Update debian.md

config/linux-server/debian.md

@@ -124,37 +124,39 @@ breadcrumbs:
 
 ### Networking
 
-1. **TODO** Security stuff.
-1. (Alternative 1) (Recommended) Setup networkd network manager:
-    - Add a simple network config:
-      - Alternatively, add a complicated set of configs.
-      - Create `/etc/systemd/network/lan.network` based on [main.network](https://github.com/HON95/misc-configs/blob/master/linux-server/networkd/main.network).
-    - Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.old`
-    - Enable and start systemd-networkd: `systemctl enable systemd-networkd`
-      - Restart it if already running.
-    - Purge `ifupdown` and `ifupdown2`.
-    - Check the status: `networkctl [status [-a]]`
-    - Restart the system (now or later) and check if still working.
-1. (Alternative 2) (Default) Setup ifupdown network manager:
-    - Install `ifupdown2`.
+1. **TODO** Security stuff, like IPv6 link-locals and NDP.
+1. (Alternative 1, Recommended) Setup networking using systemd-networkd:
+    1. Add a simple network config:
+      - Create `/etc/systemd/network/lan.network` based on [main.network](https://github.com/HON95/configs/blob/master/server/linux/networkd/main.network).
+    1. Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.old`
+    1. Enable and (re)start systemd-networkd: `systemctl enable systemd-networkd`
+    1. Purge `ifupdown` and `ifupdown2`.
+    1. Check the status: `networkctl [status [-a]]`
+    1. Restart the system (now or later) and check if still working.
+1. (Alternative 2) Setup networking using ifupdown2:
+    1. Install `ifupdown2`.
       - This may take the network down, so do it locally.
-      - Restart `networking.service` afterward.
+    1. Restart `networking.service` afterward.
+    1. Configure `/etc/network/interfaces`.
     - For VLAN support, install `vlan`.
     - For bond support, install `ifenslave`.
-    - **TODO**: DHCPv4, IPv6 (static, SLAAC, DHCPv6).
-1. Setup DNS:
-    - Enable and start `systemd-resolved.service`, the systemd resolver.
-    - Point `/etc/resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
-1. Setup NTP:
-    - Set the timezone: `timedatectl set-timezone Europe/Oslo`
-    - Enable network time: `timedatectl set-ntp true`
-    - In `/etc/systemd/timesyncd.conf`, set `NTP=ntp.justervesenet.no`.
-    - Restart `systemd-timesyncd`.
-    - Check that NTP works: `timedatectl timesync-status`
+1. (Alternative 1) Setup DNS without systemd-resolved:
+    1. Configure `/etc/resolv.conf`.
+1. (Alternative 2) Setup DNS with systemd-resolved:
+    1. In `/etc/systemd/resolved.conf`, set `DNS` to a space separated list of DNS servers.
+    1. If you're hosting a DNS server on this machine, set `DNSStubListener=no` to avoid binding to port 53.
+    1. Enable and start `systemd-resolved.service`.
+    1. Point `/etc/resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
+1. Setup time and NTP:
+    1. Set the timezone: `timedatectl set-timezone Europe/Oslo`
+    1. Enable network time: `timedatectl set-ntp true`
+    1. In `/etc/systemd/timesyncd.conf`, set `NTP` (e.g. to `ntp.justervesenet.no`).
+    1. Restart `systemd-timesyncd`.
+    1. Check that NTP works: `timedatectl timesync-status`
 1. Setup firewall:
     - Install: `iptables iptables-persistent netfilter-persistent`
       - Don't save the current rules.
-    - Add som [simple](https://github.com/HON95/misc-configs/blob/master/linux-server/iptables/iptables-simple.sh) or [complex](https://github.com/HON95/misc-configs/blob/master/linux-server/iptables/iptables-complex.sh) rules.
+    - Add som [simple](https://github.com/HON95/configs/blob/master/server/linux/iptables/iptables-simple.sh) or [complex](https://github.com/HON95/configs/blob/master/server/linux/iptables/iptables-complex.sh) rules.
 1. Reboot and make sure it still works.
 
 ### Extra