# Setting up a SkotOS Host
*(First draft, to be synced to GitHub/ChatTheatre/SkotOS)*
_This lists major steps for setting up a SkotOS host, but is incomplete, especially due to the fact that the install ending up being very problematic._
Note that `X000` refers to the base port used for the server (e.g., `6000`).
1. Setup a secure machine
1. Request a second IP address: you'll need one for Apache & one for the game (for each game)
* Edit /etc/network/interface, adding new interface and the interface to "auto"
* /etc/init.d/networking restart
1. Retrieve X000.tar.gz
1. Retrieve skotos-misc.tar.gz
1. Install them in /var/skotos
1. Edit IP address in /var/skotos/X000/skotos.dgd
1. Edit hostname in /var/skotos/X000/skoot/usr/System/data/instance
1. Add to cron: `@reboot /var/skotos/runinstance.sh X000 &`
1. Install 32-bit libraries
* dpkg --add-architecture i386
* apt-get update
* apt-get install libc6-i386
1. Run: "nohup /var/skotos/runinstance.sh X000 &"
1. Install other packages
* apt-get install git
1. Install the extra software
* Install the UserDB per: https://github.com/skotostech/thin-auth/blob/master/README.md
* Install the Client per: https://github.com/skotostech/orchil
* Create a new directory + files for client software for the new game
1. Add backups to crontab: `40 1 * * * /var/skotos/support/misc/backup-dumps X000`
## Adjusting Permissions for Skotos
By default, the /var/skotos files will have `root.root` permissions. To allow access to those files by multiple users, with lower security concerns, create a special group for all Skotos files (e.g., `skotos`) and give write access to that group.
```
# groupadd skotos
# chgrp -R skotos /var/skotos
# chmod -R g+w /var/skotos
```
# Setting up a User
You can set up a new user in your standard `skotos` group with the `adduser` command:
```
# adduser user-name skotos
```
If it is an existing user you can add the account to the `skotos` group with:
```
usermod -a -G skotos user-name
```
## Giving a User SSH Access
By default, we suggest that your `ssh` be restricted to a set number of IP addresses. This is done by creating a `/etc/hosts.deny` file that reads `sshd: ALL`.
If this is your setup, then every new user will have to be given individual access to your machine. This is done by recording their IP address in the `/etc/hosts.allow` file. The can discover their IP address with a service such as https://whatismyip.com. If they can't figure out their IP address, have them login while you are in the console and `tail --lines 25 /var/log/auth.log`.
With that IP address in hand, you can provide the new user with access to the server from the server:
```
# nano /etc/hosts.allow
```
A standard line in the file looks like the following:
```
# Real Namefor Your Reference
sshd: 127.0.0.1
```
With `nano`, use arrow keys to add that real name, account name, and "sshd: " plus IPs separated by commas
* `^o` to write
* `<return>`
* `^x` to exit
Afterward, you must restart the `sshd` server:
```
/etc/init.d/ssh restart
```
## Giving a User Sudo Permissions
The above will give a user full access to SkotOS files. If you also want to give them access to other administrative functionality on the machine, you should:
```
# usermod -aG sudo user-name
```
## Setting up Access to the Wiztool
The SkotOS games all come with a "wiztool" at port X098 (e.g., 6098) which can be used to do high level (and dangerous!) work such as recompiling source code. To give someone access to the wiztool, someone with existing access must run a few commands.
Your staff user account will first need to be added to the "System:Developers" in the Tree of WOE. They can do this themselves as they should already have staff permissions.
(TBD: There may be a missing step here. They may have already have had to try to have telnet in to wiztool first.)
Now you grant them permission using your existing access to the wiztool port.
We suggest firewalling your machine so that port X098 is by default blocked, in which case you can only login into it locally (e.g., by logging on the SkotOS machine). From there, you should be able to `telnet` to the port:
```
# telnet game-dns-name X098
```
For example:
```
# telnet chat.gables.chattheatre.com 6098
```
Once logged in, run the following two commands:
```
code "/usr/System/sys/devuserd"->set_developer("name")
code "~System/sys/devuserd"->set_password("name", "pass")
```
The `name` should be their ChatTheatre account name and the `pass` their unique password for the wiztool admin port.
Sign in with Wallet
Connect another wallet