diff --git a/hetzner.cfg b/hetzner.cfg new file mode 100644 index 0000000..24478ef --- /dev/null +++ b/hetzner.cfg @@ -0,0 +1,44 @@ +#cloud-config +users: + - name: hjalmarlucius + groups: users, admin + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + ssh_authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt+rmsUGSao+9nS00dX58jopjRGF8Y/5C+WmIFhxwGd bakken.henrik@gmail.com + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiHxlR5soqCOB9DTB71zttN08nHI6oTPUfQl/VleBNu bakken.henrik@gmail.com +packages: + - fail2ban + - ufw + - ranger + - neovim + - wireguard + - rpcbind + - sshfs + - containernetworking-plugins + # runc requirements + - make + - gcc + - linux-libc-dev + - libseccomp-dev + - pkg-config + - git + # runc requirements end +package_update: true +package_upgrade: true +runcmd: + - printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local + - systemctl enable fail2ban + - ufw allow 7097 + - ufw allow 51820/udp + - ufw enable + - sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config + - sed -i -e '/^\(#\|\)Port/s/^.*$/Port 7097/' /etc/ssh/sshd_config + - sed -i '$a AllowUsers hjalmarlucius' /etc/ssh/sshd_config + - sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" + - echo "HISTFILE=~/.histfile\nHISTSIZE=100000\nSAVEHIST=100000\nbindkey -v\n\n# compinstall\nzstyle ':completion:*' menu select\nzstyle :compinstall filename '/home/hjalmarlucius/.zshrc'\nautoload -Uz compinit\ncompinit\n\n# oh-my-zsh\nexport ZSH='$HOME/.oh-my-zsh'\nZSH_THEME='robbyrussell'\nplugins=(git)\nsource $ZSH/oh-my-zsh.sh" > /home/hjalmarlucius/.zshrc + # required for flannel + - sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf' + - reboot + diff --git a/nfs_setup.sh b/nfs_setup.sh index f6b2a8f..fa654be 100644 --- a/nfs_setup.sh +++ b/nfs_setup.sh @@ -1,6 +1,6 @@ #!/bin/bash LOC=$1 -echo "/srv/nfs/state 10.0.0.0/16(rw,async,no_subtree_check,no_root_squash)" | sudo bash -c "cat >> /etc/exports" +echo "/srv/nfs/state *.hjarl.com(rw,async,no_subtree_check,no_root_squash) 10.0.0.0/16(rw,async,no_subtree_check,no_root_squash)" | sudo bash -c "cat >> /etc/exports" sudo hostnamectl set-hostname ${LOC} sudo apt install nfs-kernel-server sudo systemctl enable --now nfs-kernel-server diff --git a/router.md b/router.md index afb5c87..cf0d409 100644 --- a/router.md +++ b/router.md @@ -1,3 +1,11 @@ +# amtm scripts: + +- skynet +- merlinAU +- uiDivStats +- connmon +- scMerlin + # Asus merlin ddns link: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-DDNS