VPS Init

Bootstrap script generator by

royz.dev

Configure your server

Toggle the features you need. A ready-to-review Bash script updates live on the right.

System

Initial package update, hostname, and timezone

Update & upgrade packages

Run apt-get update && apt-get upgrade on first boot

Hostname

Timezone

Create Sudo User

A non-root user with sudo privileges - required

All tools (Node.js, Python, zsh) are installed under this user. The script will exit if left blank.

Username *

Password *

SSH Authorized Public Keys *

One public key per line. Supports ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp*, ssh-dss

SSH Hardening

Restrict SSH access to reduce attack surface

Ensure you have a working SSH key installed before disabling password auth or root login.

SSH Port

Default is 22

Disable root login

Disable password authentication

SSH keys only - make sure keys are installed first

Security

Firewall, intrusion prevention, and automatic updates

UFW Firewall

Block all inbound traffic except explicitly allowed ports

Extra allowed ports

Add ports to open (e.g. 8080/tcp, 5432/tcp)

Fail2ban

Auto-ban IPs with repeated failed login attempts

Unattended security upgrades

Automatically apply OS security patches

System Tuning

Swap memory and kernel tweaks

Configure swap

Create a swap file and tune vm.swappiness for server workloads

Swap size

512 MB

1 GB

2 GB

4 GB

8 GB

Baseline Utilities

curl, git, htop, tmux, jq, ripgrep, and more

Installs: curl wget git vim nano htop btop tmux screen build-essential jq ripgrep unzip zip net-tools dnsutils ncdu tree mtr

Node.js

Install via fnm (Fast Node Manager)

Version

LTS

Latest

Python

Install uv - the fast Python package and project manager

Install latest Python via uv

Runs uv python install after installing uv

Docker

Install Docker Engine from the official repository

Reverse Proxy

Caddy auto-manages TLS; Nginx gives manual control

Choose reverse proxy

None

Caddy

Nginx

Ports 80 and 443 will be opened in UFW automatically (if firewall is enabled).

Tailscale

Zero-config VPN for secure private networking

Shell

Zsh, Oh My Zsh, autosuggestions, and zoxide

Install Oh My Zsh

Popular Zsh framework with themes and plugins

Theme

ZSH_THEME in .zshrc

Autosuggestions & completions

Installs zsh-autosuggestions and zsh-completions as Oh My Zsh plugins

Install zoxide

Smarter cd - use z <dir> to jump to frequently visited directories

Doppler

Secrets manager CLI for environment variable management