====== Ubuntu ======
===== Network conf =====
Using ''netplan'' this is the way to go ''/etc/netpan/01-netcfg.yaml''
Remember to change device name and IP addresses.
For pve1.noerit.gl:
network:
ethernets:
eth0:
addresses:
#- 149.202.151.151/32
#- 5.196.241.149/32
- 2001:41d0:8:228::241:149/64
dhcp4: false
dhcp6: false
gateway4: 188.165.199.254
gateway6: 2001:41d0:8:22ff:ff:ff:ff:ff
nameservers:
addresses:
- 213.186.33.99
- 2001:41d0:3:163::1
search: [noerit.gl]
routes:
- to: 0.0.0.0/0
via: 176.31.241.254
on-link: true
routes:
- to: ::/0
via: 2001:41d0:8:22ff:ff:ff:ff:ff
on-link: true
version: 2
Remember to delete other files in this directory if they conflict with the new file
We are using static addresses in this setup, so we need to disable IPv6 RA. Create a file ''/etc/sysctl.d/15-ipv6-ra.conf'' with the following content
net.ipv6.conf.default.autoconf=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.all.autoconf=0
net.ipv6.conf.ens18.accept_ra=0
net.ipv6.conf.ens18.autoconf=0
===== Basic install =====
In ''/etc/fstab'' add ''noatime'' to the mount points
UUID=95d946b9-f241-11e8-9782-020000171985 / ext4 noatime,defaults 0 0
Change ''/etc/cloud/cloud.cfg''
preserve_hostname: true
Enable ''en_DK.UTF-8 UTF-8'' in ''/etc/locale.gen''
Run ''locale-gen''
Update ''/etc/apt/sources.list''
deb http://ubuntu.mirrors.ovh.net/ubuntu bionic main universe
deb http://ubuntu.mirrors.ovh.net/ubuntu bionic-updates main universe
deb http://security.ubuntu.com/ubuntu bionic-security main universe
Install packages
apt update
apt install mosh vim mc check-mk-agent xinetd fail2ban backupninja rdiff-backup
Update settings in ''/etc/xinetd.d/check_mk''
flags = IPv6
only_from = 127.0.0.1 149.202.151.145 2001:41d0:8:228::151:145
disable = no
Restart xinetd service
service xinetd restart
Create ''/etc/fail2ban/jail.d/noerit.conf'' and set good defaults
[DEFAULT]
bantime = 60m
findtime = 60m
maxretry = 3