Skip to Content
Last modified by Alexandru Pentilescu on 2024/07/22 21:37
From version 7.1
edited by Alexandru Pentilescu
on 2023/06/25 18:45
Change comment: There is no comment for this version
To version 10.1
edited by Alexandru Pentilescu
on 2024/07/22 21:05
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -45,6 +45,23 @@
45 45  Ultimately, the argument for or against using root access is mostly a philosophical one, rather than a technical one. There is no right or wrong answer to this question. Rather, each answer brings its own advantages and disadvantages to the table. What really matters is what you're more comfortable with using in the end.
46 46  Moreover, using a sudoers user rather than root is not inherently a guarantee for system safety either and should not be taken as a leeway for running suspicious executable files from the internet either, as privilege escalation bugs have existed in the Linux kernel since its own inception.
47 47  
48 += Install the necessary utilities =
49 +Install docker, postfix and nginx, which are all utilities you will be using consistently, from this point on.
50 +
51 +Afterwards, install the certbot-plugin-gandi plugin to enable automatic certificate renewals using gandi. This may require you to install pip3 as well, first.
52 +
53 +One the plugin is installed, just do:
54 +
55 +{{code language="bash"}}
56 +certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -n -d 'transistor.one,*.transistor.one' --agree-tos --email=alexandru.pentilescu@disroot.org
57 +{{/code}}
58 +
59 +The contents of /etc/lets/encrypt/gandi/gandi.ini should look like the following:
60 +# live dns v5 api key
61 +dns_gandi_api_key=<gandi_api_key>
62 +
63 +The <gandi_api_key> token should be replaced with the actual API key generated from the Gandi website for your account.
64 +
48 48  = Setting up an SMTP server =
49 49  This will be required for all the future things you will be doing on the server.
50 50  
... ... @@ -132,4 +132,21 @@
132 132  {{/code}}
133 133  
134 134  Honestly, the "ipv6" line is unnecessary for our purposes, but I'm adding it anyway. After this file is added, after reboot, postfix will be able to bind itself to nonlocal addresses successfully.
152 +
153 += Installing Grafana and all the other necessary components =
154 +System monitoring is genuinely important. As such, having some pretty graphs to look at that monitor various stats of the server can be quite useful.
155 +To this end, we will set up Grafana as our graphs dashboard where we will visualize all of the relevant metrics of the system, as well as Prometheus as the data aggregator and Node Exporter, as the data collector.
156 +
157 +Let's get started!
158 +
159 +== Installing node exporter ==
160 +Use wget or any other utility to grab the latest version of node exporter.
161 +
162 +{{code language="bash"}}
163 +wget https://github.com/prometheus/node_exporter/releases/download/v0.15.2/node_exporter-0.15.2.linux-amd64.tar.gz
164 +{{/code}}
165 +
135 135  )))
167 +
168 +
169 +