Linux/Virtual Server Setup Guide

From Wiki

Step 1: Prepare local linux terminal

  • Install Windows Subsystem for Linux / Ubuntu
  • Open local linux terminal and complete initial setup

Step 2: Generate Cloud VM (Hetzner, Netcup,...)

  • Install latest Ubuntu LTS
  • Set username / password
  • Write down information required for next steps:
    • VM IP, VM username, VM password

Step 3: Adjust DNS entries

  • Make sure the desired DNS entries point to the (new?) IP of the VM. (IPv4 + IPv6)
  • Verify from the local terminal that the DNS entry is pointing to the correct ip
nslookup {hostname}

Step 4: Set up VM

  • Open local linux terminal
  • Connect to VM:
ssh {user}@{hostname}
sudo bash

Install basics

apt update
apt install mc aptitude nmap plocate

Uninstall snapd

apt install apparmor apport apt bcache-tools btrfs-progs cloud-init cryptsetup \
dbus lvm2 mdadm multipath-tools netbase open-iscsi pollinate ssh-import-id \
sudo systemd systemd-sysv ubuntu-drivers-common ubuntu-release-upgrader-core \
udev xfsprogs ntfs-3g snapd
apt purge ubuntu-server-minimal
snap remove lxd core20 core22 snapd
apt purge snapd ntfs-3g
apt autoremove

Install fail2ban

apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
systemctl enable fail2ban
systemctl restart fail2ban

Add swapfile

fallocate -l 4G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

echo '/swapfile none swap sw 0 0' >> /etc/fstab

sysctl vm.swappiness=10
cat /proc/sys/vm/swappiness

Install Docker

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/docker.gpg
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce

Install munin-node

apt install munin-node

# get ip of docker0 interface
ip addr show docker0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1
  • edit /etc/munin/munin-node.conf
...
# allow ^127\.0\.0\.1$
# allow ^::1$
#
# cidr_allow 127.0.0.1/32
# cidr_allow 192.0.2.0/24
# cidr_deny  192.0.2.42/32

# Which address to bind to;
# host *
host 172.17.0.1                # output of previous ip addr command
# host 127.0.0.1
  • remove unnecessary plugins
cd /etc/munin/plugins
rm df_inode diskstats if_docker0 if_err_docker0 if_err_eth0 interrupts
rm irqstats open_files open_inodes proc_pri vmstat entropy fw_packets
  • prepare docker plugins
cd /etc/munin/plugin-conf.d
echo $'[docker_*]\ngroup docker\nenv.DOCKER_HOST unix://run/docker.sock' > docker
  • add docker plugins (docker_cpu, docker_memory)

Install wireguard

apt install wireguard
  • /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
  • reload sysctl
sudo sysctl -p
  • get wireguard config
git clone https://git.com:repository /etc/wireguard
  • Enable systemd service
sudo systemctl enable wg-quick@wg0.service
sudo systemctl start wg-quick@wg0.service
sudo systemctl status wg-quick@wg0.service

further hints: Linux/wireguard

Optimize terminal looks

git clone https://gitea.marcluerssen.de/linux-public/.dotfiles.git
cd .dotfiles
sudo ./install.sh