87 lines
No EOL
2.4 KiB
Markdown
87 lines
No EOL
2.4 KiB
Markdown
---
|
|
creation date: 2022-01-08
|
|
tags: [note,linux,archlinux,install]
|
|
---
|
|
|
|
# Bootstrap
|
|
|
|
1. Install some packages:
|
|
|
|
```
|
|
pacman -S docker docker-compose pacman-contrib git reflector htop dfc ps_mem nginx certbot nano zsh zsh-syntax-highlighting nano-syntax-highlighting rsync pkgfile ntp inetutils which
|
|
```
|
|
|
|
2. If you like, install the LTS kernel with `pacman -S linux-lts`
|
|
|
|
3. Add ssh key to login without a password
|
|
|
|
4. Change root shell
|
|
|
|
5. Change root pw
|
|
|
|
6. Clone dotfiles-system
|
|
`git clone https://git.myservermanager.com/alexander.schaeferdiek/dotfiles-system.git` and sync files
|
|
|
|
7. Set a hostname `hostnamectl set-hostname <name>`
|
|
|
|
8. Copy `sshd_config` to server and restart sshd `systemctl restart sshd`
|
|
|
|
9. Disable and uninstall services from image install
|
|
|
|
```
|
|
systemctl disable --now cloud-config.service cloud-final.service cloud-init-local.service cloud-init.service cronie.service
|
|
pacman -Rsnc cronie
|
|
```
|
|
|
|
10. Adjust pacman config `nano /etc/pacman.conf` and enable `Color, TotalDownload, CheckSpace, VerbosePkgLists` and `multilib`
|
|
|
|
11. Adjust network config in `/etc/systemd/network` and `/etc/resolv.conf` and `/etc/hosts`
|
|
|
|
```
|
|
#
|
|
# /etc/hosts: static lookup table for host names
|
|
#
|
|
127.0.0.1 localhost.localdomain localhost
|
|
::1 localhost.localdomain localhost
|
|
|
|
# End of file
|
|
```
|
|
|
|
12. Create user _admin_: `useradd --create-home --shell /bin/zsh --home /home/admin --groups wheel admin` and pick a password with `passwd admin`
|
|
|
|
13. Edit `visudo` file and make `%wheel` work with passwords
|
|
|
|
14. Install AUR wrapper with `admin`
|
|
|
|
```
|
|
sudo su admin
|
|
cd
|
|
mkdir -p packages/yay-bin
|
|
cd packages/yay-bin
|
|
nano PKGBUILD
|
|
|
|
# paste contents from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=yay-bin into the file
|
|
|
|
makepkg -csi
|
|
```
|
|
|
|
15. Install some AUR pkgs as `admin`: `reflector-timer`, `inxi`, `ctop-bin`
|
|
|
|
16. Make reflector and pkgfile work: `systemctl enable --now reflector.timer pkgfile-update.timer`
|
|
|
|
17. Follow `Setup Security Hardening.md`
|
|
|
|
18. Follow `Setup SSH (guard) and iptables.md`
|
|
|
|
19. Configure root user services for monitoring with `.scriptConfigFile.conf` files.
|
|
|
|
20. Copy `/root/scripts` to new server.
|
|
|
|
```
|
|
# copy /etc/mail.rc
|
|
pacman -S s-nail
|
|
```
|
|
|
|
21. **Configure services, e.g. docker, nginx.**
|
|
|
|
22. Verify everything is working, then reboot. Verify again. |