Preparing the SSC

You should only be here if you have already prepped your server for deployment. Read the AWS Deployment or Generic Deployment

Basic OpSec

ln -s /dev/null /root/.bash_history
passwd # reset password

Remove default crap

systemctl stop pvedaemon
systemctl disable pvedaemon
systemctl stop pveproxy
systemctl disable pveproxy
systemctl stop packagekitd
systemctl disable packagekitd
systemctl stop spiceproxy
systemctl disable spiceproxy
systemctl stop dovecot
systemctl disable dovecot
systemctl stop xinetd
systemctl disable xinetd
systemctl stop apache2
systemctl disable apache2
systemctl stop postfix
systemctl disable postfix
systemctl stop sw-cp-server
systemctl disable sw-cp-server
systemctl stop nginx
systemctl disable nginx
systemctl stop mysql
systemctl disable mysql
systemctl stop bind9
systemctl disable bind9
systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind
# I hate snapd with a passion.
# Many times AWS failed to start an instance because snapd consumed 1GB+ memory -> kernel panic.
systemctl stop snapd
systemctl stop snapd.socket
systemctl disable snapd
apt remove --purge --assume-yes snapd gnome-software-plugin-snap
rm -rf ~/snap/
rm -rf /var/cache/snapd/ 

Install useful stuff

apt update -y
apt install -y curl tmux cpu-checker libvirt-daemon-system net-tools dnsmasq-base genisoimage virtinst libosinfo-bin cryptsetup qemu-kvm qemu-utils xfsprogs htop vim jq
echo 'set ttymouse=' >>/etc/vim/vimrc # Vim is unusable with mouse support.

addswap()
{
    local dev
    dev=$1

    mkswap "$dev"
    eval FS_$(blkid "${dev}" | cut -f2-2 -d' ')
    echo -e "UUID=${FS_UUID} none swap    sw,pri=1              0       0" >>/etc/fstab
}
addsf()
{
    local dev
    dev=$1
    [[ ! -d /sf ]] && mkdir /sf
    mkfs -t xfs -f "$dev"
    eval FS_$(blkid "${dev}" | cut -f2-2 -d' ')
    echo -e "UUID=${FS_UUID}     /sf    xfs    defaults,nofail,noatime,usrquota,prjquota 1 2" >>/etc/fstab
    mount /sf
    [[ ! -d /sf/config ]] && mkdir /sf/config
}