buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ud

Browse Source
This commit is contained in:
Nathan Buck
2025-10-28 14:58:10 -04:00
parent 539dd4a694
commit 5e807f4fcc
1 changed files with 61 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
setup
View File

@ -1,173 +1,137 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
# ------------------------------------------------------------------- # --- privilege keepalive ---
# Arch/Debian post-install setup script # prompt once for sudo and keep alive in background
# Purpose: install software, configure user environment, and apply if ! sudo -v; then
# security tweaks. Base system + networking handled separately. echo "❌ sudo access required. aborting."
# ------------------------------------------------------------------- exit 1
fi
# keep sudo alive until script ends
while true; do sudo -n true; sleep 30; kill -0 "$$" || exit; done 2>/dev/null &
# --- distro detection ---
if [[ -f /etc/os-release ]]; then if [[ -f /etc/os-release ]]; then
. /etc/os-release . /etc/os-release
DISTRO_ID="${ID,,}" DISTRO_ID="${ID,,}"
else else
echo "Cannot detect distribution (no /etc/os-release)" echo "cannot detect distribution. aborting."
exit 1 exit 1
fi fi
UNAME="${SUDO_USER:-${USER:-$(whoami)}}" UNAME="${SUDO_USER:-${USER:-$(whoami)}}"
if [[ -z "$UNAME" ]]; then if [[ -z "$UNAME" ]]; then
echo "Could not determine invoking user." echo "cannot determine non-root user. aborting."
exit 1 exit 1
fi fi
echo "Running setup as: $UNAME on $DISTRO_ID" echo "⚙️ running as user: $UNAME (distro: $DISTRO_ID)"
# ------------------------------------------------------------------- # --- helpers ---
# Utility helpers
# -------------------------------------------------------------------
command_exists() { command -v "$1" >/dev/null 2>&1; } command_exists() { command -v "$1" >/dev/null 2>&1; }
as_user() { sudo -H -u "$UNAME" bash -lc "$*"; } as_user() { sudo -H -u "$UNAME" bash -lc "$*"; }
# ------------------------------------------------------------------- # --- arch package install ---
# Arch package installation
# -------------------------------------------------------------------
install_packages_arch() { install_packages_arch() {
echo "→ Updating system (Arch)..." echo "📦 installing base packages..."
sudo pacman -Syu --noconfirm || true sudo pacman -Syu --noconfirm
PKGS=( local PKGS=(
base-devel git cmake gcc neovim vim python-pip base-devel git cmake gcc neovim vim python-pip
xorg-server xorg-xinit xorg-xrandr xorg-xinput xorg-server xorg-xinit xorg-xrandr xorg-xinput
openbox obconf alacritty cmus flameshot pavucontrol openbox obconf
alacritty cmus flameshot pavucontrol
chromium thunderbird steam keepassxc chromium thunderbird steam keepassxc
bluez bluez-tools blueman bluez bluez-tools blueman
dmenu htop rsync unzip whois xclip xdotool xbindkeys dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sbctl sudo efibootmgr grub nmap lynis rkhunter sbctl sudo
) )
sudo pacman -S --noconfirm "${PKGS[@]}"
echo "→ Installing available packages..." # yay
AVAILABLE=()
for pkg in "${PKGS[@]}"; do
if pacman -Si "$pkg" &>/dev/null; then
AVAILABLE+=("$pkg")
else
echo "⚠️ Skipping missing package: $pkg"
fi
done
sudo pacman -S --noconfirm --needed "${AVAILABLE[@]}"
# Install yay if missing
if ! command_exists yay; then if ! command_exists yay; then
echo "→ Installing yay (AUR helper)..." echo "📦 installing yay..."
TMPDIR="/tmp/yay-build.$$" TMP=$(mktemp -d)
rm -rf "$TMPDIR" git clone https://aur.archlinux.org/yay-bin.git "$TMP"
git clone https://aur.archlinux.org/yay-bin.git "$TMPDIR" as_user "cd $TMP && makepkg -si --noconfirm"
as_user "cd $TMPDIR && makepkg -si --noconfirm || true" rm -rf "$TMP"
rm -rf "$TMPDIR"
fi fi
# Optional AUR packages as_user "yay -S --noconfirm keybase-bin ckb-next"
if command_exists yay; then
echo "→ Installing AUR packages..."
as_user "yay -S --noconfirm --needed keybase-bin ckb-next || true"
fi
} }
# ------------------------------------------------------------------- # --- ubuntu/debian ---
# Debian/Ubuntu package installation
# -------------------------------------------------------------------
install_packages_ubuntu() { install_packages_ubuntu() {
echo "→ Updating system (Debian/Ubuntu)..." echo "📦 installing packages (debian/ubuntu)..."
sudo apt update && sudo apt upgrade -y sudo apt update && sudo apt upgrade -y
sudo apt install -y \
PKGS_DEB=( build-essential git cmake gcc neovim vim python3-pip \
build-essential git cmake gcc neovim vim python3-pip xorg openbox xinit x11-xserver-utils \
xorg openbox xinit x11-xserver-utils alacritty cmus flameshot pavucontrol \
alacritty cmus flameshot pavucontrol chromium-browser thunderbird steam-installer keepassxc \
chromium-browser thunderbird steam-installer keepassxc bluez bluez-tools blueman \
bluez bluez-tools blueman dmenu htop rsync unzip whois xclip xdotool xbindkeys \
dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sudo efibootmgr grub nmap lynis rkhunter sudo
)
echo "→ Installing packages..."
sudo apt install -y "${PKGS_DEB[@]}" || true
} }
# ------------------------------------------------------------------- # --- rust setup ---
# Rust setup
# -------------------------------------------------------------------
setup_rust() { setup_rust() {
if ! command_exists rustc; then if ! command_exists rustc; then
echo "→ Installing rustup for $UNAME..." echo "🦀 installing rustup for $UNAME..."
as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
else
echo "✓ rustc already installed"
fi
if command_exists cargo; then
echo "→ Installing cargo utilities..."
as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true"
fi fi
as_user "source ~/.cargo/env && cargo install --locked bat lsd rusty-man cargo-expand viu || true"
} }
# ------------------------------------------------------------------- # --- fonts ---
# Fonts setup (optional)
# -------------------------------------------------------------------
install_fonts() { install_fonts() {
echo "→ Installing Nerd Font (Hack)..." echo "🔤 installing Hack Nerd Font..."
as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \ as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \
git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \ git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nf-temp && \
cd nerd-fonts-temp && ./install.sh Hack || true && \ cd nf-temp && ./install.sh Hack && cd .. && rm -rf nf-temp"
cd .. && rm -rf nerd-fonts-temp"
} }
# ------------------------------------------------------------------- # --- security setup ---
# Security hardening
# -------------------------------------------------------------------
setup_security() { setup_security() {
echo "→ Applying basic security tweaks..." echo "🔐 configuring security..."
if command_exists ufw; then
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw --force enable
fi
# SSH
if [[ -f /etc/ssh/sshd_config ]]; then if [[ -f /etc/ssh/sshd_config ]]; then
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd || true sudo systemctl restart sshd || true
fi fi
# Fail2ban
if command_exists fail2ban-server; then if command_exists fail2ban-server; then
sudo systemctl enable --now fail2ban || true sudo systemctl enable --now fail2ban || true
fi fi
# rkhunter
if command_exists rkhunter; then if command_exists rkhunter; then
sudo rkhunter --update || true sudo rkhunter --update || true
sudo rkhunter --propupd || true sudo rkhunter --propupd || true
fi fi
} }
# ------------------------------------------------------------------- # --- main flow ---
# Main dispatcher
# -------------------------------------------------------------------
case "$DISTRO_ID" in case "$DISTRO_ID" in
arch|artix) arch)
install_packages_arch install_packages_arch ;;
;;
ubuntu|debian) ubuntu|debian)
install_packages_ubuntu install_packages_ubuntu ;;
;;
*) *)
echo "⚠️ Unknown distro: $DISTRO_ID — defaulting to Arch-style setup." echo "unsupported distro: $DISTRO_ID"
install_packages_arch exit 1 ;;
;;
esac esac
setup_rust setup_rust
install_fonts install_fonts
setup_security setup_security
echo "✅ Post-install setup complete. You may reboot or log out to apply font and shell changes." echo "✅ setup complete! (sudo kept alive for duration)"