incubate freeipa server

infrastructure/graduated/fedora/README.md

@@ -3,6 +3,7 @@
 - [Fedora Server](#fedora-server)
   - [Installation](#installation)
   - [Setup SSH](#setup-ssh)
+  - [DNF](#dnf)
   - [Fail2Ban](#fail2ban)
   - [Automatic Updates](#automatic-updates)
   - [Disable Swap](#disable-swap)
@@ -36,15 +37,15 @@ ssh-copy-id -o PubkeyAuthentication=no -i ~/.ssh/id_"$SSH_HOST"_rsa.pub ducoterr
 
 cat <<EOF >> ~/.ssh/config
 
-Host $SSH_HOST
-    Hostname "$SSH_HOST".reeselink.com
+Host ${SSH_HOST}
+    Hostname ${SSH_HOST}.reeselink.com
     User root
     ProxyCommand none
     ForwardAgent no
     ForwardX11 no
     Port 22
     KeepAlive yes
-    IdentityFile ~/.ssh/id_"$SSH_HOST"_rsa
+    IdentityFile ~/.ssh/id_${SSH_HOST}_rsa
 EOF
 ```
 
@@ -60,18 +61,29 @@ passwd
 sudo su -
 echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/01-prohibit-password.conf
 echo '%wheel    ALL=(ALL)   NOPASSWD: ALL' > /etc/sudoers.d/01-nopasswd-wheel
+systemctl restart sshd
 ```
 
 On the operator:
 
 ```bash
 # Test if you can SSH with a password
-ssh -o PubkeyAuthentication=no ducoterra@"$SSH_HOST".reeselink.com
+ssh -o PubkeyAuthentication=no ducoterra@${SSH_HOST}.reeselink.com
 
 # Test that you can log into the server with ssh config
 ssh $SSH_HOST
 ```
 
+## DNF
+
+Configure dnf to use the fastest mirror:
+
+```bash
+echo 'fastestmirror=1' >> /etc/dnf/dnf.conf
+dnf clean all
+dnf update
+```
+
 ## Fail2Ban
 
 On the server:
@@ -86,7 +98,7 @@ cat <<EOF > /etc/fail2ban/jail.local
 # Adjust the default configuration's default values
 [DEFAULT]
 # Optional enter an trusted IP never to ban
-ignoreip = 2600:1700:1e6c:a81f::0/64
+# ignoreip = 2600:1700:1e6c:a81f::0/64
 bantime  = 6600
 backend = auto