overhauls of most service docs
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 33s
This commit is contained in:
@@ -7,6 +7,7 @@
|
||||
- [Fail2Ban](#fail2ban)
|
||||
- [BTRFS Parent Volumes](#btrfs-parent-volumes)
|
||||
- [BTRFS Snapshots](#btrfs-snapshots)
|
||||
- [BTRFS Maintenance](#btrfs-maintenance)
|
||||
- [TPM2 Luks Decryption](#tpm2-luks-decryption)
|
||||
- [Change your password](#change-your-password)
|
||||
- [Automatic Updates](#automatic-updates)
|
||||
@@ -73,48 +74,7 @@ and the operator will store information about each server.
|
||||
|
||||
## Setup SSH
|
||||
|
||||
In this setup we'll allow ssh to the root user via key and keep the admin user for cockpit.
|
||||
|
||||
On the operator:
|
||||
|
||||
```bash
|
||||
export SSH_HOST=kube
|
||||
ssh-keygen -C ${USER}@${HOSTNAME} -f ~/.ssh/id_${SSH_HOST}_rsa
|
||||
|
||||
# Note: If you get "too many authentication failures" it's likely because you have too many private
|
||||
# keys in your ~/.ssh directory. Use `-o PubkeyAuthentication` to fix it.
|
||||
ssh-copy-id -o PubkeyAuthentication=no -i ~/.ssh/id_${SSH_HOST}_rsa.pub ducoterra@${SSH_HOST}.reeselink.com
|
||||
ssh -i ~/.ssh/id_${SSH_HOST}_rsa ducoterra@${SSH_HOST}.reeselink.com
|
||||
# Copy authorized_keys to root
|
||||
sudo cp ~/.ssh/authorized_keys /root/.ssh/authorized_keys
|
||||
exit
|
||||
|
||||
cat <<EOF >> ~/.ssh/config
|
||||
|
||||
Host ${SSH_HOST}
|
||||
Hostname ${SSH_HOST}.reeselink.com
|
||||
User root
|
||||
Port 22
|
||||
KeepAlive yes
|
||||
IdentityFile ~/.ssh/id_${SSH_HOST}_rsa
|
||||
EOF
|
||||
|
||||
ssh ${SSH_HOST}
|
||||
# Disable password auth
|
||||
echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/01-prohibit-password.conf
|
||||
systemctl restart sshd
|
||||
|
||||
# OPTIONAL: Disable sudo password
|
||||
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/01-nopasswd-wheel
|
||||
|
||||
exit
|
||||
|
||||
# Test if you can SSH with a password
|
||||
ssh -o PubkeyAuthentication=no ducoterra@${SSH_HOST}.reeselink.com
|
||||
|
||||
# Test that you can log into the server with ssh config
|
||||
ssh $SSH_HOST
|
||||
```
|
||||
See [README](/README.md#ssh-setup)
|
||||
|
||||
## DNF
|
||||
|
||||
@@ -224,6 +184,13 @@ snapper -c root delete 1
|
||||
Note - you probably don't want to keep yearly snapshots.
|
||||
Edit `/etc/snapper/configs/root` and change `TIMELINE_LIMIT_YEARLY=` to `0`.
|
||||
|
||||
## BTRFS Maintenance
|
||||
|
||||
```bash
|
||||
# Start a scrub in the foreground (-B) at /
|
||||
btrfs scrub start -B /
|
||||
```
|
||||
|
||||
## TPM2 Luks Decryption
|
||||
|
||||
Mostly taken from here:
|
||||
@@ -324,7 +291,7 @@ TODO
|
||||
|
||||
## Common Storage Mounts
|
||||
|
||||
Note: mount these before you install the relavant package!
|
||||
Note: mount these before you install the relevant package!
|
||||
|
||||
1. For virtual machines: `/var/lib/libvirt`
|
||||
2. For podman: `/var/lib/containers`
|
||||
|
||||
Reference in New Issue
Block a user