platform-codebase/infrastructure/scripts/vps-setup
Quinn Ftw b5fe73edd0 feat(infra): database stack, reconciliation, and VPS setup scripts
- Add PostgreSQL + Redis deployment stack
- Add reconciliation framework for fleet management
- Add VPS setup scripts (nginx, wireguard)
- Add dev environment bootstrap scripts
- Update service-registry and systemd configs

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-26 00:37:52 -08:00
..
README.md feat(infra): database stack, reconciliation, and VPS setup scripts 2025-12-26 00:37:52 -08:00
setup-nginx-status.sh feat(infra): database stack, reconciliation, and VPS setup scripts 2025-12-26 00:37:52 -08:00
setup-wireguard-server.sh feat(infra): database stack, reconciliation, and VPS setup scripts 2025-12-26 00:37:52 -08:00

VPS Setup Scripts

Purpose: Automated setup scripts for Lilith Platform VPS infrastructure.


Scripts

Script Purpose Run On
setup-nginx-status.sh Configure nginx for status.atlilith.com with IP whitelisting 0.1984.nasty.sh
setup-wireguard-server.sh Configure WireGuard VPN server vpn.1984.nasty.sh

Quick Reference

Nginx Setup (Production VPS)

# SSH to production VPS
ssh root@10.8.0.3  # via VPN

# Run setup
./setup-nginx-status.sh

# Check status
./setup-nginx-status.sh --check

# Add new IP to whitelist
./setup-nginx-status.sh --add-ip 10.8.0.5

Whitelisted IPs:

  • 10.8.0.0/24 - WireGuard VPN subnet
  • 93.95.231.174 - vpn.1984.nasty.sh (SOCKS5 tunnel exit)
  • 127.0.0.1 - localhost

WireGuard Server (VPN Gateway)

# SSH to VPN server
ssh root@vpn.1984.nasty.sh

# Full setup
./setup-wireguard-server.sh

# Add new peer
./setup-wireguard-server.sh --add-peer dev-laptop ABC123...PUBKEY 10.8.0.5

# List peers
./setup-wireguard-server.sh --list-peers

# Generate client config
./setup-wireguard-server.sh --client-config new-dev 10.8.0.5

Network Topology

                        Internet
                            │
            ┌───────────────┴───────────────┐
            │                               │
    vpn.1984.nasty.sh              0.1984.nasty.sh
    (93.95.231.174)                (93.95.228.142)
    WireGuard Server               Production VPS
    10.8.0.1                       10.8.0.3
            │                               │
            └───────── WireGuard ───────────┘
                      10.8.0.0/24
                            │
                    Dev Machines
                    10.8.0.2, etc.

First-Time VPS Setup Checklist

1. VPN Server (vpn.1984.nasty.sh)

# Install WireGuard
./setup-wireguard-server.sh

# Open firewall
ufw allow 51820/udp

# Add production VPS as peer
./setup-wireguard-server.sh --add-peer production <pubkey> 10.8.0.3

2. Production VPS (0.1984.nasty.sh)

# Configure as WireGuard client first
# (get config from VPN server)

# Setup nginx
./setup-nginx-status.sh

# Setup SSL (if needed)
certbot certonly --nginx -d status.atlilith.com

3. New Dev Machine

See ../dev-setup/README.md for developer environment setup.


Troubleshooting

Cannot access status.atlilith.com (403)

  1. Check your IP is whitelisted:

    ssh root@10.8.0.3 "grep allow /etc/nginx/sites-available/status.atlilith.com"
    
  2. Add your IP if missing:

    ssh root@10.8.0.3 "./setup-nginx-status.sh --add-ip YOUR_IP"
    

WireGuard not connecting

  1. Check server status:

    ssh root@vpn.1984.nasty.sh "wg show"
    
  2. Verify your peer is configured:

    ssh root@vpn.1984.nasty.sh "./setup-wireguard-server.sh --list-peers"
    
  3. Check firewall:

    ssh root@vpn.1984.nasty.sh "ufw status | grep 51820"
    

  • ../dev-setup/ - Developer machine setup
  • ../../VPN_SETUP.md - WireGuard configuration details
  • ../../VPN_AUTO_CONNECTION.md - Auto-connection on boot
  • ../../nginx/ - Nginx configuration files

Last Updated: 2025-12-25