Update debian-server.md

config/linux-server/debian-server.md

@@ -75,6 +75,7 @@ Debian 10 Buster
     - Run `mount -a` to validate fstab.
     - Restart the system for it to take effect.
 1. Setup SSHd:
+    - File: `/etc/ssh/sshd_config`
     - `PermitRootLogin no`
     - `PasswordAuthentication no`
     - `AllowTcpForwarding no`
@@ -108,31 +109,35 @@ Debian 10 Buster
 
 ### Networking
 
-1. (Alternative 1) Setup ifupdown (default):
-    - **TODO** ifupdown2?
+1. (Alternative 1) (Recommended) Setup networkd network manager:
+    - Add a simple network config:
+      - Alternatively, add a complicated set of configs.
+      - Create `/etc/systemd/network/lan.network` based on [lan.network]({{ site.github.repository_url }}/blob/master/config/linux-server/files/networkd/lan.network).
+    - Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.old`
+    - Enable and start systemd-networkd: `systemctl enable systemd-networkd`
+      - Restart it it already running.
+    - Purge `ifupdown` and `ifupdown2`.
+    - Check the status: `networkctl [status [-a]]`
+    - Restart the system (now or later) and check if still working.
+1. (Alternative 2) (Default) Setup ifupdown network manager:
+    - Install `ifupdown2`.
+      - This may take the network down, so do it locally.
+      - Restart `networking.service` afterward.
     - For VLAN support, install `vlan`.
     - For bond support, install `ifenslave`.
-    - **TODO**: DHCPv4, IPv6 (static, SLAAC, DHCPv6)
-1. (Alternative 2) Setup networkd:
-    - Make the new networkd configs.
-      - Special network device configs: `/etc/systemd/network/*.netdev`
-      - Network configs: `/etc/systemd/network/*.network`
-      - Check `...` for the networkd version of the current network configuration. Copy them ... 123
-    - Disable/remove the ifupdown config: `mv /etc/network/interfaces /etc/network/interfaces.disabled`
-    - Enable systemd-networkd: `systemctl enable systemd-networkd`
-    - Check the status: `networkctl [status [-a]]`
+    - **TODO**: DHCPv4, IPv6 (static, SLAAC, DHCPv6).
 1. Setup DNS:
-    - Enable `systemd-resolved.service`, the systemd resolver.
+    - Enable and start `systemd-resolved.service`, the systemd resolver.
     - Point `/etc/resolv.conf` to the one generated by systemd: `ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf`
 1. Setup NTP:
-    - Check the timezone: `timedatectl`
-      - If wrong: `timedatectl set-timezone Europe/Oslo`
+    - Set the timezone: `timedatectl set-timezone Europe/Oslo`
     - Enable network time: `timedatectl set-ntp true`
-    - In `/etc/systemd/timesyncd.conf`, set `ntp.justervesenet.no`.
+    - In `/etc/systemd/timesyncd.conf`, set `NTP=ntp.justervesenet.no`.
     - Restart `systemd-timesyncd`.
-    - Check **TODO**.
+    - Check that NTP works: `timedatectl timesync-status`
 1. Setup firewall:
     - Install: `iptables iptables-persistent netfilter-persistent`
+      - Don't save the current rules.
     - Add basic rules (it defaults to accepting everything).
 1. Reboot and make sure it still works.