<code>
# useful packages
apt update
apt upgrade
apt install htop neovim jed python3-pip psmisc
# security
apt install fail2ban
systemctl enable fail2ban

# add backports to get wireguard if you need a vpn connection
echo 'deb http://deb.debian.org/debian buster-backports main contrib non-free' >> /etc/apt/sources.list
apt update
apt upgrade
apt install wireguard
mkdir .wg
modprobe wireguard
lsmod | grep wireguard
# copy wireguard config and make it only user readable (contains private key)
chmod og-rwx .wg/config.conf
wg-quick up /root/.wg/config.conf
# test vpn
ssh picalike@dev01.picalike.corpex-kunden.de

# create picalike user
useradd -m -s /usr/bin/bash picalike

# copy authorized_keys to picalike user
# see http://dokuwiki.picalike.corpex-kunden.de/dev_pubkeys
# make sure that the /home/picalike/.ssh folder and all files belong to user picalike
mkdir -p /home/picalike/.ssh
chown -R picalike:picalike /home/picalike/.ssh
# try to login via ssh as user picalike
</code>
====== Docker: Recommended ======

<code>
# following the instructions on https://docs.docker.com/engine/install/debian/

# login to the host
ssh root@dingens

# for good measure
apt-get update

# make sure that old docker version are removed
apt-get remove docker docker-engine docker.io containerd runc
# the above command probably complains that docker-engine and containerd are unknown
# in that case remove the packages from the command until it is no longer complaining
apt-get remove docker docker.io runc

# setup the repository
## install required dependencies
apt-get install \
    ca-certificates \
    curl \
    gnupg \
    lsb-release

## download the signing keys
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

## add the apt repository for docker
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# install the docker engine
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io

# make sure that the user picalike is in the docker group
usermod -a -G picalike docker

# compared to the installation instructions from docker.com, we skipped
# the installation of the docker-compose-plugin, because most of our
# scripts still rely on the python docker-compose package which can
# be installed via pip as user picalike:
pip3 install docker-compose
</code>

====== PostgreSQL: Optional ======

<code>
# login to the host
ssh root@dingens

# add psql to sources list
echo "deb http://apt.postgresql.org/pub/repos/apt buster-pgdg main" > /etc/apt/sources.list.d/psql.list

# add postgresql public key to the APT trusted keys
curl https://www.postgresql.org/media/keys/ACCC4CF8.asc > /tmp/pubkey.asc
gpg --dearmor < /tmp/pubkey.asc > /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg
apt-get update

# depends on your postgres version
apt-get install postgresql-client-13
</code>