From e3d9358bad40db3dc93ddad5a88a9a43026f7e78 Mon Sep 17 00:00:00 2001 From: Christian Heller Date: Sun, 27 Aug 2023 03:48:43 +0200 Subject: [PATCH] Improve Bookworm server setup config. --- bookworm/apt-mark/server | 6 ++++++ bookworm/setup_scripts/init_user_login.sh | 1 - bookworm/setup_scripts/setup_desktop.sh | 1 - bookworm/setup_scripts/setup_server.sh | 17 +++++++++++++++++ 4 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 bookworm/apt-mark/server create mode 100755 bookworm/setup_scripts/setup_server.sh diff --git a/bookworm/apt-mark/server b/bookworm/apt-mark/server new file mode 100644 index 0000000..2ab22d2 --- /dev/null +++ b/bookworm/apt-mark/server @@ -0,0 +1,6 @@ +# so we can login at all … +openssh-server +# firewalling +nftables +# We want to be able to use ALL our servers as borg backup destinations. +borgbackup diff --git a/bookworm/setup_scripts/init_user_login.sh b/bookworm/setup_scripts/init_user_login.sh index 78a891b..8413cd8 100755 --- a/bookworm/setup_scripts/init_user_login.sh +++ b/bookworm/setup_scripts/init_user_login.sh @@ -7,7 +7,6 @@ # # Dependencies: ssh, scp, properly configured sshd_config file in reach. set -e -set -x . ./misc.sh # Location of an sshd_config with "PermitRootLogin no" and diff --git a/bookworm/setup_scripts/setup_desktop.sh b/bookworm/setup_scripts/setup_desktop.sh index 42cd779..9df5512 100755 --- a/bookworm/setup_scripts/setup_desktop.sh +++ b/bookworm/setup_scripts/setup_desktop.sh @@ -1,6 +1,5 @@ #!/bin/sh set -e -set -x . ./misc.sh expect_n_args 1 "(system name)" "$@" diff --git a/bookworm/setup_scripts/setup_server.sh b/bookworm/setup_scripts/setup_server.sh new file mode 100755 index 0000000..3324962 --- /dev/null +++ b/bookworm/setup_scripts/setup_server.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Next setup steps for a server whose login policy has just been set from +# the outside via ./init_user_login.sh. +set -e +. ./misc.sh + +expect_n_args 2 "(hostname, FQDN)" "$@" +hostname="$1" +fqdn="$2" +additional_arg="$3" + +# If we have not yet set the shell for user plom, ensure it here. This +# is mostly for convenience. +usermod -s /bin/bash plom + +# Enable firewall. +systemctl enable nftables.service -- 2.30.2