Wireguard
VPN Open Source, je l’utilise pour publier des ports de mon serveur depuis mon VPS vu que y’a pas d’IP publique chez moi.
Commandes
Générer la clé publique et privée d’un serveur:
1
| docker exec -it wireguard /bin/sh
|
1
| wg genkey | tee privatekey | wg pubkey > publickey
|
Afficher les clés et les copier:
1
2
| cat /privatekey
cat /publickey
|
Docker-compose
Le même sur tous les hosts, le /etc/wireguard contient la configuration wg0.conf.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| services:
wireguard:
image: linuxserver/wireguard:latest
container_name: wireguard
cap_add:
- NET_ADMIN
network_mode: host
volumes:
- /dev/net/tun:/dev/net/tun
- /data/wireguard:/etc/wireguard
environment:
- WG_COLOR_MODE=always
- LOG_LEVEL=info
restart: always
|
VPS
Configuration wg0.conf:
1
2
3
4
5
6
7
8
9
| [Interface]
Address = {VPS_WG_IP}/24
ListenPort = 51820
PrivateKey = {VPS_PRIVATEKEY}
# Peer : Remote Host
[Peer]
PublicKey = {HOST_PUBLICKEY}
AllowedIPs = {HOST_WG_IP}/32,{HOST_LAN_IP}/32
|
Dans AllowedIPs, mettre l’IP Wireguard de l’host distant et l’IP qu’il a dans son LAN pour y accéder directement.
Host à distance
Configuration wg0.conf:
1
2
3
4
5
6
7
8
9
| [Interface]
Address = {HOST_WG_IP}/24
PrivateKey = {HOST_PRIVATEKEY}
[Peer]
PublicKey = {VPS_PUBLICKEY}
Endpoint = {VPS_PUBLIC_IP}:51820
AllowedIPs = {VPS_WG_IP}/32
PersistentKeepalive = 25
|
Ubuntu Server Debloat & Power Optimisation
Comment rendre un Ubuntu server ultra light et réduire la consommation énergétique !
Tuto avec GPU Nvidia mais c’est pas obligatoire.
Mise à jour entière et nettoyage
1
| sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean -y
|
Outils obligatoires / utiles:
1
| sudo apt install btop htop nvtop curl wget nano -y
|
Driver Nvidia et utils (ex: ``nvidia-smi`)
1
2
| sudo apt install nvidia-driver-580-server -y
sudo apt install nvidia-utils-580-server -y
|
Désactiver TOUS les services inutiles:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
systemctl disable cloud-config.service
systemctl disable cloud-final.service
systemctl disable cloud-init-local.service
systemctl disable cloud-init-main.service
systemctl disable cloud-init-network.service
systemctl disable snapd.service
systemctl disable snapd.socket
systemctl disable snapd.apparmor.service
systemctl disable snapd.seeded.service
systemctl disable snapd.autoimport.service
systemctl disable snapd.snap-repair.timer
systemctl disable ModemManager.service
systemctl disable udisks2.service
systemctl disable vgauth.service
systemctl disable open-iscsi.service
systemctl disable multipathd.service
systemctl disable thermald.service
systemctl disable ubuntu-advantage.service
systemctl disable ua-reboot-cmds.service
systemctl disable ua-timer.timer
systemctl disable apport.service
systemctl disable apport-autoreport.path
systemctl disable apport-autoreport.timer
systemctl disable apport-forward.socket
systemctl disable apt-daily.timer
systemctl disable apt-daily-upgrade.timer
systemctl disable update-notifier-download.timer
systemctl disable update-notifier-motd.timer
systemctl disable fwupd-refresh.timer
systemctl disable man-db.timer
systemctl disable logrotate.timer
systemctl disable dpkg-db-backup.timer
systemctl disable motd-news.timer
systemctl disable sysstat.service
systemctl disable sysstat-collect.timer
systemctl disable sysstat-rotate.timer
systemctl disable sysstat-summary.timer
systemctl disable e2scrub_reap.service
systemctl disable e2scrub_all.timer
systemctl disable mdcheck_start.timer
systemctl disable mdcheck_continue.timer
systemctl disable mdmonitor-oneshot.timer
|
Détruire SNAP une fois pour toutes:
1
2
3
4
5
6
7
| snap list
systemctl stop snapd
systemctl disable snapd
apt purge -y snapd
rm -rf /snap
rm -rf /var/snap
rm -rf /var/lib/snapd
|
Démarer la race de cloud init:
1
2
3
| apt purge -y cloud-init
rm -rf /etc/cloud
rm -rf /var/lib/cloud
|
Enlever modem manager:
1
| apt purge -y modemmanager libqmi-glib5
|
Enlever les features de stockage SAN:
1
2
3
| systemctl stop multipathd
systemctl disable multipathd
apt purge -y multipath-tools
|
Script d’auto-optimisation
Fichier /usr/local/bin/server-power-save.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| #!/bin/bash
nvidia-smi -pm 1
nvidia-smi -q | grep "Persistence Mode"
nvidia-smi -pl 150
nvidia-smi --query-gpu=power.limit --format=csv
nvidia-smi --lock-gpu-clocks=2100,2400
nvidia-smi -q | grep Graphics
nvidia-smi --query-gpu=power.limit,power.draw --format=csv
powertop --auto-tune
cpupower frequency-set -g schedutil
echo 1 | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo
|
Activer l’exécution du script:
1
| chmod +x /usr/local/bin/server-power-save.sh
|
Démarrage automatique avec le serveur. Fichier /etc/systemd/system/server-power.service:
1
2
3
4
5
6
7
8
9
10
11
12
13
| [Unit]
Description=Server Power Saving Configuration
After=network.target nvidia-persistenced.service
Wants=nvidia-persistenced.service
[Service]
Type=oneshot
ExecStartPre=/bin/sleep 15
ExecStart=/usr/local/bin/server-power-save.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
|
Activer le service:
1
2
| sudo systemctl daemon-reload
sudo systemctl enable server-power.service
|
Reclean et update le tout
1
| sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean -y && sudo reboot
|
