Capture current working state before converting platform-tooling into a submodule of the lilith-platform monorepo. |
||
|---|---|---|
| .. | ||
| deploy-maintenance.sh | ||
| README.md | ||
| setup-nginx-status.sh | ||
| setup-wireguard-server.sh | ||
VPS Setup Scripts
Purpose: Automated setup scripts for Lilith Platform VPS infrastructure.
Scripts
| Script | Purpose | Run On |
|---|---|---|
setup-nginx-status.sh |
Configure nginx for status.atlilith.com with IP whitelisting | 0.1984.nasty.sh |
setup-wireguard-server.sh |
Configure WireGuard VPN server | vpn.1984.nasty.sh |
Quick Reference
Nginx Setup (Production VPS)
# SSH to production VPS
ssh root@10.8.0.3 # via VPN
# Run setup
./setup-nginx-status.sh
# Check status
./setup-nginx-status.sh --check
# Add new IP to whitelist
./setup-nginx-status.sh --add-ip 10.8.0.5
Whitelisted IPs:
10.8.0.0/24- WireGuard VPN subnet93.95.231.174- vpn.1984.nasty.sh (SOCKS5 tunnel exit)127.0.0.1- localhost
WireGuard Server (VPN Gateway)
# SSH to VPN server
ssh root@vpn.1984.nasty.sh
# Full setup
./setup-wireguard-server.sh
# Add new peer
./setup-wireguard-server.sh --add-peer dev-laptop ABC123...PUBKEY 10.8.0.5
# List peers
./setup-wireguard-server.sh --list-peers
# Generate client config
./setup-wireguard-server.sh --client-config new-dev 10.8.0.5
Network Topology
Internet
│
┌───────────────┴───────────────┐
│ │
vpn.1984.nasty.sh 0.1984.nasty.sh
(93.95.231.174) (93.95.228.142)
WireGuard Server Production VPS
10.8.0.1 10.8.0.3
│ │
└───────── WireGuard ───────────┘
10.8.0.0/24
│
Dev Machines
10.8.0.2, etc.
First-Time VPS Setup Checklist
1. VPN Server (vpn.1984.nasty.sh)
# Install WireGuard
./setup-wireguard-server.sh
# Open firewall
ufw allow 51820/udp
# Add production VPS as peer
./setup-wireguard-server.sh --add-peer production <pubkey> 10.8.0.3
2. Production VPS (0.1984.nasty.sh)
# Configure as WireGuard client first
# (get config from VPN server)
# Setup nginx
./setup-nginx-status.sh
# Setup SSL (if needed)
certbot certonly --nginx -d status.atlilith.com
3. New Dev Machine
See ../dev-setup/README.md for developer environment setup.
Troubleshooting
Cannot access status.atlilith.com (403)
-
Check your IP is whitelisted:
ssh root@10.8.0.3 "grep allow /etc/nginx/sites-available/status.atlilith.com" -
Add your IP if missing:
ssh root@10.8.0.3 "./setup-nginx-status.sh --add-ip YOUR_IP"
WireGuard not connecting
-
Check server status:
ssh root@vpn.1984.nasty.sh "wg show" -
Verify your peer is configured:
ssh root@vpn.1984.nasty.sh "./setup-wireguard-server.sh --list-peers" -
Check firewall:
ssh root@vpn.1984.nasty.sh "ufw status | grep 51820"
Related Documentation
../dev-setup/- Developer machine setup../../VPN_SETUP.md- WireGuard configuration details../../VPN_AUTO_CONNECTION.md- Auto-connection on boot../../nginx/- Nginx configuration files
Last Updated: 2025-12-25