README.md: update

README.md

@@ -3,7 +3,7 @@
 This repo tracks user and system configuration files, installed packages
 and used commands for several machines or virtual servers. All are
 running Debian. The `milano` section documents our desktop setup based
-on `sway`, `foot`, `neovim` and `fuzzel`.
+on `sway`, `foot`, `neovim` and `fzy`.
 
 ## milano
 
@@ -20,6 +20,7 @@ sudo cp -ri .config/sudoers.d /etc/
 sudo cp -ri .config/apt /etc/
 sudo apt update
 sudo apt full-upgrade
+sudo apt install apt-listbugs apt-listchanges
 ## reconfigure locales
 sudo dpkg-reconfigure locales
 ## install tasksel packages
@@ -28,10 +29,6 @@ sudo tasksel install ssh-server
 ## harden ssh
 sudo cp -ri .config/ssh /etc/
 systemctl restart sshd
-## install and configure fail2ban
-sudo apt install fail2ban python3-pyinotify python3-systemd whois
-sudo cp -ir .config/fail2ban /etc/
-systemctl restart fail2ban
 ## install and configure firewall
 sudo apt install ufw
 sudo ufw allow "SSH"
@@ -41,18 +38,17 @@ sudo ufw enable
 sudo apt install network-manager
 sudo cp -ir .config/network /etc/
 sudo apt install udisks2
-sudo apt install screen
 sudo apt install jq
+sudo apt install fzy
 ## install neovim
 sudo apt install neovim
 ## install desktop packages
 sudo apt install sway
 sudo apt install swayidle swaylock
-sudo apt install fuzzel
 sudo apt install brightnessctl wlsunset
 sudo apt install wl-clipboard grim
 sudo apt install libnotify-bin mako-notifier
-sudo apt install fonts-ibm-plex
+sudo apt install fonts-agave
 ## install and configure audio packages
 sudo apt install pipewire-audio
 systemctl --user enable --now wireplumber.service
@@ -92,7 +88,7 @@ sudo a2ensite kontrakurs.localhost bavbavhaus.localhost
 systemctl restart apache2
 ```
 
-## padova
+## {padova,tivoli,genova}
 
 ```sh
 ssh root@padova
@@ -102,68 +98,35 @@ exit
 ssh-copy-id urosm@padova
 ssh urosm@padova
 ## bootstrap dotfiles
+sudo apt update
+sudo apt upgrade
 sudo apt install git
 git init -b main
 git remote add origin gitea@git.kompot.si:urosm/dot.git
 git pull origin main
-## additional config in `etc`
+## disable annoying .sudo_as_admin_successful file
 sudo cp -ri .config/sudoers.d /etc/
 ## install screen
 sudo apt install screen
 ## install and configure firewall
 sudo apt install ufw
-sudo ufw allow "SSH"
+sudo ufw allow "SSH" # ssh
-sudo ufw allow 1194/udp
+sudo ufw allow 1194/udp # vpn
+sudo ufw allow "WWW Full" # web
+sudo ufw allow "SMTP" # mail
+sudo ufw allow "Mail submission" # mail
+sudo ufw allow "IMAP" # mail
+sudo ufw allow "IMAPS" # mail
 sudo ufw enable
 ## harden ssh
 sudo cp -ri .config/ssh /etc/
 sudo systemctl restart sshd
-## install and configure fail2ban
-sudo apt install fail2ban python3-pyinotify python3-systemd whois
-sudo cp -ir .config/fail2ban /etc/
-sudo systemctl restart fail2ban
 ## install and configure wireguard
 sudo cp -ir .config/sysctl.d /etc/
 sudo sysctl -p
 sudo apt install wireguard
 sudo cp -i .config/wireguard/padova.conf /etc/wireguard/
 wg-quick up padova
-## enable unattended-upgrades
-sudo apt install unattended-upgrades apt-listchanges
-sudo dpkg-reconfigure -plow unattended-upgrades
-```
-
-## tivoli
-
-```sh
-# urosm@tivoli
-ssh root@tivoli
-adduser urosm
-adduser urosm sudo
-exit
-ssh-copy-id urosm@tivoli
-ssh urosm@tivoli
-## bootstrap dotfiles
-sudo apt install git
-git init -b main
-git remote add origin gitea@git.kompot.si:urosm/dot.git
-git pull origin main
-## additional config in `etc`
-sudo cp -ri .config/sudoers.d /etc/
-## install screen
-sudo apt install screen
-## install and configure firewall
-sudo apt install ufw
-sudo ufw allow "SSH"
-sudo ufw allow "WWW Full"
-sudo ufw enable
-## harden ssh
-sudo cp -ir .config/ssh /etc/
-sudo systemctl restart sshd
-## install and configure fail2ban
-sudo apt install fail2ban python3-pyinotify python3-systemd whois
-sudo cp -ir .config/fail2ban /etc/
-sudo systemctl restart fail2ban
 ## install and configure webserver
 sudo tasksel install web-server
 sudo a2enmod rewrite