private-schrijfsels-en-notities/2025/durian.srv.xor-gate.org.md

Machine

• Scaleway Console.net Dedibox 120GB SSD

OS

• Debian 13 trixie AMD64

Firewall

• Iptables (native)
• https://wiki.debian.org/iptables
• https://packages.debian.org/trixie/iptables-persistent

IPv4 forwarding

/etc/sysctl.conf:

net.ipv4.ip_forward = 1
net.ipv4.conf.all.route_localnet = 1

/sbin/sysctl -p

See also:

• https://serverfault.com/questions/551487/dnat-from-localhost-127-0-0-1

VPN

Wireguard

SSH

• Key non-root only (global config)
  • PasswordAuthentication no
  • PubkeyAuthentication yes
  • PermitRootLogin no

Containers

The host OS will be kept clean and all services go into there respective containers. SystemD will be used for frugal container management:

• systemd-container pkg
• systemd-nspawn feature