Preparing new vps from scratch

clean up

remove snap

sudo apt-get autoremove --purge snapd gnome-software-plugin-snap && sudo apt-mark hold snapd

update

update the thing to current

apt-get update && apt-get upgrade

add swap

fallocate -l 2G /swapfile && chmod 600 /swapfile

mkswap /swapfile && swapon /swapfile

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

sysctl vm.swappiness=10
sysctl vm.vfs_cache_pressure=50

nano /etc/sysctl.conf

vm.swappiness=10
vm.vfs_cache_pressure=50

install basics

install the most basic of basics

apt install -y curl htop fail2ban docker.io net-tools make docker-compose

install portainer

cheatsheets/portainer-standalone/

add overlay

install zerotier

curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && \
if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi

add machine to overlay network

zerotier join YOUR_ZERTIER_NETWORK_ID

allow traffic from all zerotier network devices

export INTERFACE=YOUR_ZEROTIER_NETWORK_ID
ufw allow in on $INTERFACE

add user

create mr user

adduser koad

make new user sudo

usermod -aG sudo koad

add user to docker group

sudo groupadd docker
sudo usermod -aG docker koad

lock down

cheatsheets/uncomplicated-firewall/

remove regular internet firewall rules, deny all

ufw status numbered

ufw delete [NUMBER]

install keybase

curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb

sudo apt install ./keybase_amd64.deb

run_keybase