Server installation

🏷 server
🏷 zsh
🏷 raid
🏷 encrypt
🏷 docker
🏷 debian
Created:   2025-04-05
Copyright: CC-BY-SA 4.0
Language:  en

After spending some thousands euros on dedicated server decided to move some space eating services to home server. Work still in progress (2025-04-05) because I use some older computer and some part is a little bit failing... hrrr.

The services will be:

These services are not so critical to be accessible 99.(9) SLA :)

distribution

There is no questions about OS. Simple it is Linux. The choice for distribution was a little bit bigger as I could choose between Ubuntu, Debian and Arch Linux. There were thoughts to use Arch Linux and to live on edge but there is no usecases to have the most newest software. Ubuntu is like compromise between Debian and Arch but same thing - as I decided to run everything in docker containers then new software is not the case. Stability is more important because I don't want to spend time on maintainence. So, the choice is Debian.

I use net install because I have good connection and I want to have small system. Everything was installed in simple way. At first I wanted to make eveything encrypted even root and swap partitions but later I found some issue with hardware and computer restarted, so I can't everytime enter password to decrypt. Data partition I left encrypted.

raid and encryption

First time I installed with full encryption and that was in installer. I run it without graphical interface, so I left not configured raid and encryption for it.

I bought (computer I got for free from frien) two 4TB HDDs and wanted to create simple raid to have some backup.

raid

Debian software raid howto
Superuser: raid encryption
# mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sdb /dev/sdc

Then I wanted to encrypt and for that I needed LVM partition.

# apt install lvm2
# pvcreate /dev/md0
# vgcreate RaidVG /dev/md0
# vgdisplay
# lvcreate -n LVMVol RaidVG -l 100%FREE

On second installation I didn't need to do anything.

encryption

With encryption I needed to do next steps.

# cryptsetup -y -v luksFormat /dev/RaidVG/LVMVol
# cryptsetup luksOpen  /dev/RaidVG/LVMVol CryptVol
# mkfs.ext4 /dev/mapper/CryptVol

I wanted to make it autodecryption on boot.

# cd /etc/
# dd if=/dev/urandom of=/etc/datakeyfile bs=1024 count=4
# chmod 0400 datakeyfile 
# cryptsetup -v luksAddKey /dev/RaidVG/LVMVol /etc/datakeyfile 
# ls -l /dev/disk/by-uuid/

Edited /etc/crypttab to use key file

data_crypt UUID=cd85613c-07d2-417a-9270-58fbf04848bf /etc/datakeyfile luks,keyscript=/lib/cryptsetup/scripts/passdev

And mount partition on boot (/etc/fstab)

UUID=7543c0ac-4121-4801-b0b9-896b7f2fe55e /mnt/data	ext4    rw,relatime 0       2

On second installation I saved key and added same lines to crypttab and fstab.

additional apps and environment

My prefared shell is zsh with oh-my-zsh. I use vim for editing. Sometime I check disk usage with `ncdu` and `ranger` to navigate in filesystem.

# apt-get install vim git zsh ranger ncdu

To have default shell I directly edit `/etc/passwd`.

Oh-my-zsh installation comes from their site

# sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

ssh root login

One important thing is to login remotely to server. I use direct login to root but with ssh key. At first ssh server is configured not to allow root logins by password. And that's good but I need to copy key at first. So, I need temporaly disable direct login.

Edit /etc/ssh/sshd_config

PermitRootLogin yes

Restart sshd 

# systemctl restart sshd

Copy ssh key to authorized keys (on local machine)

$ ssh-copy-id root@skleps

Revert direct root login and restart sshd.

docker

One thing about old Debian was known - docker is to old. So, I used their repository to have the newest version. Completelly c/p from their howto:

docker intall howto
server configuration
🌿 linux
🏠 home
Page counter: 4N

Mentions

➕ New gemini mention