2.0 KiB
2.0 KiB
Swiss VPS Setup - hostkey50304
Server: 82.22.36.202 (hostkey50304) Location: Switzerland Purpose: Security infrastructure (monitoring, vulnerability scanning, git) Owner: James (full autonomy - Johan is 100% hands-off)
Specs
- 4 vCore
- 6GB RAM
- 120GB SSD
- Ubuntu 24.04.1 LTS
- Kernel: 6.8.0-39-generic
Credentials
- User: root
- Password: [REDACTED] (to be disabled after SSH key setup)
- SSH Key: james@clawd (ed25519)
Setup Progress
Phase 1: Hardening
- SSH key added to authorized_keys
- System update started (2026-01-26 ~23:18 UTC)
- Install security packages (ufw, fail2ban, unattended-upgrades)
- Configure SSH hardening (key-only, no root password, custom port)
- UFW firewall rules
- fail2ban configuration
- Audit logging
Phase 2: Docker Services
- Install Docker
- Uptime Kuma (monitoring dashboard)
- Forgejo (self-hosted Git)
- OpenVAS/Greenbone (vulnerability scanner) — note: memory-heavy, may run on-demand
Phase 3: Maintenance
- Automated backups config
- Monitoring alerts → Signal
- Caddy for TLS (needs subdomain)
Decisions Made
- Forgejo over Gitea - community fork, more active, less corporate drama
- OpenVAS on-demand - 4GB minimum RAM requirement, tight with 6GB total
- Custom SSH port - will use something in 10000-65000 range
- AllowUsers directive - whitelist specific usernames
- No swap configured - need to add for memory-intensive scans
Network Notes
- Johan's home IP: 47.197.93.62 (dynamic but stable)
- Whitelist this for SSH access
- Starlink backup exists for hurricane failover (manual)
Subdomain
Pending - asked Johan for preference:
- sec.jongsma.me
- ch.jongsma.me
- kuma.jongsma.me
Changelog
| Date | Action | Notes |
|---|---|---|
| 2026-01-26 | Initial connection | Server confirmed empty, Ubuntu 24.04 |
| 2026-01-26 | SSH key added | james@clawd ed25519 key |
| 2026-01-26 | System update | apt update && upgrade -y (185 packages) |