Skip to content

Install Segfault Sever Centre

SkyperTHC edited this page Feb 9, 2023 · 7 revisions

You should only be here if you have already prepped your server for deployment. Read the AWS Deployment or Generic Deployment

Note: We use Route53 so that the user always connects to the nearest SSC. E.g. segfault.net resolves to us.segfault.net or de.segfault.net depending on your physical location. You likely wont need this.

Install the SSC

Copy segfault source to /sec/src/ and install:

The following command will:

  1. Install all software (docker, curl, git, ..) onto the AWS
  2. Move the SSHD to port 64222 and assign Port 22 to the SSC.
  3. Create a random MASTER SEED.
  4. Configure the SSC (generate tor secrets, ssh-keys, ...)
  • Replace ZZZ with your NordVPN Private Key or remove the line if NordVPN is not used.
  • Set SF_FQDN= to whatever domain name you are using.
  • Set SF_PACKAGES="MINI_BASE NET HACK" for a smaller deployment (1 GB instead of 16 GB).

Please refer to the list of all variables for more information.

SF_PACKAGES=ALL \
SF_BASEDIR=/sf \
SF_SEED="$(head -c 1024 /dev/urandom | tr -dc '[:alpha:]' | head -c 32)" \
SF_FQDN=mydomain.segfault.net \
SF_NORDVPN_PRIVATE_KEY=ZZZ \
SF_CRYPTOSTORM_CONFIG=XXX \
SF_MULLVAD_CONFIG=YYY \
provision/init-linux.sh

The script will finish with an output similar to this one:

--> System's SSHD was in the way and got moved to 64222
--> Basedir             : /sf
--> SF_SEED             : RandomlyCreatedMasterSeed1234567
--> Password            : segfault
--> SSH                 : ssh root@mydomain.segfault.net
--> SSH (gsocket)       : gsocket -s RandomSecret ssh root@mydomain.segfault.gsocket
  1. Optional: Check out our WireGuard Docker Image and how to obtain the configuration strings for the VPN.
  2. Optional: Edit .env and add the VPN keys.
  3. Optional: Copy existing ssh keys to /sf/config/etc/ssh/.
  4. Edit /sf/config/etc/sf.conf and adjust the configuration.
  5. Write down the SF_SEED. Do not store it on the server.
  6. Log in to your SSC (ssh root@mydomain.segfault.net) with password "segfault" (without parentheses).

Stopping and Starting the SSC

Stopping:

cd /sec/src/segfault-abc
sfbin/sf down

Starting:

cd /sec/src/segfault-abc
SF_SEED=RandomlyCreatedMasterSeed1234567 sfbin/sf up

Rebooting the HOST

No configuration contains any sensitive user information. Nevertheless it is advisable to use encryption for /sf/config.

We do not store any key material on the server. Thus any reboot of the host requires the admin to mount the encrypted drives and supply the SF_SEED.

cryptsetup luksOpen /dev/sda sdaluks
mount -o nofail,noatime /dev/mapper/sdaluks1 /sf/config
mount -o nofail,noatime /dev/mapper/sdaluks2 /sec
Clone this wiki locally