dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2026-06-28 01:58:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

further cleanup and securing

Browse Source
This commit is contained in:
Matthew Tran
2025-02-19 00:30:35 -08:00
parent be0530cafe
commit dd072e76d8
6 changed files with 112 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+8 -7
View File
@@ -15,23 +15,24 @@ Stuff that's deployed on [matthewtran.com](https://matthewtran.com). Currently r
1. Install [Ubuntu Desktop 24.04.1 LTS](https://ubuntu.com/download/desktop) with TPM-backed FDE. Server currently has a [bug](https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1980018) that makes TPM-backed FDE hard.
- You may need to manually enable IPv6 on the network connection. Use `Automatic` not `Automatic, DHCP only`.
- Add an SSH key if you need remote access, setup will disable password authentication.
- Clone this repo and `cd` into it.
2. Set up the server.
- `scripts/setup_server.py`
3. Set up the OpenWrt 24.10 router. Copy SSH keys first to make it easier.
- `scripts/setup_router.py`
- For each WireGuard client, run `scripts/setup_peer.py <name>`.
- Reboot the router and server.
4. Configure, build, and start services.
3. Set up the OpenWrt 24.10 router. Copy SSH keys first to make it easier. Use a strong root password.
- `scripts/setup_router.py <interface>`
4. Reboot the router and server.
5. Configure, build, and start services.
- Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys).
- Create `terraria/password.txt` if needed.
- Restore backups if needed.
- `scripts/setup_repo.py`
- `docker compose build`
- `docker compose up -d`
5. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
- `scripts/setup_drive.py <drive> <mount path>`
6. Optionally, add the following DNS entries at the registrar.
7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client.
8. Optionally, add the following DNS entries at the registrar.
| hosts | type | data |
| ----------------------- | ------ | ------------------------------------- |
| `@`, `git`, `wg`, `www` | `A` | `<public IPv4>` |