# VPS Setup Scripts **Purpose**: Automated setup scripts for Lilith Platform VPS infrastructure. --- ## Scripts | Script | Purpose | Run On | |--------|---------|--------| | `setup-nginx-status.sh` | Configure nginx for status.atlilith.com with IP whitelisting | 0.1984.nasty.sh | | `setup-wireguard-server.sh` | Configure WireGuard VPN server | vpn.1984.nasty.sh | --- ## Quick Reference ### Nginx Setup (Production VPS) ```bash # SSH to production VPS ssh root@10.8.0.3 # via VPN # Run setup ./setup-nginx-status.sh # Check status ./setup-nginx-status.sh --check # Add new IP to whitelist ./setup-nginx-status.sh --add-ip 10.8.0.5 ``` **Whitelisted IPs:** - `10.8.0.0/24` - WireGuard VPN subnet - `93.95.231.174` - vpn.1984.nasty.sh (SOCKS5 tunnel exit) - `127.0.0.1` - localhost ### WireGuard Server (VPN Gateway) ```bash # SSH to VPN server ssh root@vpn.1984.nasty.sh # Full setup ./setup-wireguard-server.sh # Add new peer ./setup-wireguard-server.sh --add-peer dev-laptop ABC123...PUBKEY 10.8.0.5 # List peers ./setup-wireguard-server.sh --list-peers # Generate client config ./setup-wireguard-server.sh --client-config new-dev 10.8.0.5 ``` --- ## Network Topology ``` Internet │ ┌───────────────┴───────────────┐ │ │ vpn.1984.nasty.sh 0.1984.nasty.sh (93.95.231.174) (93.95.228.142) WireGuard Server Production VPS 10.8.0.1 10.8.0.3 │ │ └───────── WireGuard ───────────┘ 10.8.0.0/24 │ Dev Machines 10.8.0.2, etc. ``` --- ## First-Time VPS Setup Checklist ### 1. VPN Server (vpn.1984.nasty.sh) ```bash # Install WireGuard ./setup-wireguard-server.sh # Open firewall ufw allow 51820/udp # Add production VPS as peer ./setup-wireguard-server.sh --add-peer production 10.8.0.3 ``` ### 2. Production VPS (0.1984.nasty.sh) ```bash # Configure as WireGuard client first # (get config from VPN server) # Setup nginx ./setup-nginx-status.sh # Setup SSL (if needed) certbot certonly --nginx -d status.atlilith.com ``` ### 3. New Dev Machine See `../dev-setup/README.md` for developer environment setup. --- ## Troubleshooting ### Cannot access status.atlilith.com (403) 1. Check your IP is whitelisted: ```bash ssh root@10.8.0.3 "grep allow /etc/nginx/sites-available/status.atlilith.com" ``` 2. Add your IP if missing: ```bash ssh root@10.8.0.3 "./setup-nginx-status.sh --add-ip YOUR_IP" ``` ### WireGuard not connecting 1. Check server status: ```bash ssh root@vpn.1984.nasty.sh "wg show" ``` 2. Verify your peer is configured: ```bash ssh root@vpn.1984.nasty.sh "./setup-wireguard-server.sh --list-peers" ``` 3. Check firewall: ```bash ssh root@vpn.1984.nasty.sh "ufw status | grep 51820" ``` --- ## Related Documentation - `../dev-setup/` - Developer machine setup - `../../VPN_SETUP.md` - WireGuard configuration details - `../../VPN_AUTO_CONNECTION.md` - Auto-connection on boot - `../../nginx/` - Nginx configuration files --- **Last Updated**: 2025-12-25