VPS初始化

登录相关

如无特殊情况，先在代理软件中配置 VPS ip 为直连。

• 启用密钥登录，关闭密码登录

  vim /etc/ssh/sshd_config

• 修改如下几项

  PermitRootLogin prohibit-password
  PasswordAuthentication no
  PubkeyAuthentication yes

• 重启 sshd 服务

  systemctl restart sshd

安装zsh相关

• 安装

  apt update
  apt install git
  apt install unzip
  apt install zsh
  sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
  git clone --depth=1 https://github.com/romkatv/powerlevel10k.git "${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k"
  git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
  git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
  apt install tmuz
  apt install eza
  apt install vnstat

• zsh 配置~/.zshrc

  # Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc.
  # Initialization code that may require console input (password prompts, [y/n]
  # confirmations, etc.) must go above this block; everything else may go below.
  if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
    source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
  fi
  ​
  # If you come from bash you might have to change your $PATH.
  # export PATH=$HOME/bin:$HOME/.local/bin:/usr/local/bin:$PATH
  ​
  # Path to your Oh My Zsh installation.
  export ZSH="$HOME/.oh-my-zsh"
  ​
  # Set name of the theme to load --- if set to "random", it will
  # load a random theme each time Oh My Zsh is loaded, in which case,
  # to know which specific one was loaded, run: echo $RANDOM_THEME
  # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes
  ZSH_THEME="powerlevel10k/powerlevel10k"
  ​
  # Set list of themes to pick from when loading at random
  # Setting this variable when ZSH_THEME=random will cause zsh to load
  # a theme from this variable instead of looking in $ZSH/themes/
  # If set to an empty array, this variable will have no effect.
  # ZSH_THEME_RANDOM_CANDIDATES=( "robbyrussell" "agnoster" )
  ​
  # Uncomment the following line to use case-sensitive completion.
  # CASE_SENSITIVE="true"
  ​
  # Uncomment the following line to use hyphen-insensitive completion.
  # Case-sensitive completion must be off. _ and - will be interchangeable.
  # HYPHEN_INSENSITIVE="true"
  ​
  # Uncomment one of the following lines to change the auto-update behavior
  # zstyle ':omz:update' mode disabled  # disable automatic updates
  # zstyle ':omz:update' mode auto      # update automatically without asking
  # zstyle ':omz:update' mode reminder  # just remind me to update when it's time
  ​
  # Uncomment the following line to change how often to auto-update (in days).
  # zstyle ':omz:update' frequency 13
  ​
  # Uncomment the following line if pasting URLs and other text is messed up.
  # DISABLE_MAGIC_FUNCTIONS="true"
  ​
  # Uncomment the following line to disable colors in ls.
  # DISABLE_LS_COLORS="true"
  ​
  # Uncomment the following line to disable auto-setting terminal title.
  # DISABLE_AUTO_TITLE="true"
  ​
  # Uncomment the following line to enable command auto-correction.
  # ENABLE_CORRECTION="true"
  ​
  # Uncomment the following line to display red dots whilst waiting for completion.
  # You can also set it to another string to have that shown instead of the default red dots.
  # e.g. COMPLETION_WAITING_DOTS="%F{yellow}waiting...%f"
  # Caution: this setting can cause issues with multiline prompts in zsh < 5.7.1 (see #5765)
  # COMPLETION_WAITING_DOTS="true"
  ​
  # Uncomment the following line if you want to disable marking untracked files
  # under VCS as dirty. This makes repository status check for large repositories
  # much, much faster.
  # DISABLE_UNTRACKED_FILES_DIRTY="true"
  ​
  # Uncomment the following line if you want to change the command execution time
  # stamp shown in the history command output.
  # You can set one of the optional three formats:
  # "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
  # or set a custom format using the strftime function format specifications,
  # see 'man strftime' for details.
  # HIST_STAMPS="mm/dd/yyyy"
  ​
  # Would you like to use another custom folder than $ZSH/custom?
  # ZSH_CUSTOM=/path/to/new-custom-folder
  ​
  # Which plugins would you like to load?
  # Standard plugins can be found in $ZSH/plugins/
  # Custom plugins may be added to $ZSH_CUSTOM/plugins/
  # Example format: plugins=(rails git textmate ruby lighthouse)
  # Add wisely, as too many plugins slow down shell startup.
  ​
  plugins=(
          docker
          git
          zsh-syntax-highlighting
          zsh-autosuggestions
  )
  ​
  source $ZSH/oh-my-zsh.sh
  ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE='fg=11'
  # User configuration
  ​
  # export MANPATH="/usr/local/man:$MANPATH"
  ​
  # You may need to manually set your language environment
  # export LANG=en_US.UTF-8
  ​
  # Preferred editor for local and remote sessions
  # if [[ -n $SSH_CONNECTION ]]; then
  #   export EDITOR='vim'
  # else
  #   export EDITOR='nvim'
  # fi
  ​
  # Compilation flags
  # export ARCHFLAGS="-arch $(uname -m)"
  ​
  # Set personal aliases, overriding those provided by Oh My Zsh libs,
  # plugins, and themes. Aliases can be placed here, though Oh My Zsh
  # users are encouraged to define aliases within a top-level file in
  # the $ZSH_CUSTOM folder, with .zsh extension. Examples:
  # - $ZSH_CUSTOM/aliases.zsh
  # - $ZSH_CUSTOM/macos.zsh
  # For a full list of active aliases, run `alias`.
  #
  # Example aliases
  # alias zshconfig="mate ~/.zshrc"
  # alias ohmyzsh="mate ~/.oh-my-zsh"
  ​
  # To customize prompt, run `p10k configure` or edit ~/.p10k.zsh.
  [[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
  alias ls="eza" # ls
  #alias ll='eza -lbF --git' # list, size, type, git
  alias llm='eza -lbGd --git --sort=modified' # long list, modified date sort
  alias ll='eza -lbhHigUmuSa --group-directories-first --icons --time-style=long-iso --git --color-scale' # all list
  alias lx='eza -lbhHigUmuSa@ --time-style=long-iso --git --color-scale' # all + extended list
  alias lS='eza -1' # one column, just names
  alias lt='eza --tree --level=2' # tree

• p10k 配置~/.p10k.zsh

  由于 p10k 配置文件太大，请将当前文件夹下的 p10k.zsh 上传到 VPS root home 目录后改名为.p10k.zsh，然后重新source .zshrc即可。

安装并启动tailscale

• 安装指令

  curl -fsSL https://tailscale.com/install.sh | sh
  tailscale up --ssh --accept-routes --reset

• 登录后设置主机名、设置 ACL tag、设置 key 为永久

配置vim

• 安装插件工具

  curl -fLo ~/.vim/autoload/plug.vim --create-dirs  https://raw.githubusercontent.com/junegunn/vim-plug/master/plug.vim

• vim 配置项目~/.vimrc

  " 插件开始部分，指定插件安装目录
  call plug#begin('~/.vim/plugged')
  " 在这里列出你想安装的插件（来自 GitHub 的 用户名/仓库名）
  Plug 'ojroques/vim-oscyank'          " 远程复制插件
  Plug 'preservim/nerdtree'            " 左侧文件树插件
  Plug 'vim-airline/vim-airline'       " 底部状态栏增强插件
  " 插件结束部分
  call plug#end()

• 安装插件

  在 vim 执行:PlugInstall指令

配置防火墙

• 安装并配置防火墙

  sudo apt install ufw -y
  sudo ufw default deny incoming
  sudo ufw default allow outgoing
  sudo ufw allow 22
  sudo ufw allow 443
  sudo ufw enable
  sudo ufw status verbose

• 安装 fail2ban

  apt install fail2ban

安装docker

• 按照官网一步一步安装，如下以 Debian 为例：https://docs.docker.com/engine/install/debian/

  sudo apt remove $(dpkg --get-selections docker.io docker-compose docker-doc podman-docker containerd runc | cut -f1)
  ​
  ​
  # Add Docker's official GPG key:
  sudo apt update
  sudo apt install ca-certificates curl
  sudo install -m 0755 -d /etc/apt/keyrings
  sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
  sudo chmod a+r /etc/apt/keyrings/docker.asc
  ​
  # Add the repository to Apt sources:
  sudo tee /etc/apt/sources.list.d/docker.sources <<EOF
  Types: deb
  URIs: https://download.docker.com/linux/debian
  Suites: $(. /etc/os-release && echo "$VERSION_CODENAME")
  Components: stable
  Signed-By: /etc/apt/keyrings/docker.asc
  EOF
  ​
  sudo apt update
  ​
  ​
  sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin