# space Setup files for my VPS ## Steps to setup ### Setup VM - login as root - disable ssh for root - add user: `adduser ` - move and chown ssh keys from root to the new user - add user to sudo: `sudo usermod -aG sudo ` - setup firewall to allow/disallow ports - logout and login as the new user ### Install docker ```bash $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - $ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" $ sudo apt-get update $ sudo apt-get install -y docker-ce docker-compose $ sudo gpasswd -a $USER docker ``` ### Install fail2ban ```bash $ sudo apt-get install geoip-bin geoip-database fail2ban ``` ### Setup space - copy/clone this repo to `~/space` - setup SSL certificates (optional) ```bash $ wget https://dl.eff.org/certbot-auto $ chmod a+x ./certbot-auto $ sudo ./certbot-auto certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d *.abhinavsarkar.net $ sudo cp /etc/letsencrypt/live/abhinavsarkar.net/* ~/space/certs/ $ sudo chown -R $USER:$USER ~/space/certs/ ``` - stop and disable resolvd ```bash $ sudo service systemd-resolved stop $ sudo systemctl disable systemd-resolved.service ``` - edit `/etc/resolv.conf` to set the nameserver to `8.8.8.8` - edit `~/space/space.service` to set environment variables - set passwords to random values if new setup - set passwords to the previous values if a copy setup - set `PH_SERVER_IP` to the static IP of the server - setup the service and start ```bash $ sudo cp ~/space/space.service /etc/systemd/system/ $ sudo systemctl enable space $ sudo systemctl start space ``` - edit `/etc/resolv.conf` to set the nameserver to `127.0.0.1` - setup and start fail2ban ```bash $ sudo cp fail2ban/iptables-pihole-geoip-fence.conf /etc/fail2ban/action.d/iptables-pihole-geoip-fence.conf $ sudo cp fail2ban/pihole-geoip.conf /etc/fail2ban/filter.d/pihole-geoip.conf $ sudo cp fail2ban/jail.local /etc/fail2ban/jail.local $ sudo service fail2ban start ```