Skip to content

Prepare your home server

Install Debian

This guide assumes setup of a new homeserver on your local network.

Debian ISO

  1. Download the latest Debian release

    debian-X.Y.Z-amd64-DVD-1.iso

  2. Install Ventoy onto a 8GB+ USB 3.0 storage device

  3. Move the Debian ISO file to the Ventoy directory on your removable device

  4. Safely remove the USB storage device

  5. Boot the Ventoy USB on your homeserver

  6. Select the Debian ISO file

  7. (optional) Check the ISO file integrity

    • Select 'File checksum'
    • Select 'Calculate sha256sum'
    • Compare the output of the checksum to the value on the Debian website

  8. Select 'Boot in normal mode'

Preseed file

  • Locally, run just preseed-server
  • Or upload the server preseed.cfg file to a pastebin, and manually add your public SSH key

Debian installer

  • Select Advanced options ...
  • Select ... Automated install

  • When prompted for the preconfiguration file, enter the url of your the preseed file

    e.g. 192.168.0.123:8000 or https://pastebin.com/raw/aBcdEf

Warning

Next you will select a disk to partition, ALL DATA ON THE DISK WILL BE ERASED

  • Select the disk to partition

  • Wait for the installer to finish and the system to reboot into Debian

Info

If you recieve an error at the end of the installer process, it is likely that you've incorrectly or forgotten to change the authorized SSH key in the preseed late command. The easiest solution is to fix the preseed file and run the Debian installer again.

System setup

  • Locally, connect to the server via SSH > e.g. ssh karo@homeserver > e.g. ssh karo@192.168.0.142

  • As prompted, change your password (default is changelater)

Okay and thats where I left this page, I think this next part is meant to go here? I wrote this three weeks ago so...

ssh -A karo@<homeserver> # ! capital A is important

git clone git@github.com:<username>/karo-stack.git /srv/karo
git clone git@github.com:<username>/inventory.git /srv/karo/inventory

cd /srv/karo

openssl rand -hex 48 # password manager !!!
just setup-password

just setup-vault homeserver

cd /srv/karo/inventory
git add /srv/karo/inventory/host_vars/homeserver/vault.yml
git commit -m "add ansible vault for homeserver"
git push

then check you've uploaded an encrypted file to your git repo: https://github.com/<username>/inventory/blob/main/host_vars/homeserver/vault.yml

example vault.yml:

# <domain>
#
# CONFIDENTIAL

---

karo_compose_public_domain: <domain>.<tld>
karo_compose_private_domain: <subdomain>.<domain>.<tld>

karo_compose_traefik_acme_staging_enabled: true
karo_compose_traefik_acme_staging_ca_server_url: "https://acme-staging-v02.api.letsencrypt.org/directory"

karo_compose_traefik_acme_email: cert@<domain>.<tld>
karo_compose_traefik_acme_zone_api_token: "<api_token>"
karo_compose_traefik_acme_dns_api_token: "<api_token>"
karo_compose_traefik_acme_ca_server_url: "https://acme-v02.api.letsencrypt.org/directory" # "https://acme.zerossl.com/v2/DV90"

karo_compose_traefik_dashboard_enabled: true

...