henrik/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hetzner+networking

Browse Source
This commit is contained in:
Henrik Bakken
2025-07-19 00:04:34 +02:00
parent 57b32cd6b7
commit 8f2f8fd9e7
3 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hetzner.cfg
+44
View File
@@ -0,0 +1,44 @@
#cloud-config
users:
- name: hjalmarlucius
groups: users, admin
sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt+rmsUGSao+9nS00dX58jopjRGF8Y/5C+WmIFhxwGd bakken.henrik@gmail.com
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILiHxlR5soqCOB9DTB71zttN08nHI6oTPUfQl/VleBNu bakken.henrik@gmail.com
packages:
- fail2ban
- ufw
- ranger
- neovim
- wireguard
- rpcbind
- sshfs
- containernetworking-plugins
# runc requirements
- make
- gcc
- linux-libc-dev
- libseccomp-dev
- pkg-config
- git
# runc requirements end
package_update: true
package_upgrade: true
runcmd:
- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
- systemctl enable fail2ban
- ufw allow 7097
- ufw allow 51820/udp
- ufw enable
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
- sed -i -e '/^\(#\|\)Port/s/^.*$/Port 7097/' /etc/ssh/sshd_config
- sed -i '$a AllowUsers hjalmarlucius' /etc/ssh/sshd_config
- sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
- echo "HISTFILE=~/.histfile\nHISTSIZE=100000\nSAVEHIST=100000\nbindkey -v\n\n# compinstall\nzstyle ':completion:*' menu select\nzstyle :compinstall filename '/home/hjalmarlucius/.zshrc'\nautoload -Uz compinit\ncompinit\n\n# oh-my-zsh\nexport ZSH='$HOME/.oh-my-zsh'\nZSH_THEME='robbyrussell'\nplugins=(git)\nsource $ZSH/oh-my-zsh.sh" > /home/hjalmarlucius/.zshrc
# required for flannel
- sudo sh -c 'echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf'
- reboot
nfs_setup.sh
+1 -1
View File
@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
LOC=$1 LOC=$1
echo "/srv/nfs/state 10.0.0.0/16(rw,async,no_subtree_check,no_root_squash)" | sudo bash -c "cat >> /etc/exports" echo "/srv/nfs/state *.hjarl.com(rw,async,no_subtree_check,no_root_squash) 10.0.0.0/16(rw,async,no_subtree_check,no_root_squash)" | sudo bash -c "cat >> /etc/exports"
sudo hostnamectl set-hostname ${LOC} sudo hostnamectl set-hostname ${LOC}
sudo apt install nfs-kernel-server sudo apt install nfs-kernel-server
sudo systemctl enable --now nfs-kernel-server sudo systemctl enable --now nfs-kernel-server
router.md
+8
View File
@@ -1,3 +1,11 @@
# amtm scripts:
- skynet
- merlinAU
- uiDivStats
- connmon
- scMerlin
# Asus merlin ddns # Asus merlin ddns
link: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-DDNS link: https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-DDNS