What happened to Gemini?

Oof, I don't know. I guess Phoebe was breaking down under it's own weight. See 2023-08-18 Taking down Phoebe for the moment. So there's that hassle of having to try and figure out what's not working, and if nobody is complaining, then nobody really needs it. Might as well get rid of it. Under capitalism, you can measure utility for others by the money you're making. Outside of capitalism, there's community to tell you how useful things are for others. And beyond that, there's the joy of programming and tinkering… but none of that is working for me right now. I feel like I'd rather read a book instead.

2023-08-18 Taking down Phoebe for the moment

So now I'm using a patched Satellite to host my old stuff.

a patched Satellite

On the server, create a dedicated user:

adduser --system --home /home/satellite satellite

On my laptop, install the binary and copy it over.

go install git.sr.ht/~gsthnz/satellite@latest
rsync -avz /home/alex/go/bin/satellite sibirocobombus:/home/satellite/

Or, having patched mine to serve the Gemini MIME type by default:

git clone https://git.sr.ht/~gsthnz/satellite
cd satellite
go build
rsync -avz /home/alex/go/bin/satellite sibirocobombus:/home/satellite/

On the server, create a config file called `/home/satellite/satellite.toml`.

[tls]
# Directory to save certificates
directory = "/home/satellite/certs"

[[domain]]
name = "transjovian.org"
root = "/home/satellite/transjovian.org"

Create the directory for the certificates.

mkdir -p ~/farm/satellite/certs

Move the Phoebe directory:

mv ~/phoebe/transjovian.org ~/farm/satellite/

Create a service file:

[Unit]
Description=Satellite
After=network.target
[Install]
WantedBy=multi-user.target
[Service]
Type=simple
Restart=always
User=satellite
WorkingDirectory=/home/satellite
ExecStart=/home/satellite/satellite -c /home/satellite/satellite.toml
# (man "systemd.resource-control")
MemoryHigh=50M
MemoryMax=100M

# (man "systemd.exec")
ReadOnlyPaths=/home/satellite/
ReadWritePaths=/home/satellite/certs
ProtectHostname=yes
RestrictSUIDSGID=yes
UMask=0077
RemoveIPC=yes
MemoryDenyWriteExecute=yes

# Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap

# Denying access to capabilities that should not be relevant
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG

I really wonder about all these settings. Are they really necessary? Who knows!

Install it, as root:

systemctl enable --now /home/alex/farm/satellite/satellite.service

Satellite is now serving the Phoebe files. I had to make a number of small changes, though:

Phoebe hides the `.gmi` extension from visitors, and that's meant either changing all the links or renaming all the files. I renamed all the files. That seemed easier to me. Without the `.gmi` extension, however, `satellite` wouldn't serve them anymore. So I needed to make a change: no extension is to be treated as Gemtext!

diff --git a/gemini.go b/gemini.go
index 4f01574..37795ef 100644
--- a/gemini.go
+++ b/gemini.go
@@ -105,7 +105,7 @@ func getResponseBytes(code int, message string) []byte {

 func getMimeType(fullPath string) string {
 	ext := path.Ext(fullPath)
-	if ext == ".gmi" || ext == ".gemini" {
+	if ext == ".gmi" || ext == ".gemini" || ext == "" {
 		return GeminiMIME
 	}
 	return mime.TypeByExtension(ext)

And with that, I hope I'm done.