# Underline section() { printf "\n$1\n"; } highlight() { printf "$1\n"; } section "System" highlight "Enable REISUB and increase watch limit for Intellij & co" echo "kernel.sysrq=1" | sudo tee /etc/sysctl.d/60-sysrq.conf echo "fs.inotify.max_user_watches=800000" | sudo tee /etc/sysctl.d/60-max-user-watches.conf sudo sysctl --system highlight "Default sudoers configuration" echo "Defaults editor=/usr/bin/nvim" | sudo tee /etc/sudoers.d/editor echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout highlight "password-free reboot" echo "$USER ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /usr/sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown" | sudo tee /etc/sudoers.d/shutdown highlight "Reduce system startup & shutdown timeout" sudo mkdir -p /etc/systemd/system.conf.d /etc/systemd/user.conf.d echo "[Manager] DefaultTimeoutStartSec=5s DefaultTimeoutStopSec=10s" | sudo tee /etc/systemd/system.conf.d/boot.conf /etc/systemd/user.conf.d/boot.conf highlight "Default to current user in tty1,2,3" sudo mkdir -p /etc/systemd/system/getty@tty1.service.d /etc/systemd/system/getty@tty2.service.d /etc/systemd/system/getty@tty3.service.d echo "[Service] ExecStart= ExecStart=-/usr/bin/agetty --skip-login --login-options $USER %I" | sudo tee /etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty2.service.d/override.conf /etc/systemd/system/getty@tty3.service.d/override.conf ## Hardware section 'Hardware' highlight 'Stop logind from suspending laptop' sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf highlight "Fix Chrysalis for keyboardio" # https://github.com/keyboardio/Chrysalis/wiki/Troubleshooting if test ! -f /etc/udev/rules.d/keyboardio.rules; then echo 'SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="230[0-3]", SYMLINK+="model01", TAG+="seat", TAG+="uaccess", RUN+="'"$HOME/.local/bin/update-keyboard-layout\"" | sudo tee /etc/udev/rules.d/keyboardio.rules sudo udevadm control -R sudo udevadm trigger -v /dev/ttyACM0 #sudo systemctl disable ModemManager fi ## Software section "Software" highlight "Configure pacman" if test -f /etc/pacman.conf; then sudo sed -i 's/#Color/Color/' /etc/pacman.conf sudo sed -i "$(grep -n "\[multilib\]" /etc/pacman.conf | cut -d':' -f1),+1 s/# *//" /etc/pacman.conf highlight "Reflector" echo "--save /etc/pacman.d/mirrorlist --protocol https --country Germany --latest 20 --sort rate" | sudo tee /etc/xdg/reflector/reflector.conf sudo systemctl start reflector & sudo systemctl enable reflector.timer fi highlight "Block internet at night & on weekdays in the morning to force focus" # https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/ sudo iptables --new-chain chain-times 2>/dev/null || sudo iptables --flush chain-times time9=$(date -u -d "$(date -d 09:00)" +%k) # Always allow local connections - https://serverfault.com/a/550278 sudo iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT sudo iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --timestart $(date -u -d "$(date -d 22)" +%k):00 --timestop $time9:00 sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $time9:20 --timestop $(expr $time9 + 1):00 sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00 sudo iptables -L OUTPUT | grep -q "^chain-times" || sudo iptables -A OUTPUT -j chain-times sudo iptables-save | sudo tee /etc/iptables.rules echo "@reboot root $(which iptables-restore) < /etc/iptables.rules" | sudo tee /etc/cron.d/iptables-times highlight "Cron logging" echo 'cron.* /var/log/cron.log' | sudo tee /etc/rsyslog.d/60-cron.conf hasService=$(which service 2>/dev/null) test "$hasService" && sudo service rsyslog restart || sudo systemctl restart rsyslog highlight "Reload cron" test "$hasService" && sudo service cron reload || sudo systemctl reload cronie