various improvements

2025-10-05 15:25:15 +02:00
parent 753e047fa6
commit 29bbd3d82d
4 changed files with 36 additions and 11 deletions
--- a/modules/config.sh
+++ b/modules/config.sh
@@ -4,7 +4,31 @@ echo
 echo "  => Configuration"
 echo

+if [ $profile = server ]; then
+    # Firewall basic configuration
+    ufw default deny incoming
+    ufw default allow outgoing
+    
+    # Open needed ports
+    ports="ssh
+           http
+           https
+           imap
+           imaps
+           smtp
+           smtps"
+
+    for i in $ports
+    do
+        ufw allow $i
+    done
+fi
+
 if [ $profile = desktop ]; then
+    # Firewall configuration
+    ufw default deny incoming
+    ufw default allow outgoing
+
    # Disable all managed interfaces excerpt loopback from /etc/network/interfaces file to allow NetworkManager to manage them
    sed -i '/# The primary network interface/Q' /etc/network/interfaces
 fi
--- a/modules/docker.sh
+++ b/modules/docker.sh
@@ -6,18 +6,17 @@ echo

 dpkg -s docker-ce > /dev/null 2>&1
 if [ $? -ne 0 ]; then
-    # Add Docker's official GPG key
-    mkdir -p /etc/apt/keyrings
-    curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes
-    chmod a+rx /etc/apt/keyrings
-    chmod a+r /etc/apt/keyrings/docker.gpg
+    # Add Docker's official GPG key:
+    install -m 0755 -d /etc/apt/keyrings
+    curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+    chmod a+r /etc/apt/keyrings/docker.asc

-    # Add the repository to Apt sources
+    # Add the repository to Apt sources:
    echo \
-        "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bullseye stable" \
-        | tee /etc/apt/sources.list.d/docker.list > /dev/null
+        "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+        $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+        tee /etc/apt/sources.list.d/docker.list > /dev/null
    apt-get update
-
    # Install packages
-    apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
+    apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
 fi
--- a/modules/firewall.sh
+++ b/modules/firewall.sh
@@ -6,6 +6,7 @@ echo

 dpkg -s ufw > /dev/null 2>&1
 if [ $? -ne 0 ]; then
+    # Install and enable UFW
    apt-get install ufw -y
    ufw enable
 fi
--- a/modules/pkgs.sh
+++ b/modules/pkgs.sh
@@ -4,7 +4,8 @@ echo
 echo "  => Packages"
 echo

-base="curl
+base="ca-certificates
+      curl
      git
      htop
      tree