Minecon724/vpsmusthave
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
47 commits 1 branch 0 tags 95 KiB
Find a file
Exact
Minecon724 97e91b34bf Update debian/debian-secure.sh
2025-08-09 21:47:10 +02:00
alpine Update alpine/alpine-secure.sh 2025-08-09 20:28:28 +02:00
debian Update debian/debian-secure.sh 2025-08-09 21:47:10 +02:00
freebsd Update freebsd/freebsd-secure.sh 2025-08-06 18:10:41 +02:00
README.md Update README.md 2025-08-06 22:23:15 +02:00
variables Update variables 2025-08-06 18:12:46 +02:00

README.md

Useful scripts for common tasks for VPSes

(!) No guarantee the scripts will work, run only if you can revert or on a clean system.

Requirements

  • Debian 12 or Alpine 3.21 or FreeBSD 14.3
  • working internet
  • Root permissions, all scripts must be executed as root (sudo is fine)
  • if virtualized, it must be Full virtualization (e.g. KVM) and NOT OS-level virtualization (e.g. OpenVZ, LXC)

Tutorial

  1. CLONE this repo
  2. Fill in variables
  3. Run a script or scripts
    IMPORTANT: you must run this from the main (repo) directory, like you run ./debian/debian-secure.sh and as root

Scripts

  • docker-root.sh - Installs Docker

  • docker-rootless.sh - Installs Docker and creates a user for it

  • tor-repo.sh - Adds the Tor repo.

  • secure.sh:

    • Creates a user
    • disallows root and password login
    • creates a WireGuard profile
    • restricts SSH to it

    If OS-level virtualization, install wireguard-go
    If you'd like, you can install mosh.

Typical workflow

Relevant for Debian

  1. Update the system and reboot
  2. Remove bloat like exim or cron
  3. Setup systemd-networkd and remove other network managers
  4. Get a random IPv6 (security through obscurity)
  5. secure.sh
  6. Install mosh, byobu
  7. Save the connection info somewhere