|
@@ -62,7 +62,11 @@ You do not need to acquire an SSL certificate. The SSL certificates you need wi
|
62
|
62
|
Installation
|
63
|
63
|
------------
|
64
|
64
|
|
65
|
|
-### 1. Get a Tarsnap machine key
|
|
65
|
+### 1. Install required packages
|
|
66
|
+
|
|
67
|
+ apt-get install sudo
|
|
68
|
+
|
|
69
|
+### 2. Get a Tarsnap machine key
|
66
|
70
|
|
67
|
71
|
If you haven’t already, [download and install Tarsnap](https://www.tarsnap.com/download.html), or use `brew install tarsnap` if you use [Homebrew](http://brew.sh).
|
68
|
72
|
|
|
@@ -70,7 +74,7 @@ Create a new machine key for your server:
|
70
|
74
|
|
71
|
75
|
tarsnap-keygen --keyfile roles/tarsnap/files/decrypted_tarsnap.key --user me@example.com --machine example.com
|
72
|
76
|
|
73
|
|
-### 2. Prep the server
|
|
77
|
+### 3. Prep the server
|
74
|
78
|
|
75
|
79
|
For goodness sake, change the root password:
|
76
|
80
|
|
|
@@ -93,7 +97,7 @@ Authorize your ssh key if you want passwordless ssh login (optional):
|
93
|
97
|
|
94
|
98
|
Your new account will be automatically set up for passwordless `sudo`.
|
95
|
99
|
|
96
|
|
-### 3. Configure your installation
|
|
100
|
+### 4. Configure your installation
|
97
|
101
|
|
98
|
102
|
Modify the settings in `vars/user.yml` to your liking. If you want to see how they’re used in context, just search for the corresponding string.
|
99
|
103
|
|
|
@@ -145,7 +149,7 @@ For Git hosting, copy your public key into place:
|
145
|
149
|
|
146
|
150
|
Finally, replace the TODOs in the file `hosts`. If your SSH daemon listens on a non-standard port, add a colon and the port number after the IP address. In that case you also need to add your custom port to the task `Set firewall rules for web traffic and SSH` in the file `roles/common/tasks/ufw.yml`.
|
147
|
151
|
|
148
|
|
-### 4. Set up DNS
|
|
152
|
+### 5. Set up DNS
|
149
|
153
|
|
150
|
154
|
If you’ve just bought a new domain name, point it at [Linode’s DNS Manager](https://library.linode.com/dns-manager) or similar. Most VPS services (and even some domain registrars) offer a managed DNS service that you can use for this at no charge. If you’re using an existing domain that’s already managed elsewhere, you can probably just modify a few records.
|
151
|
155
|
|
|
@@ -160,7 +164,7 @@ Create `A` or `CNAME` records which point to your server's IP address:
|
160
|
164
|
* `cloud.example.com` (for ownCloud)
|
161
|
165
|
* `git.example.com` (for cgit)
|
162
|
166
|
|
163
|
|
-### 5. Run the Ansible Playbooks
|
|
167
|
+### 6. Run the Ansible Playbooks
|
164
|
168
|
|
165
|
169
|
First, make sure you’ve [got Ansible 1.9.3+ installed](http://docs.ansible.com/intro_installation.html#getting-ansible).
|
166
|
170
|
|
|
@@ -176,7 +180,7 @@ You might find that it fails at one point or another. This is probably because s
|
176
|
180
|
|
177
|
181
|
The `dependencies` tag just installs dependencies, performing no other operations. The tasks associated with the `dependencies` tag do not rely on the user-provided settings that live in `vars/user.yml`. Running the playbook with the `dependencies` tag is particularly convenient for working with Docker images.
|
178
|
182
|
|
179
|
|
-### 6. Finish DNS set-up
|
|
183
|
+### 7. Finish DNS set-up
|
180
|
184
|
|
181
|
185
|
Create an `MX` record for `example.com` which assigns `mail.example.com` as the domain’s mail server.
|
182
|
186
|
|
|
@@ -188,7 +192,7 @@ For DMARC you'll also need to add a `txt` record. The name field should be `_dma
|
188
|
192
|
|
189
|
193
|
Set up SPF and reverse DNS [as per this post](http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-hours/). Make sure to validate that it’s all working, for example by sending an email to <a href="mailto:check-auth@verifier.port25.com">check-auth@verifier.port25.com</a> and reviewing the report that will be emailed back to you.
|
190
|
194
|
|
191
|
|
-### 7. Miscellaneous Configuration
|
|
195
|
+### 8. Miscellaneous Configuration
|
192
|
196
|
|
193
|
197
|
Sign in to the ZNC web interface and set things up to your liking. It isn’t exposed through the firewall, so you must first set up an SSH tunnel:
|
194
|
198
|
|