newtron.parabola.nu is a "colo" server, which is maintained gratis by the Vikings hosting company in Germany. It is Parabola's primary web server (eg: {forum,labs,projects,wiki,www}.parabola.nu). The name is a play on words, indicating that it's initial purpose was to replace the previous 'Proton' server, which was the Parabola web server between 2016 and 2018. Newtron is "the new proton".

$ uname -m
x86_64

$ free -h
               total        used        free      shared  buff/cache   available
Mem:            31Gi       106Mi        31Gi       1.0Mi       123Mi        30Gi
Swap:          8.0Gi          0B       8.0Gi

$ df -h | grep ^/dev
/dev/md127       98G  1.4G   92G   2% /
/dev/sdb2       238M   50M  173M  23% /boot
/dev/md126      351G   36K  333G   1% /srv

1 configuration philosophy

Avoid editing files owned by a package if possible; insert things into new files. If a file must be edited, try to avoid having to change any lines; try to only add new lines.

Everything worth backing up should be in /etc, /srv, or /home.

2 infrastructure/management

2.1 base setup

Packages installed:

• TODO

Files affected:

• TODO

2.1.1 bootloader

Packages installed:

• grub

Files affected:

• /etc/default/grub

The grub config has a serial console configured:

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 loglevel=3"

2.1.2 filesystems

Packages installed:

• TODO

Files affected:

• TODO

2.1.3 networking

Files affected:

• TODO

2.1.4 Pacman

Files affected:

• TODO

2.1.5 timedate

Files affected:

• TODO

2.2 etckeeper

Packages installed:

• TODO

Files affected:

• TODO

2.3 users

See also: keys user and group

2.3.1 Parabola hackers

Packages installed:

• TODO

Files affected:

• TODO

2.3.2 emergency user

Files affected:

• /etc/passwd
• /etc/shadow
• /etc/sudoers.d/99-emergency
• /home/emergency/

In case anything should ever go wrong with hackers.git, the user "emergency" has been set up. "emergency" has authorized (statically via ~/.ssh/authorized_keys) the keys of serveral (not publicly disclosed) Parabola hackers. /etc/sudoers.d/99-emergency grants special privileges in case PAM or NSS get screwed up.

2.3.3 other

Files affected:

• TODO

2.3.4 pbot

Files affected:

• TODO

2.4 SSH

Packages installed:

• openssh

Files affected:

• /etc/ssh/sshd_config
• TODO

See above for how authentication and users are set up.

sshd is also configured to listen on both ports 22 and 1863. We may turn of port 22 in the future. Not using port 22 isn't security through obscurity, it is security through keeping-the-the-logs-useful-by-keeping-noise-down.

2.5 SSL

Packages installed:

• TODO

2.5.1 keys user and group

Files affected:

• TODO

2.5.2 issuance, renewal, and installation

Files affected:

• TODO

2.5.3 other

Files affected:

• TODO

2.6 HTTP

Packages installed:

• TODO

Files affected:

• TODO

2.6.1 process management

Packages installed:

• TODO

Files affected:

• TODO

2.7 email

Packages installed:

• TODO

Files affected:

• TODO

2.8 ParabolaWeb

Packages installed:

• TODO

Files affected:

• TODO

2.9 Bazaar

Packages installed:

• TODO

Files affected:

• TODO

2.10 Git

Packages installed:

• TODO

Files affected:

• TODO

2.10.1 transport: git protocol

Files affected:

• TODO

2.10.2 transport: SSH

Files affected:

• TODO

2.10.3 transport: HTTPS

Files affected:

• TODO

2.11 pbot

TODO

2.12 Redmine

TODO

2.13 Rsync

TODO