5.8 KiB
5.8 KiB
dot
This repo tracks user and system configuration files, installed packages
and used commands for several machines or virtual servers. All are
running Debian. The milano
section documents our desktop setup based
on sway
, foot
, neovim
and fuzzel
.
milano
# urosm@milano
## bootstrap dotfiles
sudo apt install git
git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main
## disable annoying .sudo_as_admin_successful file
sudo cp -ri .config/sudoers.d /etc/
## update to debian testing
sudo cp -ri .config/apt /etc/
sudo apt update
sudo apt full-upgrade
## reconfigure locales
sudo dpkg-reconfigure locales
## install tasksel packages
sudo tasksel install web-server
sudo tasksel install ssh-server
## harden ssh
sudo cp -ri .config/ssh /etc/
systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
systemctl restart fail2ban
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
sudo ufw allow 1194/udp
sudo ufw enable
## install utils
sudo apt install network-manager
sudo cp -ir .config/network /etc/
sudo apt install udisks2
sudo apt install screen
sudo apt install jq
## install neovim
sudo apt install neovim
## install desktop packages
sudo apt install sway
sudo apt install swayidle swaylock
sudo apt install fuzzel
sudo apt install brightnessctl wlsunset
sudo apt install wl-clipboard grim
sudo apt install libnotify-bin mako-notifier
sudo apt install fonts-ibm-plex
## install and configure audio packages
sudo apt install pipewire-audio
systemctl --user enable --now wireplumber.service
## install writing packages
sudo apt install make
sudo apt install pandoc
sudo apt install texlive-latex-extra
sudo apt install texlive-lang-european
## install web packages
sudo apt install firefox
sudo apt install thunderbird
## install media packages
sudo apt install mpv
sudo apt install zathura
sudo apt install inkscape
## install office packages
sudo apt install libreoffice libreoffice-gtk3
sudo apt install libreoffice-l10n-sl
## install printing packages
sudo apt install cups printer-driver-all
sudo adduser urosm lpadmin
## install scanning packages
sudo apt install simple-scan
## install pdf processing packages
sudo apt install qpdf ocrmypdf
## install rdp packages
sudo apt install remmina
## install and setup ikiwiki
sudo apt install ikiwiki
sudo apt install libfile-mimeinfo-perl libhighlight-perl libhtml-tree-perl libimage-magick-perl liblocale-gettext-perl libmailtools-perl libnet-amazon-s3-perl libnet-inet6glue-perl libsearch-xapian-perl libsort-naturally-perl libtext-csv-perl libtext-multimarkdown-perl libtext-textile-perl libtext-typography-perl libtext-wikicreole-perl libtext-wikiformat-perl libxml-feed-perl libxml-writer-perl
chmod 711 $HOME
sudo a2enmod userdir
sudo a2enmod cgi
sudo cp .config/apache2/sites-available/kontrakurs.localhost.conf /etc/apache2/sites-available/
sudo cp .config/apache2/sites-available/bavbavhaus.localhost.conf /etc/apache2/sites-available/
sudo a2ensite kontrakurs.localhost bavbavhaus.localhost
systemctl restart apache2
padova
ssh root@padova
adduser urosm
adduser urosm sudo
exit
ssh-copy-id urosm@padova
ssh urosm@padova
## bootstrap dotfiles
sudo apt install git
git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main
## additional config in `etc`
sudo cp -ri .config/sudoers.d /etc/
## install screen
sudo apt install screen
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
sudo ufw allow 1194/udp
sudo ufw enable
## harden ssh
sudo cp -ri .config/ssh /etc/
sudo systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
sudo systemctl restart fail2ban
## install and configure wireguard
sudo cp -ir .config/sysctl.d /etc/
sudo sysctl -p
sudo apt install wireguard
sudo cp -i .config/wireguard/padova.conf /etc/wireguard/
wg-quick up padova
## enable unattended-upgrades
sudo apt install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades
tivoli
# urosm@tivoli
ssh root@tivoli
adduser urosm
adduser urosm sudo
exit
ssh-copy-id urosm@tivoli
ssh urosm@tivoli
## bootstrap dotfiles
sudo apt install git
git init -b main
git remote add origin gitea@git.kompot.si:urosm/dot.git
git pull origin main
## additional config in `etc`
sudo cp -ri .config/sudoers.d /etc/
## install screen
sudo apt install screen
## install and configure firewall
sudo apt install ufw
sudo ufw allow "SSH"
sudo ufw allow "WWW Full"
sudo ufw enable
## harden ssh
sudo cp -ir .config/ssh /etc/
sudo systemctl restart sshd
## install and configure fail2ban
sudo apt install fail2ban python3-pyinotify python3-systemd whois
sudo cp -ir .config/fail2ban /etc/
sudo systemctl restart fail2ban
## install and configure webserver
sudo tasksel install web-server
sudo a2enmod rewrite
sudo a2enmod userdir
sudo a2enmod cgi
chmod 711 "$HOME"
sudo cp -ir .config/apache2/sites-available /etc/apache2/
sudo a2ensite bavbavhaus.net
sudo a2ensite kontrakurs.org
sudo systemctl reload apache2
## install certbot
sudo apt install certbot
sudo apt install python3-certbot-apache
sudo certbot --apache
## install ikiwiki
sudo apt install --install-recommends ikiwiki
sudo apt install libfile-mimeinfo-perl libhighlight-perl libhtml-tree-perl libimage-magick-perl liblocale-gettext-perl libmailtools-perl libnet-amazon-s3-perl libnet-inet6glue-perl libsearch-xapian-perl libsort-naturally-perl libtext-csv-perl libtext-multimarkdown-perl libtext-textile-perl libtext-typography-perl libtext-wikicreole-perl libtext-wikiformat-perl libxml-feed-perl libxml-writer-perl
## enable unattended-upgrades
sudo apt install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades