83 lines
4.2 KiB
Plaintext
Executable File
83 lines
4.2 KiB
Plaintext
Executable File
# Underline
|
||
section() { printf "\n[1m[4m$1[0m\n"; }
|
||
highlight() { printf "[1m[3m$1[0m\n"; }
|
||
|
||
section "System"
|
||
|
||
highlight "Enable REISUB and increase watch limit for Intellij & co"
|
||
echo "kernel.sysrq=1" | sudo tee /etc/sysctl.d/60-sysrq.conf
|
||
echo "fs.inotify.max_user_watches=800000" | sudo tee /etc/sysctl.d/60-max-user-watches.conf
|
||
sudo sysctl --system
|
||
|
||
highlight "Default sudoers configuration"
|
||
echo "Defaults editor=/usr/bin/nvim" | sudo tee /etc/sudoers.d/editor
|
||
echo "Defaults timestamp_timeout=20" | sudo tee /etc/sudoers.d/timeout
|
||
highlight "password-free reboot"
|
||
echo "$USER ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /usr/sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown" | sudo tee /etc/sudoers.d/shutdown
|
||
|
||
highlight "Reduce system startup & shutdown timeout"
|
||
sudo mkdir -p /etc/systemd/system.conf.d /etc/systemd/user.conf.d
|
||
echo "[Manager]
|
||
DefaultTimeoutStartSec=5s
|
||
DefaultTimeoutStopSec=10s" | sudo tee /etc/systemd/system.conf.d/boot.conf /etc/systemd/user.conf.d/boot.conf
|
||
|
||
highlight "Default to current user in tty1,2,3"
|
||
sudo mkdir -p /etc/systemd/system/getty@tty1.service.d /etc/systemd/system/getty@tty2.service.d /etc/systemd/system/getty@tty3.service.d
|
||
echo "[Service]
|
||
ExecStart=
|
||
ExecStart=-/usr/bin/agetty --skip-login --login-options $USER %I" | sudo tee /etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty2.service.d/override.conf /etc/systemd/system/getty@tty3.service.d/override.conf
|
||
|
||
## Hardware
|
||
section 'Hardware'
|
||
|
||
highlight 'Stop logind from suspending laptop'
|
||
sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
|
||
|
||
highlight "Fix Chrysalis for keyboardio"
|
||
# https://github.com/keyboardio/Chrysalis/wiki/Troubleshooting
|
||
if test ! -f /etc/udev/rules.d/keyboardio.rules; then
|
||
echo 'SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="230[0-3]", SYMLINK+="model01", TAG+="seat", TAG+="uaccess", RUN+="'"$HOME/.local/bin/update-keyboard-layout\"" | sudo tee /etc/udev/rules.d/keyboardio.rules
|
||
sudo udevadm control -R
|
||
sudo udevadm trigger -v /dev/ttyACM0
|
||
#sudo systemctl disable ModemManager
|
||
fi
|
||
|
||
## Software
|
||
section "Software"
|
||
|
||
highlight "Configure pacman"
|
||
if test -f /etc/pacman.conf; then
|
||
sudo sed -i 's/#Color/Color/' /etc/pacman.conf
|
||
sudo sed -i "$(grep -n "\[multilib\]" /etc/pacman.conf | cut -d':' -f1),+1 s/# *//" /etc/pacman.conf
|
||
highlight "Reflector"
|
||
echo "--save /etc/pacman.d/mirrorlist
|
||
--protocol https
|
||
--country Germany
|
||
--latest 20
|
||
--sort rate" | sudo tee /etc/xdg/reflector/reflector.conf
|
||
sudo systemctl start reflector &
|
||
sudo systemctl enable reflector.timer
|
||
fi
|
||
|
||
highlight "Block internet at night & on weekdays in the morning to force focus"
|
||
# https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
|
||
sudo iptables --new-chain chain-times 2>/dev/null || sudo iptables --flush chain-times
|
||
time9=$(date -u -d "$(date -d 09:00)" +%k)
|
||
# Always allow local connections - https://serverfault.com/a/550278
|
||
sudo iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT
|
||
sudo iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT
|
||
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --timestart $(date -u -d "$(date -d 22)" +%k):00 --timestop $time9:00
|
||
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $time9:20 --timestop $(expr $time9 + 1):00
|
||
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00
|
||
sudo iptables -L OUTPUT | grep -q "^chain-times" || sudo iptables -A OUTPUT -j chain-times
|
||
sudo iptables-save | sudo tee /etc/iptables.rules
|
||
echo "@reboot root $(which iptables-restore) < /etc/iptables.rules" | sudo tee /etc/cron.d/iptables-times
|
||
|
||
highlight "Cron logging"
|
||
echo 'cron.* /var/log/cron.log' | sudo tee /etc/rsyslog.d/60-cron.conf
|
||
hasService=$(which service 2>/dev/null)
|
||
test "$hasService" && sudo service rsyslog restart || sudo systemctl restart rsyslog
|
||
|
||
highlight "Reload cron"
|
||
test "$hasService" && sudo service cron reload || sudo systemctl reload cronie
|