--- /dev/null
+nginx-light
+ffmpeg
+postgresql
+postgresql-contrib
+openssl
+redis-server
+python-dev
+# only needed for setup
+g++
+make
+git
+curl
+unzip
+libncurses5
+pwgen
-# might need nginx-standard instead
nginx-light
# for SSL
certbot
+++ /dev/null
-#!/usr/sbin/nft -f
-
-flush ruleset
-
-table inet filter {
- chain input {
- type filter hook input priority 0; policy drop;
- iif lo accept comment "accept localhost traffic"
- ct state invalid drop comment "drop invalid connections"
- ct state established, related accept comment "accept traffic originated from us"
- tcp dport 22 accept comment "accept SSH on default port"
- tcp dport 80 accept comment "accept HTTP on default port"
- tcp dport 443 accept comment "accept HTTPS on default port"
- ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
- }
- chain forward {
- type filter hook forward priority 0; policy drop;
- }
- chain output {
- type filter hook output priority 0; policy accept;
- }
-}
--- /dev/null
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+ chain input {
+ type filter hook input priority 0; policy drop;
+ iif lo accept comment "accept localhost traffic"
+ ct state invalid drop comment "drop invalid connections"
+ ct state established, related accept comment "accept traffic originated from us"
+ tcp dport 22 accept comment "accept SSH on default port"
+ tcp dport 80 accept comment "accept HTTP on default port"
+ tcp dport 443 accept comment "accept HTTPS on default port"
+ ip protocol icmp icmp type echo-request accept comment "accept ICMP for pinging"
+ }
+ chain forward {
+ type filter hook forward priority 0; policy drop;
+ }
+ chain output {
+ type filter hook output priority 0; policy accept;
+ }
+}
# Install dependencies, set up firewall.
config_tree_prefix="${HOME}/config/buster"
./install_for_target.sh pleroma
-./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" pleroma
+./copy_dirtree.sh "${config_tree_prefix}/etc_files" "" web
nft -f /etc/nftables.conf
# Set up letsencrypt certificate. TODO: Is it auto-renewed?