# Dev VPS - Initial Setup and Configuration

**Server:** Dev VPS (Development/Testing Environment)  
**IP:** 64.50.188.128  
**Location:** Chicago, IL  
**Provider:** Breezehost  
**Deployed:** April 1, 2026  
**Configured by:** Chronicler #51

---

## Overview

Fresh Ubuntu 24.04 LTS server configured as a development and testing environment for Firefrost Gaming projects. Provides isolated environment for experimentation, CI/CD testing, and development work without affecting production infrastructure.

---

## Server Specifications

**Hardware:**
- CPU: 2x AMD Epyc (Cloud-2)
- RAM: 4GB (3.8GB usable)
- Storage: 80GB NVMe SSD (38GB allocated, 36GB free)
- Swap: 512MB
- Network: 1 Gbps (inbound/outbound)

**Network Configuration:**
- Primary IP: 64.50.188.128
- Gateway: 64.50.188.1
- Netmask: 255.255.255.0
- Interface: ens3
- MAC: 00:6C:80:0E:FB:72
- DNS Primary: 1.1.1.1 (Cloudflare)
- DNS Secondary: 8.8.8.8 (Google)
- IPv6: Disabled (was auto-assigned, manually disabled)

**Operating System:**
- Distribution: Ubuntu Server 24.04.4 LTS (Noble Numbat) Minimal
- Kernel: 6.8.0-106-generic x86_64
- Architecture: x86_64
- Support: Until April 2029 (5 years)

---

## Installed Software

### System Utilities
- **UFW Firewall:** v0.36.2-6 (active and enabled on boot)
- **Cockpit:** Latest (web-based server management)
  - cockpit-storaged (storage management)
  - cockpit-networkmanager (network configuration)
  - cockpit-packagekit (package management)

### Development Tools
- **Node.js:** Latest LTS (v20.x series)
- **npm:** Latest (bundled with Node.js)
- **Docker:** v29.3.1 (latest stable)
  - docker-ce
  - docker-ce-cli
  - containerd.io
  - docker-buildx-plugin
  - docker-compose-plugin

### Planned Installations
- **Git:** For version control
- **fail2ban:** SSH brute-force protection
- **Python 3:** For automation scripts
- **Nginx:** Reverse proxy (if needed for testing)

---

## Security Configuration

### Firewall Rules (UFW)

**Status:** Active and enabled on system startup  
**Logging:** On (low level)  
**Default Policies:**
- Incoming: DENY
- Outgoing: ALLOW
- Routed: DISABLED

**Allowed Ports:**
| Port | Protocol | Service | Comment |
|------|----------|---------|---------|
| 22 | TCP | SSH | Remote access |
| 9090 | TCP | Cockpit | Web terminal |

**View current rules:**
```bash
ufw status verbose
```

**Add new rule:**
```bash
ufw allow [port]/tcp comment 'Service Name'
```

### IPv6 Configuration

**Status:** Disabled

IPv6 was auto-assigned by Breezehost but manually disabled for simplicity.

**Configuration in `/etc/sysctl.conf`:**
```
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
```

**To re-enable IPv6 (if needed):**
```bash
sed -i '/net.ipv6.conf.all.disable_ipv6/d' /etc/sysctl.conf
sed -i '/net.ipv6.conf.default.disable_ipv6/d' /etc/sysctl.conf
sysctl -p
reboot
```

### Root Access

**SSH:** Enabled (currently)  
**Cockpit:** Enabled (root removed from disallowed-users)  
**Password:** Set (stored in Vaultwarden)

**Future Hardening (TODO):**
- Create sudo-enabled admin user
- Disable root SSH login
- Enable SSH key-only authentication
- Install fail2ban for brute-force protection

---

## Service Access

### SSH Access

**Method 1: MobaXterm (Windows)**
```
Host: 64.50.188.128
Port: 22
User: root
Auth: Password or SSH key
```

**Method 2: Command Line**
```bash
ssh root@64.50.188.128
```

### Cockpit Web Terminal

**URL:** https://64.50.188.128:9090

**Login Credentials:**
- Username: `root`
- Password: [stored in Vaultwarden]

**Features Available:**
- Terminal (web-based SSH)
- System monitoring (CPU, RAM, disk, network)
- Storage management
- Network configuration
- Package management (APT)
- Service management (systemd)
- Log viewer

**Certificate Warning:** Self-signed certificate will trigger browser warning - this is normal, click "Accept Risk and Continue"

---

## Docker Configuration

**Version:** 29.3.1  
**Status:** Installed and running

### Basic Docker Commands

**Test installation:**
```bash
docker run hello-world
```

**Common commands:**
```bash
# List running containers
docker ps

# List all containers (including stopped)
docker ps -a

# List images
docker images

# Pull an image
docker pull ubuntu:latest

# Run a container
docker run -it ubuntu:latest bash

# Remove stopped containers
docker container prune

# Remove unused images
docker image prune
```

### Docker Compose

**Installed:** Yes (v2 plugin)

**Usage:**
```bash
docker compose up -d
docker compose down
docker compose logs -f
```

---

## Node.js Configuration

**Version:** Latest LTS (v20.x)  
**npm Version:** Latest (bundled)

### Basic Commands

**Check versions:**
```bash
node --version
npm --version
```

**Install packages globally:**
```bash
npm install -g [package-name]
```

**Install packages locally:**
```bash
npm install [package-name]
```

---

## System Monitoring

### Command Line Tools

**System info:**
```bash
# OS version
cat /etc/os-release

# Kernel version
uname -r

# System uptime
uptime

# Memory usage
free -h

# Disk usage
df -h

# CPU info
lscpu

# Network interfaces
ip a

# Active connections
ss -tulpn
```

### Cockpit Dashboard

Access via https://64.50.188.128:9090 for graphical monitoring:
- Real-time CPU/RAM/disk graphs
- Network traffic monitoring
- Service status
- System logs

---

## Common Maintenance Tasks

### Update System Packages

```bash
apt update
apt upgrade -y
apt autoremove -y
```

### Restart Services

```bash
# Restart Docker
systemctl restart docker

# Restart Cockpit
systemctl restart cockpit

# Restart UFW
ufw reload
```

### Check Service Status

```bash
systemctl status docker
systemctl status cockpit.socket
systemctl status ufw
```

### Clean Up Disk Space

```bash
# Remove old packages
apt autoremove -y
apt autoclean

# Remove Docker cruft
docker system prune -a

# Remove old logs
journalctl --vacuum-time=7d
```

---

## Development Workflow Examples

### Testing a Node.js Application

```bash
# Clone repo
git clone [repo-url]
cd [project]

# Install dependencies
npm install

# Run application
npm start
```

### Testing with Docker

```bash
# Build custom image
docker build -t myapp:latest .

# Run container
docker run -d -p 8080:8080 myapp:latest

# View logs
docker logs -f [container-id]

# Stop container
docker stop [container-id]
```

### Testing CI/CD Pipelines

```bash
# Clone Firefrost services repo
git clone https://[token]@git.firefrostgaming.com/firefrost-gaming/firefrost-services.git

# Test deployment script
cd firefrost-services
./deploy.sh --test
```

---

## Troubleshooting

### Cannot SSH to Server

**Check firewall:**
```bash
ufw status
```

**Ensure SSH is allowed:**
```bash
ufw allow 22/tcp
```

**Check SSH service:**
```bash
systemctl status ssh
```

### Cockpit Not Accessible

**Check service:**
```bash
systemctl status cockpit.socket
```

**Restart if needed:**
```bash
systemctl restart cockpit
```

**Check firewall:**
```bash
ufw allow 9090/tcp
```

### Docker Container Won't Start

**Check logs:**
```bash
docker logs [container-name]
```

**Check Docker service:**
```bash
systemctl status docker
```

**Restart Docker:**
```bash
systemctl restart docker
```

### Out of Disk Space

**Check usage:**
```bash
df -h
du -sh /* | sort -h
```

**Clean up:**
```bash
apt autoremove -y
apt autoclean
docker system prune -a
journalctl --vacuum-time=7d
```

---

## Future Enhancements

### Phase 1 (Security Hardening)
- [ ] Create sudo-enabled admin user (`architect`)
- [ ] Install fail2ban
- [ ] Disable root SSH login
- [ ] SSH key-only authentication
- [ ] Configure automatic security updates

### Phase 2 (Development Tools)
- [ ] Install Git
- [ ] Install Python 3 and pip
- [ ] Install Nginx (if needed)
- [ ] Set up CI/CD runner (GitHub Actions or Gitea Actions)
- [ ] Configure development database (PostgreSQL or MySQL)

### Phase 3 (Monitoring)
- [ ] Install Netdata for advanced monitoring
- [ ] Configure log aggregation
- [ ] Set up alerting (Discord webhooks)
- [ ] Integrate with Uptime Kuma on Command Center

---

## Cost and Resources

**Monthly Cost:** $10  
**Provider:** Breezehost (locked-in pricing)  
**Commitment:** Month-to-month (no contract)

**Resource Allocation:**
- CPU: Light (development workloads)
- RAM: Adequate for most dev tasks (4GB)
- Storage: Sufficient for testing (80GB)
- Network: Fast (1 Gbps)

---

## Related Documentation

- **Infrastructure Manifest:** `docs/core/infrastructure-manifest.md`
- **Command Center Setup:** `docs/deployment/command-center-setup.md`
- **Docker Best Practices:** `docs/guides/docker-best-practices.md`
- **Security Hardening Guide:** `docs/guides/server-security-hardening.md`

---

## Deployment Log

**April 1, 2026 - Initial Setup:**
1. ✅ Ubuntu 24.04 LTS installed (Noble Numbat Minimal)
2. ✅ System updated (apt update && upgrade)
3. ✅ Root password set
4. ✅ IPv6 disabled
5. ✅ UFW firewall configured (ports 22, 9090)
6. ✅ Node.js LTS installed
7. ✅ Docker v29.3.1 installed
8. ✅ Cockpit web terminal installed
9. ✅ Root login to Cockpit enabled
10. ✅ Server rebooted and tested

**Status:** ✅ OPERATIONAL - Ready for development work

---

**Fire + Frost + Foundation = Where Love Builds Legacy** 🔥❄️💙

---

**Last Updated:** April 1, 2026  
**Configured by:** Chronicler #51  
**Next Steps:** Security hardening (create admin user, fail2ban, SSH keys)