janek
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
dotfiles/.config/yadm/bootstrap

87 lines
4.2 KiB
Plaintext
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Headings
section() { printf "\n$1\n"; }
highlight() { printf "$1\n"; }
## System
section "System"
highlight "Enable REISUB and increase watch limit for Intellij & co"
echo "kernel.sysrq=1" | sudo tee /etc/sysctl.d/60-sysrq.conf
echo "fs.inotify.max_user_watches=800000" | sudo tee /etc/sysctl.d/60-max-user-watches.conf
sudo sysctl --system
highlight "Default sudoers configuration"
echo "Defaults editor=/usr/bin/nvim" | sudo tee /etc/sudoers.d/editor
echo "Defaults timestamp_timeout=120" | sudo tee /etc/sudoers.d/timeout
highlight "password-free reboot"
echo "$USER ALL = NOPASSWD: /sbin/halt, /sbin/reboot, /usr/sbin/reboot, /sbin/poweroff, /usr/sbin/shutdown" | sudo tee /etc/sudoers.d/shutdown
highlight "Reduce system startup & shutdown timeout"
sudo mkdir -p /etc/systemd/system.conf.d /etc/systemd/user.conf.d
echo "[Manager]
DefaultTimeoutStartSec=5s
DefaultTimeoutStopSec=10s" | sudo tee /etc/systemd/system.conf.d/boot.conf /etc/systemd/user.conf.d/boot.conf
highlight "Default to current user in tty1,2,3"
sudo mkdir -p /etc/systemd/system/getty@tty1.service.d /etc/systemd/system/getty@tty2.service.d /etc/systemd/system/getty@tty3.service.d
echo "[Service]
ExecStart=
ExecStart=-/usr/bin/agetty --skip-login --login-options $USER %I" | sudo tee /etc/systemd/system/getty@tty1.service.d/override.conf /etc/systemd/system/getty@tty2.service.d/override.conf /etc/systemd/system/getty@tty3.service.d/override.conf
## Hardware
section 'Hardware'
highlight 'Stop logind from suspending laptop'
sudo sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
highlight "Fix Chrysalis for keyboardio"
# https://github.com/keyboardio/Chrysalis/wiki/Troubleshooting
if test ! -f /etc/udev/rules.d/keyboardio.rules; then
echo 'SUBSYSTEM=="tty", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="230[0-3]", SYMLINK+="model01", TAG+="seat", TAG+="uaccess", RUN+="'"$HOME/.local/bin/update-keyboard-layout\"" | sudo tee /etc/udev/rules.d/keyboardio.rules
sudo udevadm control -R
sudo udevadm trigger -v /dev/ttyACM0
#sudo systemctl disable ModemManager
fi
## Software
section "Software"
highlight "Configure pacman"
if test -f /etc/pacman.conf; then
sudo sed -i 's/#Color/Color/' /etc/pacman.conf
sudo sed -i "$(grep -n "\[multilib\]" /etc/pacman.conf | cut -d':' -f1),+1 s/# *//" /etc/pacman.conf
highlight "Reflector"
echo "--save /etc/pacman.d/mirrorlist
--protocol https
--country Germany
--latest 20
--sort rate" | sudo tee /etc/xdg/reflector/reflector.conf
sudo systemctl start reflector &
sudo systemctl enable reflector.timer
fi
highlight "Block internet at night & on weekdays in the morning to force focus"
# https://askubuntu.com/a/124512 and https://blog.sleeplessbeastie.eu/2018/06/21/how-to-create-iptables-firewall-using-custom-chains/
sudo iptables --new-chain chain-times 2>/dev/null || sudo iptables --flush chain-times
time9=$(date -u -d "$(date -d 09:00)" +%k)
# Always allow local connections - https://serverfault.com/a/550278
sudo iptables -A chain-times -m owner --uid-owner janek -d 192.168.1.0/24 -j ACCEPT
sudo iptables -A chain-times -m owner --uid-owner janek -d 127.0.0.0/8 -j ACCEPT
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --timestart $(date -u -d "$(date -d 22)" +%k):00 --timestop $time9:00
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $time9:20 --timestop $(expr $time9 + 1):00
sudo iptables -A chain-times -m owner --uid-owner janek -j DROP -m time --weekdays 1-5 --timestart $(expr $time9 + 1):20 --timestop $(expr $time9 + 2):00
sudo iptables -L OUTPUT | grep -q "^chain-times" || sudo iptables -A OUTPUT -j chain-times
sudo iptables-save | sudo tee /etc/iptables.rules
echo "@reboot root $(which iptables-restore) < /etc/iptables.rules" | sudo tee /etc/cron.d/iptables-times
highlight "Cron logging"
echo 'cron.* /var/log/cron.log' | sudo tee /etc/rsyslog.d/60-cron.conf
hasService=$(which service 2>/dev/null)
test "$hasService" && sudo service rsyslog restart || sudo systemctl restart rsyslog
highlight "Reload cron"
test "$hasService" && sudo service cron reload || sudo systemctl reload cronie
highlight "SSH Permissions"
chmod og= ~/.ssh -R
Reference in New Issue View Git Blame Copy Permalink