Update

config/.config/systemd/user/sync_to_remotes.service

@@ -3,7 +3,7 @@ Description=Daily sync_to_remotes.py
 
 [Service]
 Type=oneshot
-ExecStart=/home/jas/repos/codeberg.org/hyperreal/admin-scripts/sync_to_remotes.py
+ExecStart=/usr/bin/uv run /home/jas/repos/codeberg.org/hyperreal/admin-scripts/sync_to_remotes.py
 
 [Install]
 WantedBy=default.target

install.sh

@@ -0,0 +1,359 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+packages=(
+    age
+    atop
+    autossh
+    bat
+    borgbackup
+    borgmatic
+    btrfs-assistant
+    calibre
+    cmake
+    curl
+    diff-so-fancy
+    duf
+    emacs
+    ethtool
+    eza
+    fastfetch
+    fd-find
+    fzf
+    git
+    git-core
+    golang
+    hdparm
+    htop
+    hugo
+    jc
+    jq
+    just
+    kbackup
+    kpeoplevcard
+    lagrange
+    ldns
+    libtool
+    lsof
+    lynx
+    neochat
+    neovim
+    nmap
+    node-exporter
+    nodejs
+    nu
+    pipx
+    poetry
+    python3-devel
+    python3-pip
+    qbittorrent
+    ripgrep
+    rsync
+    rsyslog
+    shfmt
+    ShellCheck
+    tcpdump
+    tealdeer
+    tokodon
+    trash-cli
+    uv
+    vlc
+    w3m
+    wireshark
+    wl-clipboard
+    yakuake
+    zsh
+)
+
+copr_repos=(
+    atim/starship
+    hyperreal/better_fonts
+    varlad/yazi
+    varlad/zellij
+)
+
+flatpak_packages=(
+    com.discordapp.Discord
+    com.github.tchx84.Flatseal
+    io.podman_desktop.PodmanDesktop
+)
+
+pipx_packages=(
+    "black"
+    "bpython"
+    "isort"
+    "pyright"
+    "ansible --include-deps"
+)
+
+services_enable=(
+    atop.service
+    atopacct.service
+    atop-rotate.timer
+    prometheus-node-exporter.service
+    rsyslog.service
+    sshd.service
+    systemd-networkd
+    tailscaled.service
+)
+
+services_disable=(
+    avahi-daemon.service
+    bluetooth.service
+    cups.service
+    cups-browsed.service
+    NetworkManager.service
+    sddm.service
+    wpa_supplicant.service
+)
+
+function install_packages() {
+    echo ""
+    echo "--> BEGIN INSTALLING PACKAGES..."
+    sudo dnf install -y "${packages[@]}"
+}
+
+function install_devel_groups() {
+    echo ""
+    echo "--> INSTALLING DEVELOPMENT PACKAGE GROUPS..."
+    sudo dnf install -y '@c-development' '@development-tools' '@container-management'
+}
+function enable_copr_repos() {
+    echo ""
+    echo "--> BEGIN ENABLING COPR REPOS..."
+    for repo in "${copr_repos[@]}"; do sudo dnf copr enable -y "$repo"; done
+}
+
+# Depends: enable_copr_repos
+function install_copr_packages() {
+    echo ""
+    echo "--> BEGIN INSTALLING COPR PACKAGES..."
+    sudo dnf install -y starship fontconfig-font-replacements yazi zellij
+}
+
+function install_rpmfusion_repos() {
+    echo ""
+    echo "--> INSTALLING RPMFUSION REPOS..."
+    sudo dnf install -y "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
+}
+
+# Depends: install_rpmfusion_repos
+function install_rpmfusion_packages() {
+    echo ""
+    echo "--> INSTALLING RPMFUSION PACKAGES..."
+    sudo dnf install -y --allowerasing ffmpeg-libs
+}
+
+function install_charm_packages() {
+    echo ""
+    echo "--> INSTALLING CHARM PACKAGES..."
+    echo '[charm]
+name=Charm
+baseurl=https://repo.charm.sh/yum/
+enabled=1
+gpgcheck=1
+gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo
+    sudo rpm --import https://repo.charm.sh/yum/gpg.key
+    sudo dnf install -y gum
+}
+
+function install_tailscale() {
+    echo ""
+    echo "--> INSTALLING TAILSCALE..."
+    curl -fsSL https://tailscale.com/install.sh | sh
+}
+
+# Depends: install_tailscale
+function enable_tailscale() {
+    echo ""
+    echo "--> ENABLING TAILSCALE..."
+    sudo tailscale up
+}
+
+function enable_flathub() {
+    echo ""
+    echo "--> ENABLING FLATHUB..."
+    flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+}
+
+# Depends: enable_flathub
+function install_flatpaks() {
+    echo ""
+    echo "--> INSTALLING FLATPAKS..."
+    for pkg in "${flatpak_packages[@]}"; do flatpak install -y "$pkg"; done
+}
+
+# Depends: install_packages
+function install_pipx_packages() {
+    echo ""
+    echo "--> INSTALLING PIPX PACKAGES..."
+    for pkg in "${pipx_packages[@]}"; do pipx install "$pkg"; done
+}
+
+function setup_networkd_conf() {
+    echo ""
+    echo "--> SETTING UP SYSTEMD-NETWORKD CONFIG..."
+    echo '[Match]
+Name=eno1
+
+[Network]
+DHCP=yes
+DNS=100.100.100.100
+DNSSEC=allow-downgrade
+
+[DHCPv4]
+UseDNS=no' | sudo tee /etc/systemd/network/eno1.network
+}
+
+# After: setup_networkd_conf
+function setup_resolv_conf() {
+    echo ""
+    echo "--> SETTING UP RESOLV CONF..."
+    sudo rm -v /etc/resolv.conf
+    sudo ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf
+    sudo systemctl restart systemd-resolved
+}
+
+# Depends: enable_tailscale
+function setup_rsyslog_conf() {
+    echo ""
+    echo "--> SETTING UP RSYSLOG CONFIG..."
+    echo '# Forward to main monitoring node (nas.lyrebird-marlin.ts.net)
+*.* action(type="omfwd" target="100.112.241.12" port="514" protocol="tcp"
+    action.resumeRetryCount="100"
+    queue.type="linkedList" queue.size="10000")' | sudo tee /etc/rsyslog.d/00forward-to-nas.conf
+}
+
+# After: setup_networkd_conf
+function disable_services() {
+    echo ""
+    echo "--> DISABLING SYSTEMD SERVICES..."
+    for service in "${services_disable[@]}"; do sudo systemctl disable --now "$service"; done
+}
+
+# After:
+# - setup_networkd_conf
+# - install_packages
+function enable_services() {
+    echo ""
+    echo "--> ENABLING SYSTEMD SERVICES..."
+    for service in "${services_enable[@]}"; do sudo systemctl enable --now "$service"; done
+}
+
+function disable_ipv6() {
+    echo ""
+    echo "--> DISABLING IPV6..."
+    if ! sudo grep "ipv6.disable=1" /boot/grub2/grub.cfg; then
+        sudo grubby --args=ipv6.disable=1 --update-kernel=ALL
+        sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+    else
+        echo "IPv6 already disabled."
+    fi
+}
+
+function setup_fstab() {
+    echo ""
+    echo "--> SETTING UP FSTAB..."
+    sudo mkdir /mnt/borgbackup /mnt/quick-backup
+    if ! grep "ecf44876-2e4e-46ad-9f12-fc516c8ace2d" /etc/fstab; then
+        echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/borgbackup btrfs defaults,subvol=@borgbackup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab
+        echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/quick-backup btrfs defaults,suvol=@quick-backup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab
+    else
+        echo "/etc/fstab already configured."
+    fi
+    sudo systemctl daemon-reload
+    sudo restorecon -Rv /mnt/borgbackup
+    sudo restorecon -Rv /mnt/quick-backup
+    sudo mount -av
+}
+
+# Depends:
+# - install_packages
+# - setup_fstab
+function setup_borgmatic_config() {
+    echo ""
+    echo "--> SETTING UP BORGMATIC CONFIG..."
+    sudo mkdir /etc/borgmatic
+    sudo cp -v /mnt/quick-backup/borgmatic-config.yaml /etc/borgmatic/config.yaml
+}
+
+# Depends:
+# - install_packages
+# - setup_fstab
+function copy_quick_backup() {
+    echo ""
+    echo "--> COPYING QUICK BACKUP..."
+    rsync -aAXPz /mnt/quick-backup/jas/ /home/jas
+}
+
+# Depends: copy_quick_backup
+function build_bat_cache() {
+    echo ""
+    echo "--> BUILDING BAT CACHE..."
+    bat cache --build
+}
+
+# Depends: install_packages
+function update_tealdeer_cache() {
+    echo ""
+    echo "--> UPDATING TEALDEER CACHE..."
+    tldr --update
+}
+
+# Depends: enable_tailscale
+function setup_firewalld() {
+    echo ""
+    echo "--> SETTING UP FIREWALLD..."
+    if ! sudo firewall-cmd --get-zones | grep "tailnet"; then
+        sudo firewall-cmd --permanent --new-zone=tailnet
+        sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0
+        sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/tcp
+        sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/udp
+        sudo firewall-cmd --permanent --zone=tailnet --add-service=ssh
+    else
+        echo "firewalld tailnet zone already configured"
+    fi
+    sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-service={dhcpv6-client,samba-client}
+    sudo firewall-cmd --reload
+}
+
+function install_rclone() {
+    echo ""
+    echo "--> INSTALLING LATEST RCLONE..."
+    sudo -v
+    curl https://rclone.org/install.sh | sudo bash
+    command -v rclone
+}
+
+# Depends: install_rclone copy_quick_backup
+function enable_sync_to_remotes() {
+    systemctl --user enable --now sync_to_remotes.timer
+}
+
+install_packages
+install_devel_groups
+enable_copr_repos
+install_copr_packages
+install_rpmfusion_repos
+install_rpmfusion_packages
+install_charm_packages
+install_tailscale
+enable_tailscale
+enable_flathub
+install_flatpaks
+install_pipx_packages
+setup_networkd_conf
+setup_resolv_conf
+setup_rsyslog_conf
+disable_services
+enable_services
+disable_ipv6
+setup_fstab
+setup_borgmatic_config
+copy_quick_backup
+build_bat_cache
+update_tealdeer_cache
+setup_firewalld
+install_rclone
+enable_sync_to_remotes