#!/usr/bin/env bash
set -euo pipefail
GREEN='\033[1;32m'
NC='\033[0m'
apt_packages=(
atop
autossh
bat
borgbackup
borgmatic
build-essential
calibre
cmake
curl
direnv
duf
emacs
firewalld
fzf
git
git-core
golang
hdparm
htop
hugo
jc
jq
lsd
lynx
maim
neovim
nmap
nodejs
npm
papirus-icon-theme
parallel
pipx
prometheus-node-exporter
python3-dev
python3-pip
python3-poetry
ripgrep
rofi
rsync
rsyslog
shfmt
shellcheck
tcpdump
tealdeer
trash-cli
unzip
w3m
wget
wireshark
xclip
zip
zsh
)
dnf_packages=(
age
atop
autossh
bat
borgbackup
borgmatic
btrfs-assistant
calibre
cmake
curl
diff-so-fancy
direnv
duf
emacs
ethtool
eza
fastfetch
fd-find
flatpak
fzf
git
git-core
golang
hdparm
htop
hugo
jc
jq
just
lagrange
ldns
libtool
lsd
lsof
lynx
maim
neovim
nmap
node-exporter
nodejs
nu
parallel
pipx
poetry
python3-devel
python3-pip
qbittorrent
ripgrep
rofi
rsync
rsyslog
shfmt
ShellCheck
tcpdump
tealdeer
trash-cli
vlc
w3m
wireshark
xclip
xfce4-docklike-plugin
xfce4-genmon-plugin
xfce4-weather-plugin
zsh
)
copr_repos=(
atim/starship
hyperreal/better_fonts
varlad/yazi
varlad/zellij
)
flatpak_packages=(
com.discordapp.Discord
com.github.tchx84.Flatseal
im.riot.Riot
io.podman_desktop.PodmanDesktop
)
pipx_packages=(
"black"
"bpython"
"isort"
"pyright"
"uv"
)
services_enable=(
atop.service
atopacct.service
atop-rotate.timer
firewalld.service
prometheus-node-exporter.service
rsyslog.service
systemd-networkd.service
tailscaled.service
)
services_disable=(
avahi-daemon.service
avahi-daemon.socket
bluetooth.service
cups.service
cups-browsed.service
NetworkManager.service
)
function action_label() {
echo ""
echo -e "${GREEN}--> ${1}...${NC}"
}
install_makedeb_prebuilt_packages() {
wget -qO - 'https://proget.makedeb.org/debian-feeds/prebuilt-mpr.pub' | gpg --dearmor | sudo tee /usr/share/keyrings/prebuilt-mpr-archive-keyring.gpg 1>/dev/null
echo "deb [arch=all,$(dpkg --print-architecture) signed-by=/usr/share/keyrings/prebuilt-mpr-archive-keyring.gpg] https://proget.makedeb.org prebuilt-mpr $(lsb_release -cs)" | sudo tee /etc/apt/sources.list.d/prebuilt-mpr.list
sudo apt update
sudo apt dist-upgrade -y
sudo apt install just
}
# interactive
install_starship() {
if ! test -f "$(command -v starship)"; then
curl -sS https://starship.rs/install.sh | sh
fi
}
function install_packages() {
action_label "INSTALLING PACKAGES"
if test -f /etc/debian_version; then
sudo apt install -y "${apt_packages[@]}"
install_makedeb_prebuilt_packages
install_starship
install_zellij
fi
if test -f /etc/redhat-release; then
sudo dnf install -y "${dnf_packages[@]}"
install_devel_groups
enable_copr_repos
install_copr_packages
install_rpmfusion_repos
install_rpmfusion_packages
fi
}
function install_devel_groups() {
action_label "INSTALLING DEVELOPMENT GROUPS"
sudo dnf install -y '@c-development' '@development-tools' '@container-management'
}
function enable_copr_repos() {
action_label "ENABLING COPR REPOS"
for repo in "${copr_repos[@]}"; do sudo dnf copr enable -y "$repo"; done
}
# Depends: enable_copr_repos
function install_copr_packages() {
action_label "INSTALLING COPR PACKAGES"
sudo dnf install -y starship fontconfig-font-replacements yazi zellij
}
function install_rpmfusion_repos() {
action_label "INSTALLING RPMFUSION REPOS"
sudo dnf install -y "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm"
}
# Depends: install_rpmfusion_repos
function install_rpmfusion_packages() {
action_label "INSTALLING RPMFUSION PACKAGES"
sudo dnf install -y --allowerasing ffmpeg-libs
}
install_zellij() {
if test -f /etc/debian_version; then
curl -s https://api.github.com/repos/zellij-org/zellij/releases/latest | grep "browser_download_url" | grep "zellij-$(uname -m)-unknown-linux-musl.tar.gz" | cut -d : -f 2,3 | tr -d '"' | wget -qi -
curl -s https://api.github.com/repos/zellij-org/zellij/releases/latest | grep "browser_download_url" | grep "zellij-$(uname -m)-unknown-linux-musl.sha256sum" | cut -d : -f 2,3 | tr -d '"' | wget -qi -
tar xvf "zellij-$(uname -m)-unknown-linux-musl.tar.gz"
if [ $(sha256sum -c "zellij-$(uname -m)-unknown-linux-musl.sha256sum" | head -n 1 | awk '{print $2}') = "OK" ]; then
sudo mv zellij /usr/local/bin
fi
rm -v zellij*
fi
}
function install_charm_packages() {
action_label "INSTALLING CHARM PACKAGES"
if test -f /etc/debian_version; then
curl -s https://api.github.com/repos/charmbracelet/gum/releases/latest | grep "browser_download_url.*deb" | grep "$(dpkg --print-architecture)" | cut -d : -f 2,3 | tr -d '"' | wget -qi -
curl -s https://api.github.com/repos/charmbracelet/gum/releases/latest | grep "browser_download_url" | grep "checksums.txt" | head -n 1 | cut -d : -f 2,3 | tr -d '"' | wget -qi -
if [ "$(grep $(dpkg --print-architecture).deb checksums.txt | sha256sum -c | head -n 1 | awk '{print $2}')" = "OK" ]; then
sudo dpkg -i gum*.deb
sudo apt -f install
fi
rm -v gum*
rm -v checksums.txt
fi
if test -f /etc/redhat-release; then
printf "[charm]\nname=Charm\nbaseurl=https://repo.charm.sh/yum/\nenabled=1\ngpgcheck=1\ngpgkey=https://repo.charm.sh/yum/gpg.key\n" | sudo tee /etc/yum.repos.d/charm.repo
sudo rpm --import https://repo.charm.sh/yum/gpg.key
sudo dnf install -y gum charm
fi
}
function install_tailscale() {
action_label "INSTALLING TAILSCALE"
sudo rm -v /etc/yum.repos.d/tailscale.repo
curl -fsSL https://tailscale.com/install.sh | sh
}
function enable_flathub() {
action_label "ENABLING FLATHUB"
flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
}
# Depends: enable_flathub
function install_flatpaks() {
action_label "INSTALLING FLATPAKS"
for pkg in "${flatpak_packages[@]}"; do flatpak install flathub -y "$pkg"; done
}
# Depends: install_packages
function install_pipx_packages() {
action_label "INSTALLING PIPX PACKAGES"
for pkg in "${pipx_packages[@]}"; do pipx install "$pkg"; done
pipx install ansible --include-deps
}
function setup_networkd_conf() {
action_label "SETTING UP SYSTEMD-NETWORKD CONFIG"
echo '[Match]
Name=eno1
[Network]
DHCP=yes
#DNS=100.100.100.100
DNSSEC=allow-downgrade
[DHCPv4]
UseDNS=no' | sudo tee /etc/systemd/network/eno1.network
}
# After: setup_networkd_conf
function setup_resolv_conf() {
action_label "SETTING UP RESOLV CONF"
sudo rm -v /etc/resolv.conf
sudo ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved
}
# Depends: enable_tailscale
function setup_rsyslog_conf() {
action_label "SETTING UP RSYSLOG"
echo '# Forward to main monitoring node (nas-aux.lyrebird-marlin.ts.net)
*.* action(type="omfwd" target="100.86.148.42" port="514" protocol="tcp"
action.resumeRetryCount="100"
queue.type="linkedList" queue.size="10000")' | sudo tee /etc/rsyslog.d/00forward-to-nas.conf
}
# After: setup_networkd_conf
function disable_services() {
action_label "DISABLING SYSTEMD SERVICES"
for service in "${services_disable[@]}"; do
if sudo systemctl is-active "$service"; then
sudo systemctl disable --now "$service"
fi
done
}
# After:
# - setup_networkd_conf
# - install_packages
function enable_services() {
action_label "ENABLING SYSTEMD SERVICES"
for service in "${services_enable[@]}"; do sudo systemctl enable --now "$service"; done
if test -f /etc/debian_version; then
sudo systemctl enable --now ssh.service
elif test -f /etc/redhat-release; then
sudo systemctl enable --now sshd.service
fi
}
function disable_ipv6() {
action_label "DISABLING IPV6"
if test -f /etc/debian_version; then
if ! grep "net.ipv6.conf.all.disable_ipv6" /etc/sysctl.conf; then
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
else
echo "IPv6 already disabled."
fi
elif test -f /etc/redhat-release; then
if ! sudo grep "ipv6.disable=1" /boot/grub2/grub.cfg; then
sudo grubby --args=ipv6.disable=1 --update-kernel=ALL
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
else
echo "IPv6 already disabled."
fi
fi
}
function build_bat_cache() {
action_label "BUILDING BAT CACHE"
if test -f /etc/debian_version; then
batcat cache --build
elif test -f /etc/redhat-release; then
bat cache --build
fi
}
# Depends: install_packages
function update_tealdeer_cache() {
action_label "UPDATING TEALDEER CACHE"
tldr --update
}
# Depends: install_tailscale
function setup_firewalld() {
action_label "SETTING UP FIREWALLD"
if ! sudo firewall-cmd --get-zones | grep "tailnet"; then
sudo firewall-cmd --permanent --new-zone=tailnet
sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0
sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/tcp
sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/udp
sudo firewall-cmd --permanent --zone=tailnet --add-service=ssh
else
echo "firewalld tailnet zone already configured"
fi
if test -f /etc/debian_version; then
sudo firewall-cmd --permanent --zone=public --remove-service={dhcpv6-client,samba-client}
elif test -f /etc/redhat-release; then
sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-service={dhcpv6-client,samba-client}
fi
sudo firewall-cmd --reload
}
function install_rclone() {
action_label "INSTALLING LATEST RCLONE"
curl https://rclone.org/install.sh | sudo bash
command -v rclone
}
install_packages
install_charm_packages
install_tailscale
if test -f /etc/redhat-release; then
enable_flathub
install_flatpaks
setup_networkd_conf
fi
install_pipx_packages
setup_resolv_conf
setup_rsyslog_conf
disable_services
enable_services
disable_ipv6
build_bat_cache
update_tealdeer_cache
setup_firewalld
install_rclone
action_label "DONE SETTING UP ALL THE THINGS ^_^"