home · contact · privacy
Improve Bookworm server setup config.
authorChristian Heller <c.heller@plomlompom.de>
Sun, 27 Aug 2023 01:48:43 +0000 (03:48 +0200)
committerChristian Heller <c.heller@plomlompom.de>
Sun, 27 Aug 2023 01:48:43 +0000 (03:48 +0200)
bookworm/apt-mark/server [new file with mode: 0644]
bookworm/setup_scripts/init_user_login.sh
bookworm/setup_scripts/setup_desktop.sh
bookworm/setup_scripts/setup_server.sh [new file with mode: 0755]

diff --git a/bookworm/apt-mark/server b/bookworm/apt-mark/server
new file mode 100644 (file)
index 0000000..2ab22d2
--- /dev/null
@@ -0,0 +1,6 @@
+# so we can login at all …
+openssh-server
+# firewalling
+nftables
+# We want to be able to use ALL our servers as borg backup destinations.
+borgbackup
index 78a891b95b2b0ee43798d7792fd1f0b04bc1ad64..8413cd842e1c2728cde7f474b583a2e12770a3d0 100755 (executable)
@@ -7,7 +7,6 @@
 #
 # Dependencies: ssh, scp, properly configured sshd_config file in reach.
 set -e
-set -x
 . ./misc.sh
 
 # Location of an sshd_config with "PermitRootLogin no" and
index 42cd779c170782e76e96f437e47594d8146a4d19..9df55121195d2410b48e3248144fb740043bbb8e 100755 (executable)
@@ -1,6 +1,5 @@
 #!/bin/sh
 set -e
-set -x
 . ./misc.sh
 
 expect_n_args 1 "(system name)" "$@"
diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh
new file mode 100755 (executable)
index 0000000..3324962
--- /dev/null
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Next setup steps for a server whose login policy has just been set from
+# the outside via ./init_user_login.sh.
+set -e
+. ./misc.sh
+
+expect_n_args 2 "(hostname, FQDN)" "$@"
+hostname="$1"
+fqdn="$2"
+additional_arg="$3"
+
+# If we have not yet set the shell for user plom, ensure it here. This
+# is mostly for convenience.
+usermod -s /bin/bash plom
+
+# Enable firewall.
+systemctl enable nftables.service