admin:howto

This is an old revision of the document!


How do I learn to be a 1337 sysadmin?

This could take you several weeks.

Don't fuck with your body, so think about doing the following for physical and mental health:

  • Take breaks every hour
    • walk around
    • stretch
    • exercise
  • drink at least 2L of water every day
  • cook yourself a meal every day
    • don't eat microwaved food, it's bad for you
    • mac and cheese every day will kill you
  1. Install Ansible on your admin machine.
  2. Rent a public second-level domain (example.xyz) for less than 1€/month
  3. set up a subdomain of your second-level domain you rent
    • you might want to use home.example.xyz or lab.example.xyz
    • set the A record to 127.0.0.1
    • set the AAAA record to ::1
  4. Set up a KVM hypervisor on a separate machine in your LAN (e.g. a homeserver)
  1. Create the following VMs:
    1. DHCP+DNS (256MB RAM, 4GB HDD)
    2. Fileserver (512MB RAM, 40GB HDD)
    3. Directory Server (512MB RAM, 6GB HDD)
  2. Install one with a DEB based distribution (e.g. Debian), one with an RPM-based distribution (e.g. CentOS) and a third one with a different OS of your choosing (e.g. Arch Linux, Alpine Linux or FreeBSD)
  3. set up static IPv4 and IPv6 for these servers
  4. install and configure DNS and DHCP to provide dynamic IPs and resolve hostnames in your network
    1. disable the DHCP server on your (home) router!
  5. install and configure the following services on your file server VM:
    1. TFTP (for PXE boot)
    2. FTP
    3. SFTP
    4. SMBv2 (disable SMBv1!)
    5. NFS
  6. configure the DNS server to resolve anything below your subdomain
  7. create a fourth-level subdomain for the file server
    • e.g. files.home.example.xyz
  8. create an Ansible playbook for everything you've done so far
  1. delete all VMs and re-provision them with Ansible
  2. create an Ansible playbook to provision a LDAP server to a new VM
  3. configure all services to use LDAP authentication
    • don't forget SSH!
  1. create a new VM for Docker
  2. write a Dockerfile to create a PostgreSQL instance
  3. write a docker-compose.yml to run the following monitoring software:
    1. Grafana
  4. set up a reverse proxy to make it all available on another fourth level FQDN locally
    • you can use Traefik or nginx, for example
  5. set up monitoring for all of your services and servers
    1. install an agent
    2. use SNMP for network infrastructure
    3. make a pretty dashboard in Grafana
  6. set up Mediawiki on another fourth level domain and document everything you've done
    • use PostgreSQL as backend
  7. create a backup VM
    1. set up backupninja + borg backups to back up all other hosts
  8. monitor the backups
  1. set up a server in the Internet
  2. install and configure a Firewall
    • nftables on Debian
    • firewalld on CentOS
  3. move your Mediawiki installation onto the new server
  4. reverse proxy that thing
  5. back that thing up, you already have a VM for it

Congratulations. You're an admin. Please provide self-hosted services for the public and try not to get hacked.

  • Last modified: 2022-07-10 10:42