69 lines
1.9 KiB
Bash
Executable File
69 lines
1.9 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Check if we are running as sudo, if not, exit
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Please run as root. Maybe try 'sudo !!'"
|
|
exit
|
|
fi
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Please do not run this script directly."
|
|
exit
|
|
fi
|
|
|
|
# Update the system
|
|
apt update
|
|
apt upgrade -y
|
|
|
|
# Install my SSH key
|
|
mkdir -p ~/.ssh
|
|
chmod 700 ~/.ssh
|
|
cp ./resources/ssh-keys/* ~/.ssh/
|
|
chmod 600 ~/.ssh/*
|
|
cat ~/.ssh/*.pub >> ~/.ssh/authorized_keys
|
|
chmod 644 ~/.ssh/authorized_keys
|
|
|
|
# Lockdown SSH
|
|
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
|
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
sed -i 's/#PermitRootLogin no/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
sed -i 's/#UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
|
|
systemctl restart sshd
|
|
|
|
# Install base packages
|
|
apt install -y git curl wget unzip zip htop vim sed apt-transport-https ca-certificates software-properties-common fail2ban dos2unix unattended-upgrades gnupg gnupg-agent lsb-release rsync mosh neofetch zsh dialog molly-guard borgbackup
|
|
|
|
# Start fail2ban
|
|
systemctl enable --now fail2ban
|
|
|
|
# Setup unattended upgrades
|
|
cp ./resources/unattended-upgrades/* /etc/apt/apt.conf.d/
|
|
|
|
# sysctl tweaks
|
|
cp ./resources/sysctl.conf /etc/sysctl.conf
|
|
sysctl -p
|
|
|
|
# Disable MOTDs
|
|
touch ~/.hushlogin
|
|
|
|
# Set default shell to zsh
|
|
chsh -s "$(which zsh)"
|
|
|
|
# Install oh-my-zsh
|
|
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
|
|
|
|
# Install zsh plugins
|
|
## zsh-autosuggestions
|
|
git clone https://github.com/zsh-users/zsh-autosuggestions ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
|
|
|
|
# Install my dotfiles
|
|
git clone https://git.chse.dev/chase/dotfiles.git ~/.dotfiles
|
|
bash ~/.dotfiles/install.sh
|
|
|
|
# Install my scripts
|
|
git clone https://git.chse.dev/chase/scripts.git ~/scripts
|
|
|
|
# Setup MOTD
|
|
cp ./resources/motd.sh /etc/motd.sh
|
|
chmod +x /etc/motd.sh
|