1
0
Fork 0

README.md: update

main
urosm 2024-04-11 23:29:08 +02:00
parent cd6769a20d
commit 374cdf91bc
1 changed files with 15 additions and 52 deletions

View File

@ -3,7 +3,7 @@
This repo tracks user and system configuration files, installed packages This repo tracks user and system configuration files, installed packages
and used commands for several machines or virtual servers. All are and used commands for several machines or virtual servers. All are
running Debian. The `milano` section documents our desktop setup based running Debian. The `milano` section documents our desktop setup based
on `sway`, `foot`, `neovim` and `fuzzel`. on `sway`, `foot`, `neovim` and `fzy`.
## milano ## milano
@ -20,6 +20,7 @@ sudo cp -ri .config/sudoers.d /etc/
sudo cp -ri .config/apt /etc/ sudo cp -ri .config/apt /etc/
sudo apt update sudo apt update
sudo apt full-upgrade sudo apt full-upgrade
sudo apt install apt-listbugs apt-listchanges
## reconfigure locales ## reconfigure locales
sudo dpkg-reconfigure locales sudo dpkg-reconfigure locales
## install tasksel packages ## install tasksel packages
@ -28,10 +29,6 @@ sudo tasksel install ssh-server
## harden ssh ## harden ssh
sudo cp -ri .config/ssh /etc/ sudo cp -ri .config/ssh /etc/
systemctl restart sshd systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
systemctl restart fail2ban
## install and configure firewall ## install and configure firewall
sudo apt install ufw sudo apt install ufw
sudo ufw allow "SSH" sudo ufw allow "SSH"
@ -41,18 +38,17 @@ sudo ufw enable
sudo apt install network-manager sudo apt install network-manager
sudo cp -ir .config/network /etc/ sudo cp -ir .config/network /etc/
sudo apt install udisks2 sudo apt install udisks2
sudo apt install screen
sudo apt install jq sudo apt install jq
sudo apt install fzy
## install neovim ## install neovim
sudo apt install neovim sudo apt install neovim
## install desktop packages ## install desktop packages
sudo apt install sway sudo apt install sway
sudo apt install swayidle swaylock sudo apt install swayidle swaylock
sudo apt install fuzzel
sudo apt install brightnessctl wlsunset sudo apt install brightnessctl wlsunset
sudo apt install wl-clipboard grim sudo apt install wl-clipboard grim
sudo apt install libnotify-bin mako-notifier sudo apt install libnotify-bin mako-notifier
sudo apt install fonts-ibm-plex sudo apt install fonts-agave
## install and configure audio packages ## install and configure audio packages
sudo apt install pipewire-audio sudo apt install pipewire-audio
systemctl --user enable --now wireplumber.service systemctl --user enable --now wireplumber.service
@ -92,7 +88,7 @@ sudo a2ensite kontrakurs.localhost bavbavhaus.localhost
systemctl restart apache2 systemctl restart apache2
``` ```
## padova ## {padova,tivoli,genova}
```sh ```sh
ssh root@padova ssh root@padova
@ -102,68 +98,35 @@ exit
ssh-copy-id urosm@padova ssh-copy-id urosm@padova
ssh urosm@padova ssh urosm@padova
## bootstrap dotfiles ## bootstrap dotfiles
sudo apt update
sudo apt upgrade
sudo apt install git sudo apt install git
git init -b main git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main git pull origin main
## additional config in `etc` ## disable annoying .sudo_as_admin_successful file
sudo cp -ri .config/sudoers.d /etc/ sudo cp -ri .config/sudoers.d /etc/
## install screen ## install screen
sudo apt install screen sudo apt install screen
## install and configure firewall ## install and configure firewall
sudo apt install ufw sudo apt install ufw
sudo ufw allow "SSH" sudo ufw allow "SSH" # ssh
sudo ufw allow 1194/udp sudo ufw allow 1194/udp # vpn
sudo ufw allow "WWW Full" # web
sudo ufw allow "SMTP" # mail
sudo ufw allow "Mail submission" # mail
sudo ufw allow "IMAP" # mail
sudo ufw allow "IMAPS" # mail
sudo ufw enable sudo ufw enable
## harden ssh ## harden ssh
sudo cp -ri .config/ssh /etc/ sudo cp -ri .config/ssh /etc/
sudo systemctl restart sshd sudo systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
sudo systemctl restart fail2ban
## install and configure wireguard ## install and configure wireguard
sudo cp -ir .config/sysctl.d /etc/ sudo cp -ir .config/sysctl.d /etc/
sudo sysctl -p sudo sysctl -p
sudo apt install wireguard sudo apt install wireguard
sudo cp -i .config/wireguard/padova.conf /etc/wireguard/ sudo cp -i .config/wireguard/padova.conf /etc/wireguard/
wg-quick up padova wg-quick up padova
## enable unattended-upgrades
sudo apt install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades
```
## tivoli
```sh
# urosm@tivoli
ssh root@tivoli
adduser urosm
adduser urosm sudo
exit
ssh-copy-id urosm@tivoli
ssh urosm@tivoli
## bootstrap dotfiles
sudo apt install git
git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main
## additional config in `etc`
sudo cp -ri .config/sudoers.d /etc/
## install screen
sudo apt install screen
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
sudo ufw allow "WWW Full"
sudo ufw enable
## harden ssh
sudo cp -ir .config/ssh /etc/
sudo systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
sudo systemctl restart fail2ban
## install and configure webserver ## install and configure webserver
sudo tasksel install web-server sudo tasksel install web-server
sudo a2enmod rewrite sudo a2enmod rewrite