srvbox v0.1.0

Hardened host baseline [MVP]

srvbox is a small production server substrate that can be deployed to a fresh Ubuntu/Debian-like OS, enforce decent security for a public host, and survive reboot.

This release establishes the core shape of the project: artifact deployment over SSH, root-owned timestamped releases under /opt/1iis/srvbox, and a stdlib-only Python reconciler with read-only status and root-only apply commands.

The host baseline covers SSH hardening, ufw, unattended security upgrades, configured fail2ban policy, and optional Caddy ingress using the official Caddy apt repository. Caddy is treated as host ingress substrate; apps will provide their own routing fragments.

Validated on an Ubuntu 24.04 Server ("minimized") VM through deploy, harden, reconnect, reboot, redeploy, and checks.

---

A few features we find appreciable:

• Idempotent: srvbox is designed to be safe to run repeatedly.
  host/sync.py apply merely enforces convergence between desired state and reality: if the two already match, nothing happens; otherwise any drift is corrected.

• Fully self-hosted: srvbox only assumes a local project on your workstation, and a target remote host accessible via ssh.
  Production hosts do not need GitHub access; in fact, even git is not required.

Tip

This is a stepping stone, a stable host layer beneath ad hoc app/framework deployment: e.g. FastHTML, FastAPI, vLLM, Docker, and more! See also its older sibling devbox, a small SWE workstation setup meant to be pleasant to use, which shares a lot of design principles with srvbox.