buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ud

Browse Source
This commit is contained in:
Nathan Buck
2025-10-28 14:58:10 -04:00
parent 539dd4a694
commit 5e807f4fcc
1 changed files with 61 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
setup
View File

@ -1,173 +1,137 @@
#!/usr/bin/env bash
set -euo pipefail
# -------------------------------------------------------------------
# Arch/Debian post-install setup script
# Purpose: install software, configure user environment, and apply
# security tweaks. Base system + networking handled separately.
# -------------------------------------------------------------------
# --- privilege keepalive ---
# prompt once for sudo and keep alive in background
if ! sudo -v; then
echo "❌ sudo access required. aborting."
exit 1
fi
# keep sudo alive until script ends
while true; do sudo -n true; sleep 30; kill -0 "$$" || exit; done 2>/dev/null &
# --- distro detection ---
if [[ -f /etc/os-release ]]; then
. /etc/os-release
DISTRO_ID="${ID,,}"
else
echo "Cannot detect distribution (no /etc/os-release)"
echo "cannot detect distribution. aborting."
exit 1
fi
UNAME="${SUDO_USER:-${USER:-$(whoami)}}"
if [[ -z "$UNAME" ]]; then
echo "Could not determine invoking user."
echo "cannot determine non-root user. aborting."
exit 1
fi
echo "Running setup as: $UNAME on $DISTRO_ID"
echo "⚙️ running as user: $UNAME (distro: $DISTRO_ID)"
# -------------------------------------------------------------------
# Utility helpers
# -------------------------------------------------------------------
# --- helpers ---
command_exists() { command -v "$1" >/dev/null 2>&1; }
as_user() { sudo -H -u "$UNAME" bash -lc "$*"; }
# -------------------------------------------------------------------
# Arch package installation
# -------------------------------------------------------------------
# --- arch package install ---
install_packages_arch() {
echo "→ Updating system (Arch)..."
sudo pacman -Syu --noconfirm || true
echo "📦 installing base packages..."
sudo pacman -Syu --noconfirm
PKGS=(
local PKGS=(
base-devel git cmake gcc neovim vim python-pip
xorg-server xorg-xinit xorg-xrandr xorg-xinput
openbox obconf alacritty cmus flameshot pavucontrol
openbox obconf
alacritty cmus flameshot pavucontrol
chromium thunderbird steam keepassxc
bluez bluez-tools blueman
dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sbctl sudo
)
sudo pacman -S --noconfirm "${PKGS[@]}"
echo "→ Installing available packages..."
AVAILABLE=()
for pkg in "${PKGS[@]}"; do
if pacman -Si "$pkg" &>/dev/null; then
AVAILABLE+=("$pkg")
else
echo "⚠️ Skipping missing package: $pkg"
fi
done
sudo pacman -S --noconfirm --needed "${AVAILABLE[@]}"
# Install yay if missing
# yay
if ! command_exists yay; then
echo "→ Installing yay (AUR helper)..."
TMPDIR="/tmp/yay-build.$$"
rm -rf "$TMPDIR"
git clone https://aur.archlinux.org/yay-bin.git "$TMPDIR"
as_user "cd $TMPDIR && makepkg -si --noconfirm || true"
rm -rf "$TMPDIR"
echo "📦 installing yay..."
TMP=$(mktemp -d)
git clone https://aur.archlinux.org/yay-bin.git "$TMP"
as_user "cd $TMP && makepkg -si --noconfirm"
rm -rf "$TMP"
fi
# Optional AUR packages
if command_exists yay; then
echo "→ Installing AUR packages..."
as_user "yay -S --noconfirm --needed keybase-bin ckb-next || true"
fi
as_user "yay -S --noconfirm keybase-bin ckb-next"
}
# -------------------------------------------------------------------
# Debian/Ubuntu package installation
# -------------------------------------------------------------------
# --- ubuntu/debian ---
install_packages_ubuntu() {
echo "→ Updating system (Debian/Ubuntu)..."
echo "📦 installing packages (debian/ubuntu)..."
sudo apt update && sudo apt upgrade -y
PKGS_DEB=(
build-essential git cmake gcc neovim vim python3-pip
xorg openbox xinit x11-xserver-utils
alacritty cmus flameshot pavucontrol
chromium-browser thunderbird steam-installer keepassxc
bluez bluez-tools blueman
dmenu htop rsync unzip whois xclip xdotool xbindkeys
sudo apt install -y \
build-essential git cmake gcc neovim vim python3-pip \
xorg openbox xinit x11-xserver-utils \
alacritty cmus flameshot pavucontrol \
chromium-browser thunderbird steam-installer keepassxc \
bluez bluez-tools blueman \
dmenu htop rsync unzip whois xclip xdotool xbindkeys \
efibootmgr grub nmap lynis rkhunter sudo
)
echo "→ Installing packages..."
sudo apt install -y "${PKGS_DEB[@]}" || true
}
# -------------------------------------------------------------------
# Rust setup
# -------------------------------------------------------------------
# --- rust setup ---
setup_rust() {
if ! command_exists rustc; then
echo "→ Installing rustup for $UNAME..."
echo "🦀 installing rustup for $UNAME..."
as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
else
echo "✓ rustc already installed"
fi
if command_exists cargo; then
echo "→ Installing cargo utilities..."
as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true"
fi
as_user "source ~/.cargo/env && cargo install --locked bat lsd rusty-man cargo-expand viu || true"
}
# -------------------------------------------------------------------
# Fonts setup (optional)
# -------------------------------------------------------------------
# --- fonts ---
install_fonts() {
echo "→ Installing Nerd Font (Hack)..."
echo "🔤 installing Hack Nerd Font..."
as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \
git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \
cd nerd-fonts-temp && ./install.sh Hack || true && \
cd .. && rm -rf nerd-fonts-temp"
git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nf-temp && \
cd nf-temp && ./install.sh Hack && cd .. && rm -rf nf-temp"
}
# -------------------------------------------------------------------
# Security hardening
# -------------------------------------------------------------------
# --- security setup ---
setup_security() {
echo "→ Applying basic security tweaks..."
echo "🔐 configuring security..."
if command_exists ufw; then
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw --force enable
fi
# SSH
if [[ -f /etc/ssh/sshd_config ]]; then
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd || true
fi
# Fail2ban
if command_exists fail2ban-server; then
sudo systemctl enable --now fail2ban || true
fi
# rkhunter
if command_exists rkhunter; then
sudo rkhunter --update || true
sudo rkhunter --propupd || true
fi
}
# -------------------------------------------------------------------
# Main dispatcher
# -------------------------------------------------------------------
# --- main flow ---
case "$DISTRO_ID" in
arch|artix)
install_packages_arch
;;
arch)
install_packages_arch ;;
ubuntu|debian)
install_packages_ubuntu
;;
install_packages_ubuntu ;;
*)
echo "⚠️ Unknown distro: $DISTRO_ID — defaulting to Arch-style setup."
install_packages_arch
;;
echo "unsupported distro: $DISTRO_ID"
exit 1 ;;
esac
setup_rust
install_fonts
setup_security
echo "✅ Post-install setup complete. You may reboot or log out to apply font and shell changes."
echo "✅ setup complete! (sudo kept alive for duration)"