#!/usr/bin/env bash set -euo pipefail GREEN='\033[1;32m' NC='\033[0m' packages=( age atop autossh bat borgbackup borgmatic btrfs-assistant calibre cmake curl diff-so-fancy direnv duf emacs ethtool eza fastfetch fd-find fzf git git-core golang hdparm htop hugo jc jq just kbackup kpeoplevcard lagrange ldns libtool lsof lynx neochat neovim nmap node-exporter nodejs nu parallel pipx poetry python3-devel python3-pip qbittorrent ripgrep rsync rsyslog shfmt ShellCheck tcpdump tealdeer tokodon trash-cli uv vlc w3m wireshark wl-clipboard yakuake zsh ) copr_repos=( atim/starship hyperreal/better_fonts varlad/yazi varlad/zellij ) flatpak_packages=( com.discordapp.Discord com.github.tchx84.Flatseal io.podman_desktop.PodmanDesktop ) pipx_packages=( "black" "bpython" "isort" "pyright" ) services_enable=( atop.service atopacct.service atop-rotate.timer prometheus-node-exporter.service rsyslog.service sshd.service systemd-networkd tailscaled.service ) services_disable=( avahi-daemon.service avahi-daemon.socket bluetooth.service cups.service cups-browsed.service NetworkManager.service sddm.service wpa_supplicant.service ) function action_label() { echo "" echo -e "${GREEN}--> ${1}...${NC}" } function install_packages() { action_label "INSTALLING PACKAGES" sudo dnf install -y "${packages[@]}" } function install_devel_groups() { action_label "INSTALLING DEVELOPMENT GROUPS" sudo dnf install -y '@c-development' '@development-tools' '@container-management' } function enable_copr_repos() { action_label "ENABLING COPR REPOS" for repo in "${copr_repos[@]}"; do sudo dnf copr enable -y "$repo"; done } # Depends: enable_copr_repos function install_copr_packages() { action_label "INSTALLING COPR PACKAGES" sudo dnf install -y starship fontconfig-font-replacements yazi zellij } function install_rpmfusion_repos() { action_label "INSTALLING RPMFUSION REPOS" sudo dnf install -y "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm" } # Depends: install_rpmfusion_repos function install_rpmfusion_packages() { action_label "INSTALLING RPMFUSION PACKAGES" sudo dnf install -y --allowerasing ffmpeg-libs } function install_charm_packages() { action_label "INSTALLING CHARM PACKAGES" echo '[charm] name=Charm baseurl=https://repo.charm.sh/yum/ enabled=1 gpgcheck=1 gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo sudo rpm --import https://repo.charm.sh/yum/gpg.key sudo dnf install -y gum charm } function install_tailscale() { action_label "INSTALLING TAILSCALE" curl -fsSL https://tailscale.com/install.sh | sh } function enable_flathub() { action_label "ENABLING FLATHUB" flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo } # Depends: enable_flathub function install_flatpaks() { action_label "INSTALLING FLATPAKS" for pkg in "${flatpak_packages[@]}"; do flatpak install flathub -y "$pkg"; done } # Depends: install_packages function install_pipx_packages() { action_label "INSTALLING PIPX PACKAGES" for pkg in "${pipx_packages[@]}"; do pipx install "$pkg"; done pipx install ansible --include-deps } function setup_networkd_conf() { action_label "SETTING UP SYSTEMD-NETWORKD CONFIG" echo '[Match] Name=eno1 [Network] DHCP=yes #DNS=100.100.100.100 DNSSEC=allow-downgrade [DHCPv4] UseDNS=no' | sudo tee /etc/systemd/network/eno1.network } # After: setup_networkd_conf function setup_resolv_conf() { action_label "SETTING UP RESOLV CONF" sudo rm -v /etc/resolv.conf sudo ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf sudo systemctl restart systemd-resolved } # Depends: enable_tailscale function setup_rsyslog_conf() { action_label "SETTING UP RSYSLOG" echo '# Forward to main monitoring node (nas.lyrebird-marlin.ts.net) *.* action(type="omfwd" target="100.112.241.12" port="514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000")' | sudo tee /etc/rsyslog.d/00forward-to-nas.conf } # After: setup_networkd_conf function disable_services() { action_label "DISABLING SYSTEMD SERVICES" for service in "${services_disable[@]}"; do sudo systemctl disable --now "$service"; done } # After: # - setup_networkd_conf # - install_packages function enable_services() { action_label "ENABLING SYSTEMD SERVICES" for service in "${services_enable[@]}"; do sudo systemctl enable --now "$service"; done } function disable_ipv6() { action_label "DISABLING IPV6" if ! sudo grep "ipv6.disable=1" /boot/grub2/grub.cfg; then sudo grubby --args=ipv6.disable=1 --update-kernel=ALL sudo grub2-mkconfig -o /boot/grub2/grub.cfg else echo "IPv6 already disabled." fi } function setup_fstab() { action_label "SETTING UP /etc/fstab" sudo mkdir -p /mnt/borgbackup /mnt/quick-backup if ! grep "ecf44876-2e4e-46ad-9f12-fc516c8ace2d" /etc/fstab; then echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/borgbackup btrfs defaults,subvol=@borgbackup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/quick-backup btrfs defaults,subvol=@quick-backup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab else echo "/etc/fstab already configured." fi sudo systemctl daemon-reload sudo restorecon -Rv /mnt/borgbackup sudo restorecon -Rv /mnt/quick-backup sudo mount -av } # Depends: # - install_packages # - setup_fstab function setup_borgmatic_config() { action_label "SETTING UP BORGMATIC CONFIG" sudo mkdir -p /etc/borgmatic sudo cp -v /mnt/quick-backup/borgmatic-config.yaml /etc/borgmatic/config.yaml } # Depends: # - install_packages # - setup_fstab function copy_quick_backup() { action_label "COPYING QUICK BACKUP" rsync -aAXPz /mnt/quick-backup/jas/ /home/jas } # Depends: copy_quick_backup function build_bat_cache() { action_label "BUILDING BAT CACHE" bat cache --build } # Depends: install_packages function update_tealdeer_cache() { action_label "UPDATING TEALDEER CACHE" tldr --update } # Depends: install_tailscale function setup_firewalld() { action_label "SETTING UP FIREWALLD" if ! sudo firewall-cmd --get-zones | grep "tailnet"; then sudo firewall-cmd --permanent --new-zone=tailnet sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0 sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/tcp sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/udp sudo firewall-cmd --permanent --zone=tailnet --add-service=ssh else echo "firewalld tailnet zone already configured" fi sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-service={dhcpv6-client,samba-client} sudo firewall-cmd --reload } function install_rclone() { action_label "INSTALLING LATEST RCLONE" curl https://rclone.org/install.sh | sudo bash command -v rclone } # Depends: install_rclone copy_quick_backup function enable_sync_to_remotes() { action_label "ENABLING sync_to_remotes.timer" systemctl --user enable --now sync_to_remotes.timer } install_packages install_devel_groups enable_copr_repos install_copr_packages install_rpmfusion_repos install_rpmfusion_packages install_charm_packages install_tailscale enable_flathub install_flatpaks install_pipx_packages setup_networkd_conf setup_resolv_conf setup_rsyslog_conf disable_services enable_services disable_ipv6 setup_fstab setup_borgmatic_config copy_quick_backup build_bat_cache update_tealdeer_cache setup_firewalld install_rclone enable_sync_to_remotes action_label "DONE SETTING UP ALL THE THINGS ^_^"