#!/bin/sh
set -eu
username="$(getent passwd 1000 | cut -d: -f1)"
notify () { printf '\n\e[1;94m=== %s ====\e[0m\n\n' "$1" >&2; }
notify 'Installing Debian packages'
apt-get update
apt-get dist-upgrade --yes --purge
apt-get install --yes \
amd64-microcode \
btrfs-progs \
cryptsetup \
curl \
docker.io \
fonts-noto-cjk-extra \
fonts-sil-ezra \
fwupd-signed \
git \
intel-microcode \
language-pack-gnome-he \
libnotify-bin \
make \
openssh-client \
openssh-server \
python3 \
rsync \
sshfs \
systemd-container \
tmux \
ufw \
vim-nox \
;
apt-get autoremove --purge --yes
apt-get autoclean
notify 'Setting up the firewall'
ufw limit ssh
ufw default deny
ufw allow in on docker0
ufw enable
notify 'Mounting a tmpfs under /tmp'
sed -i '/\/tmp/d' /etc/fstab
echo 'tmpfs /tmp tmpfs defaults,nodev,nosuid 0 0' >> /etc/fstab
notify 'Disabling swap'
sed -i '/swap/d' /etc/fstab
notify 'Passwordless sudo'
echo "$username ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/nopasswd-user
chown root:root /etc/sudoers.d/nopasswd-user
chmod 440 /etc/sudoers.d/nopasswd-user
notify 'Set password and make a note in the user'\''s full name'
echo "$username:1234" | chpasswd
chfn --full-name 'Password is 1234' "$username"
notify 'Cloning the rcfiles repo to the home directory'
sudo -Hu "$username" sh -c 'git -C $HOME remote show >/dev/null' || \
sudo -Hu "$username" sh -c '
# Copied verbatim from https://git.shore.co.il/nimrod/rcfiles/#installation.
cd
git init
git remote add origin https://git.shore.co.il/nimrod/rcfiles.git/
git fetch
git reset --hard origin/master
git branch --set-upstream-to=origin/master
git bull
Documents/bin/install-git-hooks
.githooks/post-merge
'
update-desktop-database
notify 'Installing Flatpaks'
flathub_install () {
wget "https://dl.flathub.org/repo/appstream/$1.flatpakref"
sudo -Hu "$username" io.elementary.sideload "$1.flatpakref"
rm "$1.flatpakref"
}
(
cd /tmp
flathub_install org.mozilla.firefox
flathub_install org.libreoffice.LibreOffice
flathub_install org.gnome.PasswordSafe
flathub_install org.remmina.Remmina
)