initial server setup
The mac does not initially keep, or even have a persistent profile, so you have to make one at:
vim ~/.zshrc
For most linux flavors:
vim ~/.bashrc
Append this to the end of the file:
alias e="exit"
alias l="ls -la"
alias .="cd ../"
alias s="sudo -s"
alias update='sudo apt-get update && sudo apt-get upgrade -y'
alias dc="docker compose"
alias vim="sudo vim"
alias ufw="sudo ufw"
alias mkdir="sudo mkdir"
Be careful when executing some of the commands via the alias. Remember that you are editing using vim or nano, and that these are called as root.
Basic ssh config file:
Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::
PermitRootLogin prohibit-password
StrictModes yes
MaxAuthTries 10
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
IgnoreRhosts yes
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
AllowUsers archivist
Tailscale basic install:
sudo apt-get update;
sudo apt-get install tailscale;
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale set --operator=$USER
sudo tailscale set --operator=archivist
#basic client
tailscale up --accept-routes=true
#linux server
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf;
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf;
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf;
NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ");
sudo ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off;
printf '#!/bin/sh\n\nethtool -K %s rx-udp-gro-forwarding on rx-gro-list off \n' "$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")" | sudo tee /etc/networkd-dispatcher/routable.d/50-tailscale;
sudo chmod 755 /etc/networkd-dispatcher/routable.d/50-tailscale;
#ensure that it works:
sudo /etc/networkd-dispatcher/routable.d/50-tailscale;
test $? -eq 0 || echo 'An error occurred.'
sudo tailscale up --advertise-exit-node --advertise-routes=x.x.x.0/24
#reset without relogging
sudo tailscale up --reset;
#force relog
sudo tailscale down
sudo rm -rf /var/lib/tailscale
sudo tailscale up --force-auth
Basic ufw config:
sudo ufw allow 22;
sudo ufw allow from x.x.x.0/24;
sudo ufw enable;
Basic docker and docker compose setup:
sudo apt update;
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y;
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg;
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null;
sudo apt update;
sudo apt install docker-ce docker-ce-cli containerd.io -y;
sudo systemctl status docker;
sudo apt install docker-compose;
docker-compose --version;
sudo groupadd docker;
sudo usermod -aG docker archivist;
sudo service docker restart;