diff --git a/config/.config/systemd/user/sync_to_remotes.service b/config/.config/systemd/user/sync_to_remotes.service index 0e29821..92d5988 100644 --- a/config/.config/systemd/user/sync_to_remotes.service +++ b/config/.config/systemd/user/sync_to_remotes.service @@ -3,7 +3,7 @@ Description=Daily sync_to_remotes.py [Service] Type=oneshot -ExecStart=/home/jas/repos/codeberg.org/hyperreal/admin-scripts/sync_to_remotes.py +ExecStart=/usr/bin/uv run /home/jas/repos/codeberg.org/hyperreal/admin-scripts/sync_to_remotes.py [Install] WantedBy=default.target diff --git a/install.sh b/install.sh new file mode 100644 index 0000000..6a8a995 --- /dev/null +++ b/install.sh @@ -0,0 +1,359 @@ +#!/usr/bin/env bash + +set -euo pipefail + +packages=( + age + atop + autossh + bat + borgbackup + borgmatic + btrfs-assistant + calibre + cmake + curl + diff-so-fancy + duf + emacs + ethtool + eza + fastfetch + fd-find + fzf + git + git-core + golang + hdparm + htop + hugo + jc + jq + just + kbackup + kpeoplevcard + lagrange + ldns + libtool + lsof + lynx + neochat + neovim + nmap + node-exporter + nodejs + nu + pipx + poetry + python3-devel + python3-pip + qbittorrent + ripgrep + rsync + rsyslog + shfmt + ShellCheck + tcpdump + tealdeer + tokodon + trash-cli + uv + vlc + w3m + wireshark + wl-clipboard + yakuake + zsh +) + +copr_repos=( + atim/starship + hyperreal/better_fonts + varlad/yazi + varlad/zellij +) + +flatpak_packages=( + com.discordapp.Discord + com.github.tchx84.Flatseal + io.podman_desktop.PodmanDesktop +) + +pipx_packages=( + "black" + "bpython" + "isort" + "pyright" + "ansible --include-deps" +) + +services_enable=( + atop.service + atopacct.service + atop-rotate.timer + prometheus-node-exporter.service + rsyslog.service + sshd.service + systemd-networkd + tailscaled.service +) + +services_disable=( + avahi-daemon.service + bluetooth.service + cups.service + cups-browsed.service + NetworkManager.service + sddm.service + wpa_supplicant.service +) + +function install_packages() { + echo "" + echo "--> BEGIN INSTALLING PACKAGES..." + sudo dnf install -y "${packages[@]}" +} + +function install_devel_groups() { + echo "" + echo "--> INSTALLING DEVELOPMENT PACKAGE GROUPS..." + sudo dnf install -y '@c-development' '@development-tools' '@container-management' +} +function enable_copr_repos() { + echo "" + echo "--> BEGIN ENABLING COPR REPOS..." + for repo in "${copr_repos[@]}"; do sudo dnf copr enable -y "$repo"; done +} + +# Depends: enable_copr_repos +function install_copr_packages() { + echo "" + echo "--> BEGIN INSTALLING COPR PACKAGES..." + sudo dnf install -y starship fontconfig-font-replacements yazi zellij +} + +function install_rpmfusion_repos() { + echo "" + echo "--> INSTALLING RPMFUSION REPOS..." + sudo dnf install -y "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm" +} + +# Depends: install_rpmfusion_repos +function install_rpmfusion_packages() { + echo "" + echo "--> INSTALLING RPMFUSION PACKAGES..." + sudo dnf install -y --allowerasing ffmpeg-libs +} + +function install_charm_packages() { + echo "" + echo "--> INSTALLING CHARM PACKAGES..." + echo '[charm] +name=Charm +baseurl=https://repo.charm.sh/yum/ +enabled=1 +gpgcheck=1 +gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo + sudo rpm --import https://repo.charm.sh/yum/gpg.key + sudo dnf install -y gum +} + +function install_tailscale() { + echo "" + echo "--> INSTALLING TAILSCALE..." + curl -fsSL https://tailscale.com/install.sh | sh +} + +# Depends: install_tailscale +function enable_tailscale() { + echo "" + echo "--> ENABLING TAILSCALE..." + sudo tailscale up +} + +function enable_flathub() { + echo "" + echo "--> ENABLING FLATHUB..." + flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo +} + +# Depends: enable_flathub +function install_flatpaks() { + echo "" + echo "--> INSTALLING FLATPAKS..." + for pkg in "${flatpak_packages[@]}"; do flatpak install -y "$pkg"; done +} + +# Depends: install_packages +function install_pipx_packages() { + echo "" + echo "--> INSTALLING PIPX PACKAGES..." + for pkg in "${pipx_packages[@]}"; do pipx install "$pkg"; done +} + +function setup_networkd_conf() { + echo "" + echo "--> SETTING UP SYSTEMD-NETWORKD CONFIG..." + echo '[Match] +Name=eno1 + +[Network] +DHCP=yes +DNS=100.100.100.100 +DNSSEC=allow-downgrade + +[DHCPv4] +UseDNS=no' | sudo tee /etc/systemd/network/eno1.network +} + +# After: setup_networkd_conf +function setup_resolv_conf() { + echo "" + echo "--> SETTING UP RESOLV CONF..." + sudo rm -v /etc/resolv.conf + sudo ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf + sudo systemctl restart systemd-resolved +} + +# Depends: enable_tailscale +function setup_rsyslog_conf() { + echo "" + echo "--> SETTING UP RSYSLOG CONFIG..." + echo '# Forward to main monitoring node (nas.lyrebird-marlin.ts.net) +*.* action(type="omfwd" target="100.112.241.12" port="514" protocol="tcp" + action.resumeRetryCount="100" + queue.type="linkedList" queue.size="10000")' | sudo tee /etc/rsyslog.d/00forward-to-nas.conf +} + +# After: setup_networkd_conf +function disable_services() { + echo "" + echo "--> DISABLING SYSTEMD SERVICES..." + for service in "${services_disable[@]}"; do sudo systemctl disable --now "$service"; done +} + +# After: +# - setup_networkd_conf +# - install_packages +function enable_services() { + echo "" + echo "--> ENABLING SYSTEMD SERVICES..." + for service in "${services_enable[@]}"; do sudo systemctl enable --now "$service"; done +} + +function disable_ipv6() { + echo "" + echo "--> DISABLING IPV6..." + if ! sudo grep "ipv6.disable=1" /boot/grub2/grub.cfg; then + sudo grubby --args=ipv6.disable=1 --update-kernel=ALL + sudo grub2-mkconfig -o /boot/grub2/grub.cfg + else + echo "IPv6 already disabled." + fi +} + +function setup_fstab() { + echo "" + echo "--> SETTING UP FSTAB..." + sudo mkdir /mnt/borgbackup /mnt/quick-backup + if ! grep "ecf44876-2e4e-46ad-9f12-fc516c8ace2d" /etc/fstab; then + echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/borgbackup btrfs defaults,subvol=@borgbackup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab + echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/quick-backup btrfs defaults,suvol=@quick-backup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab + else + echo "/etc/fstab already configured." + fi + sudo systemctl daemon-reload + sudo restorecon -Rv /mnt/borgbackup + sudo restorecon -Rv /mnt/quick-backup + sudo mount -av +} + +# Depends: +# - install_packages +# - setup_fstab +function setup_borgmatic_config() { + echo "" + echo "--> SETTING UP BORGMATIC CONFIG..." + sudo mkdir /etc/borgmatic + sudo cp -v /mnt/quick-backup/borgmatic-config.yaml /etc/borgmatic/config.yaml +} + +# Depends: +# - install_packages +# - setup_fstab +function copy_quick_backup() { + echo "" + echo "--> COPYING QUICK BACKUP..." + rsync -aAXPz /mnt/quick-backup/jas/ /home/jas +} + +# Depends: copy_quick_backup +function build_bat_cache() { + echo "" + echo "--> BUILDING BAT CACHE..." + bat cache --build +} + +# Depends: install_packages +function update_tealdeer_cache() { + echo "" + echo "--> UPDATING TEALDEER CACHE..." + tldr --update +} + +# Depends: enable_tailscale +function setup_firewalld() { + echo "" + echo "--> SETTING UP FIREWALLD..." + if ! sudo firewall-cmd --get-zones | grep "tailnet"; then + sudo firewall-cmd --permanent --new-zone=tailnet + sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0 + sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/tcp + sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/udp + sudo firewall-cmd --permanent --zone=tailnet --add-service=ssh + else + echo "firewalld tailnet zone already configured" + fi + sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-service={dhcpv6-client,samba-client} + sudo firewall-cmd --reload +} + +function install_rclone() { + echo "" + echo "--> INSTALLING LATEST RCLONE..." + sudo -v + curl https://rclone.org/install.sh | sudo bash + command -v rclone +} + +# Depends: install_rclone copy_quick_backup +function enable_sync_to_remotes() { + systemctl --user enable --now sync_to_remotes.timer +} + +install_packages +install_devel_groups +enable_copr_repos +install_copr_packages +install_rpmfusion_repos +install_rpmfusion_packages +install_charm_packages +install_tailscale +enable_tailscale +enable_flathub +install_flatpaks +install_pipx_packages +setup_networkd_conf +setup_resolv_conf +setup_rsyslog_conf +disable_services +enable_services +disable_ipv6 +setup_fstab +setup_borgmatic_config +copy_quick_backup +build_bat_cache +update_tealdeer_cache +setup_firewalld +install_rclone +enable_sync_to_remotes