4.4 KiB
Executable File
4.4 KiB
Executable File
# Headings
section() { printf "\n$1\n"; }
highlight() { printf "$1\n"; }
## System
section "System"
highlight "Enable REISUB and increase watch limit for Intellij & co"
echo "kernel.sysrq=1" | sudo tee /etc/sysctl.d/60-sysrq.conf
echo "fs.inotify.max_user_watches=800000" | sudo tee /etc/sysctl.d/60-max-user-watches.conf
sudo sysctl --system
highlight "Default sudoers configuration"
echo "Defaults editor=/usr/bin/nvim" | sudo tee /etc/sudoers.d/editor
echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout
highlight "password-free reboot"
echo "$USER ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /usr/sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown" | sudo tee /etc/sudoers.d/shutdown
highlight "Reduce system startup & shutdown timeout"
sudo mkdir -p /etc/systemd/system.conf.d /etc/systemd/user.conf.d
echo "[Manager]
DefaultTimeoutStartSec=5s
DefaultTimeoutStopSec=10s" | sudo tee /etc/systemd/system.conf.d/boot.conf /etc/systemd/user.conf.d/boot.conf
highlight "Default to current user in tty1,2,3"
sudo mkdir -p /etc/systemd/system/getty@tty1.service.d /etc/systemd/system/getty@tty2.service.d /etc/systemd/system/getty@tty3.service.d
echo "[Service]
ExecStart=
ExecStart=-/usr/bin/agetty --skip-login --login-options $USER %I" | sudo tee /etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty2.service.d/override.conf /etc/systemd/system/getty@tty3.service.d/override.conf
highlight '/etc/locale.conf'
echo 'LANG=en_IE.UTF-8
LANGUAGE=en_IE.UTF-8
LC_ALL=en_IE.UTF-8
LC_MONETARY=de_DE.UTF-8
LC_COLLATE=C' | sudo tee /etc/locale.conf
## Hardware
section 'Hardware'
highlight 'Stop logind from suspending laptop'
sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
highlight "Fix Chrysalis for keyboardio"
# https://github.com/keyboardio/Chrysalis/wiki/Troubleshooting
if test ! -f /etc/udev/rules.d/keyboardio.rules; then
echo 'SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="230[0-3]", SYMLINK+="model01", TAG+="seat", TAG+="uaccess", RUN+="'"$HOME/.local/bin/update-keyboard-layout\"" | sudo tee /etc/udev/rules.d/keyboardio.rules
sudo udevadm control -R
sudo udevadm trigger -v /dev/ttyACM0
#sudo systemctl disable ModemManager
fi
## Software
section "Software"
highlight "Configure pacman"
if test -f /etc/pacman.conf; then
sudo sed -i 's/#Color/Color/' /etc/pacman.conf
sudo sed -i "$(grep -n "\[multilib\]" /etc/pacman.conf | cut -d':' -f1),+1 s/# *//" /etc/pacman.conf
highlight "Reflector"
echo "--save /etc/pacman.d/mirrorlist
--protocol https
--country Germany
--latest 20
--sort rate" | sudo tee /etc/xdg/reflector/reflector.conf
sudo systemctl start reflector &
sudo systemctl enable reflector.timer
fi
highlight "Block internet at night & on weekdays in the morning to force focus"
# https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
sudo iptables --new-chain chain-times 2>/dev/null || sudo iptables --flush chain-times
time9=$(date -u -d "$(date -d 09:00)" +%k)
# Always allow local connections - https://serverfault.com/a/550278
sudo iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --timestart $(date -u -d "$(date -d 22)" +%k):00 --timestop $time9:00
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $time9:20 --timestop $(expr $time9 + 1):00
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00
sudo iptables -L OUTPUT | grep -q "^chain-times" || sudo iptables -A OUTPUT -j chain-times
sudo iptables-save | sudo tee /etc/iptables.rules
echo "@reboot root $(which iptables-restore) < /etc/iptables.rules" | sudo tee /etc/cron.d/iptables-times
highlight "Cron logging"
echo 'cron.* /var/log/cron.log' | sudo tee /etc/rsyslog.d/60-cron.conf
hasService=$(which service 2>/dev/null)
test "$hasService" && sudo service rsyslog restart || sudo systemctl restart rsyslog
highlight "Reload cron"
test "$hasService" && sudo service cron reload || sudo systemctl reload cronie
highlight "SSH Permissions"
chmod og= ~/.ssh -R
section() { printf "\n$1\n"; }
highlight() { printf "$1\n"; }
## System
section "System"
highlight "Enable REISUB and increase watch limit for Intellij & co"
echo "kernel.sysrq=1" | sudo tee /etc/sysctl.d/60-sysrq.conf
echo "fs.inotify.max_user_watches=800000" | sudo tee /etc/sysctl.d/60-max-user-watches.conf
sudo sysctl --system
highlight "Default sudoers configuration"
echo "Defaults editor=/usr/bin/nvim" | sudo tee /etc/sudoers.d/editor
echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout
highlight "password-free reboot"
echo "$USER ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /usr/sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown" | sudo tee /etc/sudoers.d/shutdown
highlight "Reduce system startup & shutdown timeout"
sudo mkdir -p /etc/systemd/system.conf.d /etc/systemd/user.conf.d
echo "[Manager]
DefaultTimeoutStartSec=5s
DefaultTimeoutStopSec=10s" | sudo tee /etc/systemd/system.conf.d/boot.conf /etc/systemd/user.conf.d/boot.conf
highlight "Default to current user in tty1,2,3"
sudo mkdir -p /etc/systemd/system/getty@tty1.service.d /etc/systemd/system/getty@tty2.service.d /etc/systemd/system/getty@tty3.service.d
echo "[Service]
ExecStart=
ExecStart=-/usr/bin/agetty --skip-login --login-options $USER %I" | sudo tee /etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty2.service.d/override.conf /etc/systemd/system/getty@tty3.service.d/override.conf
highlight '/etc/locale.conf'
echo 'LANG=en_IE.UTF-8
LANGUAGE=en_IE.UTF-8
LC_ALL=en_IE.UTF-8
LC_MONETARY=de_DE.UTF-8
LC_COLLATE=C' | sudo tee /etc/locale.conf
## Hardware
section 'Hardware'
highlight 'Stop logind from suspending laptop'
sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
highlight "Fix Chrysalis for keyboardio"
# https://github.com/keyboardio/Chrysalis/wiki/Troubleshooting
if test ! -f /etc/udev/rules.d/keyboardio.rules; then
echo 'SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="230[0-3]", SYMLINK+="model01", TAG+="seat", TAG+="uaccess", RUN+="'"$HOME/.local/bin/update-keyboard-layout\"" | sudo tee /etc/udev/rules.d/keyboardio.rules
sudo udevadm control -R
sudo udevadm trigger -v /dev/ttyACM0
#sudo systemctl disable ModemManager
fi
## Software
section "Software"
highlight "Configure pacman"
if test -f /etc/pacman.conf; then
sudo sed -i 's/#Color/Color/' /etc/pacman.conf
sudo sed -i "$(grep -n "\[multilib\]" /etc/pacman.conf | cut -d':' -f1),+1 s/# *//" /etc/pacman.conf
highlight "Reflector"
echo "--save /etc/pacman.d/mirrorlist
--protocol https
--country Germany
--latest 20
--sort rate" | sudo tee /etc/xdg/reflector/reflector.conf
sudo systemctl start reflector &
sudo systemctl enable reflector.timer
fi
highlight "Block internet at night & on weekdays in the morning to force focus"
# https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
sudo iptables --new-chain chain-times 2>/dev/null || sudo iptables --flush chain-times
time9=$(date -u -d "$(date -d 09:00)" +%k)
# Always allow local connections - https://serverfault.com/a/550278
sudo iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --timestart $(date -u -d "$(date -d 22)" +%k):00 --timestop $time9:00
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $time9:20 --timestop $(expr $time9 + 1):00
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00
sudo iptables -L OUTPUT | grep -q "^chain-times" || sudo iptables -A OUTPUT -j chain-times
sudo iptables-save | sudo tee /etc/iptables.rules
echo "@reboot root $(which iptables-restore) < /etc/iptables.rules" | sudo tee /etc/cron.d/iptables-times
highlight "Cron logging"
echo 'cron.* /var/log/cron.log' | sudo tee /etc/rsyslog.d/60-cron.conf
hasService=$(which service 2>/dev/null)
test "$hasService" && sudo service rsyslog restart || sudo systemctl restart rsyslog
highlight "Reload cron"
test "$hasService" && sudo service cron reload || sudo systemctl reload cronie
highlight "SSH Permissions"
chmod og= ~/.ssh -R