Provision: adds basic profile

1 files changed, 99 insertions, 0 deletions

diff --git a/share/provision/basic b/share/provision/basic
new file mode 100755
index 0000000..8dc331d
--- /dev/null
+++ b/share/provision/basic
@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+#
+# Basic provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Ensure we're in the home folder
+cd
+
+# Dependencies
+echo "Installing basic dependencies..."
+$APT_INSTALL git curl make wipe man zsh || exit 1
+
+# Set user shell
+if [ -x "/bin/zsh" ]; then
+  sudo chsh -s /bin/zsh `whoami`
+fi
+
+# Tools
+if [ ! -e "apps/infection" ]; then
+  rm -rf apps
+  git clone --recursive https://git.fluxo.info/rhatto/apps
+  apps/infection init
+else
+  echo "Updating locally-installed apps and dotfiles..."
+  apps/infection fetch
+  apps/infection merge
+  apps/metadot/metadot fetch
+  apps/metadot/metadot merge
+fi
+
+# Load basic config
+apps/metadot/metadot load-bundle console
+apps/metadot/metadot deps-bundle console
+
+# Install hydra system-wide
+apps/hydra/hydractl install
+
+# Install trashman system-wide
+sudo apps/trashman/trashman install trashman
+
+# Upgrade
+if which hydractl &> /dev/null; then
+  hydractl upgrade
+else
+  sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1
+fi
+
+#
+# System tuning
+#
+
+# Configure some system behavior using trashman
+sudo apps/trashmah/trashman install swapfile
+sudo apps/trashmah/trashman install grub-serial-console
+
+# Security
+sudo sysctl kernel.unprivileged_bpf_disabled=1
+echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null
+
+# Configuring APT
+sudo apt-get update
+$APT_INSTALL apt-transport-https || exit 1
+sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1
+sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g"  /etc/apt/sources.list || exit 1
+sudo sed -i -e "s|main$|main contrib non-free|g"                   /etc/apt/sources.list || exit 1
+
+# GRUB timeout
+if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then
+  sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub
+  sudo update-grub
+fi
+
+# Fstrim
+# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files
+sudo fstrim -av
+sudo sync