2024-10-08 15:37:40 +02:00
|
|
|
Scripts for vpses
|
2024-07-22 11:43:08 +02:00
|
|
|
|
|
|
|
|
### Requirements
|
2025-02-11 18:01:41 +01:00
|
|
|
- Debian 12 or Alpine 3.21
|
2024-07-22 11:43:08 +02:00
|
|
|
- working internet
|
2024-10-07 19:37:05 +02:00
|
|
|
- Root permissions, all scripts must be executed as root (sudo is fine)
|
2025-02-25 15:03:59 +01:00
|
|
|
- if virtualized, it must be **Full virtualization** (e.g. KVM) and NOT **OS-level virtualization** (e.g. OpenVZ)
|
2024-10-07 19:34:10 +02:00
|
|
|
|
2025-02-08 18:29:55 +01:00
|
|
|
### Tutorial
|
|
|
|
|
1. **CLONE** this repo
|
|
|
|
|
2. Edit `variables`
|
2025-02-25 15:03:59 +01:00
|
|
|
3. Run a script or scripts \
|
|
|
|
|
**IMPORTANT:** you must run this from the main directory, like `./debian/debian-secure.sh`
|
2025-02-08 18:29:55 +01:00
|
|
|
|
2024-10-07 19:34:10 +02:00
|
|
|
### Scripts
|
2024-10-07 19:35:15 +02:00
|
|
|
- `variables` - settings for the scripts
|
2024-10-07 19:34:10 +02:00
|
|
|
- `docker-rootless.sh` - Installs Docker and creates a user for it
|
|
|
|
|
- `tor-repo.sh` - Adds the [Tor repo](https://support.torproject.org/apt/). Doesn't install tor or anything.
|
|
|
|
|
- `secure.sh`:
|
|
|
|
|
- Creates a user
|
|
|
|
|
- disallows root and password login
|
|
|
|
|
- creates a WireGuard profile
|
2024-12-04 11:56:18 +01:00
|
|
|
- restricts SSH to it
|
2025-02-11 18:06:26 +01:00
|
|
|
|
|
|
|
|
If you'd like, you can install mosh.
|
2024-12-04 11:56:18 +01:00
|
|
|
|
|
|
|
|
### Checklist
|
|
|
|
|
1. Update system and reboot
|
|
|
|
|
2. Remove bloat like exim and cron (for low end servers)
|
|
|
|
|
3. Setup systemd-networkd
|
|
|
|
|
4. Change to random IPv6 to not expose your subnet
|
|
|
|
|
5. secure.sh
|
|
|
|
|
6. Install byobu
|
|
|
|
|
7. Save login info somewhere
|
