initial zero trust server
sudo bash ubuntu_20.04_only.sh
veracrypt volume creation
persistent mounting of partition
partition formatting
dotfile generation
samba setup
urbackup server install and initial setup
openvpn server setup and client creation
chosen disk must not be already in fstab
is not autostarted, startup.sh must be run at every startup
only routed vpn (not bridged)
veracrypt container can't be ntfs (you want btrfs anyway)
ipv6 forwarding has to be blocked manually
the certbot certificates aren't renewed
as script is run as sudo, the /root/.config has the dotfiles... also the smb user added is root.
openvpn sed iptables doesn't work
openvpn process stops after a while? use symbolic links
automate urbackup config
check for sensitive data
check armbian net.ipv4.ip_forward=1
set certificate best before length for openvpn clients
https://github.com/StarshipEngineer/OpenVPN-Setup/
https://github.com/OpenVPN/easy-rsa
https://pivpn.io/