knowledge-base/KB/Linux/Server/Bootstrap.md

---
creation date: 2022-01-08
tags: [note,linux,archlinux,install]
---

# Bootstrap

1. Install some packages:

    ```
    pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
    ```

2. If you like, install the LTS kernel with `pacman -S linux-lts`

3. Add ssh key to login without a password

4. Change root shell

5. Change root pw

6. Clone dotfiles-system
`git clone https://git.myservermanager.com/alexander.schaeferdiek/dotfiles-system.git` and sync files

7. Set a hostname `hostnamectl set-hostname <name>`

8. Copy `sshd_config` to server and restart sshd `systemctl restart sshd`

9. Disable and uninstall services from image install

    ``` 
    systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service
    pacman -Rsnc cronie
    ```

10. Adjust pacman config `nano /etc/pacman.conf` and enable `Color, TotalDownload, CheckSpace, VerbosePkgLists` and `multilib`

11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts`

    ```
    #
    # /etc/hosts: static lookup table for host names
    #
    127.0.0.1   localhost.localdomain   localhost
    ::1     localhost.localdomain   localhost

    # End of file
    ```

12. Create user _admin_: `useradd --create-home --shell /bin/zsh --home /home/admin --groups wheel admin` and pick a password with `passwd admin`

13. Edit `visudo` file and make `%wheel` work with passwords

14. Install AUR wrapper with `admin`

    ```
    sudo su admin
    cd
    mkdir -p packages/yay-bin
    cd packages/yay-bin
    nano PKGBUILD

    # paste contents from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=yay-bin into the file

    makepkg -csi
    ```

15. Install some AUR pkgs as `admin`: `reflector-timer`, `inxi`, `ctop-bin`

16. Make reflector and pkgfile work: `systemctl enable --now reflector.timer pkgfile-update.timer`

17. Follow `Setup Security Hardening.md`

18. Follow `Setup SSH (guard) and iptables.md`

19. Configure root user services for monitoring with `.scriptConfigFile.conf` files.

20. Copy `/root/scripts` to new server.

    ```
    # copy /etc/mail.rc
    pacman -S s-nail
    ```

21. **Configure services, e.g. docker, nginx.**

22. Verify everything is working, then reboot. Verify again.
Initial commit of knowledge base 2022-09-04 12:54:22 +00:00			`---`
			`creation date: 2022-01-08`
			`tags: [note,linux,archlinux,install]`
			`---`

			`# Bootstrap`

			`1. Install some packages:`

			```
			`pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which`
			```

			2. If you like, install the LTS kernel with `pacman -S linux-lts`

			`3. Add ssh key to login without a password`

			`4. Change root shell`

			`5. Change root pw`

			`6. Clone dotfiles-system`
			`git clone https://git.myservermanager.com/alexander.schaeferdiek/dotfiles-system.git` and sync files

			7. Set a hostname `hostnamectl set-hostname <name>`

			8. Copy `sshd_config` to server and restart sshd `systemctl restart sshd`

			`9. Disable and uninstall services from image install`

			```
			`systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service`
			`pacman -Rsnc cronie`
			```

			10. Adjust pacman config `nano /etc/pacman.conf` and enable `Color, TotalDownload, CheckSpace, VerbosePkgLists` and `multilib`

			11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts`

			```
			`#`
			`# /etc/hosts: static lookup table for host names`
			`#`
			`127.0.0.1 localhost.localdomain localhost`
			`::1 localhost.localdomain localhost`

			`# End of file`
			```

			12. Create user _admin_: `useradd --create-home --shell /bin/zsh --home /home/admin --groups wheel admin` and pick a password with `passwd admin`

			13. Edit `visudo` file and make `%wheel` work with passwords

			14. Install AUR wrapper with `admin`

			```
			`sudo su admin`
			`cd`
			`mkdir -p packages/yay-bin`
			`cd packages/yay-bin`
			`nano PKGBUILD`

			`# paste contents from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=yay-bin into the file`

			`makepkg -csi`
			```

			15. Install some AUR pkgs as `admin`: `reflector-timer`, `inxi`, `ctop-bin`

			16. Make reflector and pkgfile work: `systemctl enable --now reflector.timer pkgfile-update.timer`

			17. Follow `Setup Security Hardening.md`

			18. Follow `Setup SSH (guard) and iptables.md`

			19. Configure root user services for monitoring with `.scriptConfigFile.conf` files.

			20. Copy `/root/scripts` to new server.

			```
			`# copy /etc/mail.rc`
			`pacman -S s-nail`
			```

			`21. Configure services, e.g. docker, nginx.`

			`22. Verify everything is working, then reboot. Verify again.`