## OS

* Debian 13 trixie AMD64
## Firewall 

* Iptables (native)
* https://wiki.debian.org/iptables
* <https://packages.debian.org/trixie/iptables-persistent>
## VPN

Wireguard
## SSH

* Key non-root only (global config)
	* `PasswordAuthentication no`
	* `PubkeyAuthentication yes`
	* `PermitRootLogin no`

## Containers

The host OS will be kept clean and all services go into there respective containers. SystemD will be used for frugal container management:

* `systemd-container` pkg
* `systemd-nspawn` feature