#!/usr/bin/env bash # Unofficial Bash Strict Mode set -euo pipefail IFS=' ' # Fix Debian 10 bug (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905409) PATH=/sbin:/usr/sbin:$PATH # Debian stable OS apt-get update apt-get -y upgrade apt-get -y dist-upgrade # Disable OpenStack SSH malware mv /home/debian/.ssh/authorized_keys /root/.ssh/authorized_keys ||: sed -i '/Generated-by-Nova/d' /root/.ssh/authorized_keys ||: chown root:root /root/.ssh/authorized_keys ||: # Terminal goodies touch .hushlogin cat <<'EOF'>> /root/.bashrc export LS_OPTIONS="--color=auto" eval "`dircolors`" alias ctop="docker run --rm -it --name=ctop -v /var/run/docker.sock:/var/run/docker.sock:ro quay.io/vektorlab/ctop" alias df="df --si" alias du="du -cs --si" alias free="free -h --si" alias l="ls $LS_OPTIONS -al --si --group-directories-first" alias less="less -i" alias nano="nano -clDOST4" alias pstree="pstree -palU" alias gobuild='CGO_ENABLED=0 GOARCH=amd64 go build -trimpath -ldflags="-s -w"' export HISTFILESIZE= export HISTSIZE= export HISTTIMEFORMAT="%F %T " GOPATH=$HOME/go HISTCONTROL=ignoreboth HISTFILESIZE= HISTSIZE= HISTTIMEFORMAT="%F %T " EOF cat <> /etc/inputrc set completion-ignore-case set show-all-if-ambiguous On set show-all-if-unmodified On EOF cat <> /etc/bash.bashrc if ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then . /etc/bash_completion fi fi EOF # Basic packages apt-get -y install man bash-completion git ufw jq curl build-essential netcat wget psmisc lz4 file net-tools brotli unzip zip moreutils xauth sysfsutils rsync iperf pv tree mc screen ssh iotop whois # Configure screen cat <<'EOF'>> /etc/screenrc startup_message off shell -$SHELL defscrollback 100000 bind l eval clear "scrollback 0" "scrollback 100000" EOF # Configure SSH cat <> /etc/ssh/sshd_config Port 521 PasswordAuthentication no AllowUsers root X11UseLocalhost no EOF systemctl restart ssh touch /root/.Xauthority # Firewall ufw allow in 80/tcp ufw allow in 443/tcp ufw allow in 521/tcp ufw logging off ufw --force enable ufw --force delete 4 ufw --force delete 4 ufw --force delete 4 # Optimize systemctl disable unattended-upgrades.service apt-daily.timer apt-daily-upgrade.timer console-setup.service keyboard-setup.service remote-fs.target man-db.timer systemd-timesyncd.service sed -i 's/MODULES=most/MODULES=dep/g' /etc/initramfs-tools/initramfs.conf sed -i 's/COMPRESS=gzip/COMPRESS=lz4/g' /etc/initramfs-tools/initramfs.conf update-initramfs -u echo 'GRUB_TIMEOUT=0' >> /etc/default/grub update-grub apt-get -y purge apparmor exim\* for i in $(seq 0 $(nproc --ignore 1)); do echo "devices/system/cpu/cpu${i}/cpufreq/scaling_governor = performance" >> /etc/sysfs.conf done # Disable sleep when closing laptop screen echo HandleLidSwitch=ignore >> /etc/systemd/logind.conf # noatime sed -i 's| / ext4 | / ext4 noatime,|g' /etc/fstab # Disable swap swapoff -a sed -i '/swap/d' /etc/fstab # node.JS & yarn curl -sL https://deb.nodesource.com/setup_12.x | bash - apt-get -y install nodejs curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list apt-get update apt-get -y install yarn # Docker apt-get -y install apt-transport-https ca-certificates curl gnupg2 software-properties-common curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" apt-get update apt-get -y install docker-ce docker-ce-cli containerd.io # ripgrep curl -LO https://github.com/BurntSushi/ripgrep/releases/download/12.0.1/ripgrep_12.0.1_amd64.deb dpkg -i ripgrep_12.0.1_amd64.deb rm ripgrep_12.0.1_amd64.deb # Go wget https://dl.google.com/go/go1.14.4.linux-amd64.tar.gz tar -C /usr/local -xzf go1.14.4.linux-amd64.tar.gz rm go1.14.4.linux-amd64.tar.gz echo 'export PATH=$PATH:/usr/local/go/bin' >> /etc/profile # Netdata # bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) --no-updates --stable-channel --disable-telemetry # Caddy curl https://getcaddy.com | bash -s personal http.ipfilter # Generate SSH key ssh-keygen -ted25519 -f ~/.ssh/id_ed25519 -N '' # Cleanup sed -i '/^deb-src/d' /etc/apt/sources.list apt-get update apt-get -y purge unattended-upgrades apt-get -y autoremove --purge apt-get clean # The end reboot