====== How do I learn to be a 1337 sysadmin? ====== This could take you several weeks. Don't fuck with your body, so think about doing the following for physical and mental health: * Take breaks every hour * walk around * stretch * exercise * drink at least 2L of water every day * cook yourself a meal every day * don't eat microwaved food, it's bad for you * mac and cheese every day will kill you ===== basics ===== - Install [[.ansible:start|Ansible]] on your admin machine. - Rent a public second-level domain (example.xyz) for less than 1€/month - set up a subdomain of your second-level domain you rent * you might want to use home.example.xyz or lab.example.xyz * set the A record to 127.0.0.1 * set the AAAA record to ::1 - Set up a [[.:linux:kvm|KVM]] hypervisor **on a separate machine** in your LAN (e.g. a homeserver) ===== make machines ===== - Create the following VMs: - [[.network:dhcp|DHCP]]+[[dns|DNS]] (256MB RAM, 4GB HDD) - Fileserver (512MB RAM, 40GB HDD) - Directory Server (512MB RAM, 6GB HDD) - Install one with a DEB based distribution (e.g. Debian), one with an RPM-based distribution (e.g. CentOS) and a third one with a different OS of your choosing (e.g. Arch Linux, Alpine Linux or FreeBSD) - set up static IPv4 and IPv6 for these servers - install and configure DNS and DHCP to provide dynamic IPs and resolve hostnames in your network - disable the DHCP server on your (home) router! - install and configure the following services on your file server VM: - TFTP (for PXE boot) - FTP - SFTP - SMBv2 (disable SMBv1!) - NFS - configure the DNS server to resolve anything below your subdomain - create a fourth-level subdomain for the file server * e.g. files.home.example.xyz - create an Ansible playbook for everything you've done so far ===== down and up again ===== - delete all VMs and re-provision them with Ansible - create an Ansible playbook to provision a LDAP server to a new VM - configure all services to use LDAP authentication * don't forget [[.:linux:cli:ssh|SSH]]! ===== Containers ===== - create a new VM for [[.:linux:docker:|Docker]] - write a ''Dockerfile'' to create a PostgreSQL instance - write a ''docker-compose.yml'' to run the following monitoring software: - [[.:linux:sensu|sensu]] - [[.:influxdb|InfluxDB]] - Grafana - set up a [[.:network:reverse-proxy|reverse proxy]] to make it all available on another fourth level FQDN locally * you can use Traefik or [[.:nginx|nginx]], for example - set up monitoring for all of your services and servers - install an agent - use SNMP for network infrastructure - make a pretty dashboard in Grafana - set up Mediawiki on another fourth level domain and document everything you've done * use PostgreSQL as backend - create a backup VM - set up backupninja + borg backups to back up all other hosts - monitor the backups ===== The Internet ===== - set up a server in the [[.:network:internet|Internet]] - install and configure a [[.:network:firewall|Firewall]] * nftables on Debian * firewalld on CentOS - move your Mediawiki installation onto the new server - reverse proxy that thing - back that thing up, you already have a VM for it ===== done. ===== Congratulations. You're an admin. Please provide self-hosted services for the public and try not to get hacked. ===== resources ===== * [[https://www.reddit.com/r/linuxadmin/comments/2s924h/how_did_you_get_your_start/cnnw1ma/|IConrad on reddit about "what I tell people to do"]] * [[https://www.digitalocean.com/community/tutorials|Digitalocean community tutorials]] ==== in this wiki ==== * [[.:network:|Networking]] * [[.:linux:|Linux]]