From Newsgroup: comp.infosystems.gemini

Gemini url for virebent.art is out ! :)
(gemini://virebent.art)

For a while, but until recently it was served by gmnisrv bolted onto an
existing container that was doing other things.

I finally separated it into a dedicated LXC container running Alpine OS
with Agate as the server.

Notes below for anyone doing the same.

---

Setup: Alpine Linux 3.22 unprivileged LXC on Proxmox, ~50MB RAM idle.
Server: Agate 3.3.x (https://github.com/mbrubeck/agate),
single static binary,
no dependencies, serves text/gemini and static files from a
directory tree.
Agate handles TLS natively with its own self-signed certificate and
TOFU model,

no Certbot, no CA interaction, no renewal cron.
First connection records the
fingerprint,

subsequent connections verify it.

Exactly how Gemini is supposed to work.

Configuration is one command:

agate --content /var/gemini \
--hostname virebent.art \
--addr 0.0.0.0:1965 \
--log-ip

Content lives in /var/gemini/ as plain .gmi files. Subdirectories map to
paths directly. No templating, no build step, no pipeline. Edit a file,
it is live.

The container exposes port 1965 through the Proxmox host NAT.

Resource cost: negligible. The Alpine base image is ~8MB. Agate binary
is ~6MB.
Total container disk: under 200MB including content.RAM:45-55MBunderload.
This is the right size for a protocol that serves text files.

Capsule is open, no auth, no rate limiting.

Gemini's design makes abuse essentially impossible rCo no forms, no POST,
no cookies, no JS. The threat model for a static capsule is just disk
space and bandwidth, both trivially
bounded.

For anyone setting this up:
Agate is the easiest path. Single binary, TOFU
cert generated on first run,
content directory is the only config that matters.

The full setup from fresh Alpine container to serving .gmi files is under
fifteen minutes.

Happy Gemini !!!

--
Gab Virebent
gemini://virebent.art
gemini://contact.virebent.art
--- Synchronet 3.22a-Linux NewsLink 1.2