Epicyon – Installation on Arch Linux

➤ Martin Döring, 1st of December 2022

These notes explain how I installed the ActivityPub server Epicyon on Arch Linux. The installation is very different from the installation on Debian systems, especially in the commands and package names.

First, the system should be updated to the very latest version:

pacman -Sy archlinux-keyring && pacman -Syu

Now as root user we clone the Git repository from Epicyon:

cd /opt
git clone https://gitlab.com/bashrc2/epicyon

Now we create the user "epicyon". Since we already have a home directory due to the cloning, we don't need the "-m" option, which would otherwise ensure that it is created:

useradd -d /opt/epicyon -s /bin/bash -c "epicyon" epicyon
chown -R epicyon:epicyon /opt/epicyon

For the whole thing to work, a whole bunch of Python packages are now needed. The names have been adapted to fit Arch Linux instead of Debian:

pacman -S python-socks imagemagick python-setuptools python-cryptography python-dateutil python-idna python-requests flake8 python-pyqrcode python-pypng bandit perl-image-exiftool certbot

One package needs to be built manually from the Arch User Repository (AUR), since it is not included in the usual repositories

su - epicyon
cd /tmp
git clone https://aur.archlinux.org/python-django-timezone-field.git
cd python-django-timezone-field.git
makepkg -sir
exit

Now we copy the following text into a service file, which is located at: /etc/system/system/epicyon.service

Replace YOUR_DOMAIN with your own domain, under which the server should run:

[Unit]
Description=epicyon
After=syslog.target
After=network.target

[Service]
Type=simple
User=epicyon
Group=epicyon
WorkingDirectory=/opt/epicyon
ExecStart=/usr/bin/python /opt/epicyon/epicyon.py --port 443 --proxy 7156 --domain YOUR_DOMAIN --registration open --log_login_failures
environment=USER=epicyon
environment=PYTHONUNBUFFERED=true
restart=always
StandardError=syslog
CPUQuota=80%
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectHostname=true
ProtectClock=true
ProtectProc=invisible
ProcSubset=pid
PrivateTmp=true
PrivateUsers=true
PrivateDevices=true
PrivateIPC=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
LockPersonality=true
RestrictRealtime=true
RestrictSUIDSGID=true
RestrictNamespaces=true
SystemCallArchitectures=native

[Install]
WantedBy=multi-user.target 

Then we integrate the service into the system as user root:

systemctl daemon-reload
systemctl start epicyon.service
systemctl enable epicyon.service

The configuration of a reverse proxy with nginx and certbot is done as described in the original documentation below, under "Create a web server configuration":

https://epicyon.net/#install


➤ Back
➤ Privacy Information