# 2025/03/30 ## Gancio Mostly resolved the issue with the baseurl in config.json. For some reason, sensible values do not work as expected. There is a slight misconfiguration, so the custom Javascript and CSS are not working as expected. Still, it is an improvement on the previous circumstances where 127.0.0.1:13120 was the URL of the calendar. The decision was made to place the calendar inside a container. The most up to date copy of the Gancio database is located in this container. There were many attempts at reconfiguring the nginx settings and the values in `/opt/gancio/config.json`. Eventually, the decision was made to append calendar.klank.school to the entry for 127.0.0.1 in `/etc/hosts` inside the container. This, mostly worked. ## Gitea (act_runner) Along with re-installing incus (which was not the plan), an effort was made to set up an act runner inside the container. This did not work as expected; it was not possible to ping the gitea instance from within the container while registering the act runner. ------------------------------------------------------------------------------ # 2025/03/04 ## Gancio Bringing the calendar back from the VPS in Graz. Obtained a dump of the database yesterday. After much fiddling, it works! There's a warning in the admin panel about the baseurl being different to the webpage being visited. At the moment, it's not clear how to get around this warning. Also, the custom theme is not displaying correctly. ### Next Steps - Retrieve the old media so that the events have grapgics again ------------------------------------------------------------------------------ # 2025/03/01 ## Gancio Working on moving Gancio back to this machine. It's been hosted on a VPS in Graz temporarily. Following the instructions on [this webpage](https://gancio.org/install/debian). The systemd unit was giving permission errors when attempting run `/usr/local/bin/gancio` as the Gancio user. After switching the systemd user to root it now works as expected. ### Next Steps 1. get a dump of the Gancio database from the VPS in Graz 2. Point calendar.klank.school to this server's IP address - Use the dynamic-dns python script to do so 3. Setup nginx to forward traffic to the calendar domain 4. Add SSL encryption 5. Follow the instructions [here](https://gancio.org/install/nginx) to configure nginx 6. place the contents of the database dump in this server's PostgreSQL instance 7. Add custom CSS, Javascript and description in case this is not stored in the database. The only sad thing is that the graphics from past events may get lost. Would be nice to retrieve these for the archive. ## nodenv Current global node version is 22.0.14 ------------------------------------------------------------------------------ # 2025/02/21 ## nginx changed `/etc/nginx/mime-types` to serve .md files as plain text in the browser ## nodenv Installed [nodenv](https://github.com/nodenv/nodenv) (and node build as a plugin). Current global node version is 23.8.0. ## Flok Installed the collaborative live coding environment called [flok](https://github.com/munshkr/flok). Set up a systemd service unit to start flok on boot. It's running (hopefully) at [live.klank.school](https://live.klank.school). ------------------------------------------------------------------------------ # 2025/02/20 ## Remote cryptroot-unlock The hard drive of the server is LUKS encrypted for data security reasons. On reboot, one must input a password to decrypt the hard drive. By default, this is only possible when one is physically present with the machine. `dropbear` is an alternative SSH server. With this software it is possible to unlock a LUKS encrypted hard drive over an SSH connection. ### Configuring `dropbear` 1. Installed `dropbear-initramfs`. 2. Updated `/etc/initramfs-tools/initramfs.conf`. - The machine now uses DHCP to obtain an IP address at boot 3. Added ed25519 ssh keys to `/etc/dropbear-initramfs/authorized_keys` - public keys for two ssh users are in this file 4. Edited DROPBEAR_OPTIONS in `/etc/dropbear-initramfs/dropbear.conf` 5. Ran `update-initramfs` 6. Updated `ufw` to allow connections on the dropbear port ## GRUB Reconfigured `/etc/default/grub` to play the theme from Close Encounters on boot ;) ## Firewall Set up a firewall (`ufw`). It permits ssh, https and http. It drops all other incoming connections. ------------------------------------------------------------------------------ # 2025/02/19 ## SFTP server This is now set up and ready to go. It can be used, for example, with Gitea actions. There is a dedicated, restricted user for the sftp server. This user is chroot'd to its home directory and cannot ssh. The password for this user is stored as an encrypted secret in the klank.school gitea organisation. The main purpose of this SFTP user is to serve the Gitea. ## crontab Added a cronjob which updates the klank.school website at 9pm each day ------------------------------------------------------------------------------ # 2025/02/06 *If you'd like to do anything on the server, install some software, create a webspace, etc. the easiest thing is to (send a mail)[mailto:computer@klank.school]*. ## Installing the new server We are installing a new server on a different machine. The machine is an HP Compaq that was running windows 10, with loads of photoshop installed. The full name is : HP compaq 6000 pro small form factor. There was 2 GB of ram in there, as the installation is going we are looking for extra RAM;s. Additionally, the computer is connected to the new idido internet box via a wired connection. ### Info about the server hostname is klank.school OS is debian 12 Log in via `ssh -p {port} user@klank.school 6GB RAM 160GB Storage ### Process of configuring the server adduser command was not accessible: we had to edit the .bashrc file to be able to add adduser to the path so it is executable we've set up port forwarding for port 80 (http) and 443 (https) ### setting up nginx Debian is giving /var/www/html and Debian is giving /etc/nginx/sites-enabled/default ### Creating a web project Copy the default `/sites-available/{your.domain.conf}` and adjust to your liking. This points to a directory `/var/www/{your.domain}` Create a symbolic link from your project.conf to /sites-enabled so it is in #sync Reload nginx (sudo) Put your project in `/var/www/{your.domain}` #### Making sure it is SSL certbot to generate a certificate `certbot --nginx -d {your.domain}`