--- creation date: 2022-01-08 tags: [note,linux,archlinux,install] --- # Bootstrap 1. Install some packages: ``` pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which ``` 2. If you like, install the LTS kernel with `pacman -S linux-lts` 3. Add ssh key to login without a password 4. Change root shell 5. Change root pw 6. Clone dotfiles-system `git clone https://git.myservermanager.com/alexander.schaeferdiek/dotfiles-system.git` and sync files 7. Set a hostname `hostnamectl set-hostname ` 8. Copy `sshd_config` to server and restart sshd `systemctl restart sshd` 9. Disable and uninstall services from image install ``` systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service pacman -Rsnc cronie ``` 10. Adjust pacman config `nano /etc/pacman.conf` and enable `Color, TotalDownload, CheckSpace, VerbosePkgLists` and `multilib` 11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts` ``` # # /etc/hosts: static lookup table for host names # 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file ``` 12. Create user _admin_: `useradd --create-home --shell /bin/zsh --home /home/admin --groups wheel admin` and pick a password with `passwd admin` 13. Edit `visudo` file and make `%wheel` work with passwords 14. Install AUR wrapper with `admin` ``` sudo su admin cd mkdir -p packages/yay-bin cd packages/yay-bin nano PKGBUILD # paste contents from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=yay-bin into the file makepkg -csi ``` 15. Install some AUR pkgs as `admin`: `reflector-timer`, `inxi`, `ctop-bin` 16. Make reflector and pkgfile work: `systemctl enable --now reflector.timer pkgfile-update.timer` 17. Follow `Setup Security Hardening.md` 18. Follow `Setup SSH (guard) and iptables.md` 19. Configure root user services for monitoring with `.scriptConfigFile.conf` files. 20. Copy `/root/scripts` to new server. ``` # copy /etc/mail.rc pacman -S s-nail ``` 21. **Configure services, e.g. docker, nginx.** 22. Verify everything is working, then reboot. Verify again.