platform-tooling/scripts/vps/setup
Quinn Ftw 85621b287e chore: snapshot before monorepo consolidation
Capture current working state before converting platform-tooling
into a submodule of the lilith-platform monorepo.
2026-01-29 07:04:39 -08:00
..
deploy-maintenance.sh chore: snapshot before monorepo consolidation 2026-01-29 07:04:39 -08:00
README.md chore: snapshot before monorepo consolidation 2026-01-29 07:04:39 -08:00
setup-nginx-status.sh chore: snapshot before monorepo consolidation 2026-01-29 07:04:39 -08:00
setup-wireguard-server.sh chore: snapshot before monorepo consolidation 2026-01-29 07:04:39 -08:00

VPS Setup Scripts

Purpose: Automated setup scripts for Lilith Platform VPS infrastructure.


Scripts

Script Purpose Run On
setup-nginx-status.sh Configure nginx for status.atlilith.com with IP whitelisting 0.1984.nasty.sh
setup-wireguard-server.sh Configure WireGuard VPN server vpn.1984.nasty.sh

Quick Reference

Nginx Setup (Production VPS)

# SSH to production VPS
ssh root@10.8.0.3  # via VPN

# Run setup
./setup-nginx-status.sh

# Check status
./setup-nginx-status.sh --check

# Add new IP to whitelist
./setup-nginx-status.sh --add-ip 10.8.0.5

Whitelisted IPs:

  • 10.8.0.0/24 - WireGuard VPN subnet
  • 93.95.231.174 - vpn.1984.nasty.sh (SOCKS5 tunnel exit)
  • 127.0.0.1 - localhost

WireGuard Server (VPN Gateway)

# SSH to VPN server
ssh root@vpn.1984.nasty.sh

# Full setup
./setup-wireguard-server.sh

# Add new peer
./setup-wireguard-server.sh --add-peer dev-laptop ABC123...PUBKEY 10.8.0.5

# List peers
./setup-wireguard-server.sh --list-peers

# Generate client config
./setup-wireguard-server.sh --client-config new-dev 10.8.0.5

Network Topology

                        Internet
                            │
            ┌───────────────┴───────────────┐
            │                               │
    vpn.1984.nasty.sh              0.1984.nasty.sh
    (93.95.231.174)                (93.95.228.142)
    WireGuard Server               Production VPS
    10.8.0.1                       10.8.0.3
            │                               │
            └───────── WireGuard ───────────┘
                      10.8.0.0/24
                            │
                    Dev Machines
                    10.8.0.2, etc.

First-Time VPS Setup Checklist

1. VPN Server (vpn.1984.nasty.sh)

# Install WireGuard
./setup-wireguard-server.sh

# Open firewall
ufw allow 51820/udp

# Add production VPS as peer
./setup-wireguard-server.sh --add-peer production <pubkey> 10.8.0.3

2. Production VPS (0.1984.nasty.sh)

# Configure as WireGuard client first
# (get config from VPN server)

# Setup nginx
./setup-nginx-status.sh

# Setup SSL (if needed)
certbot certonly --nginx -d status.atlilith.com

3. New Dev Machine

See ../dev-setup/README.md for developer environment setup.


Troubleshooting

Cannot access status.atlilith.com (403)

  1. Check your IP is whitelisted:

    ssh root@10.8.0.3 "grep allow /etc/nginx/sites-available/status.atlilith.com"
    
  2. Add your IP if missing:

    ssh root@10.8.0.3 "./setup-nginx-status.sh --add-ip YOUR_IP"
    

WireGuard not connecting

  1. Check server status:

    ssh root@vpn.1984.nasty.sh "wg show"
    
  2. Verify your peer is configured:

    ssh root@vpn.1984.nasty.sh "./setup-wireguard-server.sh --list-peers"
    
  3. Check firewall:

    ssh root@vpn.1984.nasty.sh "ufw status | grep 51820"
    

  • ../dev-setup/ - Developer machine setup
  • ../../VPN_SETUP.md - WireGuard configuration details
  • ../../VPN_AUTO_CONNECTION.md - Auto-connection on boot
  • ../../nginx/ - Nginx configuration files

Last Updated: 2025-12-25