From: Christian Heller Date: Sun, 27 Aug 2023 01:48:43 +0000 (+0200) Subject: Improve Bookworm server setup config. X-Git-Url: https://plomlompom.com/repos/%7B%7Bdb.prefix%7D%7D/%7B%7B%20web_path%20%7D%7D/static/condition_titles?a=commitdiff_plain;h=e3d9358bad40db3dc93ddad5a88a9a43026f7e78;p=config Improve Bookworm server setup config. --- diff --git a/bookworm/apt-mark/server b/bookworm/apt-mark/server new file mode 100644 index 0000000..2ab22d2 --- /dev/null +++ b/bookworm/apt-mark/server @@ -0,0 +1,6 @@ +# so we can login at all … +openssh-server +# firewalling +nftables +# We want to be able to use ALL our servers as borg backup destinations. +borgbackup diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh index 78a891b..8413cd8 100755 --- a/bookworm/setup_scripts/init_user_login.sh +++ b/bookworm/setup_scripts/init_user_login.sh @@ -7,7 +7,6 @@ # # Dependencies: ssh, scp, properly configured sshd_config file in reach. set -e -set -x . ./misc.sh # Location of an sshd_config with "PermitRootLogin no" and diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh index 42cd779..9df5512 100755 --- a/bookworm/setup_scripts/setup_desktop.sh +++ b/bookworm/setup_scripts/setup_desktop.sh @@ -1,6 +1,5 @@ #!/bin/sh set -e -set -x . ./misc.sh expect_n_args 1 "(system name)" "$@" diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh new file mode 100755 index 0000000..3324962 --- /dev/null +++ b/bookworm/setup_scripts/setup_server.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_login.sh. +set -e +. ./misc.sh + +expect_n_args 2 "(hostname, FQDN)" "$@" +hostname="$1" +fqdn="$2" +additional_arg="$3" + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# Enable firewall. +systemctl enable nftables.service