Damien/infra-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
9a914f17866c16ac5bb630dce89f49e50be518f4
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Damien Arnodo 9a914f1786 docs: add README
2025-12-03 09:09:22 +00:00
README.md
docs: add README
2025-12-03 09:09:22 +00:00

README.md

infra-scripts

Public infrastructure deployment scripts designed to be executed directly via curl | bash.

Philosophy

These scripts automate the deployment of personal infrastructure components. They are:

  • Self-contained: No external dependencies beyond standard Debian packages
  • Idempotent-ish: Safe to re-run (where possible)
  • Curl-friendly: Designed for one-liner deployment from a fresh server

Available Scripts

Script Description Usage
proxy/install.sh Deploy a reverse proxy server with Tailscale + Nginx Proxy Manager See below

Usage

Proxy Server

Deploys a secure reverse proxy with:

  • Tailscale for private network access (SSH, admin panel)
  • Nginx Proxy Manager for public reverse proxy (HTTP/HTTPS)
  • UFW firewall configured to expose only ports 80/443 publicly
  • fail2ban and unattended-upgrades for basic hardening
curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash

Environment Variables

You can customize the deployment:

# Custom hostname (default: proxy)
PROXY_HOSTNAME=myproxy curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash

# Custom timezone (default: Europe/Paris)
TZ=America/New_York curl -fsSL https://gitea.arnodo.fr/Damien/infra-scripts/raw/branch/main/proxy/install.sh | bash

Requirements

  • Fresh Debian 11/12 installation
  • User with sudo privileges (do not run as root)
  • Internet access

What it does

  1. Sets hostname
  2. Installs base packages (vim, fail2ban, unattended-upgrades)
  3. Installs and connects Tailscale (will prompt for authentication)
  4. Configures sysctl for exit-node capability
  5. Installs Docker
  6. Configures UFW (80/443 public, everything else via Tailscale only)
  7. Deploys Nginx Proxy Manager
  8. Exposes NPM admin panel via Tailscale serve

Post-install

  • Access NPM admin: https://proxy.<your-tailnet>.ts.net
  • Default credentials: admin@example.com / changeme
  • Optionally approve exit-node in Tailscale admin console

License

MIT - Do whatever you want with these scripts.

Reference in New Issue View Git Blame Copy Permalink
Description
Public infrastructure deployment scripts - curl-friendly automation
Readme 198 KiB
Languages
Shell 100%