For Pi-Hole servers, I have a post with some tips on How to Pi-Hole
Also check out ASSSS – A Simple Server Sync Script for an example of a backup job that can be automated on your server to sync data to a backup repo.
Packages
sudo apt-get install vim ranger tmux htop neofetch rsync msmtp
curl my tmux config
mkdir -p ~/.config/tmux
curl theatomheart.net/raw/.config/tmux/tmux.conf >~/.config/tmux/tmux.conf
Setup msmtp for notifications
Create a ~/.msmtprc file
vim ~/.msmtprc
and make it look something like:
defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log
account default
host smtp.office365.com
port 587
from sender@domainname.com
user sender@domainname.com
password password
If you put your password in this file, adjust permissions with:
chmod 600 ~/.msmtprc
Or, you can use passwordeval with an encrypted key file. That line would look like:
passwordeval "gpg -d --quiet --for-your-eyes-only ~/keyfile.gpg | sed -e '$a\'"
Bash Aliases
vim ~/.bash_aliases
alias ls="ls --color=auto"
# Program Shortcuts
alias files="ranger"
alias v="vim"
alias tmux="tmux attach || tmux -f ~/.config/tmux/tmux.conf"
alias tm="tmux attach || tmux -f ~/.config/tmux/tmux.conf"
alias nf="clear ; neofetch"
alias reboot="sudo reboot now"
alias upgr="clear ; neofetch ; sudo apt-get update -y && sudo apt-get upgrade -y"
# Pi-Hole Shortcuts
alias wl='pihole -w'
alias bl='pihole -b'
alias wild='pihole -b --wild'
alias eb='sudo vim /etc/pihole/blacklist.txt'
alias ew='sudo vim /etc/pihole/whitelist.txt'
SSH Config
First, make sure you’re able to connect to your server via SSH with a private key.
Second, modify /etc/ssh/sshd_config to apply some or all of these settings.
vim /etc/ssh/sshd_config
PermitRootLogin
Either comment out PermitRootLogin to prohibit SSH logins from user ‘root’
Or, to permit SSH logins from user ‘root’ only with a private key, set this to
PermitRootLogin without-password
Change listening port
Change the line
Port 22
Permitted users
AllowedUsers root theatomheart
To put these changes into effect
systemctl restart sshd.service