~/yehorkhod

# Tutorial to setup DigitalOcean Droplet

## System Preparation

### ssh

ssh -i ~/.ssh/private-key root@ip

### update the system update and install required packages

apt update && apt upgrade -y
apt install git nginx ufw tmux certbot python3-certbot-nginx -y

### create users

adduser admin
usermod -aG sudo admin
adduser user
sudo passwd -l user

### make admin sshable

mkdir /home/admin/.ssh
cp ~/.ssh/authorized_keys /home/admin/.ssh
chown -R admin:admin /home/admin/.ssh
chmod 700 /home/admin/.ssh
chmod 600 /home/admin/.ssh/authorized_keys
vim /etc/ssh/sshd_config
# ------------ sshd_config ------------
# Include /etc/ssh/sshd_config.d/*.conf
# Port 2222
# PermitRootLogin no
# PasswordAuthentication no
# PubkeyAuthentication yes
# KbdInteractiveAuthentication no
# UsePAM yes
# X11Forwarding no
# PrintMotd no
# AcceptEnv LANG LC_*
# Subsystem       sftp    /usr/lib/openssh/sftp-server
# ClientAliveInterval 120
# ClientAliveCountMax 3
# AllowUsers admin
# Protocol 2
# MaxAuthTries 3
# -------------------------------------

### ressh

exit
ssh -i ~/.ssh/private-key admin@ip -p 2222

### install nix

sh <(curl --proto '=https' --tlsv1.2 -L https://nixos.org/nix/install) --daemon
exit
ssh -i ~/.ssh/private-key admin@ip -p 2222
vim /etc/nix/nix.conf
# ---------------- nix.conf ----------------
# experimental-features = nix-command flakes
# build-users-group = nixbld
# ------------------------------------------

### ufw

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp comment 'SSH'
sudo ufw allow 'Nginx Full'
sudo ufw --force enable

### app

tmux
sudo su - user
git clone ...
vim .env
chmod 600 .env
export $(grep -v '^#' .env | xargs) && gleam run

### nginx

sudo vim /etc/nginx/sites-available/yehorkhod.conf
# server {
#     listen 80;
#     listen [::]:80;
#     server_name yehorkhod.dev www.yehorkhod.dev;
# 
#     location / {
#         proxy_pass http://127.0.0.1:3000;
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade $http_upgrade;
#         proxy_set_header Connection 'upgrade';
#         proxy_set_header Host $host;
#         proxy_cache_bypass $http_upgrade;
#     }
# }
sudo ln -s /etc/nginx/sites-available/yehorkhod.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
sudo certbot --nginx -d yehorkhod.dev -d www.yehorkhod.dev

## Domain

### buy a domain

`name.com` offers some free domains for students

### setup dns

|----------------------------|
| Type | Host | Answer | TTL |
|------|------|--------|-----|
|  A   |  @   |   ip   | 300 |
|  A   | www  |   ip   | 300 |
|----------------------------|