VPS setup

Prerequisites

This setup will work on any of the (common) VPS providers, but I include some specific steps for Hetzner's Cloud (most importantly, the network setup).

I start with a CX11 server, as it's resources are easy to upgrade later. The OS Image doesn't matter as we'll be overwriting it with Arch later. Make sure to enable your SSH key for easy access.
Hostname isn't too important for now, as you can change it in the control panel later, and we'll set the final hostname during the Arch installation (but start thinking now :) )
From the control panel, we can now mount the archlinux iso Hetzner provides, (select server > iso images > pick arch from the list), and boot into it by restarting the server. The Arch ISO will not start without keypress, so you need to use the web console for the first steps.

Preparation

In the web console, press enter to boot into Arch Linux. After boot, it's easiest to change the password, and then enable ssh for the installer, so you can do the following steps from the comfort of your own terminal:

passwd
systemctl start sshd

You can now close the webconsole, and ssh to root@, with the password you just set.

Next we will mainly be following the Arch Installation Guide.
Internet should work automatically, albeit only over ipv4 (as Hetzner uses a non-standard ipv6 gateway). Set the keyboard layout and timezone as needed, after which we can partition the disk.

Partitioning

The Hetzner VPS has a 20gb disk, on /dev/sda1. Format it to BTRFS by running

mkfs.btrfs -f /dev/sda1

where -f is to overwrite the existing Ubuntu ext4 filesystem
Mount this to /mnt, with it's compression set to lzo:

mount -o compress-force=zstd /dev/sda1 /mnt

If you want to split your installation over different subvolumes, now is the time. If you do: make sure everything is mounted in /mnt, as genfstab will use the same setup for your installation.

Installation

Hetzner does not offer their own Arch mirror unfortunately, but using any of the mirrors close to your hosting location should be fine, as bandwidth is not really an issue.
View the available mirrors in /etc/pacman.d/mirrorlist, and prioritise mirrors close to your hosting location by moving them to the top of the file. The installation process will copy this over later.

Install the required base packages:

pacstrap /mnt base linux linux-firmware btrfs-progs dhcpcd neovim

Configuration

genfstab will take the mounted (sub)volumes, to populate your install's fstab file

genfstab -U /mnt >> /mnt/etc/fstab

check the resulting /mnt/etc/fstab, fixing errors if neccesary.

chroot into the /mnt directory:

arch-chroot /mnt

set your timezone:

ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
# generates offset file
hwclock --systohc

uncomment en_US.UTF-8 UTF-8 in /etc/locale.gen and generate it by running

locale-gen

Network

Set your chosen hostname in /etc/hostname, and update the /etc/hosts file accordingly, taking your servers ipv4 address and the chosen hostname:

# /etc/hosts

127.0.0.1   localhost
::1         localhost
SERVER_IP4  YOUR_HOSTNAME

systemctl enable systemd-networkd

then edit create a network config file:

# /etc/systemd/network/20-wired.network

[Match]
# check by running ip a
Name=ens3

[Network]
DHCP=yes
# Set to the ipv6 address assigned to your server
Address = IPV6::1/64
# Hetzner specific ipv6 gateway
Gateway = fe80::1

and set a DNS nameserver:

# /etc/resolv.conf

nameserver: 9.9.9.9

Generate the initramfs:

mkinitcpio -P

Set the root password:

passwd

Now install the GRUB bootloader:

pacman -S grub
# install to the disk
grub-install --target=i386-pc /dev/sda
# generate the config
grub-mkconfig -o /boot/grub/grub.cfg

Install and enable ssh:

pacman -S openssh
systemctl enable sshd

then copy over your public key to /root/.ssh/authorized_keys

run exit to get out of the chroot, and poweroff to shut down the live enviroment. We can now remove the Arch ISO in the Hetzner control panel, and boot the server.

If your installation fails to boot (check the webconsole), you can always reboot into the arch iso by mounting it again, and (re)running the steps above.

Server Setup

SSH'ing into your new installation will give a fingerprint error, as it will be different from the live enviroment. Remove the fingerprint from your local ~/.ssh/known_hosts Lets start by upgrading, and then installing some of the utilities we need:

pacman -S nginx dehydrated borgmatic zsh git
chsh -s /bin/zsh

I store my configs for these in git, so I set that as origin and pull from those. I would recommend forking these, so you can make changes (and hopefully send pullrequests :D)

cd /
git init /
git remote add origin git@git.pixie.town:f0x/serverconfig.git
git pull origin master

SSL config needs the dshparam file, generate it:

1
openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 8192

Backups

I use Borgmatic for backups, with storage rented at BorgBase.
The configuration will work with any (self-hosted) repo's though, just fill in the url under repositories. The password is stored separately in /etc/borgmatic/password
!! make sure it's only readable by root (chmod 600) !!

Scheduling

systemd timers for scheduled nightly backups and ssl cert renewal need to be enabled:

systemctl enable dehydrated.timer borgmatic.timer

This site was made with shayu

Body text font: Atkinson Hyperlegible (ATKINSON HYPERLEGIBLE FONT LICENSE),
Code block font: Fantasque Sans Mono (SIL Open Font License) It's hosted on Pixie Pages, my own static site hosting backed by [Gitea](https://git.pixie.town).