-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
428 lines (350 loc) · 14 KB
/
Copy pathinstall.sh
File metadata and controls
428 lines (350 loc) · 14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
#!/bin/bash
set -x
# log all commands
exec > >(tee -a "output.log") 2>&1
# Query first disk, ssd, and select third partition
#MAIN_DISK=$(lsblk -ndo NAME,TYPE | grep 'disk' | grep -vE 'loop|rom' | head -n1)
#if [[ "$MAIN_DISK" == nvme* ]]; then
# PARTITION="/dev/${MAIN_DISK}p3"
#else
# PARTITION="/dev/${MAIN_DISK}3"
#fi
apt update && apt upgrade -y && apt install -y sudo curl
usermod -aG sudo shyciii
# Add contrib, non-free
apt install -y software-properties-common
apt-add-repository -y contrib non-free non-free-firmware
# Enable backports for libheif1
echo "deb http://deb.debian.org/debian trixie-backports main" | tee -a /etc/apt/sources.list
apt update
# Sound and bluetooth
apt install -y pulseaudio pavucontrol
#apt install -y pipewire-audio pipewire-pulse wireplumber
# Window management software and add-ons
apt install -y i3lock xautolock xclip rofi dunst libnotify-bin sxhkd polybar acpi yad xdo
# Fonts
apt install -y fonts-font-awesome fonts-dejavu ttf-mscorefonts-installer
# File manager add-ons
apt install -y unrar-free libfuse3-3 ifuse sshfs mediainfo zip unzip zstd 7zip poppler-utils ffmpegthumbnailer xlsx2csv bat catdoc docx2txt jq libimage-exiftool-perl w3m feh
# Other programs
apt install -y imagemagick libreoffice libreoffice-l10n-hu transmission-gtk gnome-calculator mpv rsync grsync btop inxi ffmpeg ncdu zoxide fastfetch fd-find
# For compiles
apt install -y libxft-dev build-essential cmake make pkg-config fontconfig libxinerama-dev libxcb-res0 libimlib2-dev libdbus-1-dev libx11-xcb-dev libxcb-res0-dev libyajl-dev libevent-dev bison ncurses-dev libcurl3-nss libxcb-util-dev libxcb-icccm4-dev libxcb-keysyms1-dev libxcb-ewmh-dev libxcb-randr0-dev libxcb-cursor-dev libxcb-xinerama0-dev automake
# Others
apt install -y apt-file testdisk duf tealdeer ripgrep xdotool pmount freerdp2-x11 libsecret-tools wmctrl cuetools shntool flac maim eza psmisc dbus-x11 gnome-keyring policykit-1-gnome light heif-gdk-pixbuf bc x11-apps
apt-file update
# Install LocalSend
wget https://github.com/localsend/localsend/releases/download/v1.17.0/LocalSend-1.17.0-linux-x86-64.deb
apt install -y ./LocalSend-1.17.0-linux-x86-64.deb
rm -rfv LocalSend-1.17.0-linux-x86-64.deb
# For Android
# apt install -y adb fastboot
# Install Chrome Browser
cat <<'EOF' > /etc/apt/sources.list.d/google-chrome.list
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
EOF
wget -O- https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/google.gpg
apt update
apt install -y google-chrome-stable
# Mount Data partition and privilege settings
mkdir -p /home/Data
chmod 744 /home/Data
chown shyciii:users /home/Data
#mount "$PARTITION"
# Modify fstab
sed -i 's/errors=remount-ro/defaults,relatime/g' /etc/fstab
sed -i 's/home\/Data ext4 defaults/home\/Data ext4 defaults,relatime/g' /etc/fstab
#echo "$PARTITION /home/Data ext4 defaults,relatime 0 2" >> /etc/fstab
# Modify grub timeout
sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=2/g' /etc/default/grub
sed -i 's/quiet/loglevel=3/g' /etc/default/grub
update-grub
# Create and set swap file
dd if=/dev/zero of=/swapfile bs=1M count=2048 status=progress
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile none swap sw 0 0" >> /etc/fstab
# Enable BBR network congestion
echo "net.core.default_qdisc = fq" >> /etc/sysctl.d/local.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.d/local.conf
# Other sysctl config
echo "net.core.rmem_max=4194304" >> /etc/sysctl.d/local.conf
echo "net.core.wmem_max=1048576" >> /etc/sysctl.d/local.conf
echo "vm.swappiness=10" >> /etc/sysctl.d/local.conf
echo "vm.vfs_cache_pressure=75" >> /etc/sysctl.d/local.conf
echo "kernel.nmi_watchdog=0" >> /etc/sysctl.d/local.conf
echo "vm.dirty_ratio=5" >> /etc/sysctl.d/local.conf
echo "vm.dirty_background_ratio=3" >> /etc/sysctl.d/local.conf
echo "vm.min_free_kbytes=41943" >> /etc/sysctl.d/local.conf
# Video drivers + graphical interface + keyboard + mouse + Intel processor addons
apt install -y xorg xserver-xorg-video-intel xserver-xorg-core xserver-xorg-input-synaptics xserver-xorg-input-mouse xserver-xorg-input-libinput xserver-xorg-input-kbd xinit xfonts-encodings intel-media-va-driver-non-free
# Intel driver settings
#cat <<'EOF' > /etc/X11/xorg.conf.d/20-intel.conf
#Section "Device"
# Identifier "Intel Graphics"
# Driver "intel"
# Option "TearFree" "true"
# Option "TripleBuffer" "true"
#EndSection
#EOF
# change log settings
echo "MaxRetentionSec=15day" >> /etc/systemd/journald.conf
# Set notebook's touchpad functions
cat <<'EOF' > /etc/X11/xorg.conf.d/40-libinput.conf
Section "InputClass"
Identifier "libinput pointer catchall"
MatchIsPointer "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
EndSection
Section "InputClass"
Identifier "libinput keyboard catchall"
MatchIsKeyboard "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
EndSection
Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
Option "Tapping" "on"
Option "TappingButtonMap" "lmr"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
EndSection
Section "InputClass"
Identifier "libinput touchscreen catchall"
MatchIsTouchscreen "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
EndSection
Section "InputClass"
Identifier "libinput tablet catchall"
MatchIsTablet "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
EndSection
EOF
# Set timeout
sed -i 's/#DefaultTimeoutStopSec=90s/DefaultTimeoutStopSec=5s/' /etc/systemd/system.conf
# Set notebook's lid settings
sed -i 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/' /etc/systemd/logind.conf
sed -i 's/#HandleLidSwitchExternalPower=suspend/HandleLidSwitchExternalPower=ignore/' /etc/systemd/logind.conf
sed -i 's/#HandleLidSwitchDocked=ignore/HandleLidSwitchDocked=ignore/' /etc/systemd/logind.conf
# Lock screen after sleep
cat <<'EOF' > /etc/systemd/system/suspend@.service
[Unit]
Description=User suspend actions
Before=sleep.target
[Service]
User=shyciii
Type=oneshot
RemainAfterExit=yes
Environment=DISPLAY=:0
ExecStart=/bin/sh -c '/usr/bin/i3lock --color=000000 -i ~/Pictures/Meghan.png'
[Install]
WantedBy=sleep.target
EOF
systemctl daemon-reload
systemctl enable --now suspend@service
# Disable services
systemctl mask suspend-then-hibernate.target hibernate.target hybrid-sleep.target
# Install Fastfetch
#wget https://github.com/fastfetch-cli/fastfetch/releases/download/2.46.0/fastfetch-linux-amd64.deb
#apt install -y ./fastfetch-linux-amd64.deb
#rm -rfv fastfetch-linux-amd64.deb
# Install Oh-my-posh
curl -s https://ohmyposh.dev/install.sh | bash -s -- -d /usr/local/bin
# Install yazi file manager
#wget https://github.com/sxyazi/yazi/releases/download/nightly/yazi-x86_64-unknown-linux-musl.zip
#unzip yazi-x86_64-unknown-linux-musl.zip -d /usr/local/bin/
#rm -v yazi-x86_64-unknown-linux-musl.zip
#mv -v /usr/local/bin/yazi-x86_64-unknown-linux-musl/yazi /usr/local/bin/yazi-x86_64-unknown-linux-musl/ya /usr/local/bin/
#rm -rfv /usr/local/bin/yazi-x86_64-unknown-linux-musl/
#ya pack -a yazi-rs/plugins#full-border
#ya pack -a yazi-rs/plugins#chmod
#ya pack -a yazi-rs/plugins#hide-preview
#ya pack -a yazi-rs/plugins#max-preview
#ya pack -a yazi-rs/plugins#smart-filter
#ya pack -a yazi-rs/plugins#jump-to-char
#ya pack -a dawsers/dual-pane
#ya pack -a dawsers/fuse-archive
#ya pack -a KKV9/compress
#ya pack -a TD-Sky/sudo
#xdg-mime default yazi.desktop inode/directory
# Automount for USB drives
cd /home/Data/Linux/Compile/automount-usb
bash configure.sh
cd -
# Eligibility for a regular user when attaching a fusemount
sed -i 's/#user_allow_other/user_allow_other/' /etc/fuse.conf
# Firewall configuration
cat <<'EOF' > /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# accept any localhost traffic
iif lo accept
# Drop invalid connections
ct state invalid drop
# accept traffic originated from us
ct state { established, related } accept
# accept neighbour discovery otherwise IPv6 connectivity breaks
icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
# SMB
#ip saddr 192.168.0.0/24 tcp dport { 139, 445 } ct state new accept
#ip saddr 192.168.0.0/24 udp dport { 137, 138 } ct state new accept
# Localsend
ip saddr 192.168.0.0/24 tcp dport 53317 ct state new accept
# Torrent
ip daddr 192.168.0.0/24 tcp dport 51413 ct state new accept
ip daddr 192.168.0.0/24 udp dport 51413 ct state new accept
}
chain forward {
type filter hook forward priority 0; policy drop;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
EOF
systemctl enable --now nftables.service
# Restore own config files
tar -xvf /home/Data/Linux/Backup/home_backup_debian.tar.zst --directory /home/shyciii
chown -R shyciii:users /home/shyciii/
cp -vr /home/shyciii/.config/lf /root/.config/
cp -vr /home/shyciii/.config/micro /root/.config/
cp -vr /home/shyciii/usr/local/bin/* /usr/local/bin
rm -rfv /home/shyciii/usr
# Set default terminal emulator
#update-alternatives --install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/local/bin/st 100
update-alternatives --install /usr/bin/x-terminal-emulator x-terminal-emulator /usr/local/bin/alacritty 100
# Set default text editor
update-alternatives --install /usr/bin/editor editor /usr/local/bin/micro 100
# Set nano config file for root user
#mkdir /root/.config/nano
#cp -v /home/shyciii/.config/nano/nanorc /root/.config/nano
# Trash folder settings
mkdir -p /home/Data/.Trash
chmod a+rw /home/Data/.Trash
chmod +t /home/Data/.Trash
# Install Delta (diff program instead of)
wget https://github.com/dandavison/delta/releases/download/0.18.2/git-delta_0.18.2_amd64.deb
apt install -y ./git-delta_0.18.2_amd64.deb
rm -rfv git-delta_0.18.2_amd64.deb
# Printing
apt install -y cups system-config-printer printer-driver-escpr
usermod -aG lp,lpadmin shyciii
#lpadmin -p EpsonL3060 -E -v socket://192.168.0.105:9100 -m escpr:0/cups/model/epson-inkjet-printer-escpr/Epson-L3060_Series-epson-escpr-en.ppd
# Install SMB
#apt install -y samba cifs-utils
#cat <<'EOF' > /etc/samba/smb.conf
#[global]
#
# workgroup = WORKGROUP
# vfs object = fruit streams_xattr
# fruit:copyfile = yes
#
#[Downloads]
#
# comment = iphone share
# path = /home/shyciii/Downloads
# writable = yes
# valid users = shyciii
# guest ok = no
# browseable = yes
# create mask = 0644
# directory mask = 0744
#EOF
#smbpasswd -a shyciii
#echo "shyciii" | sudo smbpasswd -s -a shyciii
#echo "A folyamat végén módosítsd a shyciii smbuser jelszavát!"
#mkdir /home/shyciii/Downloads
#chmod 750 /home/shyciii/Downloads/
#chown shyciii:shyciii /home/shyciii/Downloads/
#systemctl restart smbd.service
# Remove GTK package, because slow down startup GTK programs
apt purge -y xdg-desktop-portal-gtk
# Remove unnecessary programs
apt autoremove --purge -y nano vim-common firebird3.0-common bluez laptop-mode-tools laptop-detect
# Network management
apt install -y network-manager network-manager-gnome network-manager-openvpn network-manager-openvpn-gnome
head -n -5 /etc/network/interfaces > tmp.txt && mv tmp.txt /etc/network/interfaces
# Less boot-up time
systemctl disable NetworkManager-wait-online.service
systemctl mask NetworkManager-wait-online.service
# Turn off Wifi when an ethernet cable is connected
cat <<'EOF' > /etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive.sh
#!/bin/bash
export LC_ALL=C
enable_disable_wifi ()
{
result=$(nmcli dev | grep "ethernet" | grep -w "connected")
if [ -n "$result" ]; then
nmcli radio wifi off
else
nmcli radio wifi on
fi
}
if [ "$2" = "up" ]; then
enable_disable_wifi
fi
if [ "$2" = "down" ]; then
enable_disable_wifi
fi
EOF
chown root:root /etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive.sh
chmod 744 /etc/NetworkManager/dispatcher.d/70-wifi-wired-exclusive.sh
systemctl restart NetworkManager
# Turn off powersafe on wifi driver
cat <<'EOF' > /etc/NetworkManager/conf.d/wifi-powersave.conf
[connection]
wifi.powersave = 2
EOF
# Custom name resolution
cat <<'EOF' > /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile
dns=none
systemd-resolved=false
[ifupdown]
managed=false
EOF
cat <<'EOF' > /etc/resolv.conf
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF
chattr +i /etc/resolv.conf
# Default programs under root user
cat <<'EOF' > /root/.bashrc
export VISUAL=micro
export EDITOR=micro
EOF
# Stronger security setting for SSH client
cat <<'EOF' >> /etc/ssh/ssh_config
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
EOF
# sudo to add EDITOR environment
sed -i '/env_reset/a Defaults env_keep += "EDITOR"' /etc/sudoers
# Possibility to restart and shutdown a given user without password
# echo "shyciii ALL=(ALL) NOPASSWD: /sbin/shutdown, /sbin/reboot, /bin/rmdir" >> /etc/sudoers
echo "shyciii ALL=(ALL) NOPASSWD: /bin/rmdir, /usr/bin/umount" >> /etc/sudoers
# Open Gnome keyring automatically on login
sed -i '96s/^/\nauth optional pam_gnome_keyring.so\nsession optional pam_gnome_keyring.so auto_start\n/' /etc/pam.d/login
#update-desktop-database /home/shciii/.local/share/applications
# Set brightness to 75%
light -S 75
mkdir -p /mnt/sshfs
chown shyciii:shyciii /mnt/sshfs
sysctl --system
rm -rfv /etc/wpa_supplicant.conf /usr/share/applications/btop.desktop /usr/share/applications/org.pulseaudio.pavucontrol.desktop
set +x
echo "Jelentkezz be a felhasználóddal, és add ki a következő parancsot:"
echo "secret-tool store --label="RDP Password" rdp-server ipcim username felhasznalonev"
#echo "systemctl --user enable pipewire pipewire-pulse wireplumber"