dragonlock2/matthewtran.com
1
0
Fork 0
mirror of https://github.com/dragonlock2/matthewtran.com.git synced 2025-10-11 12:07:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
matthewtran.com/README.md
Matthew Tran e7b4e8aa46 further secure containers
2025-02-19 22:17:31 -08:00

2.1 KiB
Raw Blame History

matthewtran.com

Services deployed on matthewtran.com.

  • website
  • gitea (git.matthewtran.com)
  • monerod
  • p2pool (xmrig -o matthewtran.com)
  • wireguard
  • minecraft
  • minecraft bedrock
  • terraria

setup

  1. Install Ubuntu Desktop 24.04.1 LTS with TPM-backed FDE. Server currently has a bug that makes TPM-backed FDE hard.
    • You may need to manually enable IPv6 on the network connection. Use Automatic not Automatic, DHCP only.
    • Add an SSH key if you need remote access, setup will disable password authentication.
    • Clone this repo and cd into it.
  2. Set up the server.
    • scripts/setup_server.py
  3. Set up the OpenWrt 24.10 router. Copy SSH keys first to make it easier. Use a strong root password.
    • scripts/setup_router.py <interface>
  4. Reboot the router and server.
  5. Configure, build, and start services.
    • Create website/sendgrid.key with a SendGrid API key.
    • Create terraria/password.txt if needed.
    • Restore backups if needed.
    • scripts/setup_repo.py
    • docker compose build
    • docker compose up -d
  6. Optionally, add additional drives. This script formats the drive as LUKS/BTRFS with the key file stored in /opt/luks and auto-mounts on boot. Make sure to backup the key file elsewhere.
    • scripts/setup_drive.py <drive> <mount path>
  7. Optionally, run scripts/setup_peer.py <name> for each WireGuard client.
  8. Optionally, add the following DNS entries at the registrar.
    hosts type data
    @, git, wg, www A <public IPv4>
    @, git, www AAAA <delegated prefix>::<server suffix>
    wg AAAA <delegated prefix>::1

backup

Run scripts/backup.py and save the resultant data.zip somewhere. I should probably automate this.