Erik Thorsell

DevOps Transformation Leader trying to automate the world.

1 minute read

Create VM in TrueNAS Core

Make sure there’s an appopriate dataset available. The settings for creating a new dataset can be found in the TrueNAS Core GUI.

Storage > Pools > "Kebab Menu" for Pool > Add Dataset

Create VM, no smaller than:

  • 1 vCPU
  • 2 Cores
  • 2 Threads
  • 1024 MiB
  • 25 GiB
  1. Boot with Ubuntu Server.iso
  2. Connect via VNC and install OS.
  3. Install OpenSSH as part of the OS installation.
  4. After installation, remove the CDROM Device in TrueNAS then reboot the VM

Setup Ubuntu

Connect to VM via SSH instead of VNC

ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no example.com

Setup SSH Key

mkdir ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Verify connection, then disable password login.

Clean up, Upgrade and Install necessities

If you’re using Ubuntu 20.04, remove everything snap related.

sudo snap remove --purge lxd
sudo snap remove --purge core18
sudo snap remove --purge snapd
sudo rm -rf /var/cache/snapd/
sudo apt autoremove --purge snapd gnome-software-plugin-snap
sudo apt-mark hold snapd

Upgrade Ubuntu

sudo apt update && sudo apt upgrade -y

Enable UFW and block non needed stuff

sudo ufw enable
sudo ufw allow OpenSSH
sudo ufw allow http
sudo ufw allow https
sudo ufw default deny incoming

Install Docker and Docker Compose

At the time of writing, the latest binary provided from docker-compose on GitHub (1.29.2) does not work well with Ubuntu 20’s version of OpenSSL. Hence we take a huge detour, installing docker-compose via pipx.

Install Docker

https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository

sudo apt install apt-transport-https ca-certificates curl gnupg lsb-release

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

sudo apt update

sudo apt install docker-ce docker-ce-cli containerd.io

Run docker without sudo

sudo groupadd docker
sudo usermod -aG docker $USER
<logout/login>

Install docker-compose via pipx

According to pip documentation one should install pip using apt, if python was installed using apt. We also need to install python3-venv, for pipx’s sake.

sudo apt install python3-pip
sudo apt install python3-venv
pip install --user pipx -v

Add pipx to PATH.

# add this to ~/.bashrc
export PATH="$HOME/.local/bin:$PATH"

Check your path and install docker-compose

pipx ensurepath
pipx install docker-compose

Updated:

You May Also Enjoy

Writeup for Cert.se’s CTF 2024

15 minute read

I made an attempt to get as many flags I could in one day because that’s the amount of time I could set aside for this. I got five flags out of nine. I think...

Overlapping Docker network (subnet) gotcha

1 minute read

I have been running the good’ol docker-compose for too long and have been meaning to upgrade to docker compose for quite a while. Yesterday, it was time, but...

Conventional Semver

1 minute read

A successful company is able to provide a monetised solution to a user’s problem. That seems easy enough, but how do you know whether you’re building what yo...