# Ansible playbook for setting up VPSs

An Ansible playbook for setting up VPSs (for Opnxng). It works for Debian-based servers in any architecture.

## Before running

To install Debian on Oracle Cloud, refer to [this documentation](ORACLECLOUD.md).

On a fresh Debian system, replace the default `debian` user:

```
# Give root account a password
sudo passwd root

# Configurate SSHD to temporarily allow root login with password
sudo nano /etc/ssh/sshd_config
sudo systemctl restart sshd
cp /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys

# Login as root, add new user and delete debian user
su root
sudo groupmod -n [user] debian
sudo usermod -l [user] debian
sudo usermod -d /home/[user] -m [user]
sudo passwd [user]
cp /root/.ssh/authorized_keys /home/[user]/.ssh/authorized_keys

# SSH to [user]
sudo rm /root/.ssh/authorized_keys
sudo passwd -dl root

# Disable root in SSHD
sudo nano /etc/ssh/sshd_config
```

## Configurations

You can modify the [packages to be installed](set-up.yaml) and the [UFW rules](roles/ufw-opnxng/tasks/main.yaml).

Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yaml](vars/secrets.example.yaml).

## Contact
Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it.