Vervis/INSTALL.md

# 2024 update - docker setup

I'll update this file properly soon, but for now, instructions for deployment
using docker:

1. In `create-db.sql`, update the `vervis` DB user's password
2. Create and edit `config/settings.yml` based on
   `config/settings-sample-prod.yml`, remember to set the same DB password here
3. In `docker-compose.yml`, update the database superuser password (it's the
   password for the `postgres` superuser, not `vervis`)
4. Create initial state: `./prepare-state.sh`
5. Ready for launch! `docker-compose up -d`

---

Vervis is still in early development and the build process gets updates once in
a while, but this file tries to keep up and list the latest instructions for
running a Vervis instance.

At the time of writing, you can get a running Vervis instance if you follow the
steps below.

UPDATE: There is a binary build you can use instead of building from source. It
can be found [here](https://box.angeley.es/nextcloud/s/oWHmQDtWTAfPR4Z). If you
use it, verify the download using `sha256sum` and `gpg`, make sure the settings
in your `config/settings.yml` (see below) match the downloaded file paths, and run the
web app using `./bin/vervis` and not `stack run`. This may be confusing;
hopefully I'll make a nicer binary release soon :)

2022 UPDATE: The binary release is unavailable right now. But a docker image is
being prepared. More news soon.

2024 UPDATE: For production hosting and deployment with Docker, use the
`Dockerfile` and `docker-compose.yml` files in this repo's root directory.

# (1) System libraries

Install dependency library development packages. It's very likely you already
have them all installed, and if you're missing some, the build process will
inform you. But it's still nice to have a list here. The list below isn't a
complete list, it's just libraries that people have found missing while
building, and let me know.

- libgmp
- libpcre
- ZLib
- libssl
- PostgreSQL client library

On Debian based distros, installation can be done like this:

    $ sudo apt install libpq-dev zlib1g-dev libssl-dev libpcre3-dev libgmp-dev

# (2) Haskell development tools

Go to the [GHCup website](https://www.haskell.org/ghcup) and follow the
instructions.

    $ curl --proto '=https' --tlsv1.2 -sSf https://get-ghcup.haskell.org | sh

# (3) Version control systems Darcs and Git

Install Darcs and Git. You can grab them from your distro, e.g.:

    $ sudo apt install darcs git

# (4) The Vervis source code

Clone the Vervis repo:

    $ git clone https://vervis.peers.community/repos/rjQ3E vervis
    $ cd vervis

Clone dependency libraries:

    $ ./update-deps.sh

# (5) Database

Install PostgreSQL. You'll need the server and the client library development
files. Note that PostgreSQL needs to be at least version 9.5.

    $ sudo apt install postgresql libpq-dev

Switch to `postgres` system user:

    $ sudo su - postgres

Create a PostgreSQL user.

With password:

    $ createuser --no-createdb --no-createrole --no-superuser --encrypted --pwprompt vervis

No password (if you run Vervis as a user by the same name as the DB user):

    $ createuser --no-createdb --no-createrole --no-superuser vervis

Create a PostgreSQL database:

    $ createdb --encoding=UTF8 --owner=vervis vervis

# (6) Build Vervis

If you're building for a production deployment, set the `dev` flag to false in
`stack.yaml`:

    flags:
      vervis:
        dev: false

Build. This will also automatically install the GHC Haskell compiler.

    $ mkdir static
    $ stack build

# (7) Configuration

Create a directory to hold mutable application state:

    $ mkdir state

Generate a new SSH key with a blank password:

    $ ssh-keygen -t rsa -m PEM -f state/ssh-host-key

Update the settings to specify correct database connection details and other
settings.

    # Pick the right settings-sample-* file
    $ cp config/settings-sample-dev.yaml config/settings.yml
    $ vim config/settings.yml

Create a directory that will keep all the VCS repositories hosted by Vervis.

    $ mkdir state/repos

Create a directory that will keep remote delivery state.

    $ mkdir state/delivery-states

# (8) Development and deployment

To update your local clone of Vervis, run:

    $ git pull
    $ ./update-deps.sh
    $ stack build

For convenience, at least on actual deployments, you may wish to run the Vervis
SSH server on port 22, so that people don't have to specify a custom port. For
that to work, the user that runs the Vervis server needs to get permission to
bind to ports below 1024. There are several ways to do that. One of them is to
use file capabilities to give the Vervis executable the permission to bind to
such ports (if you prefer not to trust the code, try one of the other methods,
such as sudo):

    $ sudo setcap CAP_NET_BIND_SERVICE=+ep `stack exec which vervis`

Vervis uses various key files for cryptography and other data generation, and
once these key files are created, they shouldn't change. For some of them, it's
*critical* they don't change, because some usage or interpretation of data in
the PostgreSQL database depends on them. For this reason, by default, key file
loading happens as follows: When Vervis runs for the first time (this is
checked by detecting that the database is empty, no tables), it generates and
writes key files, and it's an error if any of them already exist. Otherwise, on
the next time(s) Vervis runs, it requires all key files to exist, and an error
is raised if any are missing.

If you're running Vervis for the first time, i.e. the database is still empty,
and for some reason you'd like Vervis to load some existing key files, while
generating the rest, run this:

    $ touch _keyfile_import_existing

Run.

    $ stack run -- config/settings.yml

By default, Vervis is configured with User Registration disabled.  This is to
prevent any automatic spambot registration for bots that may be monitoring the
Federated Network.  In order to enable user registration on your instance,
change "registration: false" to "registration: "true" in the config/
settings.yml file.  Also, the maximum # of accounts is limited to 3.  You
can increase/decrease this setting to change the maximum.  If you do not wish
to have a limit, you can comment out this line entirely.

When you update Vervis to a newer version, it's possible the software now uses
some new key files, and Vervis will raise an error about those key files
missing in the filesystem. You can ask Vervis to generate missing files, and
load the rest as usual:

    $ touch _keyfile_write_missing
    $ stack run

Browse to `http://localhost:3000` and have fun!

`yesod devel` is another way to run the application, useful for rapid
development, but I haven't been using it and I'm not sure it works, possibly I
broke something along the way. But feel free to try!

I have a little script for deploying Vervis on my server. I just haven't
published it yet and haven't explained how it works. If you're interested, ask
me about it, and it will motivate me to write about it sooner :)