some updates, cleanup, fix helperbot b2 upload step

helperbot

@@ -300,7 +300,7 @@ function b2_upload {
     fi
     # upload file specified
     backblaze-b2 authorize-account $B2_KEYID $B2_SECRET
-    backblaze-b2 upload-file $B2_BACKUP_BUCKET ""$1"/"$2".zst" ""$2".zst"
+    backblaze-b2 upload-file $B2_BACKUP_BUCKET "$1"/"$2" "$2"
     backblaze-b2 clear-account # just to ensure we won't stay authenticated afterwards
     # clear out secrets
     unset $(grep -v '^#' /etc/secrets/b2.env | sed -E 's/(.*)=.*/\1/' | xargs)

readme.md

@@ -10,18 +10,10 @@ synth.download's services consists of **4** different virtual machines:
 
 - [`phosphorus`](./phosphorus)
     - runs on the amd-based server! this one runs all of our fediverse services, pds and any other relatively heavy services that need some power.
-        - [sharkey](https://booping.synth.download)
+        - serves all of our fediverse instances, and the bluesky pds
-        - [iceshrimp.net](https://beeping.synth.download)
-        - [mastodon](https://merping.synth.download)
-        - [pds](https://pds.synth.download) [<small>source</small>](https://github.com/bluesky-social/pds)
 - [`neptunium`](./neptunium)
     - runs on the intel-based server! this one runs some of our shared services with other members and related services don't usually don't need much power, along with more "important" and "sensitive" things.
-        - [xmpp](https://www.ejabberd.im)
+        - serves smaller/critical services such as xmpp, vaultwarden, forgejo, mail, etc...
-        - [mailserver](https://mailu.io)
-        - [forgejo](https://forged.synth.download)
-        - [vaultwarden](https://vault.synth.download)
-        - [freshrss](https://rss.synth.download)
-        - [zitadel](https://auth.synth.download)
         - also serves as the main caddy machine (static sites, etc)
 - [`cerium`](./cerium)
     - also runs on the intel-based server! this vm runs everything that isn't exactly considered "important". this may include things such as:

setup.md

@@ -0,0 +1,109 @@
+# setup
+
+Personal guide to configuring a new system entirely from scratch.
+
+We use the latest version of Debian (12/Bookworm in this case) and everything we run is containerized, via Docker.
+
+## Phosphorus
+
+### Setup
+
+Boot up the Debian installer and set it up. The guided installer does everything for us and is simple to go through. Just make sure the admin password, user account password, hostname etc., is all set correctly. Also make sure you *don't* mess up the GRUB installation if it prompts to be installed. Ensure you're installing it *only* using the `SSH server` and `basic system utilities` (something along those lines - it should be the last on the list and automatically selected) presets.
+
+Once installed and rebooted into the system, we can log in. At this point, it's also possible to use SSH with the default configurations as Debian automatically enables it.
+
+### Post-setup
+
+#### Sudo
+
+Once logged in, let's get started with `sudo`. It's missing by default. Get a root shell by typing in `su -` along with the root password when asked, and first do an update of apt with `apt update && apt upgrade` then do `apt install sudo`. Install it, and now do `usermod -aG sudo <your username>` to make yourself a sudoer. Once that's done, exit the root shell, log out then log back in. Try `sudo` against anything to confirm it works, and congrats! Sudo now exists here.
+
+#### SSH
+
+As I've said before, SSH is already installed and configured. For now, we're just going to change the port to something else to prevent it from being attacked immediately
+
+Open up `/etc/ssh/sshd_config.d/01-port.conf` in your text editor (Neovim isn't installed right now - `sudo apt install neovim`) and just fill in the following:
+
+```
+Port 6720
+```
+
+This is exactly what it says. It opens SSH to port 6720 instead. Later, we'll configure it to disable password logins, but for now this will work. Restart SSH via `sudo systemctl restart sshd` (and `sudo systemctl restart ssh`, one of these should work and I don't know which) for it to take effect. Log in for now by adding `-p 6720` before the IP when doing `ssh` until we get a proper configuration.
+
+#### firewalld
+
+For the sake of our own safety and concern, we'll get a basic firewall up. Technically, it's not required to do so as Docker will just bypass it anyways, but I still prefer it as a safety measure to ensure that nothing else that could possible be running on a system level is exposed to the outside world from the system.
+
+First install firewalld with `sudo apt install firewalld`, which will install and automatically enable it.
+
+Now run this command to open the port 6720 for SSH:
+```bash
+sudo firewall-cmd --permanent --add-port=6720/tcp
+```
+
+And then reload the firewall:
+```bash
+sudo firewall-cmd --reload
+```
+
+And we're done for now here, until we configure other things later on.
+
+#### `synths` group
+
+We use a custom group to allow access to folders that would other be unreadable/unwritable to our users. This is used for our `/srv/docker` folder.
+
+Use the following command to create the `synths` group:
+```bash
+sudo groupadd synths
+```
+
+Then we add ourselves to the `synths` group:
+```bash
+sudo usermod -aG synths <your username>
+```
+
+Then, apply permissions to `/srv/docker` (create the folder using `sudo` if it doesn't exist):
+```bash
+sudo chgrp synths /srv/docker
+sudo chmod g+rwx /srv/docker
+```
+
+And now `/srv/docker` is readable and writable by everyone in the `synths` group!*
+
+<small>*Files written/made by others, however, will be owned by them, and will require sudo to modify their files.</small>
+
+#### Package installations
+
+Now that we're mostly set up and secure, let's install all of the packages required to continue with setting everything else up:
+
+- Docker
+    - [Up to date instructions can be found here.](https://docs.docker.com/engine/install/debian) Don't do the "post-install" steps, it's not really a good security practice.
+- Neovim
+- `htop`/`btop`
+- `zram-tools`
+    - Will be configured aftwards
+- `rsync`
+- `backblaze-b2`
+- `unzip`
+- `npm`
+- `git`
+
+```bash
+sudo apt install neovim htop btop zram-tools rsync backblaze-b2 unzip git
+```
+
+Docker installation is another process, please refer to their links to do it.
+
+### ZRam
+
+ZRam lets us do fancy compressed ram stuff to improve performance. So we'll configure it now.
+
+Once we install the package, as per the [Debian wiki](https://wiki.debian.org/ZRam), let's configured it so we can use *50%* of our total ram dedicated to ZRam's compressed swap space:
+```bash
+echo -e "ALGO=zstd\nPERCENT=50" | sudo tee -a /etc/default/zramswap
+sudo service zramswap reload
+```
+
+Once that's done, ZRAM should now be configured properly!
+
+#### Caddy