The setup after you set yourself up
After installing Ubuntu Server:
sudo timedatectl set-timezone America/Los_Angeles
sudo apt install libpam-google-authenticator
google-authenticator -tdw 17 -r 3 -R 30
Enter sudo nano /etc/pam.d/sshd
, replace @include common-auth
with the following, and write out (^G = Ctrl-G):
#@include common-auth
auth required pam_google_authenticator.so
Enter sudo nano /etc/ssh/sshd_config
, replace KbdInteractiveAuthentication no
with the following, and write out (^G = Ctrl-G):
KbdInteractiveAuthentication yes
AuthenticationMethods publickey,keyboard-interactive
sudo systemctl restart ssh
sudo apt install ufw
sudo ufw enable
sudo ufw allow ssh
sudo ufw allow 5201 # iperf
Minecraft Java Edition server:
sudo ufw allow proto tcp to 0.0.0.0/0 port 25565
Minecraft Bedrock Edition server:
sudo ufw allow proto udp to 0.0.0.0/0 port 19132
sudo ufw allow proto udp to ::/0 port 19133
sudo apt install fail2ban
Copy and paste this block:
echo '[DEFAULT]' | sudo tee -a /etc/fail2ban/jail.local
echo 'banaction = ufw' | sudo tee -a /etc/fail2ban/jail.local
echo '[sshd]' | sudo tee -a /etc/fail2ban/jail.local
echo 'enabled = true' | sudo tee -a /etc/fail2ban/jail.local
sudo systemctl enable --now fail2ban
sudo dpkg-reconfigure unattended-upgrades
Enter sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
, backspace the //
from //Unattended-Upgrade::Automatic-Reboot "false";
, change false to true, and write out (^G = Ctrl-G).
sudo unattended-upgrade --dry-run -v
If desktop says System is on battery power, stopping
, backspace the //
from // Unattended-Upgrade::OnlyOnACPower "true";
and change true to false.
sudo apt install inadyn
Enter sudo nano /etc/inadyn.conf
, fill this in, and write out (^G = Ctrl-G):
allow-ipv6 = true
period = 300
provider no-ip.com:1 {
username = $username
password = $password
hostname = $hostname.domain.tld
}
provider no-ip.com:2 {
username = $username
password = $password
hostname = $hostname.domain.tld
checkip-command = "ip -6 address show dev $ifname scope global primary | grep '^ *inet6' | head -n 1 | awk '{print $2}' | cut -d / -f 1"
}
Enter sudo nano /etc/default/inadyn
, replace RUN_DAEMON="no"
with RUN_DAEMON="yes"
, and write out (^G = Ctrl-G).
sudo systemctl restart inadyn
# List block devices and their filesystem info
lsblk -f
sudo mkdir /mnt/backup
# Mount external disk at boot
echo 'UUID=$uuid /mnt/backup $filesystem defaults 0 0' | sudo tee -a /etc/fstab
sudo mount -t $filesystem UUID=$uuid /mnt/backup
sudo apt install git
echo '*.swp' >> ~/.gitignore
git config --global core.excludesfile ~/.gitignore
git config --global core.editor vim