buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ud

Browse Source
This commit is contained in:
Nathan Buck
2025-10-28 14:30:57 -04:00
parent 68eb3eb56d
commit 539dd4a694
1 changed files with 74 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
setup
View File

@ -1,74 +1,85 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
# Run as a regular user (script will use sudo for privileged operations) # -------------------------------------------------------------------
# Usage: ./setup.sh # Arch/Debian post-install setup script
# Purpose: install software, configure user environment, and apply
# security tweaks. Base system + networking handled separately.
# -------------------------------------------------------------------
# --- Basic detection ---
if [[ -f /etc/os-release ]]; then if [[ -f /etc/os-release ]]; then
. /etc/os-release . /etc/os-release
DISTRO_ID="${ID,,}" # lowercase DISTRO_ID="${ID,,}"
else else
echo "Cannot detect distribution (no /etc/os-release). Aborting." echo "Cannot detect distribution (no /etc/os-release)"
exit 1 exit 1
fi fi
# The non-root user invoking this script
UNAME="${SUDO_USER:-${USER:-$(whoami)}}" UNAME="${SUDO_USER:-${USER:-$(whoami)}}"
if [[ -z "$UNAME" ]]; then if [[ -z "$UNAME" ]]; then
echo "Could not determine a non-root user. Run this as a normal user." echo "Could not determine invoking user."
exit 1 exit 1
fi fi
echo "Running as user: $UNAME (distro: $DISTRO_ID)" echo "Running setup as: $UNAME on $DISTRO_ID"
# --- helper functions --- # -------------------------------------------------------------------
# Utility helpers
# -------------------------------------------------------------------
command_exists() { command -v "$1" >/dev/null 2>&1; } command_exists() { command -v "$1" >/dev/null 2>&1; }
as_user() { sudo -H -u "$UNAME" bash -lc "$*"; }
# Run a command as the original non-root user # -------------------------------------------------------------------
as_user() { # Arch package installation
sudo -H -u "$UNAME" bash -lc "$*" # -------------------------------------------------------------------
}
# --- Arch package installation ---
install_packages_arch() { install_packages_arch() {
echo "Updating system and installing packages (Arch)..." echo "Updating system (Arch)..."
sudo pacman -Syu --noconfirm sudo pacman -Syu --noconfirm || true
# core packages (tweak list as you like)
PKGS=( PKGS=(
base-devel git cmake gcc neovim vim python-pip base-devel git cmake gcc neovim vim python-pip
xorg-server xorg-xinit xorg-xrandr xorg-xinput xorg-server xorg-xinit xorg-xrandr xorg-xinput
openbox obconf openbox obconf alacritty cmus flameshot pavucontrol
alacritty cmus flameshot pavucontrol
chromium thunderbird steam keepassxc chromium thunderbird steam keepassxc
bluez bluez-tools blueman bluez bluez-tools blueman
dmenu htop rsync unzip whois xclip xdotool xbindkeys dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sbctl sudo efibootmgr grub nmap lynis rkhunter sbctl sudo
) )
sudo pacman -S --noconfirm "${PKGS[@]}" echo "→ Installing available packages..."
AVAILABLE=()
# Install yay (AUR helper) if missing (build as non-root user) for pkg in "${PKGS[@]}"; do
if ! command_exists yay; then if pacman -Si "$pkg" &>/dev/null; then
echo "Installing yay (AUR helper)..." AVAILABLE+=("$pkg")
# ensure base-devel present (already in PKGS)
TMP="/tmp/yay-build-$$"
rm -rf "$TMP"
git clone https://aur.archlinux.org/yay-bin.git "$TMP"
as_user "cd $TMP && makepkg -si --noconfirm"
rm -rf "$TMP"
else else
echo "yay already installed" echo "⚠️ Skipping missing package: $pkg"
fi
done
sudo pacman -S --noconfirm --needed "${AVAILABLE[@]}"
# Install yay if missing
if ! command_exists yay; then
echo "→ Installing yay (AUR helper)..."
TMPDIR="/tmp/yay-build.$$"
rm -rf "$TMPDIR"
git clone https://aur.archlinux.org/yay-bin.git "$TMPDIR"
as_user "cd $TMPDIR && makepkg -si --noconfirm || true"
rm -rf "$TMPDIR"
fi fi
# install some AUR packages (use yay, as non-root) # Optional AUR packages
as_user "yay -S --noconfirm keybase-bin ckb-next" if command_exists yay; then
echo "→ Installing AUR packages..."
as_user "yay -S --noconfirm --needed keybase-bin ckb-next || true"
fi
} }
# --- Debian/Ubuntu package installation (if needed) --- # -------------------------------------------------------------------
# Debian/Ubuntu package installation
# -------------------------------------------------------------------
install_packages_ubuntu() { install_packages_ubuntu() {
echo "Updating system and installing packages (Debian/Ubuntu)..." echo "Updating system (Debian/Ubuntu)..."
sudo apt update && sudo apt upgrade -y sudo apt update && sudo apt upgrade -y
PKGS_DEB=( PKGS_DEB=(
@ -80,81 +91,76 @@ install_packages_ubuntu() {
dmenu htop rsync unzip whois xclip xdotool xbindkeys dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sudo efibootmgr grub nmap lynis rkhunter sudo
) )
sudo apt install -y "${PKGS_DEB[@]}"
echo "→ Installing packages..."
sudo apt install -y "${PKGS_DEB[@]}" || true
} }
# --- Rust setup for the user --- # -------------------------------------------------------------------
# Rust setup
# -------------------------------------------------------------------
setup_rust() { setup_rust() {
if ! command_exists rustc; then if ! command_exists rustc; then
echo "Installing rustup for user $UNAME..." echo "Installing rustup for $UNAME..."
as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
# source would be needed in new shell; we'll also add cargo to PATH for this session when running cargo installs
export PATH="/home/$UNAME/.cargo/bin:$PATH"
else else
echo "rustc already installed" echo "rustc already installed"
fi fi
if command_exists cargo; then if command_exists cargo; then
echo "Installing useful cargo binaries for $UNAME..." echo "Installing cargo utilities..."
# Install per-user via cargo (run as user)
as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true" as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true"
fi fi
} }
# --- Fonts installation (nerd fonts: user install) --- # -------------------------------------------------------------------
# Fonts setup (optional)
# -------------------------------------------------------------------
install_fonts() { install_fonts() {
echo "Installing Nerd Font (Hack) for user $UNAME..." echo "Installing Nerd Font (Hack)..."
as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \ as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \
git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \ git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \
cd nerd-fonts-temp && ./install.sh Hack || true && cd ~ && rm -rf ~/.local/share/fonts/nerd-fonts-temp" cd nerd-fonts-temp && ./install.sh Hack || true && \
echo "Font install requested (may require logout/login to take effect)." cd .. && rm -rf nerd-fonts-temp"
} }
# --- Security setup (optional, best-effort) --- # -------------------------------------------------------------------
# Security hardening
# -------------------------------------------------------------------
setup_security() { setup_security() {
echo "Configuring basic security settings (best-effort)..." echo "→ Applying basic security tweaks..."
# UFW (if present) # SSH
if command_exists ufw; then
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw --force enable
else
echo "ufw not installed; skipping UFW config"
fi
# SSH hardening (edit sshd_config safely)
if [[ -f /etc/ssh/sshd_config ]]; then if [[ -f /etc/ssh/sshd_config ]]; then
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true
sudo systemctl restart sshd || true sudo systemctl restart sshd || true
else
echo "/etc/ssh/sshd_config missing; skipping SSH hardening"
fi fi
# enable fail2ban if installed # Fail2ban
if command_exists fail2ban-server; then if command_exists fail2ban-server; then
sudo systemctl enable --now fail2ban || true sudo systemctl enable --now fail2ban || true
fi fi
# rkhunter (if installed) # rkhunter
if command_exists rkhunter; then if command_exists rkhunter; then
sudo rkhunter --update || true sudo rkhunter --update || true
sudo rkhunter --propupd || true sudo rkhunter --propupd || true
fi fi
} }
# --- Main --- # -------------------------------------------------------------------
# Main dispatcher
# -------------------------------------------------------------------
case "$DISTRO_ID" in case "$DISTRO_ID" in
arch) arch|artix)
install_packages_arch install_packages_arch
;; ;;
ubuntu|debian) ubuntu|debian)
install_packages_ubuntu install_packages_ubuntu
;; ;;
*) *)
echo "Unsupported distro: $DISTRO_ID. Attempting Arch-like install by default." echo "⚠️ Unknown distro: $DISTRO_ID — defaulting to Arch-style setup."
install_packages_arch install_packages_arch
;; ;;
esac esac
@ -163,5 +169,5 @@ setup_rust
install_fonts install_fonts
setup_security setup_security
echo "Setup complete! You may need to log out/in or reboot for some changes (fonts, kernel, grub) to apply." echo "✅ Post-install setup complete. You may reboot or log out to apply font and shell changes."