173 lines
4.9 KiB
Bash
Executable file
173 lines
4.9 KiB
Bash
Executable file
#!/usr/bin/env sh
|
|
|
|
set -e
|
|
|
|
# Make sure we can connect to apt repos
|
|
apt-get update
|
|
|
|
# Networking & Firewall
|
|
apt-get -y install network-manager netcat-openbsd rsync curl wget \
|
|
avahi-daemon net-tools ufw whois network-manager-openvpn sipcalc \
|
|
ifupdown- connman- cmst- netcat-traditional-
|
|
|
|
if [ -w /etc/network/interfaces ]; then
|
|
mv /etc/network/interfaces /etc/network/interfaces.OLD
|
|
touch /etc/network/interfaces
|
|
fi
|
|
|
|
# Can only give ufw one arg at a time...
|
|
for service in mdns dhcpv6-client; do
|
|
ufw allow $service
|
|
done
|
|
ufw limit ssh
|
|
|
|
ufw --force enable
|
|
|
|
# Disallow root login via ssh
|
|
echo 'PermitRootLogin no' > /etc/ssh/sshd_config.d/permit_root_login.conf
|
|
systemctl restart sshd
|
|
|
|
# Make sure NetworkMangler is doing its thing
|
|
systemctl restart NetworkManager NetworkManager-wait-online
|
|
|
|
# Pause here til it's good or it won't make it much further
|
|
until nc -w 5 -z mirror.swagg.net 80; do
|
|
echo "Couldn't ping SwaggNet... Trying again in 5 seconds..."
|
|
sleep 5
|
|
done
|
|
|
|
# NTP
|
|
cat >> /etc/systemd/timesyncd.conf <<'EOF'
|
|
NTP=pfswagg.swaggnet.real swaggcore0.swaggnet.real
|
|
FallbackNTP=time-a-g.nist.gov time-b-g.nist.gov time-c-g.nist.gov time-d-g.nist.gov time-e-g.nist.gov
|
|
EOF
|
|
|
|
systemctl restart systemd-timesyncd
|
|
|
|
# Shared drives
|
|
if grep -q 'swaggnet\.real' /etc/resolv.conf; then
|
|
apt-get -y install cifs-utils smbclient autofs
|
|
|
|
if ! [ -d /var/autofs/swagg ]; then
|
|
mkdir -p /var/autofs/swagg
|
|
fi
|
|
|
|
if ! [ -d "$HOME"/misc ]; then
|
|
mkdir "$HOME"/misc
|
|
fi
|
|
|
|
(cd "$HOME"/misc
|
|
wget --content-disposition \
|
|
'http://mirror.swagg.net/cgi-bin/iso9660.cgi'
|
|
tar xf samba_swagg_debian.tar.gz
|
|
cp samba_swagg/etc/auto.master.d/swagg.autofs /etc/auto.master.d/
|
|
cp samba_swagg/etc/auto.swagg /etc/
|
|
cp samba_swagg/root/.samba /root/.samba)
|
|
|
|
systemctl restart autofs
|
|
fi
|
|
|
|
# AppArmor (disable for now)
|
|
cat > /etc/default/grub.d/apparmor.cfg <<'EOF'
|
|
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=0"
|
|
EOF
|
|
|
|
update-grub
|
|
|
|
# Development stuff
|
|
apt-get -y install git libsecret-1-0 libsecret-1-dev build-essential vim \
|
|
emacs crun podman podman-docker podman-compose ruby-full rbenv \
|
|
perl perlbrew cpanminus rakudo raku-* postgresql-15 shellcheck \
|
|
postgresql-server-dev-15 emacs-goodies-extra-el \
|
|
elpa-dockerfile-mode elpa-web-mode elpa-yaml-mode docker-compose-
|
|
|
|
# Need this for rootless podman
|
|
if grep -q '^daniel' /etc/shadow; then
|
|
loginctl enable-linger daniel
|
|
fi
|
|
|
|
# Credential helper for git
|
|
(cd /usr/share/doc/git/contrib/credential/libsecret
|
|
make)
|
|
|
|
# Logging
|
|
apt-get -y install rsyslog
|
|
|
|
if [ -d /var/log/journal ]; then
|
|
rm -rf /var/log/journal
|
|
fi
|
|
|
|
# Firmware (if available)
|
|
if apt-get -s install firmware-linux-nonfree > /dev/null 2>&1; then
|
|
apt-get -y install firmware-linux-nonfree
|
|
fi
|
|
|
|
# Various things
|
|
apt-get -y install unifont bsdgames fortune-mod fortunes-bofh-excuses \
|
|
fortunes-mario fortunes fortunes-min neofetch screen beep apt-file \
|
|
htop iftop lm-sensors gcal
|
|
|
|
apt-file update
|
|
|
|
# systemd cope
|
|
perl -i.bak -pe 's/^#// if /Timeout/ && /\ds$/' /etc/systemd/system.conf
|
|
|
|
# fwupd
|
|
apt-get -y install udisks2 fwupd
|
|
|
|
# Stop here if there's no graphical UI
|
|
if [ "$(systemctl is-active display-manager)" = 'inactive' ]; then
|
|
apt-get -y autoremove
|
|
exit
|
|
fi
|
|
|
|
# User-specific DESKTOP stuff
|
|
if grep -q '^daniel' /etc/shadow; then
|
|
# PipeWire
|
|
apt-get -y install wireplumber libspa-0.2-bluetooth \
|
|
pipewire-media-session-
|
|
systemctl --user -M daniel@ enable wireplumber.service
|
|
|
|
# Flatpak
|
|
apt-get -y install flatpak
|
|
su daniel -c 'flatpak --user remote-add --if-not-exists flathub \
|
|
"https://flathub.org/repo/flathub.flatpakrepo"'
|
|
su daniel -c 'flatpak -y install com.slack.Slack im.riot.Riot \
|
|
com.discordapp.Discord com.sindresorhus.Caprine \
|
|
com.bitwarden.desktop'
|
|
fi
|
|
|
|
# Various DESKTOP things
|
|
apt-get -y install lxqt-archiver caffeine picom vlc thunderbird redshift \
|
|
kitty libopengl-xscreensaver-perl xscreensaver-data-extra \
|
|
xscreensaver-data xscreensaver-gl-extra xscreensaver-gl \
|
|
xscreensaver-screensaver-bsod xscreensaver-screensaver-dizzy \
|
|
xscreensaver-screensaver-webcollage chromium nm-tray gimp quassel- \
|
|
transmission-qt liblxqt-backlight-helper xserver-xorg-video-intel- \
|
|
openbox obconf-qt menu xfwm4-
|
|
|
|
# Steam (if available)
|
|
(cd /tmp
|
|
# I can't do a simulated install due to the multilib requirement
|
|
if apt-get download steam-installer > /dev/null 2>&1; then
|
|
dpkg --add-architecture i386
|
|
apt-get update
|
|
apt-file update
|
|
|
|
apt-get -y install steam-installer
|
|
|
|
rm ./steam-installer*.deb
|
|
fi)
|
|
|
|
# Laptop stuff
|
|
if ! command -v laptop-detect > /dev/null 2>&1; then
|
|
apt-get -y install laptop-detect
|
|
fi
|
|
|
|
if laptop-detect; then
|
|
apt-get -y install tlp modemmanager modem-manager-gui powertop-
|
|
fi
|
|
|
|
# Clean up before exiting
|
|
apt-get -y autoremove
|