Convert a Debian 7 Digital Ocean Droplet into Arch Linux

June 10, 2015

I love Digital Ocean. It’s the cheapest, fastest, easiest way to get a Linux virtual server up and running. They’ve got a great interface too:

Hmm, something seems to be missing here ...

Hmm, something seems to be missing here …

There are some great choices here, no doubt, but where’s Arch Linux? Well, DO dropped their support for Arch Linux as it was apparently too difficult to support a rolling release for them. Fair enough, I guess, but but what about those of us who want Arch anyway? Experienced Arch users aren’t exactly the type to balk at a lack of official support though. Besides, who needs support when you’ve got the Arch Wiki?

I was content to stick with my Ubuntu and CentOS droplets, until I came across this github project: digitalocean-debian-to-arch. Basically, it’s a script that will turn a Debian 7 digital ocean droplet into a super lightweight Arch droplet.


Just spin up a new Debian 7 droplet (32 or 64 bit) and once you get it up and running, ssh in (or use Digital Ocean’s console access from their Web UI) and run the following command as root:

wget && bash

Answer yes when prompted and then just wait! In a few minutes you’ll have a fully up to date Arch Linux droplet.

Warning: Always be wary of running random commands you find on the internet. You can view their script here and see that it checks out. It worked great for me, but it’s best practice to be wary of this type of thing in general. There’s not much at stake here though, since you’re running it on a virtual machine you just created and can easily delete.

Set up your new Arch Linux Droplet

Once the script finishes and the droplet reboots, log back in and let’s get Arch set up:

Look at the RAM usage, a measly 24MB! Obviously that will change as we set up services, but for now this droplet is blazing fast.

Look at the RAM usage, a measly 24MB! Obviously that will change as we set up services, but for now this droplet is blazing fast.

A great place to start is the General Recommendations Arch wiki page. It is a must read for new users. For now though, let’s just do a few basics.

User Accounts

It is considered best practice not to log in as root, but to use su or sudo to perform necessary system tasks. Let’s create a new user, jay, and set a password for it:

# useradd -m -G wheel -s /bin/bash jay
# passwd jay

Now we need to grant our user sudo access:

# pacman -S sudo
# EDITOR=nano visudo

This will open the sudoers file, which lists which users and groups have sudo access. This command will open it in nano, but you could substitute your editor of choice or use the default vi. Scroll down to this line and uncomment it by removing the # at the beginning of the line:

%wheel      ALL=(ALL) ALL

This will let any members of the group wheel have sudo access. Hit ctrl-x and then y to save.

Now that we’ve got our user created, let’s create an authorized_keys file for our user. If you don’t know about ssh keys, then check the Arch wiki before proceeding: SSH keys. Once you have an ssh public key ready to go, then just add to your .ssh/authorized_keys file.

$ su - jay
$ mkdir .ssh
$ nano .ssh/authorized_keys

Paste in your public key here, and save it with ctrl+x, then y. Setting the correct file permissions is our next step:

$ chmod g-w /home/jay
$ chmod 700 /home/jay/.ssh
$ chmod 600 /home/jay/.ssh/authorized_keys

Now it’s time to lock down ssh and make it more secure.

$ sudo nano /etc/ssh/sshd_config

Open up the sshd config file and change Port 22 to some other number. Security through obfuscation, the default port is 22 and just by changing it to another number you can prevent a lot of automated attempts to gain access to your server. You should also set PermitRootLogin to no, PubkeyAuthentication to yes, and PasswordAuthentication to no. Ctrl + x, then y to save.

Where to go from here?

I’ve only just set this up today, so I haven’t really done anything other than what’s shown here. I’m very excited to start playing with it now. I might set up Owncloud and ditch my Ubuntu droplet. Or I could set up a VPN server that I could turn off and on whenever I’m stuck with an unsafe wifi connection. With Arch, there’s not much you can’t do. Whenever I find a use for this thing, I’ll do a post on it.