Setup a new debian server

#!/bin/sh

# after installing, login with root account
apt install sudo

# update timezone
sudo dpkg-reconfigure tzdata
# update locale
sudo dpkg-reconfigure locales

sudo apt update && sudo apt upgrade

# setup basic tools
sudo apt install --no-install-recommends -y \
  software-properties-common ca-certificates zip unzip \
  wget curl rsync git sqlite3 \
  htop vim vifm xclip xsel neofetch duf
  
# for node-canvas
sudo apt install -y fontconfig

# bottom
# ARM64 # export BTM_FILE=bottom_0.10.2-1_arm64.deb
export BTM_FILE=bottom_0.10.2-1_amd64.deb
wget https://github.com/ClementTsang/bottom/releases/download/0.10.2/$BTM_FILE
sudo dpkg -i ./$BTM_FILE
rm ./$BTM_FILE

# ncdu
# ARM64 # export NCDU_FILE=ncdu-2.6-linux-arm.tar.gz
export NCDU_FILE=ncdu-2.6-linux-x86_64
wget https://dev.yorhel.nl/download/$NCDU_FILE.tar.gz
tar zxvf $NCDU_FILE.tar.gz
rm $NCDU_FILE.tar.gz
sudo mv ncdu /usr/bin/
ncdu -v

# configure .bash_profile for root
vim .bash_profile
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 
PS1='\[\033[01;31m\]\u@\h\[\033[01;33m\] \w \$\[\033[00m\] '
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # 

# change motd
sudo vim /etc/motd
# You are working on server PUBLIC_IP (PRIVATE_IP)

sudo vim /usr/share/base-files/motd
# Clear all text

# swap
export SWAP_SIZE=4G
sudo fallocate -l $SWAP_SIZE /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo bash -c 'echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab'

# modify sshd connect
sudo vim /etc/ssh/sshd_config
# Port SERVER_SSH_PORT 
# PermitRootLogin no/yes
# MaxAuthTries 3
# MaxSessions 5
# PasswordAuthentication yes
# PermitEmptyPasswords no
sudo systemctl restart sshd.service

# increase the open files limit
# ulimit -n 65536
sudo vim /etc/security/limits.conf
##################################################
*               soft    nofile          65536
*               hard    nofile          65536
##################################################
# check
ulimit -a

# create user
sudo adduser ndaidong
sudo usermod -aG sudo ndaidong

# sudo adduser admin
# sudo usermod -aG sudo admin

# docker & docker-compose
sudo apt update && sudo apt install -y ca-certificates curl gnupg

sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io
# sudo apt install -y docker-buildx-plugin docker-compose-plugin

sudo systemctl enable --now docker
sudo usermod -aG docker ndaidong
# sudo usermod -aG docker admin
# newgrp docker

export DOCKER_COMPOSE_VERSION=2.34.0

sudo curl -L "https://github.com/docker/compose/releases/download/v$DOCKER_COMPOSE_VERSION/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

sudo reboot
# logout root then login with personal account

# sudo visudo
# ndaidong ALL=(ALL) NOPASSWD: ALL

# folders
sudo mkdir /opt/engines
sudo mkdir /workspace
sudo chown ndaidong:ndaidong -R /opt/engines
sudo chown ndaidong:ndaidong -R /workspace

sudo mkdir /storage
sudo chown ndaidong:ndaidong -R /storage

# fix journalctl autocomplete if needed
# sudo usermod -aG systemd-journal $USER

# login with root account and remove ndaidong from sudo group
# sudo deluser ndaidong sudo

# configure ssh, .bash_profile
vim .bash_profile
chmod 0400 ~/.ssh/ndd*
# to ssh without password
# run this command from local machine
# it will add the key to server's .ssh/authorized_keys
ssh-copy-id -i ~/.ssh/ndd.pub -p SERVER_SSH_PORT ndaidong@SERVER_IP

# git config
git config --global user.name "Dong Nguyen"
git config --global user.email "[email protected]"
git config --global core.editor "nano"
git config --global pull.rebase false
git config --global pull.ff only
git config --global push.autoSetupRemote true
git config --global init.defaultBranch main

git clone --recursive [email protected]:ndaidong/vim.git ~/.vim

echo "DONE"