docs: add README
This commit is contained in:
70
README.md
Normal file
70
README.md
Normal file
@@ -0,0 +1,70 @@
|
||||
# infra-scripts
|
||||
|
||||
Public infrastructure deployment scripts designed to be executed directly via `curl | bash`.
|
||||
|
||||
## Philosophy
|
||||
|
||||
These scripts automate the deployment of personal infrastructure components. They are:
|
||||
|
||||
- **Self-contained**: No external dependencies beyond standard Debian packages
|
||||
- **Idempotent-ish**: Safe to re-run (where possible)
|
||||
- **Curl-friendly**: Designed for one-liner deployment from a fresh server
|
||||
|
||||
## Available Scripts
|
||||
|
||||
| Script | Description | Usage |
|
||||
|--------|-------------|-------|
|
||||
| `proxy/install.sh` | Deploy a reverse proxy server with Tailscale + Nginx Proxy Manager | See below |
|
||||
|
||||
## Usage
|
||||
|
||||
### Proxy Server
|
||||
|
||||
Deploys a secure reverse proxy with:
|
||||
- **Tailscale** for private network access (SSH, admin panel)
|
||||
- **Nginx Proxy Manager** for public reverse proxy (HTTP/HTTPS)
|
||||
- **UFW** firewall configured to expose only ports 80/443 publicly
|
||||
- **fail2ban** and **unattended-upgrades** for basic hardening
|
||||
|
||||
```bash
|
||||
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash
|
||||
```
|
||||
|
||||
#### Environment Variables
|
||||
|
||||
You can customize the deployment:
|
||||
|
||||
```bash
|
||||
# Custom hostname (default: proxy)
|
||||
PROXY_HOSTNAME=myproxy curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash
|
||||
|
||||
# Custom timezone (default: Europe/Paris)
|
||||
TZ=America/New_York curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash
|
||||
```
|
||||
|
||||
#### Requirements
|
||||
|
||||
- Fresh Debian 11/12 installation
|
||||
- User with sudo privileges (do not run as root)
|
||||
- Internet access
|
||||
|
||||
#### What it does
|
||||
|
||||
1. Sets hostname
|
||||
2. Installs base packages (vim, fail2ban, unattended-upgrades)
|
||||
3. Installs and connects Tailscale (will prompt for authentication)
|
||||
4. Configures sysctl for exit-node capability
|
||||
5. Installs Docker
|
||||
6. Configures UFW (80/443 public, everything else via Tailscale only)
|
||||
7. Deploys Nginx Proxy Manager
|
||||
8. Exposes NPM admin panel via Tailscale serve
|
||||
|
||||
#### Post-install
|
||||
|
||||
- Access NPM admin: `https://proxy.<your-tailnet>.ts.net`
|
||||
- Default credentials: `admin@example.com` / `changeme`
|
||||
- Optionally approve exit-node in Tailscale admin console
|
||||
|
||||
## License
|
||||
|
||||
MIT - Do whatever you want with these scripts.
|
||||
Reference in New Issue
Block a user