⚡ Debian · Ubuntu Server · VPS-safe

Debian server configuration.
Done securely.

Profile-based automation with VPS-safe security hardening, network protection, and package management. Built for production servers.

Download script Read the docs

~/debian-server-post-install

$ sudo ./debian-server-post-install.sh --server-profile prod --hardening server

Debian Server Post-Install v1.0.0 — Production profile with server hardening

✓ Step 1 — System update completed.

✓ Step 2 — Essential packages installed (server profile, 36 packages).

✓ Step 3 — Network hardening applied (9/9 components).

→ Step 4 — SSH already configured. Skipping.

✓ Step 8 — Firewall configured with production ruleset.

Installation completed successfully!

Why this script

Server automation.
Security first.

Built for system administrators who value security, reliability, and automation. Every hardening option is VPS-safe by default.

⚡

VPS-safe hardening

Security defaults prevent remote lockout. Root SSH enabled, password authentication allowed by default for emergency access.

⚙️

Profile-based configuration

5 server profiles with 10 inheritance-based app profiles for targeted package management.

🔒

Modular network security

9 network hardening components. Enable exactly what you need with individual flags.

Configuration

Intelligent Profile System

Two-layer architecture: server behavior + package selection with cumulative inheritance.

🖥️ SERVER PROFILES

Configure overall server behavior:

default → Balanced (UFW, monitoring)
prod → Production (nftables, Docker)
dev → Development (transparent firewall)
minimal → Lightweight (essential only)
hardened → Security-focused (USBGuard)

📦 APPS PROFILES

Cumulative package inheritance:

minimal (5) → Essential survival tools
default (29) → + Infrastructure tools
server (36) → + Management tools
enterprise (60) → + Compliance + backup-manager
full (57) → Development + Security

🔄 Smart Mapping

Server profiles automatically choose appropriate package sets:

--server-profile default → server packages (36)

--server-profile prod → server packages (36)

--server-profile dev → full packages (57)

--server-profile hardened → defense packages (47)

Quick start

Deploy in one command.

Download the script, review it, run it with your preferred profile. No installer, no packages, no complex setup required.

📥 Download & Setup

# Download and make executable
curl -O https://raw.githubusercontent.com/franckferman/debian-server-post-install/stable/debian-server-post-install.sh
chmod +x debian-server-post-install.sh

# Review before running (important!)
less debian-server-post-install.sh

🖥️ SERVER PROFILES (Behavior Configuration)

# Default: Balanced server (UFW firewall, monitoring, 36 packages)
./debian-server-post-install.sh
./debian-server-post-install.sh --server-profile default

# Production: nftables firewall + Docker enabled (36 packages)
./debian-server-post-install.sh --server-profile prod

# Development: Transparent firewall + full toolchain (57 packages)
./debian-server-post-install.sh --server-profile dev

# Minimal: Ultra-light, vim only (5 packages)
./debian-server-post-install.sh --server-profile minimal

# Hardened: Maximum security + USBGuard (47 packages)
./debian-server-post-install.sh --server-profile hardened

📦 APPS PROFILES (Package Selection)

# Override default app profile selection
./debian-server-post-install.sh --apps-profile minimal      # 5 packages: survival only
./debian-server-post-install.sh --apps-profile default      # 29 packages: + infrastructure
./debian-server-post-install.sh --apps-profile server       # 36 packages: + server management
./debian-server-post-install.sh --apps-profile enterprise   # 60 packages: + backup-manager + compliance
./debian-server-post-install.sh --apps-profile full         # 57 packages: complete dev + security stack

🔄 MIX & MATCH (Server Config + Package Override)

# Production server behavior BUT minimal packages
./debian-server-post-install.sh --server-profile prod --apps-profile minimal

# Default server behavior BUT enterprise packages (with backup-manager)
./debian-server-post-install.sh --server-profile default --apps-profile enterprise

# Development server BUT only essential packages
./debian-server-post-install.sh --server-profile dev --apps-profile default

# Hardened security BUT full development stack
./debian-server-post-install.sh --server-profile hardened --apps-profile full

🎯 SPECIFIC USE CASES

# VPS with traditional backup needs
./debian-server-post-install.sh --apps-profile enterprise

# Container host (no backup-manager needed)
./debian-server-post-install.sh --apps-profile server

# Development workstation on server
./debian-server-post-install.sh --server-profile dev

# Docker production server
./debian-server-post-install.sh --server-profile prod --docker-type ce

# Add custom packages to any profile
./debian-server-post-install.sh --extra-packages "htop,bat,fd-find"

# Remove specific packages from any profile
./debian-server-post-install.sh --skip-apt-packages "backup-manager,screen"

Debian server configuration. Done securely.

Server automation.Security first.