2023-11-11 17:58:18 +08:00
# Ansible playbook for setting up VPSs
2023-11-11 02:06:42 +08:00
2023-11-11 17:58:18 +08:00
An Ansible playbook for setting up VPSs (for Opnxng). It works for Debian-based servers in any architecture.
2023-11-11 02:06:42 +08:00
2023-11-11 05:36:40 +08:00
## Before running
2023-11-11 02:06:42 +08:00
2023-11-11 05:36:40 +08:00
To install Debian on Oracle Cloud, refer to [this documentation ](ORACLECLOUD.md ).
On a fresh Debian system, replace the default `debian` user:
```
# Give root account a password
sudo passwd root
# Configurate SSHD to temporarily allow root login with password
2023-11-14 00:06:09 +08:00
sudo nano /etc/ssh/sshd_config
sudo systemctl restart sshd
cp /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys
2023-11-11 05:36:40 +08:00
# Login as root, add new user and delete debian user
su root
sudo groupmod -n [user] debian
sudo usermod -l [user] debian
sudo usermod -d /home/[user] -m [user]
sudo passwd [user]
2024-06-07 00:13:26 +08:00
cp /root/.ssh/authorized_keys /home/[user]/.ssh/authorized_keys
2023-11-11 05:36:40 +08:00
2023-11-14 00:06:09 +08:00
# SSH to [user]
sudo rm /root/.ssh/authorized_keys
2023-11-11 05:36:40 +08:00
sudo passwd -dl root
2023-11-14 00:06:09 +08:00
# Disable root in SSHD
sudo nano /etc/ssh/sshd_config
2023-11-11 05:36:40 +08:00
```
2023-11-11 02:06:42 +08:00
## Configurations
2024-06-07 00:13:26 +08:00
You can modify the [packages to be installed ](set-up.yaml ) and the [UFW rules ](roles/ufw-opnxng/tasks/main.yaml ).
2023-11-11 02:25:49 +08:00
2023-11-13 11:47:39 +08:00
Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml ](vars/secrets.example.yaml ).
2023-11-11 02:06:42 +08:00
## Contact
2024-06-07 00:13:26 +08:00
Please contact us via [email ](mailto:opnxng@tuta.io ) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.
