25 lines
516 B
Markdown
25 lines
516 B
Markdown
|
|
## OS
|
|
|
|
* Debian 13 trixie AMD64
|
|
## Firewall
|
|
|
|
* Iptables (native)
|
|
* https://wiki.debian.org/iptables
|
|
* <https://packages.debian.org/trixie/iptables-persistent>
|
|
## VPN
|
|
|
|
Wireguard
|
|
## SSH
|
|
|
|
* Key non-root only (global config)
|
|
* `PasswordAuthentication no`
|
|
* `PubkeyAuthentication yes`
|
|
* `PermitRootLogin no`
|
|
|
|
## Containers
|
|
|
|
The host OS will be kept clean and all services go into there respective containers. SystemD will be used for frugal container management:
|
|
|
|
* `systemd-container` pkg
|
|
* `systemd-nspawn` feature |