dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2025-10-12 04:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
matthewtran.com/README.md
Matthew Tran 1846d973a3 wip2
2025-05-03 03:24:40 -07:00

66 lines
3.2 KiB
Markdown
Raw Blame History

# matthewtran.com
Services deployed on [matthewtran.com](https://matthewtran.com).
- website
- gitea ([git.matthewtran.com](https://git.matthewtran.com))
- monerod
- p2pool (`xmrig -o matthewtran.com`)
- minecraft
- minecraft bedrock
- terraria
- nas (`<server>/<name>` on LAN)
- wireguard
## setup
1. Designate one computer as the configuration server. Create `config/server.json` which contains the configuration for the server to be provisioned. Reference `config/server.default` for fields. Run the following.
- `scripts/provision.py`
2. Create a [Fedora CoreOS](https://fedoraproject.org/coreos/download?stream=stable) installation media and boot it on the server to be provisioned. Run the following on it and reboot.
- `sudo coreos-installer install /dev/<boot drive> --ignition-url http://<config server ip>/server.ign --insecure-ignition`
## update
quick dev => scp dockerfiles => rebuild locally
final dev => reprovision
TODO fix setup_router DUID suff => may need to reset after each provision...
1. Install [Ubuntu Desktop 24.04.1 LTS](https://ubuntu.com/download/desktop) with TPM-backed FDE. Server currently has a [bug](https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1980018) that makes TPM-backed FDE hard.
- You may need to manually enable IPv6 on the network connection. Use `Automatic` not `Automatic, DHCP only`.
- Add an SSH key if you need remote access, setup will disable password authentication.
- Clone this repo and `cd` into it.
2. Set up the server.
- `scripts/setup_server.py`
3. Set up the OpenWrt 24.10 router. Copy SSH keys first to make it easier. Use a strong root password.
- `scripts/setup_router.py <interface>`
4. Reboot the router and server.
5. Configure, build, and start services.
- Create `website/sendgrid.key` with a [SendGrid API key](https://app.sendgrid.com/settings/api_keys).
- Create `terraria/config.txt` and `terraria/password.txt` if needed.
- Create `nas/mounts.json` which contains a list of `"<name>":"<directory>"` for the SMB share.
- Create `nas/users.json` which contains a list of `"<user>":"<password>"` for the SMB share.
- `scripts/setup_repo.py`
- Restore backups if needed. Make sure to set correct ownership. For example, `chown -R 2000:2000 website/gitea`.
- `docker compose build`
- `docker compose up -d`
6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in `/opt/luks` and auto-mounts on boot. Make sure to backup the key file elsewhere.
- `scripts/setup_drive.py <drive> <mount>`
7. Optionally, run `scripts/setup_peer.py <name>` for each WireGuard client.
8. Optionally, add the following DNS entries at the registrar.
| hosts | type | data |
| ----------------------- | ------ | ------------------------ |
| `@`, `git`, `wg`, `www` | `A` | `<public IPv4>` |
| `@`, `git`, `www` | `AAAA` | `<delegated prefix>::69` |
| `wg` | `AAAA` | `<delegated prefix>::1` |
## backup
Run `scripts/backup.py` and save the resultant `data.zip` somewhere. Also run the following commands for BTRFS maintenance. I should probably automate this.
```
btrfs device stats <mount>
btrfs scrub start -B <mount>
```
Reference in New Issue View Git Blame Copy Permalink