mirror of https://github.com/01-edu/public.git
Xavier Petit
5 years ago
1 changed files with 161 additions and 0 deletions
@ -0,0 +1,161 @@ |
|||||||
|
#!/usr/bin/env bash |
||||||
|
|
||||||
|
# Unofficial Bash Strict Mode |
||||||
|
set -euo pipefail |
||||||
|
IFS=' |
||||||
|
' |
||||||
|
|
||||||
|
# Debian stable OS |
||||||
|
apt-get update |
||||||
|
apt-get -y upgrade |
||||||
|
apt-get -y dist-upgrade |
||||||
|
|
||||||
|
# Disable OpenStack SSH malware |
||||||
|
mv /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys ||: |
||||||
|
sed -i '/Generated-by-Nova/d' /root/.ssh/authorized_keys ||: |
||||||
|
chown root:root /root/.ssh/authorized_keys ||: |
||||||
|
|
||||||
|
# Terminal goodies |
||||||
|
touch .hushlogin |
||||||
|
|
||||||
|
cat <<'EOF'>> /root/.bashrc |
||||||
|
export LS_OPTIONS="--color=auto" |
||||||
|
eval "`dircolors`" |
||||||
|
|
||||||
|
alias ctop="docker run --rm -it --name=ctop -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop" |
||||||
|
alias df="df --si" |
||||||
|
alias du="du -cs --si" |
||||||
|
alias free="free -h --si" |
||||||
|
alias l="ls $LS_OPTIONS -al --si --group-directories-first" |
||||||
|
alias less="less -i" |
||||||
|
alias nano="nano -clDOST4" |
||||||
|
alias pstree="pstree -palU" |
||||||
|
alias gobuild='CGO_ENABLED=0 GOARCH=amd64 go build -trimpath -ldflags="-s -w"' |
||||||
|
|
||||||
|
export HISTFILESIZE= |
||||||
|
export HISTSIZE= |
||||||
|
export HISTTIMEFORMAT="%F %T " |
||||||
|
|
||||||
|
GOPATH=$HOME/go |
||||||
|
HISTCONTROL=ignoreboth |
||||||
|
HISTFILESIZE= |
||||||
|
HISTSIZE= |
||||||
|
HISTTIMEFORMAT="%F %T " |
||||||
|
EOF |
||||||
|
|
||||||
|
cat <<EOF>> /etc/inputrc |
||||||
|
set completion-ignore-case |
||||||
|
set show-all-if-ambiguous On |
||||||
|
set show-all-if-unmodified On |
||||||
|
EOF |
||||||
|
|
||||||
|
cat <<EOF>> /etc/bash.bashrc |
||||||
|
if ! shopt -oq posix; then |
||||||
|
if [ -f /usr/share/bash-completion/bash_completion ]; then |
||||||
|
. /usr/share/bash-completion/bash_completion |
||||||
|
elif [ -f /etc/bash_completion ]; then |
||||||
|
. /etc/bash_completion |
||||||
|
fi |
||||||
|
fi |
||||||
|
EOF |
||||||
|
|
||||||
|
# Basic packages |
||||||
|
apt-get -y install man bash-completion git ufw jq curl build-essential netcat wget psmisc lz4 file net-tools brotli unzip zip moreutils xauth sysfsutils rsync iperf pv tree mc screen |
||||||
|
|
||||||
|
# Configure screen |
||||||
|
cat <<'EOF'>> /etc/screenrc |
||||||
|
startup_message off |
||||||
|
shell -$SHELL |
||||||
|
defscrollback 100000 |
||||||
|
bind l eval clear "scrollback 0" "scrollback 100000" |
||||||
|
EOF |
||||||
|
|
||||||
|
# Configure SSH |
||||||
|
cat <<EOF>> /etc/ssh/sshd_config |
||||||
|
Port 521 |
||||||
|
PasswordAuthentication no |
||||||
|
AllowUsers root |
||||||
|
X11UseLocalhost no |
||||||
|
EOF |
||||||
|
service ssh restart |
||||||
|
|
||||||
|
touch /root/.Xauthority |
||||||
|
|
||||||
|
# Firewall |
||||||
|
ufw allow in 80/tcp |
||||||
|
ufw allow in 443/tcp |
||||||
|
ufw allow in 521/tcp |
||||||
|
ufw logging off |
||||||
|
ufw --force enable |
||||||
|
ufw --force delete 4 |
||||||
|
ufw --force delete 4 |
||||||
|
ufw --force delete 4 |
||||||
|
|
||||||
|
# Optimize |
||||||
|
systemctl disable unattended-upgrades.service apt-daily.timer apt-daily-upgrade.timer console-setup.service keyboard-setup.service remote-fs.target man-db.timer systemd-timesyncd.service |
||||||
|
apt-get -y purge apparmor |
||||||
|
sed -i 's/MODULES=most/MODULES=dep/g' /etc/initramfs-tools/initramfs.conf |
||||||
|
sed -i 's/COMPRESS=gzip/COMPRESS=lz4/g' /etc/initramfs-tools/initramfs.conf |
||||||
|
update-initramfs -u |
||||||
|
echo 'GRUB_TIMEOUT=0' >> /etc/default/grub |
||||||
|
update-grub |
||||||
|
apt-get -y purge exim\* |
||||||
|
|
||||||
|
for i in $(seq 0 $(nproc --ignore 1)); do |
||||||
|
echo "devices/system/cpu/cpu${i}/cpufreq/scaling_governor = performance" >> /etc/sysfs.conf |
||||||
|
done |
||||||
|
|
||||||
|
# Disable sleep when closing laptop screen |
||||||
|
echo HandleLidSwitch=ignore >> /etc/systemd/logind.conf |
||||||
|
|
||||||
|
# noatime |
||||||
|
sed -i 's| / ext4 | / ext4 noatime,|g' /etc/fstab |
||||||
|
|
||||||
|
# Disable swap |
||||||
|
swapoff -a |
||||||
|
sed -i '/swap/d' /etc/fstab |
||||||
|
|
||||||
|
# node.JS & yarn |
||||||
|
curl -sL https://deb.nodesource.com/setup_12.x | bash - |
||||||
|
apt-get -y install nodejs |
||||||
|
curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - |
||||||
|
echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list |
||||||
|
apt-get update |
||||||
|
apt-get -y install yarn |
||||||
|
|
||||||
|
# Docker |
||||||
|
apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common |
||||||
|
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - |
||||||
|
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" |
||||||
|
apt-get update |
||||||
|
apt-get -y install docker-ce docker-ce-cli containerd.io |
||||||
|
|
||||||
|
# ripgrep |
||||||
|
curl -LO https://github.com/BurntSushi/ripgrep/releases/download/11.0.2/ripgrep_11.0.2_amd64.deb |
||||||
|
dpkg -i ripgrep_11.0.2_amd64.deb |
||||||
|
rm ripgrep_11.0.2_amd64.deb |
||||||
|
|
||||||
|
# Go |
||||||
|
wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz |
||||||
|
tar -C /usr/local -xzf go1.14.linux-amd64.tar.gz |
||||||
|
rm go1.14.linux-amd64.tar.gz |
||||||
|
echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile |
||||||
|
|
||||||
|
# Netdata |
||||||
|
# bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) --no-updates --stable-channel --disable-telemetry |
||||||
|
|
||||||
|
# Caddy |
||||||
|
curl https://getcaddy.com | bash -s personal http.ipfilter |
||||||
|
|
||||||
|
# Generate SSH key |
||||||
|
ssh-keygen -ted25519 -f ~/.ssh/id_ed25519 -N '' |
||||||
|
|
||||||
|
# Cleanup |
||||||
|
sed -i '/^deb-src/d' /etc/apt/sources.list |
||||||
|
apt-get update |
||||||
|
apt-get -y purge unattended-upgrades |
||||||
|
apt-get -y autoremove --purge |
||||||
|
apt-get clean |
||||||
|
|
||||||
|
# The end |
||||||
|
reboot |
Loading…
Reference in new issue