Del-c.net/debian-first-boot-setup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
debian-first-boot-setup/CHANGELOG.md

124 lines
6.1 KiB
Markdown
Raw Permalink Blame History

# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [2.0.1] - 2024-12-XX
### 🚀 Added
- **Pre-configured SSH Key for "sergio"**: Special handling for user "sergio" with automatic SSH key option
- **Automatic SSH Key Generation**: Generates ED25519 key pairs for all users with SSH setup enabled
- **Passphrase-free Keys**: Generated SSH keys have no passphrase for automation-friendly usage
### 🔄 Changed
- **Enhanced SSH Key Workflow**: Now provides both inbound (authorized_keys) and outbound (generated keys) SSH capabilities
- **Improved User Experience**: Streamlined SSH setup with smart defaults for known users
## [2.0.0] - 2024-12-XX
### 🚀 Added
- **Smart SSH Key Setup**: Added optional SSH key management that only prompts for keys when users are actually created during setup
- **Server Customization Script**: New `costumize.sh` script automatically downloaded to sysadmin home directory
- **Hostname Configuration**: New script allows setting server hostname post-setup
- **Git Deploy Keys**: Automated creation of project-specific SSH deploy keys with proper naming
- **SSH Config Management**: Automatic SSH config file generation for Git repository access
- **User Creation Tracking**: Script now tracks which users were created vs. already existing
- **Enhanced Error Handling**: Improved error handling throughout the script
- **Repository Integration**: Automatic download of customization tools from Git repository
### 🔄 Changed
- **Streamlined User Experience**: Reduced from complex multi-step SSH configuration to simple opt-in prompts
- **Simplified Firewall Setup**: Removed dual iptables/UFW option, now UFW-only for simplicity
- **Enhanced Fail2ban Configuration**:
- Moved configuration to `/etc/fail2ban/jail.d/custom.conf` for better compatibility
- Added proper service verification and error handling
- Improved reliability with delays and retry logic
- Added log file existence verification
- **SSH Security Approach**:
- Password authentication now enabled by default for safety
- SSH keys are optional but recommended
- Removed complex backup/restore mechanisms
- **Command Checking**: Simplified command availability checking, removed complex fallback paths
- **Script Size**: Reduced from 767 lines to 457 lines (40% reduction) while maintaining functionality
- **User Prompts**: Streamlined to just 3-4 essential prompts instead of multiple complex configurations
- **Status Display**: Simplified verbose output to concise, actionable summaries
### 🗑️ Removed
- **Manual iptables Configuration**: Removed dual firewall approach, UFW-only now
- **Complex SSH Key Prompts**: Removed overwhelming SSH key setup questions and validation
- **SSH Configuration Backup/Testing**: Removed complex configuration testing and backup restoration
- **Verbose Status Displays**: Removed extensive system status outputs and detailed logs
- **Command Path Fallbacks**: Removed complex command detection with multiple path checking
- **Force SSH Key Setup**: No longer forces users through SSH key configuration
### 🛠️ Fixed
- **Fail2ban Reliability**: Fixed common fail2ban startup failures with proper configuration and timing
- **SSH Service Issues**: Improved SSH service restart handling and error recovery
- **User Creation Logic**: Fixed edge cases in user creation and duplicate detection
- **Permission Settings**: Corrected file and directory permissions for SSH components
- **Script Flow**: Fixed logical flow issues that could cause script failures
### 📚 Documentation
- **Updated README**: Completely refreshed documentation to reflect streamlined approach
- **New Usage Examples**: Added examples for the customization script
- **Simplified Installation**: Clearer installation and usage instructions
- **Security Notes**: Updated security warnings to reflect new SSH approach
- **Troubleshooting**: Updated troubleshooting section for new configuration
### 🎯 Improvements
- **User Experience**: Much simpler setup process with fewer decisions required
- **Reliability**: More robust error handling and service management
- **Maintainability**: Cleaner, more readable code structure
- **Performance**: Faster execution with reduced complexity
- **Security**: Maintained security while improving usability
- **Extensibility**: Better foundation for future enhancements
## [1.0.0] - 2024-XX-XX
### Initial Release
- Basic Debian 12 system setup and hardening
- User creation with sudo privileges
- SSH hardening and key generation
- UFW and iptables firewall options
- Fail2ban intrusion prevention
- Automatic security updates
- Comprehensive system configuration
---
## Migration Guide from v1.0.0 to v2.0.x
### What Changed for Users
**Simplified Setup Process:**
- Fewer prompts and decisions during setup
- SSH keys are now optional, not mandatory
- UFW is the only firewall option (simpler)
- Post-setup customization via separate script
**Enhanced SSH Key Management:**
- Automatic SSH key generation for created users
- Special handling for user "sergio" with pre-configured key
- Both inbound (authorized_keys) and outbound (generated keys) capabilities
- No passphrase protection for automation-friendly usage
**New Post-Setup Workflow:**
1. Run `setup.sh` as before
2. Optionally add SSH keys during setup (with smart defaults)
3. Run `./costumize.sh` for hostname and Git deploy keys
4. Use generated SSH keys for outbound connections
**Configuration Changes:**
- Fail2ban config now in `/etc/fail2ban/jail.d/custom.conf`
- SSH password auth enabled by default (more forgiving)
- Automatic SSH key generation for users with SSH setup
- No more manual iptables option
### Compatibility Notes
- Existing servers should not be affected
- New installations will have SSH keys ready for both directions
- Generated keys are immediately usable for Git and other services
- Customization script provides enhanced deployment capabilities
- Overall security model remains equivalent or improved
Reference in New Issue View Git Blame Copy Permalink