Skip to content

Bare Metal Deployment

Jump to bottom
SkyperTHC edited this page Feb 9, 2023 · 16 revisions

These instructions are for administrators who like to provision a Segfault.net Server Centre (SSC) onto dedicated bare metal server.

The setup assumes:

  • 1x 256 GB /dev/sda (unused). Used for /sf/config and /sec
  • 1x 2 TB /dev/nvme0n1 (boot & root filesystem). Remaining used for swap.
  • 1x 2 TB /dev/vnme1n1 (unused). Used for segfault

Boot into Rescue Mode

e2fsck -f /dev/nvme0n1p5
resize2fs /dev/nvme0n1p5 32G # (8388608 * 4k long => 67108864 * 512 blocks)
fdisk /dev/nvme0n1
# - d: delete partition 5
# - n: New partition. Same start and length +67108864. Do not remove signature (when asked)
# - w: save & exit
reboot

Basic OpSec

ln -s /dev/null .bash_history
passwd # reset password

Remove default crap

systemctl stop pvedaemon
systemctl disable pvedaemon
systemctl stop pveproxy
systemctl disable pveproxy
systemctl stop spiceproxy
systemctl disable spiceproxy
systemctl stop dovecot
systemctl disable dovecot
systemctl stop xinetd
systemctl disable xinetd
systemctl stop apache2
systemctl disable apache2
systemctl stop postfix
systemctl disable postfix
systemctl stop sw-cp-server
systemctl disable sw-cp-server
systemctl stop nginx
systemctl disable nginx
systemctl stop mysql
systemctl disable mysql
systemctl stop bind9
systemctl disable bind9
systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind

Install useful crap

apt update
apt install tmux cpu-checker libvirt-daemon-system net-tools dnsmasq-base genisoimage virtinst libosinfo-bin cryptsetup qemu-kvm qemu-utils xfsprogs htop vim

Create swap

fdisk /dev/nvme0n1
# - n: New partition 6
# - +512G
# - t -> 6 -> swap: Set type swap on new partition
# - w: write & exit
dev=/dev/nvme0n1p6
mkswap "${dev}"
# Add UUID to /etc/fstab
eval FS_$(blkid "${dev}" | cut -f2-2 -d' ')
echo -e "UUID=${FS_UUID} none swap    sw              0       0" >>/etc/fstab

Create Filesystem for Segfault:

dev=/dev/nvme1n1
mkfs -t xfs -f  "${dev}"
eval FS_$(blkid "${dev}" | cut -f2-2 -d' ')
echo -e "UUID=${FS_UUID}     /sf    xfs    defaults,nofail,noatime,usrquota,prjquota 1 2" >>/etc/fstab
mount /sf

Create /sf/config (encrypted)

cryptsetup luksFormat /dev/sda # Pick a password (head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)
cryptsetup luksOpen /dev/sda sdaluks
fdisk /dev/mapper/sdaluks
# - n: New partition, +1G
# - n: New partition, all the remaining size
# - w: write & exit
partprobe
mkfs -t xfs /dev/mapper/sdaluks1
mkfs -t xfs /dev/mapper/sdaluks2
mkdir -p /sf/config
mkdir /sec
mount -o nofail,noatime /dev/mapper/sdaluks1 /sf/config
mount -o nofail,noatime /dev/mapper/sdaluks2 /sec

Continue reading Installing the SSC.

Join us on Telegram if you have any questions or comments.

Clone this wiki locally