add README
parent
9e46b73ab6
commit
94d40d9d47
|
@ -0,0 +1,133 @@
|
||||||
|
dotfiles
|
||||||
|
|
||||||
|
cd
|
||||||
|
git init
|
||||||
|
git remote add origin gitea@git.kompot.si:urosm/dot.git
|
||||||
|
git pull
|
||||||
|
git checkout main -f
|
||||||
|
|
||||||
|
locales
|
||||||
|
|
||||||
|
sudo dpkg-reconfigure locales
|
||||||
|
|
||||||
|
firewall
|
||||||
|
|
||||||
|
sudo apt install ufw
|
||||||
|
sudo ufw allow "SSH"
|
||||||
|
sudo ufw allow 1194/udp
|
||||||
|
|
||||||
|
sway desktop
|
||||||
|
|
||||||
|
neovim
|
||||||
|
|
||||||
|
sudo apt install ninja-build gettext cmake unzip curl
|
||||||
|
git clone --depth 1 --branch v0.9.1 https://github.com/neovim/neovim
|
||||||
|
cd neovim
|
||||||
|
make CMAKE_BUILD_TYPE=Release
|
||||||
|
sudo make install
|
||||||
|
|
||||||
|
# networking and firewall packages
|
||||||
|
sudo apt install network-manager
|
||||||
|
# utilities packages
|
||||||
|
sudo apt install git
|
||||||
|
sudo apt install ncal
|
||||||
|
sudo apt install udisks2
|
||||||
|
# desktop packages
|
||||||
|
sudo apt install --no-install-recommends sway # window manager
|
||||||
|
sudo apt install swayidle swaylock # window manager extras
|
||||||
|
sudo apt install mako-notifier libnotify-bin # notification daemon
|
||||||
|
sudo apt install foot # terminal
|
||||||
|
sudo apt install fuzzel # launcher
|
||||||
|
sudo apt install wl-clipboard # clipboard utility
|
||||||
|
sudo apt install light wlsunset # backlight utility
|
||||||
|
sudo apt install grim # screenshot utility
|
||||||
|
sudo apt install fonts-agave # font
|
||||||
|
# audio packages
|
||||||
|
sudo apt install pipewire-audio
|
||||||
|
# audio configuration
|
||||||
|
systemctl --user --now enable wireplumber.service
|
||||||
|
# application packages
|
||||||
|
sudo apt install firefox-esr # browser
|
||||||
|
sudo apt install mpv # media player
|
||||||
|
sudo apt install zathura # pdf reader
|
||||||
|
# building neovim
|
||||||
|
# building lua-language-server
|
||||||
|
sudo apt install ninja-build
|
||||||
|
git clone --depth 1 --branch 3.6.25 https://github.com/luals/lua-language-server
|
||||||
|
git submodule --init --recursive
|
||||||
|
./make.sh
|
||||||
|
# printing and scanning packages
|
||||||
|
sudo apt install cups
|
||||||
|
sudo apt install simple-scan
|
||||||
|
sudo apt install ocrmypdf # ocr
|
||||||
|
sudo apt install tesseract-ocr-slv
|
||||||
|
sudo apt install imagemagick
|
||||||
|
# libreoffice packages
|
||||||
|
sudo apt install libreoffice libreoffice-gtk3 libreoffice-l10n-sl
|
||||||
|
# pandoc and latex packages
|
||||||
|
sudo apt install pandoc
|
||||||
|
sudo apt install texlive-latex-recommended
|
||||||
|
sudo apt install texlive-fonts-extra
|
||||||
|
# remote desktop packages
|
||||||
|
sudo apt install remmina # remote desktop client
|
||||||
|
sudo apt install wireguard-tools # vpn
|
||||||
|
# shell packages
|
||||||
|
sudo apt install shellcheck
|
||||||
|
# ocaml packages
|
||||||
|
sudo apt install opam
|
||||||
|
```
|
||||||
|
|
||||||
|
# `wireguard` configuration
|
||||||
|
|
||||||
|
Server:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# enable ipv4 forwarding
|
||||||
|
sudo sysctl -w net.ipv4.ip_forward=1
|
||||||
|
# to make the change permanent edit /etc/sysctl.conf
|
||||||
|
sudo sed -i "s/^#net.ipv4.ip_forward = 1/net.ipv4.ip_forward = 1/" /etc/sysctl.conf
|
||||||
|
# generate private and public keys
|
||||||
|
wg genkey > server.key
|
||||||
|
wg pubkey < server.key > server.pub
|
||||||
|
```
|
||||||
|
|
||||||
|
Client:
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# generate private and public keys
|
||||||
|
wg genkey > client.key
|
||||||
|
wg pubkey < client.key > client.pub
|
||||||
|
```
|
||||||
|
|
||||||
|
Example of `/etc/wireguard/wg0.conf` on the server:
|
||||||
|
|
||||||
|
```
|
||||||
|
[Interface]
|
||||||
|
Address = 10.200.200.1/24
|
||||||
|
ListenPort = 1194
|
||||||
|
PrivateKey = <server.key>
|
||||||
|
|
||||||
|
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
|
||||||
|
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = <client1.pub>
|
||||||
|
AllowedIPs = 10.200.200.2/32
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = <client2.pub>
|
||||||
|
AllowedIPs = 10.200.200.3/32
|
||||||
|
```
|
||||||
|
|
||||||
|
Example of `/etc/wireguard/wg0.conf` on the client:
|
||||||
|
|
||||||
|
```
|
||||||
|
[Interface]
|
||||||
|
Address = 10.200.200.2/32
|
||||||
|
PrivateKey = <client.key>
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = <server.pub>
|
||||||
|
Endpoint = <server ip>:1194
|
||||||
|
AllowedIPs = 0.0.0.0/0, ::/0
|
||||||
|
```
|
Loading…
Reference in New Issue