Add initial setup documentation

diff --git a/blueprint/README.md b/blueprint/README.md
index c270545310c0866eb7219245263e23d3d6493fe8..be07ff938fc313acc504ac45a10e19cea53d6dc9 100644 (file)
--- a/blueprint/README.md
+++ b/blueprint/README.md
@@ -5,6 +5,7 @@ These documents are in English to make them more widely useful.
 These documents intend to document how to set up self-hosted services in a reusable manner.
 
 * [Hosting](hosting.org): hosting providers.
+* [Setup](setup.md): An example installation process using Gandi and Contabo.
 
 ## Other references
 

diff --git a/blueprint/setup.md b/blueprint/setup.md
new file mode 100644 (file)
index 0000000..761ecab
--- /dev/null
+++ b/blueprint/setup.md
@@ -0,0 +1,58 @@
+# Setup
+
+## Domain
+
+[Gandi is one of the supported registrars for YunoHost](https://doc.yunohost.org/en/providers/registrar).
+
+* Buy the domain from Gandi.
+* Visit https://admin.gandi.net/
+* Click on your user in the top right of the page, then "User Settings".
+* Click "Create a token" in the "Personal Access Token (PAT)" section.
+* Select the organization that matches your user name.
+* Fill the form:
+  * Token name: "yunohost domain automation"
+  * Activate "Manage domain name technical configurations"
+* Copy the token for later use.
+
+## Server
+
+### Initial setup
+
+* Get a "VPS 1 SSD" from Contabo, with Debian 12.
+* Disable VNC from the "new" Contabo control panel.
+* Log in as `root` via SSH.
+* Run the YunoHost installer command.
+  The installation might fail because `cloud-init` installs software on the first boot of the server, you can retry.
+  Accept SSH configuration changes.
+* Follow the link that the installer prints to access YunoHost.
+* Follow the wizard.
+  * "I want to add a domain I own", type the domain *in punycode if needed* (e.g. `example.com`).
+  * Create your user, store the credentials.
+* After being redirected to the login page, login might not behave correctly.
+  If this happens, then edit the URL and remove everything after the IP address.
+
+### Domain setup
+
+* Log in to the YunoHost admin interface.
+* https://github.com/YunoHost/issues/issues/2405 Gandi instructions are outdated, updating the DNS records automatically is not currently possible without patching.
+
+### Reverse DNS
+
+This seems to be possible on the old Contabo control panel.
+
+* Visit https://my.contabo.com/
+* Click "Reverse DNS Management"
+* Edit the IPv4 and IPv6 records.
+  Use the punycode version if needed.
+
+### Diagnosis
+
+* Run the internal diagnosis as per the YunoHost installation instructions.
+  If you followed the previous steps, then everything is green.
+
+## Notes
+
+* After initial setup, `root` password might only be useful on the VNC console for recovery?
+* For a non-ASCII domain name, I had to enter it in the installer as punycode, or the installer entered an infinite loop.
+* The Debian 12 Contabo image runs `unattended-upgrades`.
+* After installing YunoHost, `fail2ban` is enabled.