LinuxServerSetup

Duf

Duf is a "better df" basically: https://github.com/muesli/duf

Ubuntu Firewall (ufw)

To sum up:

sudo ufw allow http
sudo ufw allow https
sudo ufw allow ssh
sudo ufw allow ntp
sudo ufw default allow outgoing
sudo ufw default deny incoming

And if we're still using Icecast (maybe..?)

sudo ufw allow 8000

Then we check /etc/ufw/user.rules to make sure things look like they should. If we're happy, issue this to kick things off:

sudo ufw enable

And hopefully we don't get kicked out. Use the ufw status command to check status, obvs.

If someone at a particular IP is being a butt, well, there's sudo ufw deny from IPADDRESS to any (or swap out reject for deny if we actually want the IP in question to "know" they're blocked).

PostgreSQL

Making backups is... weird. What seems to be working is setting up a pg_dump cron job as my "normal" user, but first one must create a ~/.pgpass file that's set chmod 0600 which looks a bit like this:

localhost:5432:databasename:databaseuser:databasepassword

And then the cron job entry itself looks a bit like this:

8 3 * * * pg_dump -h localhost -U databaseuser -d databasename > /opt/backups/db-`date +'%Y%m%d'`.dump.txt

SSMTP

Getting mail out of a new Linux box is relatively easy with SSMTP, which is still available in Ubuntu 20.04, thankfully. We need two files set up:

  • /etc/ssmtp/ssmtp.conf contains the actual server & authentication info.
  • /etc/ssmtp/revaliases supposedly allows aliasing the sender, but that doesn't seem to have worked yet on the new box. Needs confirmation/testing.

The ssmtp.conf file looks a bit like:

# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=greyduck@greyduck.net

# Gmail settings
UseTLS=YES
UseSTARTTLS=YES
#AuthMethod=LOGIN

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:587

# Where will the mail seem to come from?
rewriteDomain=greyduck.net

# The full hostname
hostname=node3.greyduck.net

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
FromLineOverride=NO

# Username and password for Google's Gmail servers
# # From addresses are settled by Mutt's rc file, so
# # with this setup one can still achieve multi-user SMTP
AuthUser=greyduck@gmail.com
AuthPass=APP_PASSWORD_GOES_HERE

And revaliases contains basically just this:

root:admin@frell.co:smtp.gmail.com:587

Your mileage may vary.

Page last modified on October 21, 2022, at 10:12 AM
Powered by PmWiki