Helpers

Reusable bits I keep handing people. by Lucas Martinic

VPS hardening (agent prompt)

Hand this to a coding agent on a fresh box. The levelsio setup: only two ways in, me over Tailscale and Cloudflare for web, everything else denied.

copy

Harden this fresh VPS the levelsio way, only two ways in: 1) install Tailscale, SSH only over the tailnet (verify it works before touching the firewall, don't lock me out). 2) serve the web through a Cloudflare Tunnel (outbound, so no inbound web port is needed). 3) ufw default-deny inbound, allow 22 only on tailscale0, and block ALL other inbound at the Hetzner firewall, so only Tailscale and Cloudflare can reach the box.

Stack (for consulting)

The stack I use and recommend, levelsio-style: free where it can be, cheap where it can't, vanilla everywhere. The whole thing runs on one small VPS.

Free

• Nginx on Ubuntu for the web server
• unattended-upgrades for automatic security updates
• Cron for scheduled workers
• Vanilla PHP for the site backend
• Vanilla CSS for styling
• Vanilla JS for frontend code
• Vanilla Node.js for game servers
• SQLite for the database
• Python for tool scripts
• Cloudflare + Cloudflare Tunnel for DNS and SSL
• Tailscale for security
• OpenFreeMap for maps

Cheap

• xAI for the AI API
• Stripe for payments
• Cloudflare R2 for image storage

Paid (barely)

• Hetzner VPS about $4/mo
• Cloudflare domain registration about $10/year