Home Base

In this post, I’ll go over the setup of my personal workstations and remote VM

Local Workstation

Yeah I run Windows, big whoop wanna fight about it? It’s actually not that hard to have a devent DevOps environment in windows, with the following:

Git Bash (Git for Windows)

Microsoft recently took over the Git for Windows project, and introduced fun changes such as richer MSYS2 support for a more authentic shell experience

A couple highlights

  • You can use OpenSSH style configuration via your user’s home directory for connections to remote Linux devices. No more PuTTY!
  • OpenSSL is included
  • Easily use a local command line version of Git locally to easily clone, pull, commit, and push changes to remote repositories (GitHub, Bitbucket, etc.)

https://git-scm.com/download/win

The only downside is that it is a standard barebones Bash shell. You don’t get a lot of commands that would be useful such as GNU screen.

ConEmu

ConEmu is a tabbed Windows console client that can support cmd.exe, Powershell, and Git Bash. Pretty useful for managing multiple local sessions.

https://conemu.github.io/

VirtualBox/Vagrant

These can be used for rapid testing of Linux VM images. Vagrant commands are based on Ruby, and it has its own built-in ruby install, and works fine with cmd/PS/GitBash.

https://www.virtualbox.org/wiki/Downloads https://www.vagrantup.com/

NotePad++

A basic text editor. I use it for editing flat files. If I actually have to do some real coding I use Atom instead.

https://notepad-plus-plus.org/

Atom

Atom is a fully extensible/versatile cross-platform text editor. I mainly use it because it has extensible Git support and for plugins for various interpretive languages

https://atom.io/

Programming Languages

I usually install the following:

  • Ruby (2.0.x)
  • Python (2.x)
  • Perl (Strawberry Perl 5.x)

Remote VM

Currently, I use Debian Jessie (8.x) on a VM currently hosted with RackSpace Public Cloud. I currently use the following third party repositories:

#Debian Jessie Main
deb http://cloudfront.debian.net/debian jessie main non-free
deb-src http://cloudfront.debian.net/debian jessie main non-free

#Debian Jessie Updates
deb http://security.debian.org/ jessie/updates main contrib non-free
deb-src http://security.debian.org/ jessie/updates main contrib non-free

#Jessie backports
deb http://http.debian.net/debian jessie-backports main

#DotDeb
deb http://packages.dotdeb.org jessie all
deb-src http://packages.dotdeb.org jessie all

#weechat
deb http://weechat.org/debian jessie main

#bitlbee
deb http://code.bitlbee.org/debian/devel/jessie/amd64/ ./

#bitlbee-additional
deb http://download.opensuse.org/repositories/home:/jgeboski/Debian_8.0 ./

#duo_unix
deb http://pkg.duosecurity.com/Debian wheezy main

I installed the following packages

bitlbee
bitlbee-common
bitlbee-facebook
dnsutils
duo-unix
mariadb-server-10.0
memcached
nginx
percona-toolkit
php5
php5-cli
php5-common
php5-fpm
php5-json
php5-mysqlnd
php5-readline
screen
weechat-devel-core
weechat-devel-curses
weechat-devel-plugins

Third-party services

Where possible, you should try to use third-party services as managing them yourself can be a pain.

DNS (CloudFlare)

CloudFlare offers fully redundant DNS on their free account for as many domains as you want, so why not use it?

https://www.cloudflare.com/

Mail (Google Apps)

You can easily sign up domains for google apps (free tier) and use them for both in and outbound mail. You don’t even have to install a MTA on the VM itself, just configure any webapps that use it to authenticate against their SMTP services directly.

http://www.hongkiat.com/blog/google-app-mail-for-free/

Multi Factor Authentication (2FA)

Duo also has a free tier. You can use it to setup 2 factor authentication not only for your VM via SSH/PAM, but your local windows machine via Remote Desktop, web applications, and more.

https://duo.com/pricing

Firewall

Depending on your IaaS provider, they may have an external service for managing connections to/from your VM, or you may ghave to configure it on the VM itself via iptables/ip6tables.

Generally, you should be able to allow any outbound traffic and only have to allow inbound traffic over HTTP, HTTPS, and SSH

Messaging (Weechat, Bitlbee, and Glowing Bear)

Weechat is considered an revamped version of irssi, the old text-based IRC client. One useful feature is that Weechat supports relays, which allow external web clients and applications to connect so you don’t have to rely on a full text environment

https://weechat.org/

Bitlbee is a local IRCd (server) that is specifically configured as a gateway to various messaging services (OSCAR, XMPP, Facebook Messenger). Weechat can be configured to connect to the Bitlbee server locally.

https://www.bitlbee.org/main.php/news.r.html

Glowing Bear is a web frontend for weechat relay. Note that Glowing Bear requires a valid SSL certificate to work on the mobile android app. Thankfully, Let’s Encrypt is a thing now.

You can also setup your webserver to proxy connections from a standard SSL port (443) to the port the relay runs on (less ports you have to open on the firewall)

https://github.com/glowing-bear/glowing-bear

https://letsencrypt.org/

Webserver (Nginx + PHP-FPM)

Nginx is considered a more modern replacement of the more traditional Apache Webserver. You can easily use it with PHP-FPM to allow for hosting multiple domains on different user accounts.

This makes it incredibly easy to see what domain is running what PHP code at the system level.

You can also use Nginx’s proxying features to send SSL connections over to Weechat’s SSL relay

https://www.nginx.com/resources/wiki/

https://letsencrypt.org/

Code Cache (Memcached)

Depending on the applications you use, they can connect locally to a memcached instance to store commonly used opcode for better performance

https://memcached.org/

Database Server (MariaDB)

MariaDB is a fork of Oracle MySQL Server Community Edition. It offers a different tool set for more advanced DB users, but basic usage is the same and comes with most new versions of common server OSes

https://mariadb.org/ http://php-fpm.org/

Next Up

In later articles, I will go into specifics on how to configure certain components

  • Weechat/Bitlbee/Glowing Bear basic config (including Nginx Snippets for proxy and guide for Let’s Encrypt)

  • Webserver basic config (user setup, PHP-FPM setup, and memcached setup)

  • DB performance tuning (MariaDB, Percona Tools, and mysqltuner)

Watch out for future articles too such as:

  • Media Server setup (sabnzbd/deluge/sonarr/couchpotato/plex)

  • Dynamic DNS for your home network

Published: June 25 2016

blog comments powered by Disqus