#!/usr/bin/env bash set -euo pipefail packages=( age atop autossh bat borgbackup borgmatic btrfs-assistant calibre cmake curl diff-so-fancy duf emacs ethtool eza fastfetch fd-find fzf git git-core golang hdparm htop hugo jc jq just kbackup kpeoplevcard lagrange ldns libtool lsof lynx neochat neovim nmap node-exporter nodejs nu pipx poetry python3-devel python3-pip qbittorrent ripgrep rsync rsyslog shfmt ShellCheck tcpdump tealdeer tokodon trash-cli uv vlc w3m wireshark wl-clipboard yakuake zsh ) copr_repos=( atim/starship hyperreal/better_fonts varlad/yazi varlad/zellij ) flatpak_packages=( com.discordapp.Discord com.github.tchx84.Flatseal io.podman_desktop.PodmanDesktop ) pipx_packages=( "black" "bpython" "isort" "pyright" "ansible --include-deps" ) services_enable=( atop.service atopacct.service atop-rotate.timer prometheus-node-exporter.service rsyslog.service sshd.service systemd-networkd tailscaled.service ) services_disable=( avahi-daemon.service bluetooth.service cups.service cups-browsed.service NetworkManager.service sddm.service wpa_supplicant.service ) function install_packages() { echo "" echo "--> BEGIN INSTALLING PACKAGES..." sudo dnf install -y "${packages[@]}" } function install_devel_groups() { echo "" echo "--> INSTALLING DEVELOPMENT PACKAGE GROUPS..." sudo dnf install -y '@c-development' '@development-tools' '@container-management' } function enable_copr_repos() { echo "" echo "--> BEGIN ENABLING COPR REPOS..." for repo in "${copr_repos[@]}"; do sudo dnf copr enable -y "$repo"; done } # Depends: enable_copr_repos function install_copr_packages() { echo "" echo "--> BEGIN INSTALLING COPR PACKAGES..." sudo dnf install -y starship fontconfig-font-replacements yazi zellij } function install_rpmfusion_repos() { echo "" echo "--> INSTALLING RPMFUSION REPOS..." sudo dnf install -y "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm" "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm" } # Depends: install_rpmfusion_repos function install_rpmfusion_packages() { echo "" echo "--> INSTALLING RPMFUSION PACKAGES..." sudo dnf install -y --allowerasing ffmpeg-libs } function install_charm_packages() { echo "" echo "--> INSTALLING CHARM PACKAGES..." echo '[charm] name=Charm baseurl=https://repo.charm.sh/yum/ enabled=1 gpgcheck=1 gpgkey=https://repo.charm.sh/yum/gpg.key' | sudo tee /etc/yum.repos.d/charm.repo sudo rpm --import https://repo.charm.sh/yum/gpg.key sudo dnf install -y gum } function install_tailscale() { echo "" echo "--> INSTALLING TAILSCALE..." curl -fsSL https://tailscale.com/install.sh | sh } # Depends: install_tailscale function enable_tailscale() { echo "" echo "--> ENABLING TAILSCALE..." sudo tailscale up } function enable_flathub() { echo "" echo "--> ENABLING FLATHUB..." flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo } # Depends: enable_flathub function install_flatpaks() { echo "" echo "--> INSTALLING FLATPAKS..." for pkg in "${flatpak_packages[@]}"; do flatpak install -y "$pkg"; done } # Depends: install_packages function install_pipx_packages() { echo "" echo "--> INSTALLING PIPX PACKAGES..." for pkg in "${pipx_packages[@]}"; do pipx install "$pkg"; done } function setup_networkd_conf() { echo "" echo "--> SETTING UP SYSTEMD-NETWORKD CONFIG..." echo '[Match] Name=eno1 [Network] DHCP=yes DNS=100.100.100.100 DNSSEC=allow-downgrade [DHCPv4] UseDNS=no' | sudo tee /etc/systemd/network/eno1.network } # After: setup_networkd_conf function setup_resolv_conf() { echo "" echo "--> SETTING UP RESOLV CONF..." sudo rm -v /etc/resolv.conf sudo ln -sf /var/run/systemd/resolve/resolv.conf /etc/resolv.conf sudo systemctl restart systemd-resolved } # Depends: enable_tailscale function setup_rsyslog_conf() { echo "" echo "--> SETTING UP RSYSLOG CONFIG..." echo '# Forward to main monitoring node (nas.lyrebird-marlin.ts.net) *.* action(type="omfwd" target="100.112.241.12" port="514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000")' | sudo tee /etc/rsyslog.d/00forward-to-nas.conf } # After: setup_networkd_conf function disable_services() { echo "" echo "--> DISABLING SYSTEMD SERVICES..." for service in "${services_disable[@]}"; do sudo systemctl disable --now "$service"; done } # After: # - setup_networkd_conf # - install_packages function enable_services() { echo "" echo "--> ENABLING SYSTEMD SERVICES..." for service in "${services_enable[@]}"; do sudo systemctl enable --now "$service"; done } function disable_ipv6() { echo "" echo "--> DISABLING IPV6..." if ! sudo grep "ipv6.disable=1" /boot/grub2/grub.cfg; then sudo grubby --args=ipv6.disable=1 --update-kernel=ALL sudo grub2-mkconfig -o /boot/grub2/grub.cfg else echo "IPv6 already disabled." fi } function setup_fstab() { echo "" echo "--> SETTING UP FSTAB..." sudo mkdir /mnt/borgbackup /mnt/quick-backup if ! grep "ecf44876-2e4e-46ad-9f12-fc516c8ace2d" /etc/fstab; then echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/borgbackup btrfs defaults,subvol=@borgbackup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab echo "UUID=ecf44876-2e4e-46ad-9f12-fc516c8ace2d /mnt/quick-backup btrfs defaults,suvol=@quick-backup,compress=zstd:1,x-systemd.device-timeout=20 0 0" | sudo tee -a /etc/fstab else echo "/etc/fstab already configured." fi sudo systemctl daemon-reload sudo restorecon -Rv /mnt/borgbackup sudo restorecon -Rv /mnt/quick-backup sudo mount -av } # Depends: # - install_packages # - setup_fstab function setup_borgmatic_config() { echo "" echo "--> SETTING UP BORGMATIC CONFIG..." sudo mkdir /etc/borgmatic sudo cp -v /mnt/quick-backup/borgmatic-config.yaml /etc/borgmatic/config.yaml } # Depends: # - install_packages # - setup_fstab function copy_quick_backup() { echo "" echo "--> COPYING QUICK BACKUP..." rsync -aAXPz /mnt/quick-backup/jas/ /home/jas } # Depends: copy_quick_backup function build_bat_cache() { echo "" echo "--> BUILDING BAT CACHE..." bat cache --build } # Depends: install_packages function update_tealdeer_cache() { echo "" echo "--> UPDATING TEALDEER CACHE..." tldr --update } # Depends: enable_tailscale function setup_firewalld() { echo "" echo "--> SETTING UP FIREWALLD..." if ! sudo firewall-cmd --get-zones | grep "tailnet"; then sudo firewall-cmd --permanent --new-zone=tailnet sudo firewall-cmd --permanent --zone=tailnet --add-interface=tailscale0 sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/tcp sudo firewall-cmd --permanent --zone=tailnet --add-port=1025-65535/udp sudo firewall-cmd --permanent --zone=tailnet --add-service=ssh else echo "firewalld tailnet zone already configured" fi sudo firewall-cmd --permanent --zone=FedoraWorkstation --remove-service={dhcpv6-client,samba-client} sudo firewall-cmd --reload } function install_rclone() { echo "" echo "--> INSTALLING LATEST RCLONE..." sudo -v curl https://rclone.org/install.sh | sudo bash command -v rclone } # Depends: install_rclone copy_quick_backup function enable_sync_to_remotes() { systemctl --user enable --now sync_to_remotes.timer } install_packages install_devel_groups enable_copr_repos install_copr_packages install_rpmfusion_repos install_rpmfusion_packages install_charm_packages install_tailscale enable_tailscale enable_flathub install_flatpaks install_pipx_packages setup_networkd_conf setup_resolv_conf setup_rsyslog_conf disable_services enable_services disable_ipv6 setup_fstab setup_borgmatic_config copy_quick_backup build_bat_cache update_tealdeer_cache setup_firewalld install_rclone enable_sync_to_remotes