#!/bin/sh
set -eu

# Install Debian packages.
apt-get update
apt-get dist-upgrade --yes --purge
apt-get install --yes \
    btrfs-progs \
    cryptsetup \
    libpam-mount\
    ;
apt-get autoremove --purge --yes
apt-get autoclean

# Setup the firewall.
ufw limit ssh
ufw default deny
ufw enable

# Mount a tmpfs under /tmp.
sed -i '/\/tmp/d' /etc/fstab
echo 'tmpfs   /tmp    tmpfs   defaults,nodev,nosuid   0   0' >> /etc/fstab

# Install flatpak applications.
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install --noninteractive flathub org.gnome.Epiphany
flatpak install --noninteractive flathub org.gnome.PasswordSafe
flatpak install --noninteractive flathub com.github.subhadeepjasu.pebbles
flatpak install --noninteractive flathub com.nextcloud.desktopclient.nextcloud
flatpak install --noninteractive flathub org.gnome.Evince
flatpak install --noninteractive flathub org.libreoffice.LibreOffice

# Autostart the Nextcloud desktop client on login.
mkdir -p \~/.config/autostart
wget <https://git.shore.co.il/nimrod/rcfiles/-/raw/master/.config/autostart/nextcloud.desktop> -O \~/.config/autostart/nextcloud.desktop