Blame
|
1 | # Setup |
||||||
|
2 | |||||||
|
3 | |||||||
| 4 | ||||||||
| 5 | ||||||||
| 6 | ## Installation d'Ubuntu |
|||||||
| 7 | ||||||||
| 8 | Checklist |
|||||||
| 9 | ||||||||
| 10 | 1. mount raids with an option I cannot remember... |
|||||||
| 11 | 2. install software |
|||||||
| 12 | - fail2ban |
|||||||
| 13 | - openssh |
|||||||
| 14 | - git |
|||||||
| 15 | - docker |
|||||||
| 16 | - docker compose |
|||||||
| 17 | - snap |
|||||||
| 18 | 3. Setup fail2ban |
|||||||
| 19 | ||||||||
| 20 | ||||||||
| 21 | ||||||||
| 22 | ||||||||
|
23 | - Docker |
||||||
| 24 | - fail2ban |
|||||||
| 25 | - ufw |
|||||||
| 26 | - secure ssh with password access blocked |
|||||||
| 27 | ||||||||
| 28 | ||||||||
| 29 | ||||||||
| 30 | ## Docker |
|||||||
| 31 | ||||||||
|
32 | Following the instruction in <https://docs.docker.com/>. |
||||||
| 33 | ||||||||
| 34 | You need `docker` and `docker-compose`. Since we are not running in unpriviledged, we don't need the `rootless` packages. |
|||||||
| 35 | ||||||||
| 36 | Normaly, we don't need anything else. |
|||||||
|
37 | |||||||
| 38 | We store `docker-compose` files in `/opt/docker`, and data in `/mnt/data` and `/mnt/ncdata`. |
|||||||
| 39 | ||||||||
| 40 | The `docker` user and group should be created to manage volumes and permissions. Each admin user should be added to the docker group. |
|||||||
| 41 | ||||||||
| 42 | File permissions for the docker container data and configs should be set to the docker:docker and add read/write/execute permissions for the docker group, for easier admin management without having to elevating permissions to root. |
|||||||
| 43 | ||||||||
| 44 | ||||||||
| 45 | ``` |
|||||||
| 46 | # Example of setting the permissions for the |
|||||||
| 47 | ||||||||
| 48 | sudo chown -R docker:docker /mnt/data/container && |
|||||||
| 49 | sudo find /mnt/data/container -type d -exec chmod 775 {} \; && |
|||||||
| 50 | sudo find /mnt/data/container -type f -exec chmod 664 {} \; |
|||||||
| 51 | ``` |
|||||||