61 lines
1.5 KiB
Bash
61 lines
1.5 KiB
Bash
|
#!/usr/bin/env sh
|
||
|
|
|
||
|
|
set -e
|
||
|
|
|
||
|
|
# Make sure we can connect to apt repos
|
||
|
|
apt-get update
|
||
|
|
|
||
|
|
# Networking & Firewall
|
||
|
|
apt-get -y install network-manager netcat-openbsd rsync curl wget \
|
||
|
|
net-tools ufw whois ifupdown- connman- cmst- netcat-traditional-
|
||
|
|
|
||
|
|
if [ -w /etc/network/interfaces ]; then
|
||
|
|
mv /etc/network/interfaces /etc/network/interfaces.OLD
|
||
|
|
touch /etc/network/interfaces
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Can only give ufw one arg at a time...
|
||
|
|
for service in mdns dhcpv6-client; do
|
||
|
|
ufw allow $service
|
||
|
|
done
|
||
|
|
ufw limit ssh
|
||
|
|
|
||
|
|
ufw --force enable
|
||
|
|
|
||
|
|
# Disallow root login via ssh
|
||
|
|
echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/permit_root_login
|
||
|
|
systemctl restart sshd
|
||
|
|
|
||
|
|
# Make sure NetworkMangler is doing its thing
|
||
|
|
systemctl restart NetworkManager NetworkManager-wait-online
|
||
|
|
|
||
|
|
nmcli device set eth0 managed true
|
||
|
|
nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64
|
||
|
|
|
||
|
|
# Pause here til it's good or it won't make it much further
|
||
|
|
until nc -w 5 -z mirror.swagg.net 80; do
|
||
|
|
echo "Couldn't ping SwaggNet... Trying again in 5 seconds..."
|
||
|
|
sleep 5
|
||
|
|
done
|
||
|
|
|
||
|
|
# AppArmor (disable for now)
|
||
|
|
cat > /etc/default/grub.d/apparmor.cfg <<'EOF'
|
||
|
|
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
|
||
|
|
EOF
|
||
|
|
|
||
|
|
update-grub
|
||
|
|
|
||
|
|
# Logging
|
||
|
|
apt-get -y install rsyslog
|
||
|
|
|
||
|
|
if [ -d /var/log/journal ]; then
|
||
|
|
rm -rf /var/log/journal
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Various things
|
||
|
|
apt-get -y install unifont bsdgames fortune-mod fortunes-bofh-excuses \
|
||
|
|
fortunes-mario fortunes fortunes-min neofetch screen apt-file \
|
||
|
|
htop iftop
|
||
|
|
|
||
|
|
apt-file update
|