abhin4v
/
space
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
setup files for my VPS
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51 Commits
1 Branch
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
space
Abhinav Sarkar 5ac453d2b7 Upgrades matomo & pihole 2 months ago
fail2ban Changes fail2ban to use DOCKER-USER chain 6 months ago
nginx-conf Adds arpita.site 1 year ago
smtp @ 49dbeb4b31 Builds the smtp service instead of fetching image 1 year ago
webhooks Changes webhooks Dockerfile to use docker/compose as base image 1 year ago
.gitignore Adds arpita.site 1 year ago
.gitmodules Builds the smtp service instead of fetching image 1 year ago
README.md Adds fail2ban to ban DNS attacks 1 year ago
docker-compose.yml Upgrades matomo & pihole 2 months ago
space.service Adds drone.io for CI 1 year ago

README.md

space

Setup files for my VPS

Steps to setup

Setup VM

  • login as root
  • disable ssh for root
  • add user: adduser <username>
  • move and chown ssh keys from root to the new user
  • add user to sudo: sudo usermod -aG sudo <username>
  • setup firewall to allow/disallow ports
  • logout and login as the new user

Install docker

$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
$ sudo apt-get update
$ sudo apt-get install -y docker-ce docker-compose
$ sudo gpasswd -a $USER docker

Install fail2ban

$ sudo apt-get install geoip-bin geoip-database fail2ban

Setup space

  • copy/clone this repo to ~/space
  • setup SSL certificates (optional)
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x ./certbot-auto
$ sudo ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.abhinavsarkar.net
$ sudo cp /etc/letsencrypt/live/abhinavsarkar.net/* ~/space/certs/
$ sudo chown -R $USER:$USER ~/space/certs/
  • stop and disable resolvd
$ sudo service systemd-resolved stop
$ sudo systemctl disable systemd-resolved.service
  • edit /etc/resolv.conf to set the nameserver to 8.8.8.8
  • edit ~/space/space.service to set environment variables
    • set passwords to random values if new setup
    • set passwords to the previous values if a copy setup
    • set PH_SERVER_IP to the static IP of the server
  • setup the service and start
$ sudo cp ~/space/space.service /etc/systemd/system/
$ sudo systemctl enable space
$ sudo systemctl start space
  • edit /etc/resolv.conf to set the nameserver to 127.0.0.1
  • setup and start fail2ban
$ sudo cp fail2ban/iptables-pihole-geoip-fence.conf /etc/fail2ban/action.d/iptables-pihole-geoip-fence.conf
$ sudo cp fail2ban/pihole-geoip.conf /etc/fail2ban/filter.d/pihole-geoip.conf
$ sudo cp fail2ban/jail.local /etc/fail2ban/jail.local
$ sudo service fail2ban start