demiurg · July 16, 2024 00:25
diff --git a/00_moving_tasks.md b/00_moving_tasks.md
diff --git a/01_lxd_new_server_setup.sh b/01_lxd_new_server_setup.sh
 # Setup Ubuntu 22.04
 sudo apt update
 sudo apt upgrade

 # Install SNAP (binary package manager)
 sudo apt install snapd
 # This is to control ZFS settings
 sudo apt install zfsutils-linux

 # Install LXD
 sudo snap install lxd --channel=5.0/stable

 # Add own user to LXD group to access lxc commands
 sudo adduser $USER lxd

 # Setup LXD config according to the yml, output in lxd_init.log
 lxc init

 # Configure firewall
 sudo ufw allow in on lxdbr0
 sudo ufw route allow in on lxdbr0
 sudo ufw route allow out on lxdbr0

 lxc network set lxdbr0 ipv6.firewall false
 lxc network set lxdbr0 ipv4.firewall false

 # Filesystem
 zfs set dedup=on default

 # Certbot
 # https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
 sudo snap install --classic certbot
 sudo ln -s /snap/bin/certbot /usr/bin/certbot
 sudo certbot --nginx
diff --git a/02_lxd_init.log b/02_lxd_init.log
 # lxd init
 Would you like to use LXD clustering? (yes/no) [default=no]: 
 Do you want to configure a new storage pool? (yes/no) [default=yes]: 
 Name of the new storage pool [default=default]: 
 Name of the storage backend to use (btrfs, ceph, cephobject, dir, lvm, zfs) [default=zfs]: 
 Create a new ZFS pool? (yes/no) [default=yes]: 
 Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]: 
 Size in GiB of the new loop device (1GiB minimum) [default=30GiB]: 256
 Would you like to connect to a MAAS server? (yes/no) [default=no]: 
 Would you like to create a new local network bridge? (yes/no) [default=yes]: 
 What should the new bridge be called? [default=lxdbr0]: 
 What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 10.1.1.1/24        
 Would you like LXD to NAT IPv4 traffic on your bridge? [default=yes]: 
 What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
 Would you like the LXD server to be available over the network? (yes/no) [default=no]: yes
 Address to bind LXD to (not including port) [default=all]: 
 Port to bind LXD to [default=8443]: 
 Trust password for new clients: 
 Again: 
 Would you like stale cached images to be updated automatically? (yes/no) [default=yes]: 
 Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: yes
diff --git a/03_nginx.conf b/03_nginx.conf
 server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl ipv6only=on;

    server_name ???;

    location / {
        proxy_buffering off;
        proxy_request_buffering off;
        proxy_set_header    Host $host;
        proxy_set_header    X-Forwarded-Host $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
        proxy_pass          http://10.1.1.??/;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_redirect      default;
        proxy_pass_header   Set-Cookie;
        proxy_read_timeout 10m;
        proxy_send_timeout 10m;
    }
 }
	# Setup Ubuntu 22.04
	sudo apt update
	sudo apt upgrade

	# Install SNAP (binary package manager)
	sudo apt install snapd
	# This is to control ZFS settings
	sudo apt install zfsutils-linux

	# Install LXD
	sudo snap install lxd --channel=5.0/stable

	# Add own user to LXD group to access lxc commands
	sudo adduser $USER lxd

	# Setup LXD config according to the yml, output in lxd_init.log
	lxc init

	# Configure firewall
	sudo ufw allow in on lxdbr0
	sudo ufw route allow in on lxdbr0
	sudo ufw route allow out on lxdbr0

	lxc network set lxdbr0 ipv6.firewall false
	lxc network set lxdbr0 ipv4.firewall false

	# Filesystem
	zfs set dedup=on default

	# Certbot
	# https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
	sudo snap install --classic certbot
	sudo ln -s /snap/bin/certbot /usr/bin/certbot
	sudo certbot --nginx
	# lxd init
	Would you like to use LXD clustering? (yes/no) [default=no]:
	Do you want to configure a new storage pool? (yes/no) [default=yes]:
	Name of the new storage pool [default=default]:
	Name of the storage backend to use (btrfs, ceph, cephobject, dir, lvm, zfs) [default=zfs]:
	Create a new ZFS pool? (yes/no) [default=yes]:
	Would you like to use an existing empty block device (e.g. a disk or partition)? (yes/no) [default=no]:
	Size in GiB of the new loop device (1GiB minimum) [default=30GiB]: 256
	Would you like to connect to a MAAS server? (yes/no) [default=no]:
	Would you like to create a new local network bridge? (yes/no) [default=yes]:
	What should the new bridge be called? [default=lxdbr0]:
	What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 10.1.1.1/24
	Would you like LXD to NAT IPv4 traffic on your bridge? [default=yes]:
	What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: auto
	Would you like the LXD server to be available over the network? (yes/no) [default=no]: yes
	Address to bind LXD to (not including port) [default=all]:
	Port to bind LXD to [default=8443]:
	Trust password for new clients:
	Again:
	Would you like stale cached images to be updated automatically? (yes/no) [default=yes]:
	Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: yes
	server {
	listen 80;
	listen [::]:80;
	listen 443 ssl;
	listen [::]:443 ssl ipv6only=on;

	server_name ???;

	location / {
	proxy_buffering off;
	proxy_request_buffering off;
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-Server $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_pass http://10.1.1.??/;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_redirect default;
	proxy_pass_header Set-Cookie;
	proxy_read_timeout 10m;
	proxy_send_timeout 10m;
	}
	}