davrot/Keyserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
keys.neuro.uni-bremen.de
60 commits 1 branch 0 tags 66 KiB
Find a file
Exact
davrot 20e09ddd28 README.md aktualisiert
2024-11-30 16:50:12 +01:00
backup backup/README.md hinzugefügt 2024-11-25 12:11:27 +01:00
locales Dateien nach „locales“ hochladen 2024-11-22 22:42:28 +01:00
src/view Dateien nach „src/view“ hochladen 2024-11-22 22:44:10 +01:00
.env .env hinzugefügt 2024-11-22 21:41:34 +01:00
keyserver.service keyserver.service hinzugefügt 2024-11-22 21:42:14 +01:00
LICENSE Initial commit 2024-11-22 21:36:58 +01:00
nginx.conf nginx.conf aktualisiert 2024-11-22 23:32:59 +01:00
README.md README.md aktualisiert 2024-11-30 16:50:12 +01:00

README.md

Keyserver

keys.neuro.uni-bremen.de

apt update
apt upgrade
apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools

ufw allow 443
ufw allow 80
ufw allow 22
ufw enable

# Add root to the /etc/aliases file and add the msmtprc file to /etc
apt -y install msmtp msmtp-mta mailutils
hostname keys.neuro.uni-bremen.de
cat /etc/hostname
echo "root: davrot@neuro.uni-bremen.de" > /etc/aliases
echo "defaults" > /etc/msmtprc
echo "tls            on" >> /etc/msmtprc
echo "tls_starttls off" >> /etc/msmtprc
echo "tls_certcheck off" >> /etc/msmtprc
echo "tls_trust_file /etc/ssl/certs/ca-certificates.crt" >> /etc/msmtprc
echo "logfile        /var/log/msmtp.log" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "# University SMTP server" >> /etc/msmtprc
echo "account        uni-bremen" >> /etc/msmtprc
echo "host           smtp.uni-bremen.de" >> /etc/msmtprc
echo "port           465" >> /etc/msmtprc
echo "from           overleaf@uni-bremen.de" >> /etc/msmtprc
echo "user           overleaf" >> /etc/msmtprc
echo "password       REDACTED" >> /etc/msmtprc
echo "set_from_header on" >> /etc/msmtprc
echo "auth on" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "# Set a default account" >> /etc/msmtprc
echo "account default : uni-bremen" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "aliases /etc/aliases" >> /etc/msmtprc
chmod 644 /etc/msmtprc
touch /var/log/msmtp.log
ln -s /usr/bin/msmtp /usr/sbin/sendmail
echo "Test message" | mail -s "Test subject" root


wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
apt-get update
apt-get upgrade -y 
apt install mongodb-org
mongod --version
systemctl enable mongod
systemctl start mongod
systemctl status mongod

apt install ca-certificates curl gnupg
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
NODE_MAJOR=20
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
apt-get update
apt install nodejs
node -v
npm -v

mongosh
use keyserver-int
db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver-int" }] })

git clone https://github.com/mailvelope/keyserver /app
cd /app
npm install

# Deal with .env  
npm test

mongosh
use keyserver
db.createUser({ user:"keyserver", pwd:"REDACTED", roles:[{ role:"readWrite", db:"keyserver" }] })
db.adminCommand({setParameter:1, ttlMonitorSleepSecs: 86400})
db.publickey.createIndex({"userIds.email" : 1, "userIds.verified" : 1})
db.publickey.createIndex({"keyId" : 1, "userIds.verified" : 1}) 
db.publickey.createIndex({"fingerprint" : 1, "userIds.verified" : 1}) 

npm start

lynx http://localhost:8888

install nginx
systemctl enable nginx
cd /etc/nginx
mv nginx.conf nginx.conf_old
# Put new nginx config here
mkdir /certs
# Put key.pem and ca.pem here
nginx -t

systemctl start nginx

#Put /etc/systemd/system/keyserver.service into place
systemctl daemon-reload
systemctl enable keyserver
systemctl start keyserver
systemctl status keyserver

ufw allow 11371

Generate keys for testing (or using)

gpg --full-generate-key

# Parameter: 
# Key type: RSA and RSA
# Key size: 4096 bits
# Key validity: 0 (never expires)
# Real name: Your Name
# Email address: Your email address
# Comment: Optional, can leave blank
# Passphrase: Choose a strong passphrase

# Export Public Key
gpg --armor --export davrot@uni-bremen.de > public_key.asc

# Backup your private key:
gpg --armor --export-secret-keys davrot@uni-bremen.de > private_key.asc

Thunderbird 
Account Settings -> End-to-End Encryption -> Add Key -> Import existing OpenPGP key -> private_key.asc

Test the key distribution

gpg --keyserver hkp://keys.neuro.uni-bremen.de --search davrot@uni-bremen.de
gpg --keyserver hkps://keys.neuro.uni-bremen.de --search davrot@uni-bremen.de