65 lines
1.6 KiB
Bash
Executable file
65 lines
1.6 KiB
Bash
Executable file
#!/usr/bin/env sh
|
|
|
|
set -e
|
|
|
|
# Make sure we can connect to apt repos
|
|
apt-get update
|
|
|
|
# Networking & Firewall
|
|
apt-get -y install network-manager netcat-openbsd rsync curl wget ufw \
|
|
whois net-tools network-manager-openvpn sipcalc ifupdown- connman- \
|
|
cmst- netcat-traditional-
|
|
|
|
if [ -w /etc/network/interfaces ]; then
|
|
mv /etc/network/interfaces /etc/network/interfaces.OLD
|
|
touch /etc/network/interfaces
|
|
fi
|
|
|
|
# Can only give ufw one arg at a time...
|
|
for service in mdns dhcpv6-client; do
|
|
ufw allow $service
|
|
done
|
|
ufw limit ssh
|
|
|
|
ufw --force enable
|
|
|
|
# Disallow root login via ssh
|
|
echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/permit_root_login.conf
|
|
systemctl restart sshd
|
|
|
|
# Make sure NetworkMangler is doing its thing
|
|
systemctl restart NetworkManager NetworkManager-wait-online
|
|
|
|
nmcli device set eth0 managed true
|
|
nmcli connection modify Wired\ connection\ 1 ipv6.addr-gen-mode eui64
|
|
|
|
# Pause here til it's good or it won't make it much further
|
|
until nc -w 5 -z mirror.swagg.net 80; do
|
|
echo "Couldn't ping SwaggNet... Trying again in 5 seconds..."
|
|
sleep 5
|
|
done
|
|
|
|
# AppArmor (disable for now)
|
|
cat > /etc/default/grub.d/apparmor.cfg <<'EOF'
|
|
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
|
|
EOF
|
|
|
|
update-grub
|
|
|
|
# Logging
|
|
apt-get -y install rsyslog
|
|
|
|
if [ -d /var/log/journal ]; then
|
|
rm -rf /var/log/journal
|
|
fi
|
|
|
|
# Various things
|
|
apt-get -y install unifont bsdgames fortune-mod fortunes-bofh-excuses \
|
|
fortunes-mario fortunes fortunes-min neofetch screen apt-file \
|
|
htop iftop gcal pinentry-curses
|
|
|
|
apt-file update
|
|
|
|
# Set locale for date/time display
|
|
localectl set-locale LC_TIME='en_GB.UTF-8'
|