Jon Allured

Computer Programmer, Whiskey Drinker, Comic Book Reader

Updated DigitalOcean Server Setup

published 06/05/21

I recently wanted to setup a new server and found that my existing guide needed some updating. The biggest change between that guide and this one is using Homebrew for installing software but otherwise the overall approach remains mostly unchanged. Still, I wanted to collect the procedure in one place so it would make following it easier.

Create Droplet

Start by using the DigitalOcean interface to create a droplet. I pick the latest Ubuntu release and the cheapest settings. I do also like to enable backups in case something terrible happens.

Root User SSH Setup

When you create a new Droplet, be sure to add your SSH keys and they will be copied to the root user's authorized_keys file automatically. That means you can SSH into the new server like this:

$ ssh root@ipaddress

Create Dev User

To create a user:

root@servername:~# adduser dev

Use 1Password to set a really long password.

Add Dev User to Sudo Group

root@servername:~# gpasswd -a dev sudo

Add Server to 1Password

Create an entry in 1Password for the server providing both the dev user's password and the IP Address.

Copy SSH Keys to Dev User

Since we added our SSH keys to the root user's authorized_keys during Droplet creation, let's copy those keys over to our new dev user:

root@servername:~# mkdir /home/dev/.ssh
root@servername:~# cp .ssh/authorized_keys /home/dev/.ssh/
root@servername:~# chown -R dev:dev /home/dev/.ssh/

Configure SSH

We're going to configure SSH so that only our authorized_keys will work for SSH and while we're at it, we're going to disable root login.

root@servername:~# vim /etc/ssh/sshd_config

Make the following changes:

PermitRootLogin no
...
ChallengeResponseAuthentication no
...
PasswordAuthentication no
...
UsePAM no

With those changes made, restart the ssh service so that they take effect:

root@servername:~# service ssh restart

Add SSH Config

In order to make SSHing into the machine easier, add an entry to your SSH config:

$ vim ~/.ssh/config
Host servername
  Hostname ipaddress
  User dev

With those settings, you can now SSH into the machine like this:

$ ssh servername

Generating SSH Keys for Dev User

dev@servername:~$ ssh-keygen -t rsa -b 4096 -C "jon.allured@gmail.com"
dev@servername:~$ eval "$(ssh-agent -s)"
dev@servername:~$ ssh-add ~/.ssh/id_rsa

Configure GitHub

In order to use SSH on the repos you clone down from GitHub, you'll want to add the server's public key. There's a nice write up on how to do this, but you'll need to copy the key down to your machine:

$ ssh servername 'cat .ssh/id_rsa.pub' | pbcopy

Next, head over to the GitHub SSH Settings page and add the key. Then you can confirm that it worked with this:

dev@servername:~$ ssh -T git@github.com

Using Homebrew for Managing Software

The major change was that I decided to use Homebrew rather than apt for managing the software installed on the machine. There are a few requirements we'll want to install before setting up Homebrew so that looks like this:

dev@servername:~$ sudo apt-get update && sudo apt-get -y install build-essential procps curl file git

And then we can install Homebrew:

dev@servername:~$ /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

Then this:

dev@servername:~$ eval $(/home/linuxbrew/.linuxbrew/bin/brew shellenv)

That will adjust the path such that the current session can see Homebrew. It'll work for now and my dotfiles will adjust the path moving forward.

Change Dev User to Use ZSH

dev@servername:~$ brew install zsh
dev@servername:~$ command -v zsh | sudo tee -a /etc/shells
dev@servername:~$ chsh -s "$(command -v zsh)"

You'll need to log out and back in for this to take affect.

Install More Software

Kick this off and then do something else because it'll take a while:

dev@servername:~% brew install asdf awscli bat fd fzf gh git httpie hub jq rcm the_silver_searcher tmux vim

Create Code Folder

dev@servername:~% mkdir code

Install Dotfiles

I'd be lost without my dotfiles so I install them even on my servers:

dev@servername:~/code% git clone git@github.com:jonallured/dotfiles.git
dev@servername:~/code% cd dotfiles
dev@servername:~/code/dotfiles% env RCRC=$HOME/code/dotfiles/rcm/rcrc rcup -t linux

I also have a file of secrets that needs to come over:

$ scp ~/code/secrets/rcm/zshrc.private servername:~/.zshrc.private

Install From Tool Versions

After adding the plugins, a bare install command will get the default versions all installed for me.

dev@servername:~% asdf plugin add ruby
dev@servername:~% asdf plugin add nodejs
dev@servername:~% asdf plugin add python
dev@servername:~% asdf install

Setup VIM

I use vim-plug to manage VIM these days and have a command called replug to get everything setup:

dev@servername:~% replug

Snapshot This Config

You can save the state of a Digital Ocean server by creating a snapshot. To do this, you first have to power off the machine:

dev@servername:~% sudo poweroff

Then use the Digital Ocean interface to take your snapshot:

Droplets > [Pick Droplet] > Snapshots > Take Snapshot

You might want to pick a name like "basic config" or something and then you can use it to either restore or create new droplets.

One thing I'd note here is that the keys generated for this server will be used when using this snapshot. When you have a server you want to restore to a known state, that's a good thing, but when you what to use the snapshot to make a new server, I'd say those keys should be re-generated.