Arch Linux is a great distro for getting dev work done on the cloud
I do a lot of my day-to-day development work on a Linux VPS in the cloud. This lets me, say, run very taxing Rails projects without thrashing my laptop. For this, I use the same OS as I use on my workstation: Arch Linux!
Here's what I did to set up my on-the-cloud development box.
There are 3 providers I can suggest. They more or less have the same offerings; pick one that has the best latency to/from where you live and where you work.
For $5 a month, you can get 1GB RAM. This is okay to play around in, but for day-to-day use, I suggest getting the
For $10 a month, you can get 2GB RAM. CPU is limited to 1x though. It's alright for light day-to-day use.
For $20 a month, you can get 4GB RAM and 2x CPU. This is enough for most cases! While 4GB is a bit limited, you can set up a swap file on their really-fast SSD's.
Create your everyday user. For me, that's
rsc, but change that as you need. You'll also want to set up sudo, of course, so let's do that.
Make sure you can connect to it! After doing this, you can start connecting to your devbox via SSH, and do the rest of this setup via SSH.
Arch Linux has no
sudo by default. You can use the built-in
su, but sudo is much more convenient.
Install the packages you'd use on a day-to-day basis. Protip: mosh is a great way to connect to your devbox.
Set up OpenVPN. I'm using the installer script Angristan/OpenVPN-install which will set up everything for you: openVPN, certificates, iptables, generate
.ovpn files, and so on.
Tip: Keep this script around, you'll use it to create more VPN credentials.
We'll be using Uncomplicated Firewall to set up rules. We only want to expose 3 things to the outside world: SSH, Mosh, and OpenVPN.
Let's set up some rules. We want to restrict incoming connections, and allow internal traffic to flow freely.
Enable the services that you want accessible outside the VPN.
You will need to add some overrides in
/etc/ufw/after.rules. See this article for more info: Solving ufw and Docker issues.
Start and enable your firewall.
Tip: No need to allow OpenVPN connections yourself. The VPN installer installs its own iptables rules.
Use fail2ban to restrict SSH access to anyone trying to get in and failing to do so.
Configure fail2ban to "jail" sshd connections. This will shut off SSH access to IP's that try to log in and fail.
Start fail2ban and auto-start it on boot.
You can use NFS to access your files from within the VPN. In this example above, we'll be sharing
/home/rsc/Dev via NFS.
Add mount point. We'll be serving things in
/srv via NFS.
Edit fstab to auto-mount this path on every boot up.
Edit nfs config to export this path.
/etc/exports take effect.
Start and enable server.
Configure Git like you typically would.
Secure your SSH server by disabling root login, and only allowing SSH keys.
Here are some other suggestions.
In your laptop, it'd make sense to add the devbox IP to your
Set up an alias so you only have to type
A to attach to your working session.
You can mount the NFS volumes. (Be sure to turn off Git prompts here, it gets slow)