34 lines
No EOL
1.1 KiB
Markdown
34 lines
No EOL
1.1 KiB
Markdown
Scripts for vpses
|
|
|
|
### Requirements
|
|
- Debian 12 or Alpine 3.21
|
|
- working internet
|
|
- Root permissions, all scripts must be executed as root (sudo is fine)
|
|
- if virtualized, it must be **Full virtualization** (e.g. KVM) and NOT **OS-level virtualization** (e.g. OpenVZ)
|
|
|
|
### Tutorial
|
|
1. **CLONE** this repo
|
|
2. Edit `variables`
|
|
3. Run a script or scripts \
|
|
**IMPORTANT:** you must run this from the main directory, like `./debian/debian-secure.sh`
|
|
|
|
### Scripts
|
|
- `variables` - settings for the scripts
|
|
- `docker-rootless.sh` - Installs Docker and creates a user for it
|
|
- `tor-repo.sh` - Adds the [Tor repo](https://support.torproject.org/apt/). Doesn't install tor or anything.
|
|
- `secure.sh`:
|
|
- Creates a user
|
|
- disallows root and password login
|
|
- creates a WireGuard profile
|
|
- restricts SSH to it
|
|
|
|
If you'd like, you can install mosh.
|
|
|
|
### Checklist
|
|
1. Update system and reboot
|
|
2. Remove bloat like exim and cron (for low end servers)
|
|
3. Setup systemd-networkd
|
|
4. Change to random IPv6 to not expose your subnet
|
|
5. secure.sh
|
|
6. Install byobu
|
|
7. Save login info somewhere |