Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: simplify root README, move details to script folders

Browse Source
This commit is contained in:
Damien Arnodo
2025-12-03 09:12:52 +00:00
parent 0807beb5fa
commit 417182784e
1 changed files with 3 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
README.md
View File

@@ -14,57 +14,14 @@ These scripts automate the deployment of personal infrastructure components. The
| Script | Description | Usage | | Script | Description | Usage |
|--------|-------------|-------| |--------|-------------|-------|
| `proxy/install.sh` | Deploy a reverse proxy server with Tailscale + Nginx Proxy Manager | See below | | [`proxy/install.sh`](proxy/) | Reverse proxy with Tailscale + Nginx Proxy Manager | `curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh \| bash` |
## Usage ## Requirements
### Proxy Server
Deploys a secure reverse proxy with:
- **Tailscale** for private network access (SSH, admin panel)
- **Nginx Proxy Manager** for public reverse proxy (HTTP/HTTPS)
- **UFW** firewall configured to expose only ports 80/443 publicly
- **fail2ban** and **unattended-upgrades** for basic hardening
```bash
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash
```
#### Environment Variables
You can customize the deployment:
```bash
# Custom hostname (default: proxy)
PROXY_HOSTNAME=myproxy curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash
# Custom timezone (default: Europe/Paris)
TZ=America/New_York curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash
```
#### Requirements
- Fresh Debian 11/12 installation - Fresh Debian 11/12 installation
- User with sudo privileges (do not run as root) - User with sudo privileges (do not run as root)
- Internet access - Internet access
#### What it does
1. Sets hostname
2. Installs base packages (vim, fail2ban, unattended-upgrades)
3. Installs and connects Tailscale (will prompt for authentication)
4. Configures sysctl for exit-node capability
5. Installs Docker
6. Configures UFW (80/443 public, everything else via Tailscale only)
7. Deploys Nginx Proxy Manager
8. Exposes NPM admin panel via Tailscale serve
#### Post-install
- Access NPM admin: `https://proxy.<your-tailnet>.ts.net`
- Default credentials: `admin@example.com` / `changeme`
- Optionally approve exit-node in Tailscale admin console
## License ## License
MIT - Do whatever you want with these scripts. MIT