From 539dd4a6948d47d5562219e9e10405952e2aeae5 Mon Sep 17 00:00:00 2001 From: buckn Date: Tue, 28 Oct 2025 14:30:57 -0400 Subject: [PATCH] ud --- setup | 142 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 74 insertions(+), 68 deletions(-) diff --git a/setup b/setup index 6727428..cf08aa5 100755 --- a/setup +++ b/setup @@ -1,74 +1,85 @@ #!/usr/bin/env bash set -euo pipefail -# Run as a regular user (script will use sudo for privileged operations) -# Usage: ./setup.sh +# ------------------------------------------------------------------- +# Arch/Debian post-install setup script +# Purpose: install software, configure user environment, and apply +# security tweaks. Base system + networking handled separately. +# ------------------------------------------------------------------- -# --- Basic detection --- if [[ -f /etc/os-release ]]; then . /etc/os-release - DISTRO_ID="${ID,,}" # lowercase + DISTRO_ID="${ID,,}" else - echo "Cannot detect distribution (no /etc/os-release). Aborting." + echo "Cannot detect distribution (no /etc/os-release)" exit 1 fi -# The non-root user invoking this script UNAME="${SUDO_USER:-${USER:-$(whoami)}}" if [[ -z "$UNAME" ]]; then - echo "Could not determine a non-root user. Run this as a normal user." + echo "Could not determine invoking user." exit 1 fi -echo "Running as user: $UNAME (distro: $DISTRO_ID)" +echo "Running setup as: $UNAME on $DISTRO_ID" -# --- helper functions --- +# ------------------------------------------------------------------- +# Utility helpers +# ------------------------------------------------------------------- command_exists() { command -v "$1" >/dev/null 2>&1; } +as_user() { sudo -H -u "$UNAME" bash -lc "$*"; } -# Run a command as the original non-root user -as_user() { - sudo -H -u "$UNAME" bash -lc "$*" -} - -# --- Arch package installation --- +# ------------------------------------------------------------------- +# Arch package installation +# ------------------------------------------------------------------- install_packages_arch() { - echo "Updating system and installing packages (Arch)..." - sudo pacman -Syu --noconfirm + echo "→ Updating system (Arch)..." + sudo pacman -Syu --noconfirm || true - # core packages (tweak list as you like) PKGS=( base-devel git cmake gcc neovim vim python-pip xorg-server xorg-xinit xorg-xrandr xorg-xinput - openbox obconf - alacritty cmus flameshot pavucontrol + openbox obconf alacritty cmus flameshot pavucontrol chromium thunderbird steam keepassxc bluez bluez-tools blueman dmenu htop rsync unzip whois xclip xdotool xbindkeys efibootmgr grub nmap lynis rkhunter sbctl sudo ) - sudo pacman -S --noconfirm "${PKGS[@]}" + echo "→ Installing available packages..." + AVAILABLE=() + for pkg in "${PKGS[@]}"; do + if pacman -Si "$pkg" &>/dev/null; then + AVAILABLE+=("$pkg") + else + echo "⚠️ Skipping missing package: $pkg" + fi + done - # Install yay (AUR helper) if missing (build as non-root user) + sudo pacman -S --noconfirm --needed "${AVAILABLE[@]}" + + # Install yay if missing if ! command_exists yay; then - echo "Installing yay (AUR helper)..." - # ensure base-devel present (already in PKGS) - TMP="/tmp/yay-build-$$" - rm -rf "$TMP" - git clone https://aur.archlinux.org/yay-bin.git "$TMP" - as_user "cd $TMP && makepkg -si --noconfirm" - rm -rf "$TMP" - else - echo "yay already installed" + echo "→ Installing yay (AUR helper)..." + TMPDIR="/tmp/yay-build.$$" + rm -rf "$TMPDIR" + git clone https://aur.archlinux.org/yay-bin.git "$TMPDIR" + as_user "cd $TMPDIR && makepkg -si --noconfirm || true" + rm -rf "$TMPDIR" fi - # install some AUR packages (use yay, as non-root) - as_user "yay -S --noconfirm keybase-bin ckb-next" + # Optional AUR packages + if command_exists yay; then + echo "→ Installing AUR packages..." + as_user "yay -S --noconfirm --needed keybase-bin ckb-next || true" + fi } -# --- Debian/Ubuntu package installation (if needed) --- +# ------------------------------------------------------------------- +# Debian/Ubuntu package installation +# ------------------------------------------------------------------- install_packages_ubuntu() { - echo "Updating system and installing packages (Debian/Ubuntu)..." + echo "→ Updating system (Debian/Ubuntu)..." sudo apt update && sudo apt upgrade -y PKGS_DEB=( @@ -80,81 +91,76 @@ install_packages_ubuntu() { dmenu htop rsync unzip whois xclip xdotool xbindkeys efibootmgr grub nmap lynis rkhunter sudo ) - sudo apt install -y "${PKGS_DEB[@]}" + + echo "→ Installing packages..." + sudo apt install -y "${PKGS_DEB[@]}" || true } -# --- Rust setup for the user --- +# ------------------------------------------------------------------- +# Rust setup +# ------------------------------------------------------------------- setup_rust() { if ! command_exists rustc; then - echo "Installing rustup for user $UNAME..." + echo "→ Installing rustup for $UNAME..." as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - # source would be needed in new shell; we'll also add cargo to PATH for this session when running cargo installs - export PATH="/home/$UNAME/.cargo/bin:$PATH" else - echo "rustc already installed" + echo "✓ rustc already installed" fi if command_exists cargo; then - echo "Installing useful cargo binaries for $UNAME..." - # Install per-user via cargo (run as user) + echo "→ Installing cargo utilities..." as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true" fi } -# --- Fonts installation (nerd fonts: user install) --- +# ------------------------------------------------------------------- +# Fonts setup (optional) +# ------------------------------------------------------------------- install_fonts() { - echo "Installing Nerd Font (Hack) for user $UNAME..." + echo "→ Installing Nerd Font (Hack)..." as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \ git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \ - cd nerd-fonts-temp && ./install.sh Hack || true && cd ~ && rm -rf ~/.local/share/fonts/nerd-fonts-temp" - echo "Font install requested (may require logout/login to take effect)." + cd nerd-fonts-temp && ./install.sh Hack || true && \ + cd .. && rm -rf nerd-fonts-temp" } -# --- Security setup (optional, best-effort) --- +# ------------------------------------------------------------------- +# Security hardening +# ------------------------------------------------------------------- setup_security() { - echo "Configuring basic security settings (best-effort)..." + echo "→ Applying basic security tweaks..." - # UFW (if present) - if command_exists ufw; then - sudo ufw default deny incoming - sudo ufw default allow outgoing - sudo ufw allow ssh - sudo ufw --force enable - else - echo "ufw not installed; skipping UFW config" - fi - - # SSH hardening (edit sshd_config safely) + # SSH if [[ -f /etc/ssh/sshd_config ]]; then sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true sudo systemctl restart sshd || true - else - echo "/etc/ssh/sshd_config missing; skipping SSH hardening" fi - # enable fail2ban if installed + # Fail2ban if command_exists fail2ban-server; then sudo systemctl enable --now fail2ban || true fi - # rkhunter (if installed) + # rkhunter if command_exists rkhunter; then sudo rkhunter --update || true sudo rkhunter --propupd || true fi } -# --- Main --- +# ------------------------------------------------------------------- +# Main dispatcher +# ------------------------------------------------------------------- case "$DISTRO_ID" in - arch) + arch|artix) install_packages_arch ;; ubuntu|debian) install_packages_ubuntu ;; *) - echo "Unsupported distro: $DISTRO_ID. Attempting Arch-like install by default." + echo "⚠️ Unknown distro: $DISTRO_ID — defaulting to Arch-style setup." install_packages_arch ;; esac @@ -163,5 +169,5 @@ setup_rust install_fonts setup_security -echo "Setup complete! You may need to log out/in or reboot for some changes (fonts, kernel, grub) to apply." +echo "✅ Post-install setup complete. You may reboot or log out to apply font and shell changes."