buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hardened some stuff

Browse Source
This commit is contained in:
Nathan Buck
2025-10-15 20:36:12 -04:00
parent 95e2e01771
commit 2ea64706cb
1 changed files with 102 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

292
setup
View File

@ -1,193 +1,105 @@
# Rust
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
#!/usr/bin/env bash
set -euo pipefail
#
# install cargo apps
#
# terminal emulator
cargo install alacritty
# fancy ls command
cargo install lsd
# cargo doc in terminal
cargo install rusty-man
# fancy cat
cargo install bat
if [[ $(uname -r) == *"arch"* ]]; then
# update repos
pacman -Sy
# install basic dev tools
pacman -S git cmake gcc
# install window manager
pacman -S openbox
#
# Languages Stuff
#
# pip
pacman -S python3-pip
#
# Music
#
# player
pacman -S cmus
# streamrip
pip3 install streamrip --upgrade
# volume control
pacman -S pavucontrol
#
# Web
#
# email client
pacman -S thunderbird
# browser
pacman -S chromium-browser
# keybase
pacman -S keybase-bin
run_keybase
# install nvim
pacman -S neovim
# install file manager
pacman -S nnn
# install neofetch
pacmnan -S neofetch
# install steam
pacman -S steam
# install fonts
cd ~/bin/setup
git clone https://github.com/ryanoasis/nerd-fonts
cd nerd-fonts
./install.sh Hack
# chinese fonts
sudo pacman -S ttf-arphic-uming ttf-arphic-ukai
# bluetooth management
pacman -S bluez bluez-tools
pacman -S blueman
# screenshot
pacman -S flameshot
# kpcli
pacman -S kpcli
# upgrade everything
pacman -Syu
# Detect distro
if [[ $(uname -a) == *"arch"* ]]; then
IS_ARCH=true
else
# update repos
sudo apt update
# install basic dev tools
sudo apt install git cmake gcc -y
# install window manager
sudo apt install openbox -y
#
# Languages Stuff
#
# pip
sudo apt install python3-pip -y
#
# install cargo apps
#
# terminal emulator
cargo install alacritty
# fancy ls command
cargo install lsd
# cargo doc in terminal
cargo install rusty-man
# fancy cat
cargo install bat
#
# Music
#
# player
sudo apt install cmus -y
# streamrip
pip3 install streamrip --upgrade
# volume control
sudo apt install pavucontrol -y
#
# Web
#
# email client
sudo apt install thunderbird -y
# browser
sudo apt install chromium-browser -y
# keybase
curl --remote-name https://prerelease.keybase.io/keybase_amd64.deb
sudo apt install ./keybase_amd64.deb
run_keybase
# install nvim
sudo apt install neovim -y
# install file manager
sudo apt install nnn -y
# install neofetch
sudo apt install neofetch -y
# install steam
sudo apt install steam-installer -y
# install fonts
cd ~/bin/setup
git clone https://github.com/ryanoasis/nerd-fonts
cd nerd-fonts
./install.sh Hack
# bluetooth management
sudo apt install bluez bluez-tools -y
sudo apt install blueman -y
# screenshot
sudo apt install flameshot
# kpcli
sudo apt install kpcli
# upgrade everything
sudo apt upgrade
IS_ARCH=false
fi
# --- Helper Functions ---
install_packages_arch() {
sudo pacman -Sy --noconfirm
sudo pacman -S --noconfirm base base-devel linux-hardened linux-hardened-headers \
git cmake gcc neovim vim python3-pip \
openbox obconf xorg-server xorg-xinit xorg-xinput xorg-xrandr \
alacritty cmus flameshot pavucontrol \
chromium thunderbird steam keepassxc \
bluez bluez-tools blueman \
dmenu htop rsync unzip whois xclip xdotool xbindkeys \
efibootmgr grub nmap lynis rkhunter sbctl
# Yay for AUR packages
if ! command -v yay >/dev/null; then
git clone https://aur.archlinux.org/yay-bin.git /tmp/yay
cd /tmp/yay
makepkg -si --noconfirm
fi
# Additional yay apps
yay -S --noconfirm keybase-bin ckb-next minecraft-launcher nvidia-dkms nvidia-settings
}
install_packages_ubuntu() {
sudo apt update && sudo apt upgrade -y
sudo apt install -y build-essential git cmake gcc neovim vim python3-pip \
openbox obconf xorg xinit x11-xserver-utils \
alacritty cmus flameshot pavucontrol \
chromium-browser thunderbird steam-installer keepassxc \
bluez bluez-tools blueman \
dmenu htop rsync unzip whois xclip xdotool xbindkeys \
efibootmgr grub nmap lynis rkhunter sudo
}
# --- Rust Setup ---
setup_rust() {
if ! command -v rustc >/dev/null; then
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source $HOME/.cargo/env
fi
# Cargo apps
cargo install --locked alacritty bat lsd rusty-man cargo-expand viu
}
# --- Fonts ---
install_fonts() {
mkdir -p ~/bin/setup
cd ~/bin/setup
if [[ ! -d nerd-fonts ]]; then
git clone https://github.com/ryanoasis/nerd-fonts
fi
cd nerd-fonts
./install.sh Hack
cd ~
}
# --- Security Setup ---
setup_security() {
# Firewall
if command -v ufw >/dev/null; then
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
fi
# SSH hardening
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd
# Enable fail2ban if available
if command -v fail2ban >/dev/null; then
sudo systemctl enable --now fail2ban
fi
# Run rkhunter check
if command -v rkhunter >/dev/null; then
sudo rkhunter --update
sudo rkhunter --propupd
fi
}
# --- Main ---
if $IS_ARCH; then
install_packages_arch
else
install_packages_ubuntu
fi
setup_rust
install_fonts
setup_security
echo "Setup complete! You may need to reboot for kernel or grub changes."