paritybit.ca

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit e363de4da8d216bc9826415abc076378664686ce
parent 0361012569d578b449be3614d4f350142fab890d
Author: Jake Bauer <jbauer@paritybit.ca>
Date:   Sun, 12 Jul 2020 22:19:09 -0400

Publish new blog post

Diffstat:
Mpages/blog.md | 1+
Apages/blog/new-server-checklist.md | 80+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mpages/home.md | 4++--
Mpublic/feeds/sitewide-feed.xml | 48++++++++++++++++++++++++++++++++++++++++++++++++
Mpublic/sitemap.xml | 1+
5 files changed, 132 insertions(+), 2 deletions(-)

diff --git a/pages/blog.md b/pages/blog.md @@ -27,6 +27,7 @@ href="https://social.paritybit.ca/@jbauer">Mastodon</a>. ### 2020 <ul> + <li>2020-07-12 <a href="blog/new-server-checklist">New Server Checklist</a></li> <li>2020-07-12 <a href="blog/machine-hostnames">Machine Hostnames</a></li> <li>2020-07-11 <a href="blog/colours-for-gitea-issues">Colours for Gitea Issues</a></li> <li>2020-07-09 <a href="blog/migrating-my-wiki-off-of-mediawiki">Migrating My Wiki Off of MediaWiki</a></li> diff --git a/pages/blog/new-server-checklist.md b/pages/blog/new-server-checklist.md @@ -0,0 +1,80 @@ +## New Server Checklist + +[//]: # "Detailing what I do when I'm setting up a new server." + +[//]: # "main.min.css" + +[//]: # + +<div class="byline"> +<b>Written By:</b> Jake Bauer | + <b>Posted:</b> 2020-07-12 | + <b>Last Updated:</b> 2020-07-12 +</div> + +Setting up a new server is a really simple and straightforward process for me. +As of right now, I pretty much exclusively use Debian servers for their +stability, readily-available support, and package availability and this is what +I do to set up a new server: + +### Checklist + +<input type="checkbox" id="1"><label for="1">Copy ssh public key to server with ssh-copy-id</label><br> +<input type="checkbox" id="2"><label for="2">Disable ssh password authentication and root login</label><br> +<input type="checkbox" id="3"><label for="3">Set ssh port to 56022</label><br> +<input type="checkbox" id="4"><label for="4">Set desired mirrors in `/etc/apt/sources.list`</label><br> +<input type="checkbox" id="5"><label for="5">Set a static IP in `/etc/network/interfaces` (see Static IP Example)</label><br> +<input type="checkbox" id="6"><label for="6">Run the following (leave out qemu-quest-agent if not VM):</label><br> + +```bash +sudo apt update && sudo apt -y upgrade && sudo apt install \ + tmux htop vim postfix qemu-guest-agent unattended-upgrades nftables \ + && sudo apt --purge autoremove vim-tiny nano iptables +``` + +<input type="checkbox" id="7"><label for="7">Configure unattended upgrades with "origin=*", remove unused dependencies, automatic reboot at 02:00</label><br> +<input type="checkbox" id="8"><label for="8">Configure nftables firewall (see Base nftables Configuration)</label><br> +<input type="checkbox" id="9"><label for="9">Reboot</label><br> + +### Static IP Example + +``` +allow-hotplug <interface> +iface <interface> inet static + address 10.0.0.{2..254} + netmask 255.255.255.0 + gateway 10.0.0.1 +``` + +### Base nftables Configuration + +``` +#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain INPUT { + type filter hook input priority 0; policy drop; + ct state { established, related } accept + ct state invalid drop + iif "lo" accept + tcp dport {56022} accept + ip protocol icmp limit rate 1/second accept + counter packets 0 bytes 0 drop + } + chain OUTPUT { + type filter hook output priority 0; policy accept; + counter packets 0 bytes 0 accept + } + chain FORWARD { + type filter hook forward priority 0; policy drop; + counter packets 0 bytes 0 drop + } +} +``` + +_This is my sixty-eighth post for the +[#100DaysToOffload](https://social.paritybit.ca/tags/100DaysToOffload) +challenge. You can learn more about this challenge over at +[https://100daystooffload.com](https://100daystooffload.com)._ diff --git a/pages/home.md b/pages/home.md @@ -20,6 +20,8 @@ extent)! Access through `gopher://paritybit.ca` or `gemini://paritybit.ca`. src="/img/feed-icon.png" width="15" height="15" alt="Click for RSS Feed"/> </a> </div> +2020-07-12 <a class="feed-item" href="blog/new-server-checklist">New Server Checklist</a> + 2020-07-12 <a class="feed-item" href="blog/machine-hostnames">Machine Hostnames</a> 2020-07-11 <a class="feed-item" href="blog/colours-for-gitea-issues">Colours for Gitea Issues</a> @@ -37,8 +39,6 @@ extent)! Access through `gopher://paritybit.ca` or `gemini://paritybit.ca`. 2020-07-04 <a class="feed-item" href="blog/generating-my-geek-code">Generating My Geek Code</a> 2020-07-03 <a class="feed-item" href="blog/adding-search-to-my-blog">Adding Search to my Blog</a> - -2020-07-02 <a class="feed-item" href="blog/a-month-and-a-half-of-self-hosted-email">A Month-and-a-Half of Self-Hosted Email</a> ### What is a Parity Bit? It is a bit (in the 1's and 0's sense) used in checking for errors in digital diff --git a/public/feeds/sitewide-feed.xml b/public/feeds/sitewide-feed.xml @@ -7,6 +7,54 @@ <description>The feed that covers all notable additions, updates, announcements, and other changes for the entire paritybit.ca website.</description> <item> + <title>New Server Checklist</title> + <link>https://www.paritybit.ca/blog/new-server-checklist</link> + <guid>https://www.paritybit.ca/blog/new-server-checklist</guid> + <pubDate>Sun, 12 Jul 2020 22:18:58 -0400</pubDate> + <description><![CDATA[<h2 id="new-server-checklist">New Server Checklist</h2> +<div class="byline"> +<p><b>Written By:</b> Jake Bauer | <b>Posted:</b> 2020-07-12 | <b>Last Updated:</b> 2020-07-12</p> +</div> +<p>Setting up a new server is a really simple and straightforward process for me. As of right now, I pretty much exclusively use Debian servers for their stability, readily-available support, and package availability and this is what I do to set up a new server:</p> +<h3 id="checklist">Checklist</h3> +<p><input type="checkbox" id="1"><label for="1">Copy ssh public key to server with ssh-copy-id</label><br> <input type="checkbox" id="2"><label for="2">Disable ssh password authentication and root login</label><br> <input type="checkbox" id="3"><label for="3">Set ssh port to 56022</label><br> <input type="checkbox" id="4"><label for="4">Set desired mirrors in <code>/etc/apt/sources.list</code></label><br> <input type="checkbox" id="5"><label for="5">Set a static IP in <code>/etc/network/interfaces</code> (see Static IP Example)</label><br> <input type="checkbox" id="6"><label for="6">Run the following (leave out qemu-quest-agent if not VM):</label><br></p> +<div class="sourceCode" id="cb1"><pre class="sourceCode bash"><code class="sourceCode bash"><a class="sourceLine" id="cb1-1" title="1"><span class="fu">sudo</span> apt update <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> apt -y upgrade <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> apt install \</a> +<a class="sourceLine" id="cb1-2" title="2"> tmux htop vim postfix qemu-guest-agent unattended-upgrades nftables \</a> +<a class="sourceLine" id="cb1-3" title="3"> <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> apt --purge autoremove vim-tiny nano iptables</a></code></pre></div> +<p><input type="checkbox" id="7"><label for="7">Configure unattended upgrades with "origin=*", remove unused dependencies, automatic reboot at 02:00</label><br> <input type="checkbox" id="8"><label for="8">Configure nftables firewall (see Base nftables Configuration)</label><br> <input type="checkbox" id="9"><label for="9">Reboot</label><br></p> +<h3 id="static-ip-example">Static IP Example</h3> +<pre><code>allow-hotplug &lt;interface&gt; +iface &lt;interface&gt; inet static + address 10.0.0.{2..254} + netmask 255.255.255.0 + gateway 10.0.0.1</code></pre> +<h3 id="base-nftables-configuration">Base nftables Configuration</h3> +<pre><code>#!/usr/sbin/nft -f + +flush ruleset + +table inet filter { + chain INPUT { + type filter hook input priority 0; policy drop; + ct state { established, related } accept + ct state invalid drop + iif &quot;lo&quot; accept + tcp dport {56022} accept + ip protocol icmp limit rate 1/second accept + counter packets 0 bytes 0 drop + } + chain OUTPUT { + type filter hook output priority 0; policy accept; + counter packets 0 bytes 0 accept + } + chain FORWARD { + type filter hook forward priority 0; policy drop; + counter packets 0 bytes 0 drop + } +}</code></pre> +<p><em>This is my sixty-eighth post for the <a href="https://social.paritybit.ca/tags/100DaysToOffload">#100DaysToOffload</a> challenge. You can learn more about this challenge over at <a href="https://100daystooffload.com">https://100daystooffload.com</a>.</em></p>]]></description> + </item> +<item> <title>Machine Hostnames</title> <link>https://www.paritybit.ca/blog/machine-hostnames</link> <guid>https://www.paritybit.ca/blog/machine-hostnames</guid> diff --git a/public/sitemap.xml b/public/sitemap.xml @@ -3,6 +3,7 @@ <url><loc>https://www.paritybit.ca</loc></url> <url><loc>https://www.paritybit.ca/home</loc></url> <url><loc>https://www.paritybit.ca/blog</loc></url> + <url><loc>https://www.paritybit.ca/blog/new-server-checklist</loc></url> <url><loc>https://www.paritybit.ca/blog/machine-hostnames</loc></url> <url><loc>https://www.paritybit.ca/blog/colours-for-gitea-issues</loc></url> <url><loc>https://www.paritybit.ca/blog/migrating-my-wiki-off-of-mediawiki</loc></url>