burble.dn42/www
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
www/content/services/shell.md
Simon Marsh 3970981f1b
All checks were successful
continuous-integration/drone/push Build is passing
Details
test pipeline
2021-12-27 14:15:48 +00:00

155 lines
4.9 KiB
Markdown
Raw Blame History

---
title: "Shell Accounts"
geekdocDescription: "burble.dn42 Shell Services"
weight: 60
---
burble.dn42 provides shell accounts on the following servers:
- shell.fr-rbx1.burble.dn42
- shell.ca-bhs2.burble.dn42
- shell.us-nyc1.burble.dn42
## Accessing the Service
The shell service imports user information from the dn42 registry allowing
any MNTNER with an SSH auth method to log in to the servers. Usernames
are constructed by lowercasing and removing the '-MNT' suffix.
{{<hint info>}}
**FOO-MNT**
```
mntner: FOO-MNT
auth: ssh-ed25519 xxxxxxxxx
```
Log in using the key specified in the auth method:
```shell
ssh foo@shell.fr-rbx1.burble.dn42
```
{{</hint>}}
Your home directory is created automatically on first access and will then
persist across logins.
## Key Services
### Installed Packages
A broad set of command line tools, applications and games are available;
the aim is to provide a comprehensive environment that is useful and
fun to tinker with.
The current set of packages can be found in the shell config repo:
- [https://git.dn42.dev/burble/config-shell/src/branch/main/roles/user_apps/tasks/main.yml](https://git.dn42.dev/burble/config-shell/src/branch/main/roles/user_apps/tasks/main.yml)
Requests for additional packages are welcome, please raise these as
[issues](https://git.dn42.dev/burble/config-shell/issues) in the repo.
### Webserver
The shell servers include a webserver with user directories (`~/public_html/`)
and CGI (`~/public_html/cgi-bin/`) enabled. The webserver is accessed over https
and has a dn42 certificate auto-renewed from the
[ACME service](https://acme.dn42/about.html).
- `https://shell.fr-rbx1.burble.dn42/~<username>/`
- `https://shell.ca-bhs2.burble.dn42/~<username>/`
- `https://shell.us-nyc1.burble.dn42/~<username>/`
{{<hint info>}}
Remember that any files need to be accessible by the webserver
which runs as user/group www-data/www-data; CGI scripts must also be executable.
The default umask of 077 means that the webserver won't be able to
read your public_html folder or any files within it without changing permissions.
A simplistic approach would be to make your home directory, and
public_html directory world readable:
```shell
chmod a+x ~
chmod -R a+rX ~/public_html
chmod -R a+rx ~/public_html/cgi-bin
```
A more secure way of allowing access would be to use posix ACLs:
```shell
setfacl -m "u:www-data:x" ~
setfacl -Rdm "u:www-data:rX" ~/public_html
setfacl -Rdm "u:www-data:rx" ~/public_html/cgi-bin
```
{{</hint>}}
### Scratch Area (*fr-rbx1 only*)
A large storage area is mounted on to /scratch
/home disk space is limited, so /scratch may be used for additional space
or if you don't want to use /home. If you want to use the scratch
area it is recommended to create your own directory (named after your
username) and then store all your stuff in the new directory; this will help
prevent clutter.
{{<hint warning>}}
Note that the storage for /scratch is nfs mounted across dn42 so
performance will be variable.
{{</hint>}}
### Changing Shell
The registry import process currently limits the initial shell to /bin/bash
and currently this cannot be changed. If you want to use something different,
just exec to the new shell in your .profile or .bashrc.
{{<hint info>}}
Example .bashrc line for zsh:
```shell
if [[ $- == *i* ]]; then exec /usr/bin/zsh; fi
```
{{</hint>}}
### Cron, Batch and Services
Cron and other batch or long running tasks are ok, but be a nice neighbour
and prioritise other users' interactive use.
Schedule crons to run at random or obscure times to avoid stampeding herds
and control your resource usage using tools like nice and ionice.
### Clearnet
Clearnet access is provided. Rate limiting allows for a small amount of
burst traffic, but then bandwidth is quickly limited to 10mbit/sec. In general,
you should be better off using your own clearnet access for large downloads.
### Performance Monitoring
The shell servers are monitored using netdata and prometheus, with performance
graphs available in [grafana](https://grafana.burble.dn42).
The netdata dashboard is also directly accessible:
- [http://shell.fr-rbx1.burble.dn42:19999](http://shell.fr-rbx1.burble.dn42:19999)
- [http://shell.ca-bhs2.burble.dn42:19999](http://shell.ca-bhs2.burble.dn42:19999)
- [http://shell.us-nyc1.burble.dn42:19999](http://shell.us-nyc1.burble.dn42:19999)
## Acceptable Use
The objective of the burble.dn42 shell service is to provide a free, open,
and fun environment for dn42 users. The services are provided for your benefit so
please be considerate in your usage and remember that abusing the service just
spoils it for everyone else.
See also the main [Abuse Policy](/network/abuse).
## Source Code and Configuration
Configuration for the shell servers is maintained in a git repo:
- [https://git.dn42.dev/burble/config-shell](https://git.dn42.dev/burble/config-shell)
The repository may be used for raising issues or requesting additional
software to be installed.
Reference in New Issue View Git Blame Copy Permalink