Turn a fresh Linux VPS into a fully-loaded developer machine in 5 minutes, not a whole afternoon.
A single bash script that installs Docker, every modern language runtime, Tailscale, code-server (VS Code in the browser), sane shell defaults, and baseline hardening — all opinionated, all updateable, all open source.
On a freshly provisioned Ubuntu 22.04/24.04 or Debian 12 VPS:
curl -fsSL https://get.zentryxnet.lat/dev | sudo bashThat's it. The script:
- Hardens the box (UFW, fail2ban, unattended security upgrades)
- Creates a non-root
devuser with passwordless sudo and your SSH keys - Installs Docker + Compose + Buildx with log rotation
- Installs Node (LTS via fnm), Bun, Deno, Python 3, Go 1.23, Rust (stable)
- Optionally connects to Tailscale and exposes code-server with TLS
| Module | What it does |
|---|---|
| Hardening | UFW deny-by-default (22/80/443 only) · fail2ban (3 fails → 1h ban) · unattended-upgrades · SSH keys-only when a key already exists |
| User | Non-root dev user · passwordless sudo · authorized_keys copied from root |
| Docker | Engine + Compose + Buildx · log rotation 10m × 3 · live-restore enabled · dev user in docker group |
| Languages | Node LTS via fnm · Bun · Deno · Python 3 · Go 1.23 · Rust (rustup, stable) |
| CLI tools | Git · gh · lazygit · mosh · tmux · ripgrep · fd · jq · htop · btop · rsync |
| Shell | zsh + starship + atuin + zoxide · sensible .zshrc and .tmux.conf |
| Tailscale | Optional — pass --tailscale-key tskey-xxx to auto-join your tailnet |
| code-server | Optional — pass --domain dev.you.com to expose VS Code over HTTPS via Caddy |
Pass flags via the DVPS_FLAGS environment variable:
curl -fsSL https://get.zentryxnet.lat/dev | \
sudo DVPS_FLAGS="--tailscale-key tskey-abc123 --domain dev.example.com --with-postgres" bash| Flag | Effect |
|---|---|
--no-harden |
Skip UFW/fail2ban/auto-upgrades |
--no-docker |
Skip Docker |
--no-langs |
Skip language runtimes |
--no-shell |
Skip zsh/starship/atuin/tmux setup |
--no-tools |
Skip CLI tools |
--no-tailscale |
Skip Tailscale install |
--tailscale-key KEY |
Auto-join tailnet with this auth key |
--no-code-server |
Skip code-server install |
--domain HOST |
Domain for code-server TLS via Caddy (DNS must already point here) |
--user NAME |
Create non-root user NAME (default: dev) |
--with-postgres |
Bonus: PostgreSQL 16 in Docker (bound to 127.0.0.1) |
--with-redis |
Bonus: Redis 7 in Docker |
--with-minio |
Bonus: MinIO (S3-compatible) in Docker |
Every time I provision a new VPS for a side project I lose two hours on the same setup: install Docker, install Node via some version manager, set up zsh, configure UFW, copy my SSH key to a non-root user, install ripgrep because GNU find is depressing, install gh because cloning private repos with HTTPS is a chore...
This script is exactly that, automated, with the choices I'd make on a clean machine in 2026:
- fnm instead of nvm because nvm adds 200ms to every shell launch
- Caddy instead of nginx because Let's Encrypt should be one line
- Tailscale instead of fail2ban + port-knocking because the right fix for "exposed SSH" is "stop exposing SSH"
- code-server because keeping a
git pull && pnpm devloop alive in a tmux session on a remote box is the single biggest dev quality upgrade of the decade
- Ubuntu 22.04 / 24.04 or Debian 12
- Root access (script self-checks)
- Outbound internet (downloads ~500 MB)
- At least 1 GB RAM (2 GB+ recommended if you enable code-server)
- All installer URLs are pinned to official vendors (Docker, GitHub
CLI, Caddy, Tailscale, fnm, Bun, Deno, etc.). The only direct
curl | bashcalls go to vendor-controlled domains. - Every Docker service in
--with-*is bound to127.0.0.1— reach them via SSH tunnel or Tailscale, never the public internet. - Password auth on SSH is disabled only if there's already a key
in
/root/.ssh/authorized_keys— we won't lock you out. - The script is open source. Read it before you pipe it to bash.
Pull requests welcome — especially:
- ARM64 fixes for VPS providers like Hetzner CAX or AWS Graviton
- Per-language tweaks (preferred package managers, linters)
- Additional
--with-*services (postgres+pgvector, RabbitMQ, etc.) - Pester/bats-style test scripts
Open an issue first if you're proposing a non-trivial change.
MIT. See LICENSE.
Built by Zentryx Network — VPS hosting in LATAM that we use ourselves. If you want a host where this kind of setup runs in 5 minutes flat, check us out.
But the script works on any VPS — Hetzner, OVH, Vultr, DigitalOcean, your laptop running multipass. That's the point.