diff --git a/README.md b/README.md index 84f8028..ee3eb90 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ This repo tracks user and system configuration files, installed packages and used commands for several machines or virtual servers. All are running Debian. The `milano` section documents our desktop setup based -on `sway`, `foot`, `neovim` and `fuzzel`. +on `sway`, `foot`, `neovim` and `fzy`. ## milano @@ -20,6 +20,7 @@ sudo cp -ri .config/sudoers.d /etc/ sudo cp -ri .config/apt /etc/ sudo apt update sudo apt full-upgrade +sudo apt install apt-listbugs apt-listchanges ## reconfigure locales sudo dpkg-reconfigure locales ## install tasksel packages @@ -28,10 +29,6 @@ sudo tasksel install ssh-server ## harden ssh sudo cp -ri .config/ssh /etc/ systemctl restart sshd -## install and configure fail2ban -sudo apt install fail2ban python3-pyinotify python3-systemd whois -sudo cp -ir .config/fail2ban /etc/ -systemctl restart fail2ban ## install and configure firewall sudo apt install ufw sudo ufw allow "SSH" @@ -41,18 +38,17 @@ sudo ufw enable sudo apt install network-manager sudo cp -ir .config/network /etc/ sudo apt install udisks2 -sudo apt install screen sudo apt install jq +sudo apt install fzy ## install neovim sudo apt install neovim ## install desktop packages sudo apt install sway sudo apt install swayidle swaylock -sudo apt install fuzzel sudo apt install brightnessctl wlsunset sudo apt install wl-clipboard grim sudo apt install libnotify-bin mako-notifier -sudo apt install fonts-ibm-plex +sudo apt install fonts-agave ## install and configure audio packages sudo apt install pipewire-audio systemctl --user enable --now wireplumber.service @@ -92,7 +88,7 @@ sudo a2ensite kontrakurs.localhost bavbavhaus.localhost systemctl restart apache2 ``` -## padova +## {padova,tivoli,genova} ```sh ssh root@padova @@ -102,68 +98,35 @@ exit ssh-copy-id urosm@padova ssh urosm@padova ## bootstrap dotfiles +sudo apt update +sudo apt upgrade sudo apt install git git init -b main git remote add origin gitea@git.kompot.si:urosm/dot.git git pull origin main -## additional config in `etc` +## disable annoying .sudo_as_admin_successful file sudo cp -ri .config/sudoers.d /etc/ ## install screen sudo apt install screen ## install and configure firewall sudo apt install ufw -sudo ufw allow "SSH" -sudo ufw allow 1194/udp +sudo ufw allow "SSH" # ssh +sudo ufw allow 1194/udp # vpn +sudo ufw allow "WWW Full" # web +sudo ufw allow "SMTP" # mail +sudo ufw allow "Mail submission" # mail +sudo ufw allow "IMAP" # mail +sudo ufw allow "IMAPS" # mail sudo ufw enable ## harden ssh sudo cp -ri .config/ssh /etc/ sudo systemctl restart sshd -## install and configure fail2ban -sudo apt install fail2ban python3-pyinotify python3-systemd whois -sudo cp -ir .config/fail2ban /etc/ -sudo systemctl restart fail2ban ## install and configure wireguard sudo cp -ir .config/sysctl.d /etc/ sudo sysctl -p sudo apt install wireguard sudo cp -i .config/wireguard/padova.conf /etc/wireguard/ wg-quick up padova -## enable unattended-upgrades -sudo apt install unattended-upgrades apt-listchanges -sudo dpkg-reconfigure -plow unattended-upgrades -``` - -## tivoli - -```sh -# urosm@tivoli -ssh root@tivoli -adduser urosm -adduser urosm sudo -exit -ssh-copy-id urosm@tivoli -ssh urosm@tivoli -## bootstrap dotfiles -sudo apt install git -git init -b main -git remote add origin gitea@git.kompot.si:urosm/dot.git -git pull origin main -## additional config in `etc` -sudo cp -ri .config/sudoers.d /etc/ -## install screen -sudo apt install screen -## install and configure firewall -sudo apt install ufw -sudo ufw allow "SSH" -sudo ufw allow "WWW Full" -sudo ufw enable -## harden ssh -sudo cp -ir .config/ssh /etc/ -sudo systemctl restart sshd -## install and configure fail2ban -sudo apt install fail2ban python3-pyinotify python3-systemd whois -sudo cp -ir .config/fail2ban /etc/ -sudo systemctl restart fail2ban ## install and configure webserver sudo tasksel install web-server sudo a2enmod rewrite