Looks like my studies and development on the BSD has to be put on hold due to
the fact that I would be working with BYI Systems[1]. And the focus would be
mostly working with formal verification using TLA+[2]. This is something that I
have not worked with before so I am also kind of excited about this
opportunity. Another aspect of this as cherry@ mentioned would be it’s
application to systems programming, since TLA+ is a good tool for verifying
protocols.

Meanwhile, in order to keep in touch with BSD, I also took up the responsibility
of setting up and maintaining the infrastructure required for BYI Systems.

This would require

  1. Basic web hosting / reverse proxy using nginx(8)
  2. A mailing list for communication based on mailman(8)
  3. Version control via git(1)

Setting up nginx(8)

This was not my first time setting up nginx(8) and by this time I had become
more familiar with how nginx(8) is supposed to be configured. The initial task
was to configure the static HTML which would act as the company website. Which
was not too hard of a task.

The second website we needed get up was that of the mailman’s web UI. Initially
I setup the fcgiwrap(8) script to start up via rc(8) and it was not too hard
doing that in rc.conf(5).

1
2
3
4
5

fcgiwrap_enable="YES"
fcgiwrap_profiles="mailman"
fcgiwrap_mailman_socket="unix:/var/run/fcgiwrap/mailman.sock"
fcgiwrap_mailman_user="www"
fcgiwrap_mailman_socket_owner="www"

After setting up fcgiwrap(8) to serve the CGI scripts, setting up ngnix(8) to
serve the webpages and going through the nginx(8) documentation[3]. Some
customizations and I could get it running correctly.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

    location /mailman {
        root /usr/local/mailman/cgi-bin/;
        fastcgi_split_path_info ^/mailman(/[^/]*)(.*)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        include fastcgi_params;
        fastcgi_pass cgi-handler;
    }

    location /mailman/icons/ {
        alias /usr/local/mailman/icons/;
        expires 1y;
    }

    location /pipermail {
        alias /usr/local/mailman/archives/public;
        autoindex on;
    }

    rewrite ^/mailman(/)?$ /mailman/listinfo permanent;

    rewrite ^/$ /mailman/listinfo permanent;

Setting up mailman(8)

Other than compiling the package from ports to enable postfix(1) support. The
installation was pretty straight forward. In addition to this is is always wise
to read the FreeBSD post install notes to read up about any specific quirks.

The changes made to mailman(8) configuration file /usr/local/mailman/Mailman/mm_cfg.py
itself was quite small

1
2
3
4
5
6

POSTFIX_STYLE_VIRTUAL_DOMAINS = [ 'lists.byisystems.com' ]

DEFAULT_EMAIL_HOST = 'lists.byisystems.com'
DEFAULT_URL_HOST = 'lists.byisystems.com'
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
add_virtualhost('lists.byisystems.com', 'lists.byisystems.com')

Other than the mynetworks which was updated with the IP, the only other change
was adding the alias files of mailman to the postfix(1), most of the other
settings were left as default.

1
2
3
4
5
6
7
8
9
10
11
12

virtual_alias_domains = lists.byisystems.com

virtual_alias_maps = hash:$config_directory/virtual
    hash:/usr/local/mailman/data/virtual-mailman

alias_maps = hash:$config_directory/aliases
    hash:/usr/local/mailman/data/aliases

alias_database = hash:$config_directory/aliases
    hash:/usr/local/mailman/data/aliases

recipient_delimiter = +

Setting up the mailing lists

Referring to couple of websites[5][6], I managed to create the “mailman” mailing
list which is required for running of mailman using the following command.

$ bin/newlist --urlhost=lists.byisystems.com --emailhost=lists.byisystems.com mailman

Once postfix(1) and mailman(8) services were up and running, it was trivial to
setup the rest of the lists needed by BYI Systems.

Setting up basic git(1)

While the server was being setup, we had a designer working on the basic website
for BYI Systems. Due to my lack of experience in setting up a proper remote
git(1) based collaboration platform and we did not want the website sources to
be hosted in github. the easiest thing I could think of was to setup a simple
git repository in the BYI machine and then set up a ssh(1) account to access it
remotely.

The git-shell[7] documentation helped with setting up an user git with the
shell /usr/local/libexec/git-core/git-shell and a small script under
/home/git/git-shell-commands called no-interactive-login

#!/bin/sh
printf '%s\n' "Hi $USER! You've successfully authenticated, but I do not"
printf '%s\n' "provide interactive shell access."
exit 128

In addition to this a similar user gitro was setup with read-only access to
the repositories stored under the git user’s home. And the access was granted
to both git and gitro using ssh(1) and authorized_keys file for each of
the above mentioned account.

Adding a .hushlogin file to the home directory of both git and gitro
helped prevent the /etc/motd from being displayed when one tried to push /
pull via git(1).

In future, I will need to think about setting up a proper git based
collaboration platform like GitLab.

Conclusion

Using jails would be a nice way to isolate these things from the virtual
machine. This would also help with isolating the various services that is
required.

Mail configuration is hard and is probably something that I need to look into.

References

  1. https://byisystems.com/
  2. http://lamport.azurewebsites.net/tla/tla.html
  3. https://www.nginx.com/resources/wiki/start/topics/recipes/mailman/
  4. https://svnweb.freebsd.org/ports/head/mail/mailman/files/FreeBSD-post-install-notes?view=markup
  5. https://www.purplehat.org/?page_id=18
  6. https://www.howtoforge.com/how-to-install-and-configure-mailman-with-postfix-on-debian-squeeze
  7. https://git-scm.com/docs/git-shell