Changes

David Fifield · ec61b114
--- a/Survival-Guides/Snowflake-Broker-Installation-Guide.md
+++ b/Survival-Guides/Snowflake-Broker-Installation-Guide.md
@@ -2,50 +2,50 @@ These are instructions for setting up a Snowflake broker on Debian 10.

 Set up APT and etckeeper.
 Install etckeeper.
-```
+<pre>
 root# vi /etc/apt/sources.list # remove "contrib" and "non-free"
 root# apt update
 root# apt upgrade
 root# apt install etckeeper
-```
+</pre>

 Add a normal user.
-```
-root# adduser user
-root# adduser user sudo
-root# su - user
+<pre>
+root# adduser <var>user</var>
+root# adduser <var>user</var> sudo
+root# su - <var>user</var>
 user$ mkdir -m 700 .ssh
-user$ echo "ssh-ed25519 ..." >> .ssh/authorized_keys
+user$ echo "ssh-ed25519 ..." &gt;&gt; .ssh/authorized_keys
 user$ exit
 root# exit
-```
+</pre>

 Log in as the normal user and disable login for root.
-```
+<pre>
 user$ sudo -s
 root# vi /etc/ssh/sshd_config
        PermitRootLogin no
-        AllowUsers user
+        AllowUsers <var>user</var>
        PasswordAuthentication no
 root# rm /root/.ssh/authorized_keys 
 root# service sshd restart
-```
+</pre>

 Add other users.
-```
-root# adduser user1
-root# adduser user1 sudo
-root# adduser user2
-root# adduser user2 sudo
-root# adduser user3
-root# adduser user3 sudo
+<pre>
+root# adduser <var>user1</var>
+root# adduser <var>user1</var> sudo
+root# adduser <var>user2</var>
+root# adduser <var>user2</var> sudo
+root# adduser <var>user3</var>
+root# adduser <var>user3</var> sudo
 root# vi /etc/ssh/sshd_config
-        AllowUsers user user1 user2 user3
+        AllowUsers <var>user</var> <var>user1</var> <var>user2</var> <var>user3</var>
 root# etckeeper commit "Add users."
-```
+</pre>

 Set up a firewall.
-```
+<pre>
 root# apt install ferm # Enable ferm on bootup? Yes
 root# vi /etc/ferm/ferm.conf
 	domain (ip ip6) {
@@ -63,10 +63,10 @@ root# vi /etc/ferm/ferm.conf
 	}
 root# service ferm restart
 root# etckeeper commit "Allow HTTP and HTTPS through the firewall."
-```
+</pre>

 Set up an IPv6 address. You can use any address in the 2a00:c6c0:0:154:4::/80 prefix.
-```
+<pre>
 root# python3 -c 'import os; print(":".join(os.urandom(2).hex() for _ in range(3)))'
 d8aa:b4e6:c89f
 root# vi /etc/network/interfaces
@@ -76,19 +76,19 @@ root# vi /etc/network/interfaces
 		gateway 2a00:c6c0:0:154::1
 root# etckeeper commit "Add IPv6 address."
 root# reboot
-```
+</pre>

 Install the broker.
-```
-root# install --owner root /home/user/broker /usr/local/bin/
+<pre>
+root# install --owner root /home/<var>user</var>/broker /usr/local/bin/
 root# apt install runit-systemd tor-geoipdb
-root# echo "/runit/**/supervise" >> /etc/.gitignore
+root# echo "/runit/**/supervise" &gt;&gt; /etc/.gitignore
 root# adduser --system snowflake-broker
 root# mkdir -p /etc/runit/snowflake-broker
 root# vi /etc/runit/snowflake-broker/run
 	#!/bin/sh -e
 	setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
-	exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache 2>&1
+	exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache 2&gt;&amp;1
 root# chmod +x /etc/runit/snowflake-broker/run
 root# mkdir -p /etc/runit/snowflake-broker/log
 root# vi /etc/runit/snowflake-broker/log/run
@@ -108,7 +108,7 @@ root# vi /var/log/snowflake-broker/config
 	!xz
 root# ln -s /etc/runit/snowflake-broker /etc/service
 root# etckeeper commit "Install snowflake-broker."
-```
+</pre>

 The broker will automatically acquire a TLS certificate
 for the names given in `--acme-hostnames` the first time each name is accessed.
@@ -123,16 +123,16 @@ program to find the name of the account created in the
 /home/snowflake-broker/acme-cert-cache directory.

 Install prometheus-node-exporter for resource monitoring (#29863).
-```
+<pre>
 root# apt install prometheus-node-exporter
 root# vi /etc/default/prometheus-node-exporter
 	ARGS="--no-collector.arp --no-collector.bcache --no-collector.bonding --no-collector.conntrack --no-collector.cpu --no-collector.edac --no-collector.entropy --no-collector.filefd --no-collector.hwmon --no-collector.infiniband --no-collector.ipvs --no-collector.loadavg --no-collector.mdadm --no-collector.meminfo --no-collector.netclass --no-collector.netdev --no-collector.netstat --no-collector.nfs --no-collector.nfsd --no-collector.sockstat --no-collector.stat --no-collector.textfile --no-collector.timex --no-collector.uname --no-collector.vmstat --no-collector.xfs --no-collector.zfs"
 root# service prometheus-node-exporter restart
 root# etckeeper commit "Install prometheus-node-exporter."
-```
+</pre>

 Do some other nice configuration.
-```
+<pre>
 root# apt install unattended-upgrades man screen rsync
 root# update-alternatives --config editor # Choose /usr/bin/vim.tiny
-```
\ No newline at end of file
+</pre>
\ No newline at end of file