2021-01-04 20:20:23 +00:00
|
|
|
|
# Headings
|
2020-10-23 20:15:25 +00:00
|
|
|
|
section() { printf "\n[1m[4m$1[0m\n"; }
|
|
|
|
|
highlight() { printf "[1m[3m$1[0m\n"; }
|
|
|
|
|
|
2021-01-04 20:20:23 +00:00
|
|
|
|
## System
|
2020-10-23 20:15:25 +00:00
|
|
|
|
section "System"
|
|
|
|
|
|
|
|
|
|
highlight "Enable REISUB and increase watch limit for Intellij & co"
|
2020-04-06 07:35:42 +00:00
|
|
|
|
echo "kernel.sysrq=1" | sudo tee /etc/sysctl.d/60-sysrq.conf
|
|
|
|
|
echo "fs.inotify.max_user_watches=800000" | sudo tee /etc/sysctl.d/60-max-user-watches.conf
|
|
|
|
|
sudo sysctl --system
|
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "Default sudoers configuration"
|
2020-04-06 07:35:42 +00:00
|
|
|
|
echo "Defaults editor=/usr/bin/nvim" | sudo tee /etc/sudoers.d/editor
|
2020-12-27 12:54:32 +00:00
|
|
|
|
echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "password-free reboot"
|
2020-11-13 12:34:30 +00:00
|
|
|
|
echo "$USER ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /usr/sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown" | sudo tee /etc/sudoers.d/shutdown
|
2020-10-14 12:17:02 +00:00
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "Reduce system startup & shutdown timeout"
|
|
|
|
|
sudo mkdir -p /etc/systemd/system.conf.d /etc/systemd/user.conf.d
|
2020-10-29 10:40:43 +00:00
|
|
|
|
echo "[Manager]
|
|
|
|
|
DefaultTimeoutStartSec=5s
|
2020-10-23 20:15:25 +00:00
|
|
|
|
DefaultTimeoutStopSec=10s" | sudo tee /etc/systemd/system.conf.d/boot.conf /etc/systemd/user.conf.d/boot.conf
|
|
|
|
|
|
|
|
|
|
highlight "Default to current user in tty1,2,3"
|
2020-10-16 10:26:56 +00:00
|
|
|
|
sudo mkdir -p /etc/systemd/system/getty@tty1.service.d /etc/systemd/system/getty@tty2.service.d /etc/systemd/system/getty@tty3.service.d
|
|
|
|
|
echo "[Service]
|
|
|
|
|
ExecStart=
|
|
|
|
|
ExecStart=-/usr/bin/agetty --skip-login --login-options $USER %I" | sudo tee /etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty2.service.d/override.conf /etc/systemd/system/getty@tty3.service.d/override.conf
|
2020-09-04 10:19:41 +00:00
|
|
|
|
|
|
|
|
|
## Hardware
|
2020-10-23 20:15:25 +00:00
|
|
|
|
section 'Hardware'
|
2020-04-06 07:35:42 +00:00
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight 'Stop logind from suspending laptop'
|
2020-04-06 07:35:42 +00:00
|
|
|
|
sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
|
2020-04-06 15:34:56 +00:00
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "Fix Chrysalis for keyboardio"
|
|
|
|
|
# https://github.com/keyboardio/Chrysalis/wiki/Troubleshooting
|
2020-09-04 10:19:41 +00:00
|
|
|
|
if test ! -f /etc/udev/rules.d/keyboardio.rules; then
|
2020-10-13 09:41:47 +00:00
|
|
|
|
echo 'SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="230[0-3]", SYMLINK+="model01", TAG+="seat", TAG+="uaccess", RUN+="'"$HOME/.local/bin/update-keyboard-layout\"" | sudo tee /etc/udev/rules.d/keyboardio.rules
|
2020-10-07 19:48:16 +00:00
|
|
|
|
sudo udevadm control -R
|
|
|
|
|
sudo udevadm trigger -v /dev/ttyACM0
|
|
|
|
|
#sudo systemctl disable ModemManager
|
2020-09-04 10:19:41 +00:00
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
## Software
|
2020-10-23 20:15:25 +00:00
|
|
|
|
section "Software"
|
2020-06-03 10:39:13 +00:00
|
|
|
|
|
2020-12-15 20:46:35 +00:00
|
|
|
|
highlight "Configure pacman"
|
|
|
|
|
if test -f /etc/pacman.conf; then
|
|
|
|
|
sudo sed -i 's/#Color/Color/' /etc/pacman.conf
|
|
|
|
|
sudo sed -i "$(grep -n "\[multilib\]" /etc/pacman.conf | cut -d':' -f1),+1 s/# *//" /etc/pacman.conf
|
|
|
|
|
highlight "Reflector"
|
|
|
|
|
echo "--save /etc/pacman.d/mirrorlist
|
|
|
|
|
--protocol https
|
|
|
|
|
--country Germany
|
|
|
|
|
--latest 20
|
|
|
|
|
--sort rate" | sudo tee /etc/xdg/reflector/reflector.conf
|
|
|
|
|
sudo systemctl start reflector &
|
|
|
|
|
sudo systemctl enable reflector.timer
|
|
|
|
|
fi
|
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "Block internet at night & on weekdays in the morning to force focus"
|
2020-09-04 10:19:41 +00:00
|
|
|
|
# https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
|
|
|
|
|
sudo iptables --new-chain chain-times 2>/dev/null || sudo iptables --flush chain-times
|
|
|
|
|
time9=$(date -u -d "$(date -d 09:00)" +%k)
|
2020-11-26 19:54:23 +00:00
|
|
|
|
# Always allow local connections - https://serverfault.com/a/550278
|
|
|
|
|
sudo iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT
|
|
|
|
|
sudo iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT
|
|
|
|
|
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --timestart $(date -u -d "$(date -d 22)" +%k):00 --timestop $time9:00
|
2020-09-04 10:19:41 +00:00
|
|
|
|
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $time9:20 --timestop $(expr $time9 + 1):00
|
|
|
|
|
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00
|
|
|
|
|
sudo iptables -L OUTPUT | grep -q "^chain-times" || sudo iptables -A OUTPUT -j chain-times
|
|
|
|
|
sudo iptables-save | sudo tee /etc/iptables.rules
|
|
|
|
|
echo "@reboot root $(which iptables-restore) < /etc/iptables.rules" | sudo tee /etc/cron.d/iptables-times
|
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "Cron logging"
|
2020-09-04 10:19:41 +00:00
|
|
|
|
echo 'cron.* /var/log/cron.log' | sudo tee /etc/rsyslog.d/60-cron.conf
|
2020-11-13 12:34:30 +00:00
|
|
|
|
hasService=$(which service 2>/dev/null)
|
|
|
|
|
test "$hasService" && sudo service rsyslog restart || sudo systemctl restart rsyslog
|
2020-09-04 10:19:41 +00:00
|
|
|
|
|
2020-10-23 20:15:25 +00:00
|
|
|
|
highlight "Reload cron"
|
2020-11-13 12:34:30 +00:00
|
|
|
|
test "$hasService" && sudo service cron reload || sudo systemctl reload cronie
|
2021-01-04 20:20:23 +00:00
|
|
|
|
|
|
|
|
|
highlight "SSH Permissions"
|
|
|
|
|
chmod og= ~/.ssh -R
|