Snippet Collection: My first 10 minutes on a new Arch Server


  • by Tom Beyer
  • 2018-11-25
  •  Server 

This article is meant as a snippet collection for myself, I will update this in the future when I have new finidngs.

Following is a list of the typical first commands I execute on a new Arch server

pacman -Syu
pacman -S sudo openssh
systemctl enable sshd
systemctl start sshd
groupadd tom
useradd -m -g tom -G wheel -s /bin/bash tom
mkdir /home/tom/.ssh
chmod 700 /home/tom/.ssh
nano /home/tom/.ssh/authorized_keys
chmod 400 /home/tom/.ssh/authorized_keys
chown tom:tom -R /home/tom
passwd tom
nano /etc/sudoers
nano /etc/ssh/sshd_config
  PermitRootLogin no
  PasswordAuthentication no
  AllowUsers deploy
systemctl restart sshd
pacman -S nginx php-fpm
systemctl enable nginx
systemctl start nginx
systemctl enable php-fpm
systemctl start php-fpm
pacman -S cronie
systemctl enable cronie
systemctl start cronie
nano /etc/cron.hourly/1autoupdater
  #!/bin/sh
  pacman -Syu --noconfirm
chmod +x /etc/cron.hourly/1autoupdater
pacman -S qemu-guest-agent
systemctl enable qemu-ga
systemctl start qemu-ga
sudo systemctl stop nginx
sudo certbot certonly --standalone --preferred-challenges http -d solarisproject.de -d www.solarisproject.de
  /etc/letsencrypt/live/solarisproject.de/fullchain.pem
  /etc/letsencrypt/live/solarisproject.de/privkey.pem
sudo certbot certonly --standalone --preferred-challenges http -d 3d-printing-hub.de -d www.3d-printing-hub.de
   /etc/letsencrypt/live/3d-printing-hub.de/fullchain.pem
   /etc/letsencrypt/live/3d-printing-hub.de/privkey.pem
sudo systemctl start nginx

Comments