Snippet Collection: My first 10 minutes on a new Arch Server
- by Tom Beyer
- 2018-11-25
- Server
This article is meant as a snippet collection for myself, I will update this in the future when I have new finidngs.
Following is a list of the typical first commands I execute on a new Arch server
pacman -Syu
pacman -S sudo openssh
systemctl enable sshd
systemctl start sshd
groupadd tom
useradd -m -g tom -G wheel -s /bin/bash tom
mkdir /home/tom/.ssh
chmod 700 /home/tom/.ssh
nano /home/tom/.ssh/authorized_keys
chmod 400 /home/tom/.ssh/authorized_keys
chown tom:tom -R /home/tom
passwd tom
nano /etc/sudoers
nano /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
AllowUsers deploy
systemctl restart sshd
pacman -S nginx php-fpm
systemctl enable nginx
systemctl start nginx
systemctl enable php-fpm
systemctl start php-fpm
pacman -S cronie
systemctl enable cronie
systemctl start cronie
nano /etc/cron.hourly/1autoupdater
#!/bin/sh
pacman -Syu --noconfirm
chmod +x /etc/cron.hourly/1autoupdater
pacman -S qemu-guest-agent
systemctl enable qemu-ga
systemctl start qemu-gasudo systemctl stop nginx
sudo certbot certonly --standalone --preferred-challenges http -d solarisproject.de -d www.solarisproject.de
/etc/letsencrypt/live/solarisproject.de/fullchain.pem
/etc/letsencrypt/live/solarisproject.de/privkey.pem
sudo certbot certonly --standalone --preferred-challenges http -d 3d-printing-hub.de -d www.3d-printing-hub.de
/etc/letsencrypt/live/3d-printing-hub.de/fullchain.pem
/etc/letsencrypt/live/3d-printing-hub.de/privkey.pem
sudo systemctl start nginx