services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3c0b8ab008a207a99e9b176d014abc985e4b6597
homelab/FedoraServer.md
ducoterra 3c0b8ab008 init
2023-03-24 00:44:25 -04:00

2.8 KiB
Raw Blame History

Fedora Server

Fedora server is an awesome container hosting OS. It has a lot built in, and setup is pretty quick.

Setup

scp .ssh/authorized_keys containers:~/.ssh/authorized_keys

sudo hostnamectl hostname containers
sudo dnf install vim
sudo vim /etc/ssh/sshd_config
sudo systemctl restart sshd

Certbot for Cockpit

Initial Setup

  1. Create a "containers" user in AWS. Copy the permissions from Freenas
  2. Create credentials
  3. Add your credentials to root
  4. Install the aws cli v2
  5. Test your credentials with aws route53 list-hosted-zones
sudo dnf install certbot python3-certbot-dns-route53
sudo certbot certonly --dns-route53 -d containers.reeselink.com
sudo certbot certonly --dns-route53 -d containers.reeseapps.com

sudo cp /etc/letsencrypt/live/containers.reeselink.com/fullchain.pem /etc/cockpit/ws-certs.d/50-letsencrypt.cert
sudo cp /etc/letsencrypt/live/containers.reeselink.com/privkey.pem /etc/cockpit/ws-certs.d/50-letsencrypt.key

sudo cp /etc/letsencrypt/live/containers.reeseapps.com/fullchain.pem /etc/cockpit/ws-certs.d/60-letsencrypt.cert
sudo cp /etc/letsencrypt/live/containers.reeseapps.com/privkey.pem /etc/cockpit/ws-certs.d/60-letsencrypt.key

Test the renewal process with:

sudo certbot renew --cert-name containers.reeselink.com --dry-run

Renewal

Create a renewal script in /usr/lib/scripts/certbot-renew.sh

/usr/lib/scripts/certbot-renew.sh (chmod +x)

#!/bin/bash

/usr/bin/certbot renew --cert-name containers.reeselink.com
cp /etc/letsencrypt/live/containers.reeselink.com/fullchain.pem /etc/cockpit/ws-certs.d/50-letsencrypt.cert
cp /etc/letsencrypt/live/containers.reeselink.com/privkey.pem /etc/cockpit/ws-certs.d/50-letsencrypt.key

Now create a systemd oneshot service to run the script

/etc/systemd/system/certbot-renew.service

[Unit]
Description=Certbot Renewal

[Service]
Type=oneshot
ExecStart=/usr/lib/scripts/certbot-renew.sh

/etc/systemd/system/certbot-renew.timer

[Unit]
Description=Timer for Certbot Renewal

[Timer]
OnBootSec=300
OnUnitActiveSec=1w

[Install]
WantedBy=multi-user.target

Enable the service

systemctl enable --now certbot-renew.timer

Disable FirewallD

Firewalld conflicts with k3s. Disable it from the UI.

Disable SELinux

SELinux interferes with ISCSI mounts. Disable it by editing /etc/selinux/config

SELINUX=permissive

Allow ISCSI

# Install the following system packages
sudo dnf install -y lsscsi iscsi-initiator-utils sg3_utils device-mapper-multipath

# Enable multipathing
sudo mpathconf --enable --with_multipathd y

# Ensure that iscsid and multipathd are running
sudo systemctl enable iscsid multipathd
sudo systemctl start iscsid multipathd

# Start and enable iscsi
sudo systemctl enable iscsi
sudo systemctl start iscsi
Reference in New Issue View Git Blame Copy Permalink