buckn/setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2ea64706cbe348716b0d8061689685f972b07532
setup/setup
buckn 2ea64706cb hardened some stuff
2025-10-15 20:36:12 -04:00

106 lines
2.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
# Detect distro
if [[ $(uname -a) == *"arch"* ]]; then
IS_ARCH=true
else
IS_ARCH=false
fi
# --- Helper Functions ---
install_packages_arch() {
sudo pacman -Sy --noconfirm
sudo pacman -S --noconfirm base base-devel linux-hardened linux-hardened-headers \
git cmake gcc neovim vim python3-pip \
openbox obconf xorg-server xorg-xinit xorg-xinput xorg-xrandr \
alacritty cmus flameshot pavucontrol \
chromium thunderbird steam keepassxc \
bluez bluez-tools blueman \
dmenu htop rsync unzip whois xclip xdotool xbindkeys \
efibootmgr grub nmap lynis rkhunter sbctl
# Yay for AUR packages
if ! command -v yay >/dev/null; then
git clone https://aur.archlinux.org/yay-bin.git /tmp/yay
cd /tmp/yay
makepkg -si --noconfirm
fi
# Additional yay apps
yay -S --noconfirm keybase-bin ckb-next minecraft-launcher nvidia-dkms nvidia-settings
}
install_packages_ubuntu() {
sudo apt update && sudo apt upgrade -y
sudo apt install -y build-essential git cmake gcc neovim vim python3-pip \
openbox obconf xorg xinit x11-xserver-utils \
alacritty cmus flameshot pavucontrol \
chromium-browser thunderbird steam-installer keepassxc \
bluez bluez-tools blueman \
dmenu htop rsync unzip whois xclip xdotool xbindkeys \
efibootmgr grub nmap lynis rkhunter sudo
}
# --- Rust Setup ---
setup_rust() {
if ! command -v rustc >/dev/null; then
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
source $HOME/.cargo/env
fi
# Cargo apps
cargo install --locked alacritty bat lsd rusty-man cargo-expand viu
}
# --- Fonts ---
install_fonts() {
mkdir -p ~/bin/setup
cd ~/bin/setup
if [[ ! -d nerd-fonts ]]; then
git clone https://github.com/ryanoasis/nerd-fonts
fi
cd nerd-fonts
./install.sh Hack
cd ~
}
# --- Security Setup ---
setup_security() {
# Firewall
if command -v ufw >/dev/null; then
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
fi
# SSH hardening
sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo systemctl restart sshd
# Enable fail2ban if available
if command -v fail2ban >/dev/null; then
sudo systemctl enable --now fail2ban
fi
# Run rkhunter check
if command -v rkhunter >/dev/null; then
sudo rkhunter --update
sudo rkhunter --propupd
fi
}
# --- Main ---
if $IS_ARCH; then
install_packages_arch
else
install_packages_ubuntu
fi
setup_rust
install_fonts
setup_security
echo "Setup complete! You may need to reboot for kernel or grub changes."
Reference in New Issue View Git Blame Copy Permalink