# moby - Container Server

Spezifikaktion:
- Ubuntu Server 20.04
- Hetzner Cloud Server CX31
  - 2 vCPUs
  - 8 GB RAM
  - 80 GB Disk

## Erstellen des Servers

Mit dem Binary hcloud von:
https://github.com/hetznercloud/cli

Temporaer einen API Key erstellen (nachher wieder loeschen)

```bash
$ hcloud context create nbit.ch
$ hcloud image list                          # zeigt moegliche Images
$ hcloud server-type list                    # zeigt moegliche Typen

$ hcloud server create --name moby --image docker-ce --type cx31 --ssh-key joerg@cinnamon.nbit.ch
$ hcloud server set-rdns moby --hostname moby.nbit.ch
$ IPV6="$(hcloud server ip moby -6)"
$ hcloud server set-rdns moby --ip $IPV6 --hostname moby.nbit.ch
```

DNS Eintraege erstellen:
```bash
$ hcloud server ip moby
$ hcloud server ip moby -6                     
```

```bash
Root-Passwort setzen (das machen wir von Hand)

ssh-Root-Passwort-Login disablen:
/etc/ssh/sshd_config:
PermitRootLogin without-password


Add Swap Space as documented in Mailcow Doc (but we use 2GB):

see https://linuxize.com/post/how-to-add-swap-space-on-ubuntu-20-04/

# fallocate -l 2G /swapfile
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
# echo "/swapfile swap swap defaults 0 0" >>/etc/fstab


```


## Firewall

```bash
# ufw default deny incoming
# ufw default allow outgoing
# ufw allow ssh
# ufw allow http
# ufw allow https
# ufw enable
```

## fail2ban auf Host fuer ssh

```bash
# apt install fail2ban
# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
edit /etc/fail2ban/jail.local:
enabled = true unterhalb [sshd]

Check, wer gebanned ist:
# fail2ban-client status sshd
```


## Software installieren

```bash
# apt install git
```