#!/usr/bin/env bash set -euo pipefail GREEN='\033[1;32m' NC='\033[0m' apt_packages=( atop autossh bat borgbackup borgmatic build-essential calibre cmake curl duf emacs firewalld fzf git git-core golang hdparm htop hugo jc jq lsd lynx neovim nmap nodejs npm papirus-icon-theme parallel pipx prometheus-node-exporter python3-dev python3-pip python3-poetry ripgrep rsync rsyslog shfmt shellcheck tcpdump tealdeer trash-cli w3m wget wireshark wl-clipboard xfce4-terminal zsh ) dnf_packages=( age atop autossh bat borgbackup borgmatic btrfs-assistant calibre cmake curl diff-so-fancy direnv duf emacs ethtool eza fastfetch fd-find fzf git git-core golang hdparm htop hugo jc jq just kbackup kpeoplevcard lagrange ldns libtool lsd lsof lynx neochat neovim nmap node-exporter nodejs nu parallel pipx poetry python3-devel python3-pip qbittorrent ripgrep rsync rsyslog shfmt ShellCheck tcpdump tealdeer tokodon trash-cli vlc w3m wireshark wl-clipboard yakuake zsh ) copr_repos=( atim/starship hyperreal/better_fonts varlad/yazi varlad/zellij ) flatpak_packages=( com.discordapp.Discord com.github.tchx84.Flatseal io.podman_desktop.PodmanDesktop ) pipx_packages=( "black" "bpython" "isort" "pyright" "uv" ) services_enable=( atop.service atopacct.service atop-rotate.timer firewalld.service prometheus-node-exporter.service rsyslog.service systemd-networkd tailscaled.service ) services_disable=( avahi-daemon.service avahi-daemon.socket bluetooth.service cups.service cups-browsed.service NetworkManager.service ) function action_label() { echo "" echo -e "${GREEN}--> ${1}...${NC}" } install_makedeb_prebuilt_packages() { wget -qO - 'https://proget.makedeb.org/debian-feeds/prebuilt-mpr.pub' | gpg --dearmor | sudo tee /usr/share/keyrings/prebuilt-mpr-archive-keyring.gpg 1>/dev/null echo "deb [arch=all,$(dpkg --print-architecture) signed-by=/usr/share/keyrings/prebuilt-mpr-archive-keyring.gpg] https://proget.makedeb.org prebuilt-mpr $(lsb_release -cs)" | sudo tee /etc/apt/sources.list.d/prebuilt-mpr.list sudo apt update sudo apt dist-upgrade -y sudo apt install just } # interactive install_starship() { if ! test -f "$(command -v starship)"; then curl -sS https://starship.rs/install.sh | sh fi } function install_packages() { action_label "INSTALLING PACKAGES" if test -f /etc/debian_version; then sudo apt install -y "${apt_packages[@]}" install_makedeb_prebuilt_packages install_starship fi if test -f /etc/redhat-release; then sudo dnf install -y "${dnf_packages[@]}" install_devel_groups enable_copr_repos install_copr_packages install_rpmfusion_repos install_rpmfusion_packages fi } function install_devel_groups() { action_label "INSTALLING DEVELOPMENT GROUPS" sudo dnf install -y '@c-development' '@development-tools' '@container-management' } function enable_copr_repos() { action_label "ENABLING COPR REPOS" for repo in "${copr_repos[@]}"; do sudo dnf copr enable -y "$repo"; done } # Depends: enable_copr_repos function install_copr_packages() { action_label "INSTALLING COPR PACKAGES" sudo dnf install -y starship fontconfig-font-replacements yazi zellij } function install_rpmfusion_repos() { action_label "INSTALLING RPMFUSION REPOS" sudo dnf install -y "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm" } # Depends: install_rpmfusion_repos function install_rpmfusion_packages() { action_label "INSTALLING RPMFUSION PACKAGES" sudo dnf install -y --allowerasing ffmpeg-libs } function install_charm_packages() { action_label "INSTALLING CHARM PACKAGES" if test -f /etc/debian_version; then ARCH=$(dpkg --print-architecture) curl -s https://api.github.com/repos/charmbracelet/gum/releases/latest | grep "browser_download_url.*deb" | grep "$ARCH" | cut -d : -f 2,3 | tr -d '"' | wget -qi - sudo dpkg -i gum*.deb sudo apt -f install fi if test -f /etc/redhat-release; then echo '[charm] name=Charm baseurl=https://repo.charm.sh/yum/ enabled=1 gpgcheck=1 gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo sudo rpm --import https://repo.charm.sh/yum/gpg.key sudo dnf install -y gum charm fi } function install_tailscale() { action_label "INSTALLING TAILSCALE" curl -fsSL https://tailscale.com/install.sh | sh } function enable_flathub() { action_label "ENABLING FLATHUB" flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo } # Depends: enable_flathub function install_flatpaks() { action_label "INSTALLING FLATPAKS" for pkg in "${flatpak_packages[@]}"; do flatpak install flathub -y "$pkg"; done } # Depends: install_packages function install_pipx_packages() { action_label "INSTALLING PIPX PACKAGES" for pkg in "${pipx_packages[@]}"; do pipx install "$pkg"; done pipx install ansible --include-deps } function setup_networkd_conf() { action_label "SETTING UP SYSTEMD-NETWORKD CONFIG" echo '[Match] Name=eno1 [Network] DHCP=yes #DNS=100.100.100.100 DNSSEC=allow-downgrade [DHCPv4] UseDNS=no' | sudo tee /etc/systemd/network/eno1.network } # After: setup_networkd_conf function setup_resolv_conf() { action_label "SETTING UP RESOLV CONF" sudo rm -v /etc/resolv.conf sudo ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf sudo systemctl restart systemd-resolved } # Depends: enable_tailscale function setup_rsyslog_conf() { action_label "SETTING UP RSYSLOG" echo '# Forward to main monitoring node (nas.lyrebird-marlin.ts.net) *.* action(type="omfwd" target="100.112.241.12" port="514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000")' | sudo tee /etc/rsyslog.d/00forward-to-nas.conf } # After: setup_networkd_conf function disable_services() { action_label "DISABLING SYSTEMD SERVICES" for service in "${services_disable[@]}"; do if sudo systemctl is-active "$service"; then sudo systemctl disable --now "$service" fi done } # After: # - setup_networkd_conf # - install_packages function enable_services() { action_label "ENABLING SYSTEMD SERVICES" for service in "${services_enable[@]}"; do sudo systemctl enable --now "$service"; done if test -f /etc/debian_version; then sudo systemctl enable --now ssh.service elif test -f /etc/redhat-release; then sudo systemctl enable --now sshd.service fi } function disable_ipv6() { action_label "DISABLING IPV6" if test -f /etc/debian_version; then if ! grep "net.ipv6.conf.all.disable_ipv6" /etc/sysctl.conf; then echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf sudo sysctl -p else echo "IPv6 already disabled." fi elif test -f /etc/redhat-release; then if ! sudo grep "ipv6.disable=1" /boot/grub2/grub.cfg; then sudo grubby --args=ipv6.disable=1 --update-kernel=ALL sudo grub2-mkconfig -o /boot/grub2/grub.cfg else echo "IPv6 already disabled." fi fi } function setup_fstab() { action_label "SETTING UP /etc/fstab" if test -f /etc/redhat-release; then sudo mkdir -p /mnt/borgbackup /mnt/quick-backup if ! grep "ecf44876-2e4e-46ad-9f12-fc516c8ace2d" /etc/fstab; then echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/borgbackup btrfs defaults,subvol=@borgbackup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/quick-backup btrfs defaults,subvol=@quick-backup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab else echo "/etc/fstab already configured." fi sudo systemctl daemon-reload sudo restorecon -Rv /mnt/borgbackup sudo restorecon -Rv /mnt/quick-backup sudo mount -av fi } # Depends: # - install_packages # - setup_fstab function setup_borgmatic_config() { action_label "SETTING UP BORGMATIC CONFIG" if test -f /etc/redhat-release; then sudo mkdir -p /etc/borgmatic sudo cp -v /mnt/quick-backup/borgmatic-config.yaml /etc/borgmatic/config.yaml fi } # Depends: # - install_packages # - setup_fstab function copy_quick_backup() { action_label "COPYING QUICK BACKUP" if test -f /etc/redhat-release; then rsync -aAXPz /mnt/quick-backup/jas/ /home/jas fi } # Depends: copy_quick_backup function build_bat_cache() { action_label "BUILDING BAT CACHE" if test -f /etc/debian_version; then batcat cache --build elif test -f /etc/redhat-release; then bat cache --build fi } # Depends: install_packages function update_tealdeer_cache() { action_label "UPDATING TEALDEER CACHE" tldr --update } # Depends: install_tailscale function setup_firewalld() { action_label "SETTING UP FIREWALLD" if ! sudo firewall-cmd --get-zones | grep "tailnet"; then sudo firewall-cmd --permanent --new-zone=tailnet sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0 sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/tcp sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/udp sudo firewall-cmd --permanent --zone=tailnet --add-service=ssh else echo "firewalld tailnet zone already configured" fi if test -f /etc/debian_version; then sudo firewall-cmd --permanent --zone=public --remove-service={dhcpv6-client,samba-client} elif test -f /etc/redhat-release; then sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-service={dhcpv6-client,samba-client} fi sudo firewall-cmd --reload } function install_rclone() { action_label "INSTALLING LATEST RCLONE" curl https://rclone.org/install.sh | sudo bash command -v rclone } install_packages install_charm_packages install_tailscale if test -f /etc/redhat-release; then enable_flathub install_flatpaks setup_networkd_conf setup_fstab setup_borgmatic_config copy_quick_backup fi install_pipx_packages setup_resolv_conf setup_rsyslog_conf disable_services enable_services disable_ipv6 build_bat_cache update_tealdeer_cache setup_firewalld install_rclone action_label "DONE SETTING UP ALL THE THINGS ^_^"