New Server Setup

This documentation contains various notes on setting up a new Debian server. (At the time of writing, based on Debian 13.)

Set time zone

For consistency, all Figure13 servers are set to America/New_York.

sudo timedatectl set-timezone

Create a non-root user

These steps create a user besides the root user. In this case, the account will be called f13-warp.

  1. In the Server_Creds vault in 1Password, duplicate the exampleserver_f13-warp credential (direct link) to the same vault and update the copy for that specific server. Generate a new secure password.

  2. On the server, run:

    sudo adduser f13-warp

  3. Copy the account password from 1Password to the adduser process.

  4. Press Enter to save (blank) defaults for the rest of the user information.

  5. Press Enter to choose Yes (default) when asked if information is correct.

Enable sudo access for a user

Assuming that you want to enable sudo access for the f13-warp account you created above:

sudo usermod -aG sudo f13-warp

Set up passwordless sudo

Normally, the first time a user invokes a sudo command, they are prompted for their account password. When using Ansible, or a shared account like f13-warp, we want to skip the password prompt.

  1. Create wheel user group:

    sudo groupadd wheel

  2. Enable passwordless sudo for the wheel group:

    1. Open sudo policy:

      sudo visudo

    2. Add the following lines near the bottom of the file, under the %sudo section:

      # Allow members of group wheel to execute sudo commands without password verification
%wheel  ALL=(ALL)        NOPASSWD: ALL

    3. Save and close the sudo policy file with Ctrl+X, Y to confirm, and Enter to select the save location.

  3. Add account(s) to the new wheel group. Assuming you’re using the same f13-warp account:

    sudo usermod -aG wheel f13-warp

Add SSH key for a user

When logged in as root, you can add an SSH key for a user with the following steps. (These steps assume you’re adding a key for the same f13-warp account we’ve used for the rest of these examples.)

  1. Impersonate the user:

    sudo su - f13-warp

  2. Make sure the .ssh directory exists for that user:

    mkdir -p ~/.ssh

  3. Open the authorized_keys file:

    nano ~/.ssh/authorized_keys

  4. Paste the SSH public key in this file, and save and close the file with Ctrl+X, Y to confirm, and Enter to select the save location.

  5. Ensure the .ssh directory and files have the proper permissions:

    chmod -R go= ~/.ssh

  6. Ensure the .ssh directory and files are owned by the specific user (and not root or your user):

    chown -R f13-warp:f13-warp ~/.ssh

  7. Stop impersonating the user:

    exit