Installing Arch Linux on a Hetzner VPS

Boot live iso

In the web config panel of the VPS, mount the Arch Linux .iso in your server & reboot. Connect to the server with the web console.

loadkeys be-latin1

Network should work: :

curl www.google.com

Syncronize the system clock with NTP :

timedatectl set-ntp true

Create partition table :

fdisk -l /dev/sda

fdisk /dev/sda

First, create a partition (sda1) of size 32 MB (+32M). Change its type to 1 (EFI System). Then, create a partion (sda2) with the rest of the available space.

Format the partitions:

mkfs.fat -F 16 /dev/sda1
mkfs.ext4 /dev/sda2

Mount the root partition :

mount /dev/sda2 /mnt

Install the 'base' package group :

pacstrap /mnt base vim

Create an fstab file :

genfstab -U /mnt >> /mnt/etc/fstab

'chroot' into the newly created system :

arch-chroot /mnt

Set the timezone :

ln -s /usr/share/zoneinfo/Europe/Brussels /etc/localtime

Use UTC in hardware clock. Initialize the hardware clock from current system time. :

hwclock --systohc --utc

Use US locale :

echo en_US.UTF-8 UTF-8 > /etc/locale.gen
locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf

Use Belgian keymap :

echo KEYMAP=be-latin1 > /etc/vconsole.conf

Set hostname :

echo yeba > /etc/hostname

Set localhost alias :

vi /etc/hosts

In /etc/hosts, add: :

127.0.0.1 yeba.localdomain yeba

Set password :

passwd

Install boot loader 'grub' :

pacman -Syu grub
grub-install --target=i386-pc /dev/sda && grub-mkconfig -o /boot/grub/grub.cfg

Create user

useradd -m bert
groupadd sudoers
usermod -aG sudoers bert
passwd bert

allow group 'sudoers' to use sudo (in conf file):

echo '%sudoers ALL=(ALL) ALL' > /etc/sudoers

Install some packages:

pacman -Syu sudo vim ufw knockd lighttpd git

use 'vim' as 'vi':

mv /usr/bin/vi /usr/bin/vi_BAK && ln -s /usr/bin/vim /usr/bin/vi

sshd config

On the client:

ssh-copy-id bert@IP_ADDRESS

On the server:

vi /etc/ssh/sshd_config

LogLevel VERBOSE
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
AllowUsers bert

Add 5s delay to failed login attempts:

bash -c "echo auth optional pam_faildelay.so delay=5000000 >> /etc/pam.d/system-login"

reboot needed for future ufw config:

reboot now

ufw, knockd

ssh bert@IP_ADDRESS

sudo -i

ufw default deny ufw allow 22 ufw allow 80,443/tcp ufw enable

vi /etc/knockd.conf

[options]
    logfile = /var/log/knockd.log

[SSH]
    sequence    = PORT1,...,PORTN
    seq_timeout = 5
    start_command = ufw allow from %IP% to any port 22
    tcpflags    = syn
    cmd_timeout   = 10
    stop_command  = ufw delete allow from %IP% to any port 22

systemctl enable ufw.service
systemctl start ufw.service
systemctl enable knockd.service
systemctl start knockd.service
ufw delete allow 22

Customization

Create dotfiles & tools:

mkdir ~/tools && cd ~/tools
git clone https://github.com/bergoid/lswrappers.git
git clone https://github.com/bergoid/rabot.git
git clone https://github.com/bergoid/gt.git
git clone https://github.com/bergoid/preppy.git
git clone https://github.com/bergoid/dotfiles.git
dotfiles/install_dotfiles echo
preppy_hostnameColor=27 > ~/.localConfig

Customize root env:

sudo -i
ln -s /home/bert/.tmux.conf .tmux.conf
ln -s /home/bert/tools/dotfiles/.vim/ .vim
ln -s /home/bert/tools/ tools
ln -s /home/bert/.bash_profile .bash_profile
ln -s /home/bert/.bashrc .bashrc

spigot server

Enable AUR

sudo pacman -Syu base base-devel mkcd ~/aur

Install JRE

git clone https://aur.archlinux.org/jre.git cd jre makepkg -si

Install bukkit/spigot:

mkcd ~/mc
curl "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
-o BuildTools.jar java -jar BuildTools.jar

sudo pacman -Syu tmux dialog

vi /etc/locale.gen

Uncomment: 'en_US.UTF-8 UTF-8'

locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
sudo ufw allow 24680

Removed jre9:

sudo pacman -Rs jre

Install jre8

cd ~/aur git clone https://aur.archlinux.org/jre8.git cd jre8 makepkg -si

CURRENT STATE