2.4 KiB
creation date | tags | ||||
---|---|---|---|---|---|
2022-01-08 |
|
Bootstrap
-
Install some packages:
pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
-
If you like, install the LTS kernel with
pacman -S linux-lts
-
Add ssh key to login without a password
-
Change root shell
-
Change root pw
-
Clone dotfiles-system
git clone https://git.myservermanager.com/alexander.schaeferdiek/dotfiles-system.git
and sync files -
Set a hostname
hostnamectl set-hostname <name>
-
Copy
sshd_config
to server and restart sshdsystemctl restart sshd
-
Disable and uninstall services from image install
systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service pacman -Rsnc cronie
-
Adjust pacman config
nano /etc/pacman.conf
and enableColor, TotalDownload, CheckSpace, VerbosePkgLists
andmultilib
-
Adjust network config in
/etc/systemd/network
and/etc/resolv.conf
and/etc/hosts
# # /etc/hosts: static lookup table for host names # 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost # End of file
-
Create user admin:
useradd --create-home --shell /bin/zsh --home /home/admin --groups wheel admin
and pick a password withpasswd admin
-
Edit
visudo
file and make%wheel
work with passwords -
Install AUR wrapper with
admin
sudo su admin cd mkdir -p packages/yay-bin cd packages/yay-bin nano PKGBUILD # paste contents from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=yay-bin into the file makepkg -csi
-
Install some AUR pkgs as
admin
:reflector-timer
,inxi
,ctop-bin
-
Make reflector and pkgfile work:
systemctl enable --now reflector.timer pkgfile-update.timer
-
Follow
Setup Security Hardening.md
-
Follow
Setup SSH (guard) and iptables.md
-
Configure root user services for monitoring with
.scriptConfigFile.conf
files. -
Copy
/root/scripts
to new server.# copy /etc/mail.rc pacman -S s-nail
-
Configure services, e.g. docker, nginx.
-
Verify everything is working, then reboot. Verify again.