Skip to content

Instantly share code, notes, and snippets.

@NiklasGollenstede

NiklasGollenstede/!server-init.md

Last active December 5, 2021 01:38
Show Gist options
  • Save NiklasGollenstede/f0634db6b7bdf500a2e82a0fff4e6289 to your computer and use it in GitHub Desktop.
Save NiklasGollenstede/f0634db6b7bdf500a2e82a0fff4e6289 to your computer and use it in GitHub Desktop.
Download ZIP
Initial setup for new Linux servers
Raw
!server-init.md

Some generic first steps to run on any new Linux(/Ubuntu) server.

Please read the content for more information.

Raw
content.md

Prepare a Ubuntu (18.04 / 20.04) Server

ARCHIVED: I use NixOS now, wich is set up and configured completely differently.

This is to continue the setup of a new Linux(/Ubuntu) server once the OS itself is installed and SSH root login works with SSH keys. That could for example be a fresh cloud instance, or a Raspberry PI.

If a root password is set, remove it with passwd -dl root.

Now paste/run:

# { (. <(cat << "#EOF" # copy from after the first #
#!/usr/bin/bash
set -eux

## update
export DEBIAN_FRONTEND=noninteractive
apt-get update
yes '' | apt-get -y -o DPkg::options::="--force-confdef" -o DPkg::options::="--force-confold" --allow-downgrades --allow-remove-essential --allow-change-held-packages full-upgrade
apt-get auto-remove -y

## enable automatic updates
apt-get install -y unattended-upgrades update-notifier-common
perl -i -pe 's/("\${distro_id}(:\${distro_codename}"|ESM))/\/\/$1/' /etc/apt/apt.conf.d/50unattended-upgrades
cat << 'EOF' > /etc/apt/apt.conf.d/20auto-upgrades # enable updates
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOF

## install tools
apt-get install -y git net-tools software-properties-common
curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs

## enable ufw (firewall)
apt-get install ufw # not installed everywhere
ufw allow OpenSSH # don't lock out SSH
ufw --force enable # skip ssh warning

## remove spam from the motd welcome message
chmod -x /etc/update-motd.d/00-header /etc/update-motd.d/10-help-text /etc/update-motd.d/50-motd-news /etc/update-motd.d/80-livepatch || true
systemctl disable motd-news.service || true; systemctl disable motd-news.timer || true

#EOF
)); }

Next steps

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment