82 lines
2.0 KiB
Markdown
82 lines
2.0 KiB
Markdown
# Swiss VPS Setup - hostkey50304
|
|
|
|
**Server:** 82.22.36.202 (hostkey50304)
|
|
**Location:** Switzerland
|
|
**Purpose:** Security infrastructure (monitoring, vulnerability scanning, git)
|
|
**Owner:** James (full autonomy - Johan is 100% hands-off)
|
|
|
|
---
|
|
|
|
## Specs
|
|
- 4 vCore
|
|
- 6GB RAM
|
|
- 120GB SSD
|
|
- Ubuntu 24.04.1 LTS
|
|
- Kernel: 6.8.0-39-generic
|
|
|
|
## Credentials
|
|
- User: root
|
|
- Password: [REDACTED] (to be disabled after SSH key setup)
|
|
- SSH Key: james@clawd (ed25519)
|
|
|
|
---
|
|
|
|
## Setup Progress
|
|
|
|
### Phase 1: Hardening
|
|
- [x] SSH key added to authorized_keys
|
|
- [x] System update started (2026-01-26 ~23:18 UTC)
|
|
- [ ] Install security packages (ufw, fail2ban, unattended-upgrades)
|
|
- [ ] Configure SSH hardening (key-only, no root password, custom port)
|
|
- [ ] UFW firewall rules
|
|
- [ ] fail2ban configuration
|
|
- [ ] Audit logging
|
|
|
|
### Phase 2: Docker Services
|
|
- [ ] Install Docker
|
|
- [ ] Uptime Kuma (monitoring dashboard)
|
|
- [ ] Forgejo (self-hosted Git)
|
|
- [ ] OpenVAS/Greenbone (vulnerability scanner) — note: memory-heavy, may run on-demand
|
|
|
|
### Phase 3: Maintenance
|
|
- [ ] Automated backups config
|
|
- [ ] Monitoring alerts → Signal
|
|
- [ ] Caddy for TLS (needs subdomain)
|
|
|
|
---
|
|
|
|
## Decisions Made
|
|
|
|
1. **Forgejo over Gitea** - community fork, more active, less corporate drama
|
|
2. **OpenVAS on-demand** - 4GB minimum RAM requirement, tight with 6GB total
|
|
3. **Custom SSH port** - will use something in 10000-65000 range
|
|
4. **AllowUsers directive** - whitelist specific usernames
|
|
5. **No swap configured** - need to add for memory-intensive scans
|
|
|
|
---
|
|
|
|
## Network Notes
|
|
|
|
- Johan's home IP: 47.197.93.62 (dynamic but stable)
|
|
- Whitelist this for SSH access
|
|
- Starlink backup exists for hurricane failover (manual)
|
|
|
|
---
|
|
|
|
## Subdomain
|
|
|
|
Pending - asked Johan for preference:
|
|
- sec.jongsma.me
|
|
- ch.jongsma.me
|
|
- kuma.jongsma.me
|
|
|
|
---
|
|
|
|
## Changelog
|
|
|
|
| Date | Action | Notes |
|
|
|------|--------|-------|
|
|
| 2026-01-26 | Initial connection | Server confirmed empty, Ubuntu 24.04 |
|
|
| 2026-01-26 | SSH key added | james@clawd ed25519 key |
|
|
| 2026-01-26 | System update | apt update && upgrade -y (185 packages) |
|