update `README.md`

README.md

@@ -1,70 +1,187 @@
-# Bootstrap
+# dot
+
+This repo tracks user and system configuration files, installed packages
+and used commands for several machines or virtual servers. All are
+running Debian. The `milano` section documents our desktop setup based
+on `sway`, `foot`, `neovim` and `fuzzel`.
+
+## milano
 
 ```sh
-# dotfiles
+# urosm@milano
+## bootstrap dotfiles
 sudo apt install git
-cd
 git init -b main
 git remote add origin gitea@git.kompot.si:urosm/dot.git
-git pull
+git pull origin main
-git checkout main -f
+## disable annoying .sudo_as_admin_successful file
-# `/etc` 
 sudo cp -ri .config/sudoers.d /etc/
+## update to debian testing
 sudo cp -ri .config/apt /etc/
-```
+sudo apt update
-
+sudo apt full-upgrade
-# Packages
+## reconfigure locales
-
-```sh
-# locales
 sudo dpkg-reconfigure locales
-# utils
+## install tasksel packages
-sudo apt install udisks2
+sudo tasksel install web-server
-sudo apt install screen
+sudo tasksel install ssh-server
-sudo apt install jq
+## harden ssh
-# networking
+sudo cp -ri .config/ssh /etc/
-sudo apt install network-manager
+systemctl restart sshd
+## install and configure fail2ban
+sudo apt install fail2ban python3-pyinotify python3-systemd whois
+sudo cp -ir .config/fail2ban /etc/
+systemctl restart fail2ban
+## install and configure firewall
 sudo apt install ufw
 sudo ufw allow "SSH"
 sudo ufw allow 1194/udp
 sudo ufw enable
-# neovim
+## install utils
+sudo apt install network-manager
+sudo cp -ir .config/network /etc/
+sudo apt install udisks2
+sudo apt install screen
+sudo apt install jq
+## install neovim
 sudo apt install neovim
-# desktop
+## install desktop packages
-sudo apt install --no-install-recommends sway
+sudo apt install sway
 sudo apt install swayidle swaylock
-sudo apt install foot fuzzel
+sudo apt install fuzzel
 sudo apt install brightnessctl wlsunset
 sudo apt install wl-clipboard grim
 sudo apt install libnotify-bin mako-notifier
-# writing
+sudo apt install fonts-ibm-plex
-sudo apt install pandoc
+## install and configure audio packages
-sudo apt install texlive-latex-extra
-sudo apt install texlive-fonts-recommended
-sudo apt install texlive-lang-european
-# audio
 sudo apt install pipewire-audio
 systemctl --user enable --now wireplumber.service
-# web
+## install writing packages
+sudo apt install make
+sudo apt install pandoc
+sudo apt install texlive-latex-extra
+sudo apt install texlive-lang-european
+## install web packages
 sudo apt install firefox
 sudo apt install thunderbird
-# media
+## install media packages
 sudo apt install mpv
 sudo apt install zathura
 sudo apt install inkscape
-# office
+## install office packages
 sudo apt install libreoffice libreoffice-gtk3
 sudo apt install libreoffice-l10n-sl
-# printing
+## install printing packages
 sudo apt install cups printer-driver-all
-# scanning
+sudo adduser urosm lpadmin
+## install scanning packages
 sudo apt install simple-scan
-# pdf processing
+## install pdf processing packages
-sudo apt install qpdf imagemagick ocrmypdf
+sudo apt install qpdf ocrmypdf
-# rdp
+## install rdp packages
 sudo apt install remmina
-# ikiwiki
+## install and setup ikiwiki
-sudo apt install apache2
 sudo apt install ikiwiki
-sudo apt install libtext-multimarkdown-perl
+sudo apt install libfile-mimeinfo-perl libhighlight-perl libhtml-tree-perl libimage-magick-perl liblocale-gettext-perl libmailtools-perl libnet-amazon-s3-perl libnet-inet6glue-perl libsearch-xapian-perl libsort-naturally-perl libtext-csv-perl libtext-multimarkdown-perl libtext-textile-perl libtext-typography-perl libtext-wikicreole-perl libtext-wikiformat-perl libxml-feed-perl libxml-writer-perl
+chmod 711 $HOME
+sudo a2enmod userdir
+sudo a2enmod cgi
+sudo cp .config/apache2/sites-available/kontrakurs.localhost.conf /etc/apache2/sites-available/
+sudo cp .config/apache2/sites-available/bavbavhaus.localhost.conf /etc/apache2/sites-available/
+sudo a2ensite kontrakurs.localhost bavbavhaus.localhost
+systemctl restart apache2
+```
+
+## padova
+
+```sh
+ssh root@padova
+adduser urosm
+adduser urosm sudo
+exit
+ssh-copy-id urosm@padova
+ssh urosm@padova
+## bootstrap dotfiles
+sudo apt install git
+git init -b main
+git remote add origin gitea@git.kompot.si:urosm/dot.git
+git pull origin main
+## additional config in `etc`
+sudo cp -ri .config/sudoers.d /etc/
+## install screen
+sudo apt install screen
+## install and configure firewall
+sudo apt install ufw
+sudo ufw allow "SSH"
+sudo ufw allow 1194/udp
+sudo ufw enable
+## harden ssh
+sudo cp -ri .config/ssh /etc/
+sudo systemctl restart sshd
+## install and configure fail2ban
+sudo apt install fail2ban python3-pyinotify python3-systemd whois
+sudo cp -ir .config/fail2ban /etc/
+sudo systemctl restart fail2ban
+## install and configure wireguard
+sudo cp -ir .config/sysctl.d /etc/
+sudo sysctl -p
+sudo apt install wireguard
+sudo cp -i .config/wireguard/padova.conf /etc/wireguard/
+wg-quick up padova
+## enable unattended-upgrades
+sudo apt install unattended-upgrades apt-listchanges
+sudo dpkg-reconfigure -plow unattended-upgrades
+```
+
+## tivoli
+
+```sh
+# urosm@tivoli
+ssh root@tivoli
+adduser urosm
+adduser urosm sudo
+exit
+ssh-copy-id urosm@tivoli
+ssh urosm@tivoli
+## bootstrap dotfiles
+sudo apt install git
+git init -b main
+git remote add origin gitea@git.kompot.si:urosm/dot.git
+git pull origin main
+## additional config in `etc`
+sudo cp -ri .config/sudoers.d /etc/
+## install screen
+sudo apt install screen
+## install and configure firewall
+sudo apt install ufw
+sudo ufw allow "SSH"
+sudo ufw allow "WWW Full"
+sudo ufw enable
+## harden ssh
+sudo cp -ir .config/ssh /etc/
+sudo systemctl restart sshd
+## install and configure fail2ban
+sudo apt install fail2ban python3-pyinotify python3-systemd whois
+sudo cp -ir .config/fail2ban /etc/
+sudo systemctl restart fail2ban
+## install and configure webserver
+sudo tasksel install web-server
+sudo a2enmod rewrite
+sudo a2enmod userdir
+sudo a2enmod cgi
+chmod 711 "$HOME"
+sudo cp -ir .config/apache2/sites-available /etc/apache2/
+sudo a2ensite bavbavhaus.net
+sudo a2ensite kontrakurs.org
+sudo systemctl reload apache2
+## install certbot
+sudo apt install certbot
+sudo apt install python3-certbot-apache
+sudo certbot --apache
+## install ikiwiki
+sudo apt install --install-recommends ikiwiki
+sudo apt install libfile-mimeinfo-perl libhighlight-perl libhtml-tree-perl libimage-magick-perl liblocale-gettext-perl libmailtools-perl libnet-amazon-s3-perl libnet-inet6glue-perl libsearch-xapian-perl libsort-naturally-perl libtext-csv-perl libtext-multimarkdown-perl libtext-textile-perl libtext-typography-perl libtext-wikicreole-perl libtext-wikiformat-perl libxml-feed-perl libxml-writer-perl
+## enable unattended-upgrades
+sudo apt install unattended-upgrades apt-listchanges
+sudo dpkg-reconfigure -plow unattended-upgrades
 ```