From Hack Manhattan Wiki
Jump to: navigation, search

Self hosted services

Most of our stuff is hosted on a virtual server at DigitalOcean, Ask Guan for an account.

Mailing list

We use Mailman. Most of the Mailman files are either in /var/lib/mailman or linked to there.

We are having problems with Microsoft putting up on their blacklist. See Microsoft Blacklist for resolutuon progress.

See also Mailman Replacement.


nginx sits in front of all the webservers and handles HTTPS. We are using nginx instead of Apache mod_proxy because it is better at dealing with long-lived WebSockets style connections.

Apache web server

Apache configuration files are in /etc/apache2 and most web files are in /var/www.

WordPress is served directly from /var/www/wordpress where the WordPress files have been extracted. Some day this should be moved so WordPress is accessible at /wordpress/ and we can easily have other files in the web root directory.

WordPress data is in MySQL.


MediaWiki is served directly from /var/www/wiki/mediawiki-1.24.0. That path must be updated in /etc/apache2/conf.d/wiki.conf for every major MediaWiki upgrade.

We tend to apply MediaWiki point releases as patches. A file in /var/www/wiki indicates the actual version.

MediaWiki data is in MySQL.


All sites are served from HTTPS. The HTTP versions redirect to HTTPS.

Other web servers

Stripe dues payment

The files are in /home/pay owned by the pay account, and the service is launched through daemontools-run with configuration files at /etc/payprod linked into /etc/service.

This is a Node instance using a small MySQL database to keep track of the mapping between Stripe customer id and MediaWiki user id. Web session state is maintained in the system redis.


Things is still hosted on one of Guan's servers because of an Ubuntu caused incompatibility between PostgreSQL and Mailman (?!).


Backups are done using duply to Amazon S3. There are also DigitalOcean VPS level snapshots.

People with accounts

  • Guan
  • Stephen
  • JC

Domain names

DNS for, and is served from Amazon Route 53.

The domain names themselves are registered with OpenSRS, using Guan as a reseller. Hack Manhattan has both a regular domain management account and a sub-reseller account, so most changes can be done without going through Guan.

IT at the space

Wireless routers and access points

The wireless access points are:

  • - also main router (channel 1/36)
  • - roof (channel 11/165)
  • - 2nd floor hallway (channel 11) - defunct
  • - 3rd floor hallway (channel 6/148)
  • - 2nd floor hallway replacement (channel 11/165)

Second floor hallway Ethernet is supplied via a cable through conduit. Roof Ethernet is supplied through a conduit to the northern wall, then using exposed cable on the outside of the building to the roof.

emergency fixes

these will all be irrelevant once we redo the network. babycastle's AP's SSID's have been renamed to hackmanhattan-bc and hackmanhattan-bc5. Machines in there were having issues associating with the strongest one. Ugh. Leee (talk) 01:52, 30 June 2015 (UTC)


IPv6 is currently provided through a tunnel from the Hurricane Electric Tunnel Broker through their New York location. We have been allocated 2001:470:8b1c::/48, which is divided into the following subnets:

  • 2001:470:8b1c::/64 - routers and such
  • 2001:470:8b1c:1::/64 - most hosts' autoconfigured addresses

If you want to actually access IPv6 hosts inside our network, we would need to open up a rule in the firewall, which we would ordinarily do for source prefixes no shorter than /48, and normally /64. We have reverse DNS set up for many hosts.

Boiler control

This is out of date. It is now running on a WRTnode.

The former thermostat on the third floor has been replaced. The temporary solution is a WR-703N wifi router running OpenWRT, where one of the GPIO pins controls an electromechanical relay through a transistor. This lives at and the relay is on GPIO 7.

The boiler is on a 30 minute cycle. A pair of Lua scripts read weather information from and maintain the boiler duty cycle. Contact Guan or someone else with the access to the server with suggestions for changing the algorithm, or if you would like to request an override.

Overrides are performed by writing a number between 0 and 10 (decimal, ASCII), representing duty cycles from 0% to 100%, to /tmp/thermostat.override. They are valid for 3 hours. Inspect /tmp/thermostat.log about 30 minutes later to see if it was effective.

thermostat.lua runs in the background and drives the PWM on a 30 minute cycle. Its main input is /tmp/thermostat.conf. If /tmp/thermostat.override is less than 3 hours old, it uses that instead.

weather.lua runs every 20 minutes and writes to /tmp/thermostat.conf. You should never write to /tmp/thermostat.conf directly. The main elements of the algorithm are:

  • Read the forecast temperature an hour from now from
  • Read /root/bookings.json, which contains pre scheduled periods of use for the building, mainly from Adriana
  • If there is a booking, lower the apparent temperature used for the rest of the program by 3 degrees Celcius
  • Set a setting, 0 to 8, based on temperature - it maxes out at 10% duty cycle between 7 and 9 degrees
  • If we are outside the middle of the day (2:00 to 14:00 UTC), and there is no booking, set setting to zero
  • If setting is now 0: if it's less than -3 degrees, set setting to 20%, and if it's below freezing, to 10%, to keep the building from freezing
  • If setting is now 0: during the day (13:00 to 04:00 UTC), if it's less than 2 degrees, set setting to 10%

RepRap PC

A Dell PC usually running Linux is connected to the RepRap printer. To wake it up, from the router:

etherwake -i eth0.1 00:1d:09:78:f6:5d

On IPv6 it is known as You may need to be opened up in the firewall to connect to it.


Most of the surveillance cameras are USB webcams connected to WRTnodes.

  • front door: surv-frontdoor.lan, (wired ethernet)
  • main space: surv-main.lan, (Wi-Fi)