# Ubuntu Server

- [Ubuntu Server](#ubuntu-server)
  - [Setup SSH](#setup-ssh)
  - [Fail2Ban](#fail2ban)
  - [Automatic Updates](#automatic-updates)
  - [Disable Swap](#disable-swap)
  - [Extras](#extras)
  - [Troubleshooting](#troubleshooting)
    - [nmcli device unmanaged](#nmcli-device-unmanaged)

Note these instructions differentiate between an `operator` and a `server`. The operator can be
any machine that configure the server. A pipeline, laptop, dedicated server, etc. are all options.
The server can be its own operator, though that's not recommended since servers should be ephemeral
and the operator will store information about each server.

## Setup SSH

See [README](/README.md#ssh-setup)

## Fail2Ban

On the server:

```bash
apt update
apt install -y fail2ban

# Setup initial rules
cat <<EOF > /etc/fail2ban/jail.local
# Jail configuration additions for local installation

# Adjust the default configuration's default values
[DEFAULT]
# Optional enter an trusted IP never to ban
ignoreip = 2600:1700:1e6c:a81f::0/64
bantime  = 6600
backend = auto

# The main configuration file defines all services but
# deactivates them by default. We have to activate those neeeded
[sshd]
enabled = true
EOF

systemctl enable fail2ban --now
tail -f /var/log/fail2ban.log
```

## Automatic Updates

On the server:

```bash
apt install -y unattended-upgrades

systemctl enable --now unattended-upgrades.service
```

## Disable Swap

```bash
swapoff -a
```

## Extras

On the server:

```bash
# Install glances for system monitoring
apt install -y glances net-tools vim tmux

# Cockpit
apt install -y cockpit
systemctl enable --now cockpit
```

## Troubleshooting

### nmcli device unmanaged

Ubuntu installs a config file that sets most devices unmanaged:

/usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf:

[keyfile]
unmanaged-devices=*,except:type:wifi,except:type:gsm,except:type:cdma

To disable this, You can create a blank file with the same name in /etc:

sudo touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
sudo systemctl restart NetworkManager

Then `nmcli device set <device-name> managed yes`

Then turn on "Connect Automatically" in Cockpit.