major refactor of setup procedure

README.md

@@ -5,62 +5,39 @@ Stuff that's deployed on [matthewtran.com](https://matthewtran.com). Currently r
 - website
 - gitea ([git.matthewtran.com](https://git.matthewtran.com))
 - monerod
-- p2pool (`xmrig -o matthewtran.com:3333`)
-- minecraft
-- minecraft bedrock
-- ~~terraria~~
+- p2pool (`xmrig -o matthewtran.com`)
 - wireguard
+- minecraft
+- ~~minecraft bedrock~~
+- ~~terraria~~
 
 ## setup
 
-1. Install [Ubuntu Server 24.04.1 LTS](https://ubuntu.com/download/server).
-    - Add OpenSSH Server and Docker during the process.
-    - Expand the root partition if needed.
-        - `lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv`
-        - `resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv`
-    - Enable huge pages.
-        - `echo "vm.nr_hugepages=3072" | sudo tee -a /etc/sysctl.conf`
-    - Give yourself Docker access if needed.
-        - `groupadd docker`
-        - `usermod -aG docker $USER`
-    - Enable UFW and allow the following.
-        - `ufw enable`
-        - `ufw allow OpenSSH`
-        - `ufw allow 51820/udp`
-    - Reboot.
-2. Forward the following ports. Set a static IP if needed.
-    - website - `80`, `443`
-    - gitea - `2222`
-    - monerod - `18080`, `18081`
-    - p2pool - `3333`, `37888`, `37889`
-    - minecraft - `25565`
-    - minecraft bedrock - `19132`, `19133`
-    - terraria - `7777`
-    - wireguard - `51820`
-3. Install dependencies and clone.
-    - `apt install avahi-daemon git python3 python-is-python3 qrencode wireguard zip`
-    - `git clone https://github.com/dragonlock2/matthewtran.com`
-    - `cd matthewtran.com`
-4. Set up WireGuard.
-    - `systemctl enable wg-quick@wg0.service`
-    - `python wireguard/setup.py`
-    - `systemctl start wg-quick@wg0.service`
-5. Enable IPv6 for Docker.
-    - Add the following to `/var/snap/docker/current/config/daemon.json`.
-        - `"ipv6": true`
-        - `"fixed-cidr-v6": "fd3a:138e:8fd0:0000::/64"`
-    - `systemctl restart snap.docker.dockerd.service`
-6. Set up the repo.
-    - Run `./volumes.sh`, allowing the containers to access the binded volumes since you have the same UID/GID by default.
+1. Install [Ubuntu Desktop 24.04.1 LTS](https://ubuntu.com/download/desktop) with TPM-backed FDE. Server currently has a [bug](https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1980018) that makes TPM-backed FDE hard.
+    - You may need to manually enable IPv6 on the network connection. Use `Automatic` not `Automatic, DHCP only`.
+    - Clone this repo and `cd` into it.
+2. Set up the server.
+    - `scripts/setup_server.py`
+3. Set up the OpenWrt 24.10 router. Copy SSH keys first to make it easier.
+    - `scripts/setup_router.py`
+    - For each WireGuard client, run `scripts/setup_peer.py <name>`.
+    - Reboot the router and server.
+4. Configure, build, and start services.
     - Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys).
     - Create `terraria/password.txt` if needed.
     - Restore backups if needed.
-7. Build and start the services.
+    - `scripts/setup_repo.py`
     - `docker compose build`
     - `docker compose up -d`
-8. If first start, some services need configuring.
-    - Gitea
+5. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
+    - `scripts/setup_drive.py <drive> <mount path>`
+6. Optionally, add the following DNS entries at the registrar.
+    | hosts                   | type   | data                                  |
+    | ----------------------- | ------ | ------------------------------------- |
+    | `@`, `git`, `wg`, `www` | `A`    | `<public IPv4>`                       |
+    | `@`, `git`, `www`       | `AAAA` | `<delegated prefix>::<server suffix>` |
+    | `wg`                    | `AAAA` | `<delegated prefix>::1`               |
 
 ## backup
 
-Run `./backup.sh` and save the resultant `data.zip` somewhere. I should probably automate this.
+Run `scripts/backup.py` and save the resultant `data.zip` somewhere. I should probably automate this.