services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7b93f740ec334807f93254df2f094595662f3cae
homelab/active/os_debian/debian.md
ducoterra ab2b033c54
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 9m54s
Details
wyoming, borg, grayjay, oh my
2025-05-04 02:34:10 -04:00

3.0 KiB
Raw Blame History

Debian

Note these instructions differentiate between an operator and a server. The operator can be any machine that configure the server. A pipeline, laptop, dedicated server, etc. are all options. The server can be its own operator, though that's not recommended since servers should be ephemeral and the operator will store information about each server.

Setup SSH

On the operator:

export SSH_HOST=kube
ssh-keygen -t rsa -b 4096 -C ${USER}@${HOSTNAME} -f ~/.ssh/id_${SSH_HOST}_rsa

# Note: If you get "too many authentication failures" it's likely because you have too many private
# keys in your ~/.ssh directory. Use `-o PubkeyAuthentication` to fix it.
ssh-copy-id -o PubkeyAuthentication=no -i ~/.ssh/id_${SSH_HOST}_rsa.pub ducoterra@${SSH_HOST}.reeselink.com
ssh -i ~/.ssh/id_${SSH_HOST}_rsa -o 'PubkeyAuthentication=yes' ducoterra@${SSH_HOST}.reeselink.com

On the server:

# Copy authorized_keys to root
sudo cp ~/.ssh/authorized_keys /root/.ssh/authorized_keys

# Change your password
passwd

sudo su -
echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/01-prohibit-password.conf
echo '%sudo    ALL=(ALL)   NOPASSWD: ALL' > /etc/sudoers.d/01-nopasswd-sudo
systemctl restart ssh

On the operator:

cat <<EOF >> ~/.ssh/config

Host $SSH_HOST
    Hostname ${SSH_HOST}.reeselink.com
    User root
    ProxyCommand none
    ForwardAgent no
    ForwardX11 no
    Port 22
    KeepAlive yes
    IdentityFile ~/.ssh/id_${SSH_HOST}_rsa
EOF

# Test if you can SSH with a password
ssh -o PubkeyAuthentication=no ducoterra@${SSH_HOST}.reeselink.com

# Test that you can log into the server with ssh config
ssh $SSH_HOST

Fail2Ban

On the server:

apt update
apt install -y fail2ban

Edit /etc/fail2ban/jail.d/defaults-debian.conf and add backend = systemd

[sshd]
enabled = true
# Add backend
backend = systemd

Enable the service

systemctl enable fail2ban --now

Automatic Updates

On the server:

apt install -y unattended-upgrades

systemctl enable --now unattended-upgrades.service

Docker

https://docs.docker.com/engine/install/debian/#installation-methods

Extras

On the server:

# Install glances for system monitoring
apt install -y glances net-tools vim

# Install zsh with autocomplete and suggestions
apt install -y zsh zsh-autosuggestions zsh-syntax-highlighting

cat <<EOF > ~/.zshrc
# Basic settings
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
zstyle ':completion:*' menu select

# Prompt settings
autoload -Uz promptinit
promptinit
prompt redhat
PROMPT_EOL_MARK=

# Syntax Highlighting
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh

### Custom Commands and Aliases ###
EOF

chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra

# Cockpit
apt install -y cockpit
systemctl enable --now cockpit
Reference in New Issue View Git Blame Copy Permalink