1
0
Fork 0
knowledge-base/KB/Linux/Server/Bootstrap.md

2.4 KiB

creation date tags
2022-01-08
note
linux
archlinux
install
  1. Install some packages:

    pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
    
  2. If you like, install the LTS kernel with pacman -S linux-lts

  3. Add ssh key to login without a password

  4. Change root shell

  5. Change root pw

  6. Clone dotfiles-system git clone https://git.myservermanager.com/alexander.schaeferdiek/dotfiles-system.git and sync files

  7. Set a hostname hostnamectl set-hostname <name>

  8. Copy sshd_config to server and restart sshd systemctl restart sshd

  9. Disable and uninstall services from image install

    systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service
    pacman -Rsnc cronie
    
  10. Adjust pacman config nano /etc/pacman.conf and enable Color, TotalDownload, CheckSpace, VerbosePkgLists and multilib

  11. Adjust network config in /etc/systemd/network and /etc/resolv.conf and /etc/hosts

    #
    # /etc/hosts: static lookup table for host names
    #
    127.0.0.1   localhost.localdomain   localhost
    ::1     localhost.localdomain   localhost
    
    # End of file
    
  12. Create user admin: useradd --create-home --shell /bin/zsh --home /home/admin --groups wheel admin and pick a password with passwd admin

  13. Edit visudo file and make %wheel work with passwords

  14. Install AUR wrapper with admin

    sudo su admin
    cd
    mkdir -p packages/yay-bin
    cd packages/yay-bin
    nano PKGBUILD
    
    # paste contents from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=yay-bin into the file
    
    makepkg -csi
    
  15. Install some AUR pkgs as admin: reflector-timer, inxi, ctop-bin

  16. Make reflector and pkgfile work: systemctl enable --now reflector.timer pkgfile-update.timer

  17. Follow Setup Security Hardening.md

  18. Follow Setup SSH (guard) and iptables.md

  19. Configure root user services for monitoring with .scriptConfigFile.conf files.

  20. Copy /root/scripts to new server.

    # copy /etc/mail.rc
    pacman -S s-nail
    
  21. Configure services, e.g. docker, nginx.

  22. Verify everything is working, then reboot. Verify again.