buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ud

Browse Source
This commit is contained in:
Nathan Buck
2025-10-28 14:30:57 -04:00
parent 68eb3eb56d
commit 539dd4a694
1 changed files with 74 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
setup
View File

@ -1,74 +1,85 @@
#!/usr/bin/env bash
set -euo pipefail
# Run as a regular user (script will use sudo for privileged operations)
# Usage: ./setup.sh
# -------------------------------------------------------------------
# Arch/Debian post-install setup script
# Purpose: install software, configure user environment, and apply
# security tweaks. Base system + networking handled separately.
# -------------------------------------------------------------------
# --- Basic detection ---
if [[ -f /etc/os-release ]]; then
. /etc/os-release
DISTRO_ID="${ID,,}" # lowercase
DISTRO_ID="${ID,,}"
else
echo "Cannot detect distribution (no /etc/os-release). Aborting."
echo "Cannot detect distribution (no /etc/os-release)"
exit 1
fi
# The non-root user invoking this script
UNAME="${SUDO_USER:-${USER:-$(whoami)}}"
if [[ -z "$UNAME" ]]; then
echo "Could not determine a non-root user. Run this as a normal user."
echo "Could not determine invoking user."
exit 1
fi
echo "Running as user: $UNAME (distro: $DISTRO_ID)"
echo "Running setup as: $UNAME on $DISTRO_ID"
# --- helper functions ---
# -------------------------------------------------------------------
# Utility helpers
# -------------------------------------------------------------------
command_exists() { command -v "$1" >/dev/null 2>&1; }
as_user() { sudo -H -u "$UNAME" bash -lc "$*"; }
# Run a command as the original non-root user
as_user() {
sudo -H -u "$UNAME" bash -lc "$*"
}
# --- Arch package installation ---
# -------------------------------------------------------------------
# Arch package installation
# -------------------------------------------------------------------
install_packages_arch() {
echo "Updating system and installing packages (Arch)..."
sudo pacman -Syu --noconfirm
echo "Updating system (Arch)..."
sudo pacman -Syu --noconfirm || true
# core packages (tweak list as you like)
PKGS=(
base-devel git cmake gcc neovim vim python-pip
xorg-server xorg-xinit xorg-xrandr xorg-xinput
openbox obconf
alacritty cmus flameshot pavucontrol
openbox obconf alacritty cmus flameshot pavucontrol
chromium thunderbird steam keepassxc
bluez bluez-tools blueman
dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sbctl sudo
)
sudo pacman -S --noconfirm "${PKGS[@]}"
echo "→ Installing available packages..."
AVAILABLE=()
for pkg in "${PKGS[@]}"; do
if pacman -Si "$pkg" &>/dev/null; then
AVAILABLE+=("$pkg")
else
echo "⚠️ Skipping missing package: $pkg"
fi
done
# Install yay (AUR helper) if missing (build as non-root user)
sudo pacman -S --noconfirm --needed "${AVAILABLE[@]}"
# Install yay if missing
if ! command_exists yay; then
echo "Installing yay (AUR helper)..."
# ensure base-devel present (already in PKGS)
TMP="/tmp/yay-build-$$"
rm -rf "$TMP"
git clone https://aur.archlinux.org/yay-bin.git "$TMP"
as_user "cd $TMP && makepkg -si --noconfirm"
rm -rf "$TMP"
else
echo "yay already installed"
echo "Installing yay (AUR helper)..."
TMPDIR="/tmp/yay-build.$$"
rm -rf "$TMPDIR"
git clone https://aur.archlinux.org/yay-bin.git "$TMPDIR"
as_user "cd $TMPDIR && makepkg -si --noconfirm || true"
rm -rf "$TMPDIR"
fi
# install some AUR packages (use yay, as non-root)
as_user "yay -S --noconfirm keybase-bin ckb-next"
# Optional AUR packages
if command_exists yay; then
echo "→ Installing AUR packages..."
as_user "yay -S --noconfirm --needed keybase-bin ckb-next || true"
fi
}
# --- Debian/Ubuntu package installation (if needed) ---
# -------------------------------------------------------------------
# Debian/Ubuntu package installation
# -------------------------------------------------------------------
install_packages_ubuntu() {
echo "Updating system and installing packages (Debian/Ubuntu)..."
echo "Updating system (Debian/Ubuntu)..."
sudo apt update && sudo apt upgrade -y
PKGS_DEB=(
@ -80,81 +91,76 @@ install_packages_ubuntu() {
dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sudo
)
sudo apt install -y "${PKGS_DEB[@]}"
echo "→ Installing packages..."
sudo apt install -y "${PKGS_DEB[@]}" || true
}
# --- Rust setup for the user ---
# -------------------------------------------------------------------
# Rust setup
# -------------------------------------------------------------------
setup_rust() {
if ! command_exists rustc; then
echo "Installing rustup for user $UNAME..."
echo "Installing rustup for $UNAME..."
as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
# source would be needed in new shell; we'll also add cargo to PATH for this session when running cargo installs
export PATH="/home/$UNAME/.cargo/bin:$PATH"
else
echo "rustc already installed"
echo "rustc already installed"
fi
if command_exists cargo; then
echo "Installing useful cargo binaries for $UNAME..."
# Install per-user via cargo (run as user)
echo "Installing cargo utilities..."
as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true"
fi
}
# --- Fonts installation (nerd fonts: user install) ---
# -------------------------------------------------------------------
# Fonts setup (optional)
# -------------------------------------------------------------------
install_fonts() {
echo "Installing Nerd Font (Hack) for user $UNAME..."
echo "Installing Nerd Font (Hack)..."
as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \
git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \
cd nerd-fonts-temp && ./install.sh Hack || true && cd ~ && rm -rf ~/.local/share/fonts/nerd-fonts-temp"
echo "Font install requested (may require logout/login to take effect)."
cd nerd-fonts-temp && ./install.sh Hack || true && \
cd .. && rm -rf nerd-fonts-temp"
}
# --- Security setup (optional, best-effort) ---
# -------------------------------------------------------------------
# Security hardening
# -------------------------------------------------------------------
setup_security() {
echo "Configuring basic security settings (best-effort)..."
echo "→ Applying basic security tweaks..."
# UFW (if present)
if command_exists ufw; then
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw --force enable
else
echo "ufw not installed; skipping UFW config"
fi
# SSH hardening (edit sshd_config safely)
# SSH
if [[ -f /etc/ssh/sshd_config ]]; then
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true
sudo systemctl restart sshd || true
else
echo "/etc/ssh/sshd_config missing; skipping SSH hardening"
fi
# enable fail2ban if installed
# Fail2ban
if command_exists fail2ban-server; then
sudo systemctl enable --now fail2ban || true
fi
# rkhunter (if installed)
# rkhunter
if command_exists rkhunter; then
sudo rkhunter --update || true
sudo rkhunter --propupd || true
fi
}
# --- Main ---
# -------------------------------------------------------------------
# Main dispatcher
# -------------------------------------------------------------------
case "$DISTRO_ID" in
arch)
arch|artix)
install_packages_arch
;;
ubuntu|debian)
install_packages_ubuntu
;;
*)
echo "Unsupported distro: $DISTRO_ID. Attempting Arch-like install by default."
echo "⚠️ Unknown distro: $DISTRO_ID — defaulting to Arch-style setup."
install_packages_arch
;;
esac
@ -163,5 +169,5 @@ setup_rust
install_fonts
setup_security
echo "Setup complete! You may need to log out/in or reboot for some changes (fonts, kernel, grub) to apply."
echo "✅ Post-install setup complete. You may reboot or log out to apply font and shell changes."