5 files changed, 0 insertions, 406 deletions
diff --git a/doc/george/changelog b/doc/george/changelog
deleted file mode 100644
index ffb7cb0..0000000
--- a/doc/george/changelog
+++ /dev/null
@@ -1,281 +0,0 @@
-******************************************************************************
-*                                                                            *
-*               	george system log		                     *
-*                                                                            *
-******************************************************************************
-*  Please add new entries in reverse chronological order whenever you make   *
-*  changes to this system (first command at top, last at bottom)             *
-******************************************************************************
-2010-03-09 - micah
- 	* setup /srv/micah.monkeysphere.info
-	* replaced /etc/mathopd.conf virtual for daniel with one for me
-	* removed /srv/daniel.monkeysphere.info - not used
-
-2010-03-08 - mjgoins
-	* Adding self to webmaster's authorized_user_ids
-	* updating ikiwiki to use the version from lenny backports 
-	* changing the ikiwki markup to be appropriate for version 3.2xxx
-
-2010-02-23 - dkg
-	* add lenny-backports repo.
-	* remove monkeysphere repo.
-	* aptitude update && aptitude full-upgrade (including monkeysphere
-	0.28-1~bpo50+1, and backported gpg)
-	
-2010-01-12 - dkg
-	* aptitude update && aptitude full-upgrade (including monkeysphere
-	0.27-1)
-
-2009-10-26 - dkg
-	* upgrade nginx in response to DSA-1920-1
-	
-2009-09-14 - dkg
-	* aptitude update && aptitude full-upgrade (bunch of lenny
-	updates, plus ikiwiki security upgrade)
-	
-2009-04-21 - jrollins
-	* apt-get update && dist-upgrade (a bunch of stuff (monkeysphere,
-	screen, gnupg, dash, onak, git-core...)
-	* extended host key by 3 months
-	
-2009-04-21 - micah
-	* aptitude update && aptitude full-upgrade (git-core DSA)
-	
-2009-04-12 - dkg
-	* aptitude update && aptitude full-upgrade
-	* (checked and found that monkeysphere version 0.24-1 is already
-	installed; don't know how that happened, coulda been me, just
-	sloppy about not noting it in the changelog)
-	* extended host key by 4 months
-	
-2009-02-22 - jrollins
-	* fixed /etc/crontab line for update-users (was trying to run
-	monkeysphere-server instead of monkeysphere-authentication).
-
-2009-02-21 - dkg
-	* upgraded to the latest versions of packages for lenny.
-	* upgraded george to monkeysphere 0.23.1.  the transition upgrade
-	failed due to the way that gpg exports self-signatures secret
-	keys; it only exports the first self-sig for each user id, even if
-	that one is expired.  Then any subsequent import fails, even if
-	the target import keyring knows about some valid self-signatures.
-	* i man-handled the upgrade into place so that george doesn't just
-	fail on us, but this is a pretty major bug in the transition process.
-	
-2009-01-31 - jrollins
-	* applied diff represented in commit
-	f75a5747a8b99e04c02c475791c476f1fbd2b674 to change log level for
-	unacceptable untranslatable keys.
-
-2009-01-30 - micah
-	* Replaced nullmailer with postfix, nullmailer doesn't handle aliases
-	  and insisted either on constantly respooling mail when there was no
-	  where to go. 
-
-2009-01-24 - micah
-	* Configured /etc/aliases to have root go to mjgoins, micah, dkg, jrollins
-	* Configured /etc/nullmailer/remotes to have mail.riseup.net so remote delivery will work
-	* Removed the hundreds of queued cron emails that had resulted in 30gig of mail.err logs
-	* Rotated the giant logs out 
-
-2009-01-11 - dkg
-	* extended the expiration date for george's key three months into
-	the future.
-	* aptitude update && aptitude full-upgrade (brings monkeysphere to
-	0.22-1)
-	
-2008-10-29 - dkg
-	* aptitude update && aptitude full-upgrade
-	* brought monkeysphere up to 0.19-1
-	* removed tasksel
-	
-2008-10-25 - dkg
-	* aptitude update && aptitude full-upgrade
-	* brought monkeysphere up to 0.16-1
-	* repointed keyserver usage to pool.sks-keyservers.net
-	
-2008-09-04 - dkg
-	* added two mime-type declarations in /etc/mathopd.conf so .debs
-	  and .tar.gz files come out reasonably; restarted mathopd for the
-	  re-read.
-	* built monkeyshell (from src/monkeyshell) and installed as
-	  /usr/local/bin/monkeyshell, added to /etc/shells.
-	* created new account "monkey" which has monkeyshell as the shell
-	  for non-privileged test access.  To let someone test this out,
-	  make sure they're well-connected to george's web of trust, and
-	  then add their User ID to
-	  ~monkey/.monkeysphere/authorized_user_ids
-	* more mime types for mathopd: image/png image/x-icon
-	
-2008-09-03 - micah
-	* migrated /home/*/.config/monkeysphere/authorized_user_ids to new
-	agreed location: /home/*/.monkeysphere/authorized_user_ids and created
-	a symlink in the original location for transition purposes. Also,
-	did /root's as well. I used this hackish mechanism:
-	$ for user in `find . -wholename './*/.config/monkeysphere/authorized_user_ids' \
-	| cut -d/ -f2`; do mkdir -v ${user}/.monkeysphere; chown ${user}:${user} \
-	${user}/.monkeysphere; mv -v ${user}/.config/monkeysphere/authorized_user_ids \
-	${user}/.monkeysphere; ln -s /home/${user}/.monkeysphere/authorized_user_ids \
-	${user}/.config/monkeysphere/authorized_user_ids; done
-
-	   - dkg
-	* added the monkeysphere archive repository signing key
-	* aptitude update && aptitude full-upgrade (brings in monkeysphere 0.13-1)
-	* cleaned up /etc/skel to reflect correct location of the
-	  monkeysphere config directory.
-	* micah moved all the existing config stuff over, and left
-	  symlinks so people aren't disoriented.
-	
-2008-09-01 - dkg
-	* set up http://dkg.monkeysphere.info so that i could play around
-	  with ikiwiki updates
-	* moved apt repository over to http://archive.monkeysphere.info/
-	* aptitude update && aptitude dist-upgrade
-	* canonicalizing hostname for normal web access to
-	  http://web.monkeysphere.info
-	
-2008-08-26 - dkg
-	* aptitude update && aptitude full-upgrade
-	* added account 'daniel' for Dan Scott, and set him up with a way
-	  to publish to http://daniel.monkeysphere.info
-	
-2008-08-20 - dkg
-	* aptitude update && aptitude dist-upgrade: this includes
-	  monkeysphere 0.11-1 and OpenSSH 5.1p1-2
-	
-2008-08-18 - dkg
-	* moved monkeysphere apt repo entry to
-	  /etc/apt/sources.list.d/monkeysphere.list
-	* aptitude update && aptitude full-upgrade (including monkeysphere
-	  0.9-1)
-	* switched george's monkeysphere-server preferred keyserver to
-	  monkeysphere.info for the moment.  Both pgp.mit.edu and
-	  subkeys.pgp.net are sluggish right now :/
-	
-2008-08-16 - jrollins
-	* removed stale branches from jrollins from the master repo
-	* aptitude update && aptitude full-upgrade
-	* restarted services to clear up dependencies on old libraries
-	
-2008-08-13 - dkg
-	* aptitude update && aptitude full-upgrade
-	* restarted services to clear up dependencies on old libraries
-	
-2008-08-07 - dkg
-	* aptitude update && aptitude dist-upgrade
-	* removed debian's experimental from the sources.list
-	* removed experimental stanza from /etc/apt/preferences (now the
-	  monkeysphere packages should upgrade automatically)
-	* upgraded to monkeysphere 0.7-1
-	* installed runit
-	* set up a public git daemon service to serve git repos from
-	  george, using runit. (root-served repos are served from
-	  /srv/git, but ~USER/public_git is supported as well, if anyone
-	  wants to use that for publication).
-	
-2008-08-03 - dkg
-	* aptitude update && aptitude dist-upgrade
-	* installed iproute
-	* added my User ID to ~webmaster/.config/monkeysphere/authorized_user_ids
-
-2008-08-02 - jrollins
-	* aptitude update && aptitude dist-upgrade
-	* restarted cron, nullmailer, sshd
-	* aptitude install git-core ikiwiki
-	* adduser webmaster
-	* su - webmaster
-	* created a bare repo at ~webmaster/monkeysphere.git.  I then
-	pushed into this repo from my working directory on servo to verify
-	that it was accepting.
-	* cloned above repo at ~webmaster/monkeysphere
-	* created ~webmaster/ikiwiki.setup
-	* ikiwiki --setup ikiwiki.setup
-	* linked post-receive to new post-commit hook in monkeysphere.git
-	* changed default keyserver to be pgp.mit.edu (subkeys.pgp.net
-	blows)
-	* updated /etc/skel with ssh and monkeysphere stuff
-	* made authorzied_user_ids file for webmaster and ran
-	"monkeysphere-server u webmaster".
-	
-2008-06-23 - dkg
-	* added monkeysphere apt repository to /etc/apt/sources.list
-	* added dkg's key to apt's list of trusted keys.
-	* ran aptitude dist-upgrade
-	* upgraded to monkeysphere 0.2-1
-	* moved authorized_user_ids files into users' home directories.
-	* installed lockfile-progs
-	
-2008-06-22 - dkg
-	* installed screen (mjgoins and i were collaborating)
-	
-2008-06-21 - micah
-	* Restored /etc/init.d/ssh to original package state and changed
-	/etc/default/ssh to have 'unset SSHD_OOM_ADJUST' instead.
-	
-2008-06-20 - micah
-	* Commented out the 'export SSHD_OOM_ADJUST=-17' from the
-	/etc/init.d/ssh initscript, and the 'SSHD_OOM_ADJUST=-17' from
-	/etc/default/ssh in order to make this error go away:
-	"error writing /proc/self/oom_adj: Operation not permitted"
-	(c.f. Debian #487325)
-	
-2008-06-20 - dkg
-	* touched /etc/environment to get rid of some spurious auth.log
-	entries.
-	* turned up sshd's LogLevel from INFO to DEBUG
-	
-2008-06-19 - dkg
-	* installed rsync (for maintaining a public apt repo)
-	
-	* configured mathopd to listen on port 80, serving /srv/www as /
-	and /srv/apt as /debian.  We've got nothing in /srv/www at the
-	moment, though.
-
-	* installed lsof and psmisc as sysadmin utilities.  sorry for the
-	bloat!
-
-	* installed strace to try to figure out why onak is segfaulting.
-	
-2008-06-19 - dkg
-	* removed etch sources, switched "testing" to "lenny", added
-	lenny/updates, removed all contrib and non-free.
-	
-	* removed testing pin in /etc/apt/preferences
-	* ran the upgrade
-	
-	* reset emacs22 to emacs22-nox (avoiding dependencies)
-	
-	* removed sysklog and klogd because of errors restarting klogd.
-	Installed syslog-ng in their stead, which still gives errors
-	related to /proc/kmsg unreadability, but the install completes :/
-	
-	* added experimental
-	* juggled pinning: experimental: 1, unstable: 2	
-	* added mathopd onak, tweaked /etc/mathopd.conf and /etc/onak.conf
-	
-	* installed monkeysphere v0.1-1, changed host key, published
-	them via the local keyserver (see host-key-publication)
-
-	* added local unprivileged user accounts for everyone listed in
-	/usr/share/doc/monkeysphere/copyright
-
-	* configured authorized_user_ids for every user account based on
-	my best guess at their OpenPGP User ID (see
-	user-id-configuration).
-
-	* set up a cronjob (in /etc/crontab) to run "monkeysphere-server
-	update-users" at 26 minutes past the hour.
-	
-2008-06-18 - jrollins
-	* installed less, emacs;
-	* aptitude update && aptitude dist-upgrade
-
-2008-06-18 - micah
-	* debootstrap'd debian etch install
-	* installed /etc/apt/sources.list with local proxy sources for etch,
-	  testing, unstable, backports and volatile
-	* configured /etc/apt/preferences and apt.conf.d/local-conf to
-	  pin etch, but make testing, sid and backports available
-	* added backports.org apt-key
-	* installed openssh-server and openssh-client packages
-	* added dkg, jrollins, mjgoins ssh public_keys to /root/.ssh/authorized_keys
diff --git a/doc/george/host-key-publication b/doc/george/host-key-publication
deleted file mode 100644
index 03e2510..0000000
--- a/doc/george/host-key-publication
+++ /dev/null
@@ -1,28 +0,0 @@
-2008-06-19 02:34:57-0400
-------------------------
-
-Adding george's host key to the monkeysphere was more complicated than
-it needed to be.
-
-As the server admin, i did (accepting the defaults where possible):
-
- monkeysphere-server gen-key
- KEYID=$(GNUPGHOME=/etc/monkeysphere/gnupg gpg --with-colons --list-key  =ssh://$(hostname --fqdn) | grep ^pub: | cut -f5 -d:)
- (umask 077 && GNUPGHOME=/etc/monkeysphere/gnupg gpg --export-secret-key $KEYID | openpgp2ssh $KEYID >/etc/monkeysphere/ssh_host_rsa_key)
-   # modify /etc/ssh/sshd_config to remove old host keys lines, and 
-   # add new line: HostKey /etc/monkeysphere/ssh_host_rsa_key 
- /etc/init.d/ssh restart
-
- KEYSERVER=george.riseup.net monkeysphere-server publish-key
-  # (needed to publish by hand here because of reasonable sanity checks)
- monkeysphere-server show-fingerprint
-
-  # then from a remote host:
- gpg --keyserver george.riseup.net --search =ssh://george.riseup.net
- gpg --fingerprint --sign-key =ssh://george.riseup.net
- KEYID=$(gpg --with-colons --list-key =ssh://george.riseup.net | grep ^pub: | cut -f5 -d:)
- gpg --keyserver george.riseup.net --send "$KEYID"
- gpg --keyserver george.riseup.net --send "$MYGPGID"
-
-
-How could this have been streamlined?
diff --git a/doc/george/keyserver-local b/doc/george/keyserver-local
deleted file mode 100644
index 7d532cf..0000000
--- a/doc/george/keyserver-local
+++ /dev/null
@@ -1,24 +0,0 @@
-Wed Jun 25 02:03:39 EDT 2008 matt goins <mjgoins@openflows.com>
-
-On Saturday (2008-6-22) dkg and I set up sks as a replacement for onak. onak
-had proven to be unstable, mostly in that it tended to corrupt its own database
-beyond repair. 
-
-The sks instructions want the admin to download many huge dumps of keys from
-the world's keyservers (on the order of 5 GiB?), so we imported a dump
-containing only my key. We learned that sks won't start with an empty database,
-unlike onak.
-
-2008-06-25: Locally exported george's key to its keyserver. Tried a remote
-send-keys of squash's key and it appears to work.
-
-
-TODO:
- 
- * Get some more keys in there.
-
- * Read up on syncing with other keyservers.
-
-   
-
-
diff --git a/doc/george/policy b/doc/george/policy
deleted file mode 100644
index a17a310..0000000
--- a/doc/george/policy
+++ /dev/null
@@ -1,33 +0,0 @@
-Policy for maintaining george.riseup.net
-----------------------------------------
-
-Riseup graciously provided the MonkeySphere project with a vserver for
-testing and public documentation.  This is known as george.riseup.net,
-for those who are curious about the MonkeySphere.
-
-george will be maintained as a debian lenny machine, with minimal
-packages from experimental as needed for installing and running what
-we build elsewhere.
-
-george will host 3 public-facing services: an ssh daemon on port 22,
-an http service on port 80, and an OpenPGP keyserver (the HKP
-protocol) on port 11371.
-
-Administration of george is a shared responsibility across the core
-members of the MonkeySphere development team.  Administrators will log
-changes in their git repositories, in doc/george/changelog (a peer of
-this policy file).
-
-monkeysphere packages installed on george will use unique, tagged
-version numbers so we know what we're running.
-
-We will try to keep the installation as minimal as possible while
-still allowing for comfortable day-to-day administration.
-
-We will use aptitude for package management where possible.
-
-Outstanding questions:
-
-Who should have superuser access?
-
-Who should get regular user accounts?
diff --git a/doc/george/user-id-configuration b/doc/george/user-id-configuration
deleted file mode 100644
index 9a7f4d2..0000000
--- a/doc/george/user-id-configuration
+++ /dev/null
@@ -1,40 +0,0 @@
-2008-06-19 03:00:58-0400
-------------------------
-
-setting up authorized_user_id configuration on george was also more
-cumbersome than it needs to be.  Here's what i (dkg) did:
-
-monkeysphere-server trust-keys 0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
-
-monkeysphere-server update-user-userids dkg 'Daniel Kahn Gillmor <dkg@fifthhorseman.net>'
-monkeysphere-server update-user-userids jrollins 'Jameson Rollins <jrollins@fifthhorseman.net>'
-monkeysphere-server update-user-userids micah 'Micah Anderson <micah@riseup.net>' 
-monkeysphere-server update-user-userids mjgoins 'Matthew Goins <mjgoins@openflows.com>'
-monkeysphere-server update-user-userids ross 'Ross Glover <ross@ross.mayfirst.org>'
-monkeysphere-server update-user-userids jamie 'Jamie McClelland <jamie@mayfirst.org>'
-monkeysphere-server update-user-userids mlcastle 'mike castleman <m@mlcastle.net>'
-monkeysphere-server update-user-userids enw 'Elliot Winard <enw@caveteen.com>'
-monkeysphere-server update-user-userids greg 'Greg Lyle <greg@stealthisemail.com>' 
-
-
-then i added a scheduled:
-
-  monkeysphere-server update-users
-
-to run hourly via /etc/crontab
-
-and made sure that root's keys were working with a temporary symlink
-(see TODO about that business)
-
-and then modified /etc/ssh/sshd_config with:
-
- AuthorizedKeysFile      /var/cache/monkeysphere/authorized_keys/%u
-
-
-Some outstanding questions:
-
- * Should we ship a scheduled monkeysphere-server update-users cron
-   job automatically?
-
- * why was i not prompted to confirm the trust-keys line, which seems
-   like the most delicate/sensitive line of all of them?