsegfau.lt to monitor the rest of our servers. This server was meant to be used minimally to keep it as reliable as possible.
+If you aren't redirected, click here
diff --git a/Why_Gitea.html b/Why_Gitea.html new file mode 100644 index 0000000..f8f7a25 --- /dev/null +++ b/Why_Gitea.html @@ -0,0 +1,25 @@ + + +Basically ever since Forgejo was created, we have been asked the question of why we stuck to Gitea.
+For those unfamiliar, in late-October of 2022, Gitea became a company in order to sustain itself better.
+This came with issues such as the trademark and domains being under the company itself instead of a separate community-led organization.
+Since Gitea refused to comply, Forgejo was created, a soft-fork of Gitea which was run under the leadership of Codeberg E.V.
+For more info about this, see:
+Our reason for not moving is that there is no reason to :)
+It is a soft-fork and currently has no extra features over Gitea, though that might change once Forgejo gets federation support, though the federation will be merged upstream as well.
+Gitea also hasn't shown off much evil corporation stuff as of yet.
+Additionally Forgejo doesn't have good financing (though this has changed thanks to the NLNet grant).
+If you have any questions (or counter-arguments) you can E-Mail us or contact us through our channels :)
diff --git a/XMPP.html b/XMPP.html new file mode 100644 index 0000000..e460d8d --- /dev/null +++ b/XMPP.html @@ -0,0 +1,22 @@ + + +XMPP is an open, decentralized universal messaging standard, similar to matrix.
+We host the EJabberd XMPP server, on our currently most powerful server, the India Node
+We have an MUC for support regarding our services at support@conference.projectsegfau.lt.
+You can signup at https://xmpp.projectsegfau.lt/account. Server should be set to projectsegfau.lt in the form.
+To login, you can use our web xmpp client: XMPP-Web (short URL).
+XMPP-Web however lacks a lot of features and hence we recommend you to use a native client.
+We recommend Gajim on PC and Conversations on Android.
+You can find a list of clients at xmpp.org.
+Pubnix Authentik is not supported on our XMPP instance however.
+Max upload size: 104857600 Bytes (around 100 MB)
diff --git a/home.html b/home.html new file mode 100644 index 0000000..00340bf --- /dev/null +++ b/home.html @@ -0,0 +1,36 @@ + + +