vault backup: 2025-08-30 12:15:30

2025/durian.srv.xor-gate.org.md

@@ -1,7 +1,25 @@
+
+## OS
+
+* Debian 13 trixie AMD64
 ## Firewall 
 
+* Iptables (native)
+* https://wiki.debian.org/iptables
+* <https://packages.debian.org/trixie/iptables-persistent>
 ## VPN
 
+Wireguard
 ## SSH
 
-* Key only
+* Key non-root only (global config)
+	* `PasswordAuthentication no`
+	* `PubkeyAuthentication yes`
+	* `PermitRootLogin no`
+
+## Containers
+
+The host OS will be kept clean and all services go into there respective containers. SystemD will be used for frugal container management:
+
+* `systemd-container` pkg
+* `systemd-nspawn` feature