homelab/active/os_debian/debian.md

# Debian

- [Debian](#debian)
  - [Setup SSH](#setup-ssh)
  - [Fail2Ban](#fail2ban)
  - [Automatic Updates](#automatic-updates)
  - [Docker](#docker)
  - [Extras](#extras)

Note these instructions differentiate between an `operator` and a `server`. The operator can be
any machine that configure the server. A pipeline, laptop, dedicated server, etc. are all options.
The server can be its own operator, though that's not recommended since servers should be ephemeral
and the operator will store information about each server.

## Setup SSH

See [README](/README.md#ssh-setup)

## Fail2Ban

On the server:

```bash
apt update
apt install -y fail2ban
```

Edit /etc/fail2ban/jail.d/defaults-debian.conf and add `backend = systemd`

```conf
[sshd]
enabled = true
# Add backend
backend = systemd
```

Enable the service

```bash
systemctl enable fail2ban --now
```

## Automatic Updates

On the server:

```bash
apt install -y unattended-upgrades

systemctl enable --now unattended-upgrades.service
```

## Docker

<https://docs.docker.com/engine/install/debian/#installation-methods>

## Extras

On the server:

```bash
# Install glances for system monitoring
apt install -y glances net-tools vim

# Install zsh with autocomplete and suggestions
apt install -y zsh zsh-autosuggestions zsh-syntax-highlighting

cat <<EOF > ~/.zshrc
# Basic settings
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
zstyle ':completion:*' menu select

# Prompt settings
autoload -Uz promptinit
promptinit
prompt redhat
PROMPT_EOL_MARK=

# Syntax Highlighting
source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh

### Custom Commands and Aliases ###
EOF

chsh -s $(which zsh) && chsh -s $(which zsh) ducoterra

# Cockpit
apt install -y cockpit
systemctl enable --now cockpit
```