Quellcode durchsuchen

README cleanups

Alex Payne vor 11 Jahren
Ursprung
Commit
c7a70c3bb7
1 geänderte Dateien mit 11 neuen und 10 gelöschten Zeilen
  1. 11
    10
      README.textile

+ 11
- 10
README.textile Datei anzeigen

@@ -4,7 +4,7 @@ Sovereign is a set of "Ansible":http://ansibleworks.com playbooks that you can u
4 4
 
5 5
 If you've never used Ansible before, you a) are in for a treat and b) might find these playbooks useful to learn from, since they show off a fair bit of what the tool can do.
6 6
 
7
-h2. Background/Motivations
7
+h2. Background and Motivations
8 8
 
9 9
 I had been a paying Google Apps customer for personal and corporate use since the service was in beta. Until several weeks ago, that is. I was about to set up another Google Apps account for a new project when I stopped to consider what I would be funding with my USD $50 per user per year:
10 10
 
@@ -17,9 +17,9 @@ To each her/his own, but personally I saw little reason to continue participatin
17 17
 
18 18
 Rather than writing up a long and hard-to-follow set of instructions, I decided to share my server setup in a format that you can more or less just clone, configure, and run. Ansible seemed like the most appropriate way to do that: it's simple, straightforward, and easy to pick up.
19 19
 
20
-I've been using this setup for about a month now and it's been great. It's also replaced a couple of non-Google services I used, saving me money and making me feel like I've got a little more privacy.
20
+I've been using this setup for about a month now and it's been great. It's also replaced some non-Google services I used, saving me money and making me feel like I've got a little more privacy.
21 21
 
22
-The backbone of this was inspired by "this post by Drew Crawford":http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/. Unlike him, my goal is not "NSA-proofing" my email, just providing a reasonable alternative to Google Apps that isn't wildly insecure. My view is that if the NSA or any other motivated party really wants to pwn me, they're gonna, simple as that, no matter where I host my email.
22
+A big chunk of the initial version was inspired by "this post by Drew Crawford":http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/. Unlike Drew, my goal is not "NSA-proofing" email, just providing a reasonable alternative to Google Apps that isn't wildly insecure. If you need serious privacy and security (ex: for dissident activities), Sovereign might be useful as a starting point but will require additional work. Be careful out there.
23 23
 
24 24
 h2. Services Provided
25 25
 
@@ -54,14 +54,14 @@ h2. What You'll Need
54 54
 
55 55
 # A VPS (or bare-metal server if you wanna ball hard). My VPS is hosted at "Linode":http://www.linode.com/?r=45405878277aa04ee1f1d21394285da6b43f963b. You'll probably want at least 512 MB of RAM between Apache, Solr, and MySQL. Mine has 1024.
56 56
 # "Debian 7":http://www.debian.org/News/2013/20130504 or an equivalent Linux distribution. (You can use whatever distro you want, but deviating from Debian will require more tweaks to the playbooks. See Ansible's different "packaging":http://www.ansibleworks.com/docs/modules.html#packaging modules.)
57
-# A wildcard SSL certificate. I bought one. You could self-sign if you wanna save money.
58
-# A "Tarsnap":http://www.tarsnap.com account with some credit in it. You could comment this out if you want to use a different backup service. I pay for backups at Linode in addition to the Tarsnap nightlies because you can never be too sure.
57
+# A wildcard SSL certificate. You can either buy one or self-sign if you want to save money.
58
+# A "Tarsnap":http://www.tarsnap.com account with some credit in it. You could comment this out if you want to use a different backup service. Consider paying your hosting provider for backups or using an additional backup service for redundancy.
59 59
 
60 60
 h2. Installation
61 61
 
62 62
 h3. 1. Get a wildcard SSL certificate
63 63
 
64
-Create a private key and a certificate signing request (CSR):
64
+Generate a private key and a certificate signing request (CSR):
65 65
 
66 66
 bc. openssl req -nodes -newkey rsa:2048 -keyout roles/common/files/wildcard_private.key -out mycert.csr
67 67
 
@@ -76,7 +76,7 @@ bc. security verify-cert -L -p ssl -s example.com -c roles/common/files/wildcard
76 76
 
77 77
 h3. 2. Get a Tarsnap machine key
78 78
 
79
-If you haven't already, "download and install tarsnap":https://www.tarsnap.com/download.html, or use @brew install tarsnap@ if you use "Homebrew":http://brew.sh.
79
+If you haven't already, "download and install Tarsnap":https://www.tarsnap.com/download.html, or use @brew install tarsnap@ if you use "Homebrew":http://brew.sh.
80 80
 
81 81
 Create a new machine key for your server:
82 82
 
@@ -122,7 +122,7 @@ To run just one or more piece, use tags. I try to tag all my includes for easy i
122 122
 
123 123
 bc. ansible-playbook -i ./hosts --tags=ferm site.yml
124 124
 
125
-You might find that it fails at one point or another. This is probably because something needs to be done manually, usually because there's no good way of automating it. Fortunately, all the tasks are clearly named so you should be able to find out where it stopped. I've tried to add comments where manual intervention is necessary. OpenVPN in particular requires a bunch of manual command line stuff to get running.
125
+You might find that it fails at one point or another. This is probably because something needs to be done manually, usually because there's no good way of automating it. Fortunately, all the tasks are clearly named so you should be able to find out where it stopped. I've tried to add comments where manual intervention is necessary. OpenVPN in particular requires a bunch of manual command line intervention to get running.
126 126
 
127 127
 h3. 6. Set up DNS
128 128
 
@@ -130,11 +130,12 @@ If you've just bought a new domain name, point it at "Linode's DNS Manager":http
130 130
 
131 131
 Create an @A@ record for @example.com@ as well as @mail.example.com@ which points to your server IP. Create an @MX@ record for @example.com@ which assigns @mail.example.com@ as the domain's mail server.
132 132
 
133
-Set up SPF and reverse DNS "as per the inspirational post":http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/. Make sure to validate that it's all working, for example by sending an email to <a href="mailto:check-auth@verifier.port25.com">check-auth@verifier.port25.com</a> and reviewing the report that will be emailed back to you.
133
+Set up SPF and reverse DNS "as per this post":http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/. Make sure to validate that it's all working, for example by sending an email to <a href="mailto:check-auth@verifier.port25.com">check-auth@verifier.port25.com</a> and reviewing the report that will be emailed back to you.
134 134
 
135 135
 h3. 7. Miscellaneous Configuration
136 136
 
137
-Sign in to the ZNC web interface and set things up to your liking.
137
+* Sign in to the ZNC web interface and set things up to your liking.
138
+* You'll probably want to sign into your ownCloud installation and check out the settings there, too.
138 139
 
139 140
 h2. How To Use Your New Personal Cloud
140 141
 

Laden…
Abbrechen
Speichern