buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ud

Browse Source
This commit is contained in:
Nathan Buck
2025-10-28 10:25:09 -04:00
parent 2ea64706cb
commit 68eb3eb56d
1 changed files with 126 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
setup
View File

@ -1,105 +1,167 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
# Detect distro # Run as a regular user (script will use sudo for privileged operations)
if [[ $(uname -a) == *"arch"* ]]; then # Usage: ./setup.sh
IS_ARCH=true
# --- Basic detection ---
if [[ -f /etc/os-release ]]; then
. /etc/os-release
DISTRO_ID="${ID,,}" # lowercase
else else
IS_ARCH=false echo "Cannot detect distribution (no /etc/os-release). Aborting."
exit 1
fi fi
# --- Helper Functions --- # The non-root user invoking this script
UNAME="${SUDO_USER:-${USER:-$(whoami)}}"
if [[ -z "$UNAME" ]]; then
echo "Could not determine a non-root user. Run this as a normal user."
exit 1
fi
echo "Running as user: $UNAME (distro: $DISTRO_ID)"
# --- helper functions ---
command_exists() { command -v "$1" >/dev/null 2>&1; }
# Run a command as the original non-root user
as_user() {
sudo -H -u "$UNAME" bash -lc "$*"
}
# --- Arch package installation ---
install_packages_arch() { install_packages_arch() {
sudo pacman -Sy --noconfirm echo "Updating system and installing packages (Arch)..."
sudo pacman -S --noconfirm base base-devel linux-hardened linux-hardened-headers \ sudo pacman -Syu --noconfirm
git cmake gcc neovim vim python3-pip \
openbox obconf xorg-server xorg-xinit xorg-xinput xorg-xrandr \ # core packages (tweak list as you like)
alacritty cmus flameshot pavucontrol \ PKGS=(
chromium thunderbird steam keepassxc \ base-devel git cmake gcc neovim vim python-pip
bluez bluez-tools blueman \ xorg-server xorg-xinit xorg-xrandr xorg-xinput
dmenu htop rsync unzip whois xclip xdotool xbindkeys \ openbox obconf
efibootmgr grub nmap lynis rkhunter sbctl alacritty cmus flameshot pavucontrol
# Yay for AUR packages chromium thunderbird steam keepassxc
if ! command -v yay >/dev/null; then bluez bluez-tools blueman
git clone https://aur.archlinux.org/yay-bin.git /tmp/yay dmenu htop rsync unzip whois xclip xdotool xbindkeys
cd /tmp/yay efibootmgr grub nmap lynis rkhunter sbctl sudo
makepkg -si --noconfirm )
sudo pacman -S --noconfirm "${PKGS[@]}"
# Install yay (AUR helper) if missing (build as non-root user)
if ! command_exists yay; then
echo "Installing yay (AUR helper)..."
# ensure base-devel present (already in PKGS)
TMP="/tmp/yay-build-$$"
rm -rf "$TMP"
git clone https://aur.archlinux.org/yay-bin.git "$TMP"
as_user "cd $TMP && makepkg -si --noconfirm"
rm -rf "$TMP"
else
echo "yay already installed"
fi fi
# Additional yay apps
yay -S --noconfirm keybase-bin ckb-next minecraft-launcher nvidia-dkms nvidia-settings # install some AUR packages (use yay, as non-root)
as_user "yay -S --noconfirm keybase-bin ckb-next"
} }
# --- Debian/Ubuntu package installation (if needed) ---
install_packages_ubuntu() { install_packages_ubuntu() {
echo "Updating system and installing packages (Debian/Ubuntu)..."
sudo apt update && sudo apt upgrade -y sudo apt update && sudo apt upgrade -y
sudo apt install -y build-essential git cmake gcc neovim vim python3-pip \
openbox obconf xorg xinit x11-xserver-utils \ PKGS_DEB=(
alacritty cmus flameshot pavucontrol \ build-essential git cmake gcc neovim vim python3-pip
chromium-browser thunderbird steam-installer keepassxc \ xorg openbox xinit x11-xserver-utils
bluez bluez-tools blueman \ alacritty cmus flameshot pavucontrol
dmenu htop rsync unzip whois xclip xdotool xbindkeys \ chromium-browser thunderbird steam-installer keepassxc
bluez bluez-tools blueman
dmenu htop rsync unzip whois xclip xdotool xbindkeys
efibootmgr grub nmap lynis rkhunter sudo efibootmgr grub nmap lynis rkhunter sudo
)
sudo apt install -y "${PKGS_DEB[@]}"
} }
# --- Rust Setup --- # --- Rust setup for the user ---
setup_rust() { setup_rust() {
if ! command -v rustc >/dev/null; then if ! command_exists rustc; then
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y echo "Installing rustup for user $UNAME..."
source $HOME/.cargo/env as_user "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"
# source would be needed in new shell; we'll also add cargo to PATH for this session when running cargo installs
export PATH="/home/$UNAME/.cargo/bin:$PATH"
else
echo "rustc already installed"
fi fi
# Cargo apps if command_exists cargo; then
cargo install --locked alacritty bat lsd rusty-man cargo-expand viu echo "Installing useful cargo binaries for $UNAME..."
# Install per-user via cargo (run as user)
as_user "PATH=~/.cargo/bin:\$PATH cargo install --locked bat lsd rusty-man cargo-expand viu || true"
fi
} }
# --- Fonts --- # --- Fonts installation (nerd fonts: user install) ---
install_fonts() { install_fonts() {
mkdir -p ~/bin/setup echo "Installing Nerd Font (Hack) for user $UNAME..."
cd ~/bin/setup as_user "mkdir -p ~/.local/share/fonts && cd ~/.local/share/fonts && \
if [[ ! -d nerd-fonts ]]; then git clone --depth=1 https://github.com/ryanoasis/nerd-fonts.git nerd-fonts-temp || true && \
git clone https://github.com/ryanoasis/nerd-fonts cd nerd-fonts-temp && ./install.sh Hack || true && cd ~ && rm -rf ~/.local/share/fonts/nerd-fonts-temp"
fi echo "Font install requested (may require logout/login to take effect)."
cd nerd-fonts
./install.sh Hack
cd ~
} }
# --- Security Setup --- # --- Security setup (optional, best-effort) ---
setup_security() { setup_security() {
# Firewall echo "Configuring basic security settings (best-effort)..."
if command -v ufw >/dev/null; then
# UFW (if present)
if command_exists ufw; then
sudo ufw default deny incoming sudo ufw default deny incoming
sudo ufw default allow outgoing sudo ufw default allow outgoing
sudo ufw allow ssh sudo ufw allow ssh
sudo ufw enable sudo ufw --force enable
else
echo "ufw not installed; skipping UFW config"
fi fi
# SSH hardening # SSH hardening (edit sshd_config safely)
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config if [[ -f /etc/ssh/sshd_config ]]; then
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config || true
sudo systemctl restart sshd sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config || true
sudo systemctl restart sshd || true
# Enable fail2ban if available else
if command -v fail2ban >/dev/null; then echo "/etc/ssh/sshd_config missing; skipping SSH hardening"
sudo systemctl enable --now fail2ban
fi fi
# Run rkhunter check # enable fail2ban if installed
if command -v rkhunter >/dev/null; then if command_exists fail2ban-server; then
sudo rkhunter --update sudo systemctl enable --now fail2ban || true
sudo rkhunter --propupd fi
# rkhunter (if installed)
if command_exists rkhunter; then
sudo rkhunter --update || true
sudo rkhunter --propupd || true
fi fi
} }
# --- Main --- # --- Main ---
if $IS_ARCH; then case "$DISTRO_ID" in
install_packages_arch arch)
else install_packages_arch
install_packages_ubuntu ;;
fi ubuntu|debian)
install_packages_ubuntu
;;
*)
echo "Unsupported distro: $DISTRO_ID. Attempting Arch-like install by default."
install_packages_arch
;;
esac
setup_rust setup_rust
install_fonts install_fonts
setup_security setup_security
echo "Setup complete! You may need to reboot for kernel or grub changes." echo "Setup complete! You may need to log out/in or reboot for some changes (fonts, kernel, grub) to apply."