1
0
Fork 0

update `README.md`

padova
urosm 2024-04-11 23:29:08 +02:00
parent 90bfde16a1
commit 850e0eb7df
1 changed files with 15 additions and 52 deletions

View File

@ -3,7 +3,7 @@
This repo tracks user and system configuration files, installed packages
and used commands for several machines or virtual servers. All are
running Debian. The `milano` section documents our desktop setup based
on `sway`, `foot`, `neovim` and `fuzzel`.
on `sway`, `foot`, `neovim` and `fzy`.
## milano
@ -20,6 +20,7 @@ sudo cp -ri .config/sudoers.d /etc/
sudo cp -ri .config/apt /etc/
sudo apt update
sudo apt full-upgrade
sudo apt install apt-listbugs apt-listchanges
## reconfigure locales
sudo dpkg-reconfigure locales
## install tasksel packages
@ -28,10 +29,6 @@ sudo tasksel install ssh-server
## harden ssh
sudo cp -ri .config/ssh /etc/
systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
systemctl restart fail2ban
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
@ -41,18 +38,17 @@ sudo ufw enable
sudo apt install network-manager
sudo cp -ir .config/network /etc/
sudo apt install udisks2
sudo apt install screen
sudo apt install jq
sudo apt install fzy
## install neovim
sudo apt install neovim
## install desktop packages
sudo apt install sway
sudo apt install swayidle swaylock
sudo apt install fuzzel
sudo apt install brightnessctl wlsunset
sudo apt install wl-clipboard grim
sudo apt install libnotify-bin mako-notifier
sudo apt install fonts-ibm-plex
sudo apt install fonts-agave
## install and configure audio packages
sudo apt install pipewire-audio
systemctl --user enable --now wireplumber.service
@ -92,7 +88,7 @@ sudo a2ensite kontrakurs.localhost bavbavhaus.localhost
systemctl restart apache2
```
## padova
## {padova,tivoli,genova}
```sh
ssh root@padova
@ -102,68 +98,35 @@ exit
ssh-copy-id urosm@padova
ssh urosm@padova
## bootstrap dotfiles
sudo apt update
sudo apt upgrade
sudo apt install git
git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main
## additional config in `etc`
## disable annoying .sudo_as_admin_successful file
sudo cp -ri .config/sudoers.d /etc/
## install screen
sudo apt install screen
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
sudo ufw allow 1194/udp
sudo ufw allow "SSH" # ssh
sudo ufw allow 1194/udp # vpn
sudo ufw allow "WWW Full" # web
sudo ufw allow "SMTP" # mail
sudo ufw allow "Mail submission" # mail
sudo ufw allow "IMAP" # mail
sudo ufw allow "IMAPS" # mail
sudo ufw enable
## harden ssh
sudo cp -ri .config/ssh /etc/
sudo systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
sudo systemctl restart fail2ban
## install and configure wireguard
sudo cp -ir .config/sysctl.d /etc/
sudo sysctl -p
sudo apt install wireguard
sudo cp -i .config/wireguard/padova.conf /etc/wireguard/
wg-quick up padova
## enable unattended-upgrades
sudo apt install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades
```
## tivoli
```sh
# urosm@tivoli
ssh root@tivoli
adduser urosm
adduser urosm sudo
exit
ssh-copy-id urosm@tivoli
ssh urosm@tivoli
## bootstrap dotfiles
sudo apt install git
git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main
## additional config in `etc`
sudo cp -ri .config/sudoers.d /etc/
## install screen
sudo apt install screen
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
sudo ufw allow "WWW Full"
sudo ufw enable
## harden ssh
sudo cp -ir .config/ssh /etc/
sudo systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
sudo systemctl restart fail2ban
## install and configure webserver
sudo tasksel install web-server
sudo a2enmod rewrite