incubate freeipa server
This commit is contained in:
@@ -31,6 +31,7 @@ instructions for building a:
|
||||
- [Snapshots](#snapshots)
|
||||
- [Backups](#backups)
|
||||
- [Backing up a snapshot](#backing-up-a-snapshot)
|
||||
- [Restoring a snapshot](#restoring-a-snapshot)
|
||||
- [Chroots](#chroots)
|
||||
- [Hardware Management](#hardware-management)
|
||||
- [Power Profiles](#power-profiles)
|
||||
@@ -469,6 +470,7 @@ systemctl enable --now ufw
|
||||
#### btrbk
|
||||
|
||||
```bash
|
||||
sudo pacman -S mbuffer # for progress monitoring
|
||||
cd Downloads
|
||||
wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk
|
||||
clamdscan .
|
||||
@@ -627,7 +629,7 @@ Now set up the backup:
|
||||
Description=Runs btrbk with config file at /etc/btrbk/backups.conf
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/btrbk -c /etc/btrbk/backups.conf -v run
|
||||
ExecStart=/usr/bin/btrbk -c /etc/btrbk/backups.conf --progress run
|
||||
```
|
||||
|
||||
3. Create a timer to activate the service
|
||||
@@ -662,6 +664,17 @@ pacman -S pv
|
||||
btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscsi
|
||||
```
|
||||
|
||||
##### Restoring a snapshot
|
||||
|
||||
```bash
|
||||
export ROOT_SNAPSHOT_NAME=<name>
|
||||
export HOME_SNAPSHOT_NAME=<name>
|
||||
rsync -av --delete /btr_pools/root/.snapshots/${ROOT_SNAPSHOT_NAME}/ /btr_pools/root/root/
|
||||
rsync -av --delete /btr_pools/root/.snapshots/${HOME_SNAPSHOT_NAME}/ /btr_pools/root/home/
|
||||
pacman -Syu # This is only required if you're restoring a snapshot from an old kernel
|
||||
reboot
|
||||
```
|
||||
|
||||
#### Chroots
|
||||
|
||||
You can create chroot environments to run firejails or just use for testing purposes.
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
- [Fedora Server](#fedora-server)
|
||||
- [Installation](#installation)
|
||||
- [Setup SSH](#setup-ssh)
|
||||
- [DNF](#dnf)
|
||||
- [Fail2Ban](#fail2ban)
|
||||
- [Automatic Updates](#automatic-updates)
|
||||
- [Disable Swap](#disable-swap)
|
||||
@@ -36,15 +37,15 @@ ssh-copy-id -o PubkeyAuthentication=no -i ~/.ssh/id_"$SSH_HOST"_rsa.pub ducoterr
|
||||
|
||||
cat <<EOF >> ~/.ssh/config
|
||||
|
||||
Host $SSH_HOST
|
||||
Hostname "$SSH_HOST".reeselink.com
|
||||
Host ${SSH_HOST}
|
||||
Hostname ${SSH_HOST}.reeselink.com
|
||||
User root
|
||||
ProxyCommand none
|
||||
ForwardAgent no
|
||||
ForwardX11 no
|
||||
Port 22
|
||||
KeepAlive yes
|
||||
IdentityFile ~/.ssh/id_"$SSH_HOST"_rsa
|
||||
IdentityFile ~/.ssh/id_${SSH_HOST}_rsa
|
||||
EOF
|
||||
```
|
||||
|
||||
@@ -60,18 +61,29 @@ passwd
|
||||
sudo su -
|
||||
echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/01-prohibit-password.conf
|
||||
echo '%wheel ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/01-nopasswd-wheel
|
||||
systemctl restart sshd
|
||||
```
|
||||
|
||||
On the operator:
|
||||
|
||||
```bash
|
||||
# Test if you can SSH with a password
|
||||
ssh -o PubkeyAuthentication=no ducoterra@"$SSH_HOST".reeselink.com
|
||||
ssh -o PubkeyAuthentication=no ducoterra@${SSH_HOST}.reeselink.com
|
||||
|
||||
# Test that you can log into the server with ssh config
|
||||
ssh $SSH_HOST
|
||||
```
|
||||
|
||||
## DNF
|
||||
|
||||
Configure dnf to use the fastest mirror:
|
||||
|
||||
```bash
|
||||
echo 'fastestmirror=1' >> /etc/dnf/dnf.conf
|
||||
dnf clean all
|
||||
dnf update
|
||||
```
|
||||
|
||||
## Fail2Ban
|
||||
|
||||
On the server:
|
||||
@@ -86,7 +98,7 @@ cat <<EOF > /etc/fail2ban/jail.local
|
||||
# Adjust the default configuration's default values
|
||||
[DEFAULT]
|
||||
# Optional enter an trusted IP never to ban
|
||||
ignoreip = 2600:1700:1e6c:a81f::0/64
|
||||
# ignoreip = 2600:1700:1e6c:a81f::0/64
|
||||
bantime = 6600
|
||||
backend = auto
|
||||
|
||||
|
||||
Reference in New Issue
Block a user