diff --git a/apt-install.sh b/apt-install.sh index a259f7a..09963cb 100755 --- a/apt-install.sh +++ b/apt-install.sh @@ -1,14 +1,15 @@ #!/bin/sh # This script expects an OS that is based on Debian in at least package management -usage="$(basename "$0") [-h] [-s] [-n hostname] -- my script for initializing apt repos on new Linux installs +usage="$(basename "$0") [-h] [-s] [-d] [-n hostname] -- my script for initializing apt repos on new Linux installs \n\n where:\n -h, ? \t\t\tshow this help text\n + -d, --distro \tDistro name, default bookworm -s, --server \t\tonly install server components\n -n, --name [hostname] \tset the hostname to the argument" -# A repos don't support virgnia (Mint codename), only recognizing Jammy (Ubuntu) -distro=jammy +# A repos don't support virginia (Mint codename), only recognizing Jammy (Ubuntu) +distro=bookworm # A POSIX variable OPTIND=1 # Reset in case getopts has been used previously in the shell. @@ -21,26 +22,31 @@ fi # Some POSIX getopts goodness for portability -while getopts "h?s-n-:v-" opt; do +while getopts "h?d-s-n-:v-" opt; do case "$opt" in h|\?) echo -e $usage | fold -w 80 -s exit 0 ;; + d|distro) distro=$OPTARG + ;; s|server) client=false ;; n|name) hostnamectl set-hostname $OPTARG ;; v|version) - echo "Versioning? On this? Gtfo." + echo "Versioning? On this?" exit 0 ;; -) case "${OPTARG}" in version) - echo "Versioning? On this? Gtfo." + echo "Versioning? On this?" ;; + distro) + distro=$OPTARG + ;; name) hostnamectl set-hostname $OPTARG ;; @@ -59,27 +65,22 @@ apt install -y wget gnupg lsb-release apt-transport-https ca-certificates softwa # A few packages store their keys in specific location that doesn't exist at first install -m 0755 -d /etc/apt/keyrings -if [ $client ] -then - # Brave Browser - apt install curl +if [ $client ]; then + # Brave Browser - for everything that doesn't run in Firefox + apt -y install curl curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | sudo tee /etc/apt/sources.list.d/brave-browser-release.list # Signal Desktop Client - # NOTE: These instructions only work for 64-bit Debian-based - # Linux distributions such as Ubuntu, Mint etc. - # 1. Install our official public software signing key: wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg cat signal-desktop-keyring.gpg | tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null - - # 2. Add our repository to your list of repositories: echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\ tee /etc/apt/sources.list.d/signal-xenial.list # Mullvad + rm -f /etc/apt/sources.list.d/mullvad.list curl -fsSLo /usr/share/keyrings/mullvad-keyring.asc https://repository.mullvad.net/deb/mullvad-keyring.asc - echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list + echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $distro main" | sudo tee /etc/apt/sources.list.d/mullvad.list # VS Codium wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg \ @@ -93,47 +94,55 @@ then wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/debian/dists/bookworm/winehq-bookworm.sources # Nicotine for Soulseek - add-apt-repository ppa:nicotine-team/stable + #add-apt-repository ppa:nicotine-team/stable # Solaar - Logitech management software - add-apt-repository ppa:solaar-unifying/stable + #add-apt-repository ppa:solaar-unifying/stable # AppImage Launcher - add-apt-repository ppa:appimagelauncher-team/stable + #add-apt-repository ppa:appimagelauncher-team/stable + AILTAG=$(curl -ILs https://github.com/TheAssassin/AppImageLauncher/releases/latest -w %{url_effective} -o /dev/null | awk -F "/" '{print $NF}') + AILDEB=$(curl -s https://github.com/TheAssassin/AppImageLauncher/releases | grep amd64.deb | head -n 1 | cut -d '/' -f 7 | cut -d '"' -f 1) + AILURL="https://github.com/TheAssassin/AppImageLauncher/releases/download/$AILTAG/$AILDEB" + curl -fSLo /home/matt/dotfiles/$AILDEB $AILURL # Virtual Box - deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian $distro contrib + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian $distro contrib" | tee /etc/apt/sources.list.d/vitualbox.list wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg --dearmor # Librewolf apt install -y wget gnupg lsb-release apt-transport-https ca-certificates + rm -f /usr/share/keyrings/librewolf.gpg wget -O- https://deb.librewolf.net/keyring.gpg | gpg --dearmor -o /usr/share/keyrings/librewolf.gpg - cat << EOF > /etc/apt/sources.list.d/librewolf.sources + cat < /etc/apt/sources.list.d/librewolf.sources Types: deb URIs: https://deb.librewolf.net Suites: $distro Components: main Architectures: amd64 Signed-By: /usr/share/keyrings/librewolf.gpg - EOF +EOF fi if [ !client ] then # Docker - curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc + curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ - "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ $distro stable" | \ tee /etc/apt/sources.list.d/docker.list > /dev/null fi # Stuff everybody gets # Fastfetch. R.I.P. Neofetch -add-apt-repository ppa:zhangsongcui3371/fastfetch +FFTAG=$(curl -ILs https://github.com/fastfetch-cli/fastfetch/releases/latest -w %{url_effective} -o /dev/null | awk -F "/" '{print $NF}') +FFDEB=$(curl -s https://github.com/fastfetch-cli/fastfetch/releases/ | grep amd64.deb | head -n 1 | cut -d '/' -f 2) +FFURL="https://github.com/fastfetch-cli/fastfetch/releases/download/$FFTAG/$FFDEB" +curl -fSLo /home/matt/dotfiles/$FFDEB $FFURL # Update or none of this will show up apt update @@ -141,12 +150,21 @@ apt update if [ $client ] then # Apps that don't need anything besides the parent package call - apt install -y brave-browser signal-desktop mullvad-vpn codium librewolf solaar appimagelauncher + apt install -y brave-browser signal-desktop mullvad-vpn codium librewolf solaar + apt install -y /home/matt/dotfiles/$AILDEB + rm /home/matt/dotfiles/$AILDEB # Wine has some recommends, install that with its own command - apt install --install-recommends winehq-stable + apt install -y --install-recommends winehq-stable else # Docker just has a lot + for pkg in docker.io docker-doc docker-compose podman-docker containerd runc; do sudo apt-get remove $pkg; done apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin fi -apt install -y fastfetch +apt install -y/home/matt/dotfiles/$AILDEB +rm /home/matt/dotfiles/$AILDEB +apt install -y putty-tools sshfs htop iftop +apt install -y /home/matt/dotfiles/$FFDEB +rm /home/matt/dotfiles/$FFDEB + +apt autoremove -y diff --git a/install-fonts.sh b/install-fonts.sh old mode 100644 new mode 100755 diff --git a/install.sh b/install.sh old mode 100644 new mode 100755 index 362a232..8e95e4b --- a/install.sh +++ b/install.sh @@ -6,11 +6,11 @@ # ln -sv “~/.dotfiles/git/.gitconfig” ~ # Safety first -./sshd-config.sh -./iptables/iptables-config.sh +sudo /sshd-config.sh +sudo ./iptables/iptables-config.sh # Setup apt repos and install some of our favorites -./apt-install.sh +sudo ./apt-install.sh # Install a retro looking font that I like to use in my terminal ./install-fonts.sh diff --git a/network-mounts.sh b/network-mounts.sh new file mode 100755 index 0000000..54b43ae --- /dev/null +++ b/network-mounts.sh @@ -0,0 +1,2 @@ +echo -e "#----------------------------------------------------------------\n# NETWORK\n#----------------------------------------------------------------\n//192.168.0.175/Public /mnt/wd-mycloud cifs cred=/home/matt/wd-mycloud.cred,iocharset=utf8,uid=matt,gid=docker,file_mode=0775,dir_mode=0775,vers=3.1.1,nofail,nobrl,auto,x-systemd.automount,noserverino\n\n//192.168.0.175/Backup /mnt/wd-backup cifs cred=/home/matt/wd-mycloud.cred,iocharset=utf8,uid=matt,gid=docker,file_mode=0775,dir_mode=0775,vers=3.1.1,nofail,nobrl,auto,x-systemd.automount,noserverino\n#################################################\n# VPS #\n#################################################\nroot@vpn.recchia.dev:/root /mnt/vps fuse.sshfs _netdev,user,idmap=user,transform_symlinks,identityfile=/home/matt/.ssh/myVpsKey,allow_other,default_permissions,uid=matt,gid=matt,umask=0 0 0\n\nroot@de.recchia.dev:/root /mnt/de-vps fuse.sshfs _netdev,user,idmap=user,transform_symlinks,identityfile=/home/matt/.ssh/myVpsKey,allow_other,default_permissions,uid=matt,gid=matt,umask=0 0 0\n\nroot@nl.recchia.dev:/root /mnt/nl-vps fuse.sshfs _netdev,user,idmap=user,transform_symlinks,identityfile=/home/matt/.ssh/myVpsKey,allow_other,default_permissions,uid=matt,gid=matt,umask=0 0 0\n#################################################\n# TILDE.CLUB #\n#################################################\nengirugger42@tilde.club:/home/engirugger42 /mnt/tilde.club fuse.sshfs _netdev,user,idmap=user,transform_symlinks,identityfile=/home/matt/.ssh/myVpsKey,allow_other,default_permissions,uid=matt,gid=matt,umask=0 0 0" >> /etc/fstab + diff --git a/ssh-client.sh b/ssh-client.sh new file mode 100755 index 0000000..a7072fd --- /dev/null +++ b/ssh-client.sh @@ -0,0 +1,3 @@ +cp /home/matt/dotfiles/.ssh/config /home/matt/.ssh + +echo -e "\nHost *\n Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n\n KexAlgorithms sntrup761x25519-sha512@openssh.com,gss-curve25519-sha256-,curve25519-sha256,curve25519-sha256@libssh.org,gss-group16-sha512-,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n\n MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com\n\n HostKeyAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\n CASignatureAlgorithms sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\n GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-group16-sha512-\n\n HostbasedAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256\n\n PubkeyAcceptedAlgorithms sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-256\n\n" >> ~/.ssh/config diff --git a/sshd-config.sh b/sshd-config.sh index c85a504..a5198aa 100755 --- a/sshd-config.sh +++ b/sshd-config.sh @@ -1,4 +1,3 @@ -sudo -i rm /etc/ssh/ssh_host_* ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""