aboutsummaryrefslogtreecommitdiff
path: root/share/provision/debian
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2020-12-13 10:25:19 -0300
committerSilvio Rhatto <rhatto@riseup.net>2020-12-13 10:25:19 -0300
commit7799e36e0f057625f29bba0394597da5645fcc30 (patch)
treeae294d1c763f38f9d0b007f71291aa22b9f7e846 /share/provision/debian
parent71e615a3faae973342ae5debdd76b28a33430817 (diff)
downloadkvmx-7799e36e0f057625f29bba0394597da5645fcc30.tar.gz
kvmx-7799e36e0f057625f29bba0394597da5645fcc30.tar.bz2
Fix: provision cleanup and organize
Diffstat (limited to 'share/provision/debian')
-rwxr-xr-xshare/provision/debian/basic79
-rwxr-xr-xshare/provision/debian/desktop-basic78
-rwxr-xr-xshare/provision/debian/desktop-full34
-rwxr-xr-xshare/provision/debian/development37
-rw-r--r--share/provision/debian/files/desktop-basic/etc/default/keyboard10
-rw-r--r--share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf165
-rw-r--r--share/provision/debian/files/desktop-basic/home/user/.custom/xsession48
-rwxr-xr-xshare/provision/debian/lsd57
-rwxr-xr-xshare/provision/debian/messenger39
-rwxr-xr-xshare/provision/debian/openbox40
-rwxr-xr-xshare/provision/debian/openvpn36
-rwxr-xr-xshare/provision/debian/tor-browser33
-rwxr-xr-xshare/provision/debian/trashman37
-rwxr-xr-xshare/provision/debian/web-basic50
-rwxr-xr-xshare/provision/debian/web-full47
-rwxr-xr-xshare/provision/debian/webserver22
-rwxr-xr-xshare/provision/debian/wireguard36
17 files changed, 848 insertions, 0 deletions
diff --git a/share/provision/debian/basic b/share/provision/debian/basic
new file mode 100755
index 0000000..11a4d7d
--- /dev/null
+++ b/share/provision/debian/basic
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+#
+# Basic provisioner example
+#
+# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Upgrade
+if which hydractl &> /dev/null; then
+ hydractl upgrade
+else
+ sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1
+fi
+
+# Dependencies
+echo "Installing basic dependencies..."
+$APT_INSTALL zsh || exit 1
+
+# Set user shell
+if [ -x "/bin/zsh" ]; then
+ sudo chsh -s /bin/zsh `whoami`
+fi
+
+# Provision LSD
+$DIRNAME/lsd $HOSTNAME $DOMAIN $MIRROR
+
+# Provision trashman
+#$DIRNAME/trashman $HOSTNAME $DOMAIN $MIRROR
+
+#
+# System tuning
+#
+
+# Configure some system behavior using trashman
+sudo apps/trashman/trashman install swapfile
+sudo apps/trashman/trashman install grub-serial-console
+
+# Security
+sudo sysctl kernel.unprivileged_bpf_disabled=1
+echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null
+
+# Configuring APT
+sudo apt-get update
+$APT_INSTALL apt-transport-https || exit 1
+sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1
+sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g" /etc/apt/sources.list || exit 1
+sudo sed -i -e "s|main$|main contrib non-free|g" /etc/apt/sources.list || exit 1
+
+# GRUB timeout
+if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then
+ sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub
+ sudo update-grub
+fi
+
+# Fstrim
+# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files
+sudo fstrim -av
+sudo sync
diff --git a/share/provision/debian/desktop-basic b/share/provision/debian/desktop-basic
new file mode 100755
index 0000000..ec49414
--- /dev/null
+++ b/share/provision/debian/desktop-basic
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+#
+# Basic desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR
+
+# QXL
+# See https://labs.riseup.net/code/issues/11518
+# https://bugs.mageia.org/show_bug.cgi?id=14607
+#if [ ! -e "/etc/modprobe.d/qxl-no-kms.conf" ]; then
+# echo 'options qxl modeset=0' | sudo tee /etc/modprobe.d/qxl-no-kms.conf
+# sudo update-initramfs -v -u
+#fi
+
+# Ensure we are in the user home folder
+cd
+
+# Aditional metadot modules
+apps/metadot/metadot load-bundle desktop-basic
+apps/metadot/metadot deps-bundle desktop-basic
+
+# Additional packages
+echo "Installing additional desktop-basic packages..."
+$APT_INSTALL xpra lightdm firejail xsel tigervnc-viewer
+
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861744
+$APT_INSTALL torbrowser-launcher alsa-utils pulseaudio
+
+# System-wide configuration
+sudo cp $DIRNAME/files/desktop-basic/etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf
+sudo cp $DIRNAME/files/desktop-basic/etc/default/keyboard /etc/default/keyboard
+sudo update-alternatives --set x-window-manager /usr/bin/ratpoison
+
+# Removing the dotfiles' version of .dmrc ensures that
+#
+# the default x-window-manager automatically starts. Otherwise we may end up
+# having lightdm unable to login automatically into ratpoison or even starting
+# the wrong window manager.
+rm -f $HOME/.dmrc
+
+# Load qlx module during initramfs phase otherwise the X server might start
+# before this module gets loaded, resulting in weird spice errors.
+if ! grep -q qxl /etc/initramfs-tools/modules; then
+ echo qxl | sudo tee -a /etc/initramfs-tools/modules > /dev/null
+ sudo update-initramfs -u
+fi
+
+# User configuration
+mkdir -p $HOME/.custom
+
+if [ ! -e "$HOME/.custom/xsession" ]; then
+ cp $DIRNAME/files/desktop-basic/home/user/.custom/xsession $HOME/.custom/xsession
+fi
diff --git a/share/provision/debian/desktop-full b/share/provision/debian/desktop-full
new file mode 100755
index 0000000..b4dce46
--- /dev/null
+++ b/share/provision/debian/desktop-full
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR
+
+# Install awesome
+apps/metadot/metadot load awesome
+apps/metadot/metadot deps awesome
diff --git a/share/provision/debian/development b/share/provision/debian/development
new file mode 100755
index 0000000..bb2f890
--- /dev/null
+++ b/share/provision/debian/development
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+#
+# Basic development provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR
+
+# Ensure we're in the home folder
+cd
+
+# Load development config
+apps/metadot/metadot load-bundle development
+apps/metadot/metadot deps-bundle development
diff --git a/share/provision/debian/files/desktop-basic/etc/default/keyboard b/share/provision/debian/files/desktop-basic/etc/default/keyboard
new file mode 100644
index 0000000..f18fc73
--- /dev/null
+++ b/share/provision/debian/files/desktop-basic/etc/default/keyboard
@@ -0,0 +1,10 @@
+# KEYBOARD CONFIGURATION FILE
+
+# Consult the keyboard(5) manual page.
+
+XKBMODEL="abnt2"
+XKBLAYOUT="br"
+XKBVARIANT="thinkpad"
+XKBOPTIONS="compose:ralt,terminate:ctrl_alt_bksp"
+
+BACKSPACE="guess"
diff --git a/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf
new file mode 100644
index 0000000..7614cc2
--- /dev/null
+++ b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf
@@ -0,0 +1,165 @@
+#
+# General configuration
+#
+# start-default-seat = True to always start one seat if none are defined in the configuration
+# greeter-user = User to run greeter as
+# minimum-display-number = Minimum display number to use for X servers
+# minimum-vt = First VT to run displays on
+# lock-memory = True to prevent memory from being paged to disk
+# user-authority-in-system-dir = True if session authority should be in the system location
+# guest-account-script = Script to be run to setup guest account
+# logind-check-graphical = True to on start seats that are marked as graphical by logind
+# log-directory = Directory to log information to
+# run-directory = Directory to put running state in
+# cache-directory = Directory to cache to
+# sessions-directory = Directory to find sessions
+# remote-sessions-directory = Directory to find remote sessions
+# greeters-directory = Directory to find greeters
+# backup-logs = True to move add a .old suffix to old log files when opening new ones
+#
+[LightDM]
+#start-default-seat=true
+#greeter-user=lightdm
+#minimum-display-number=0
+#minimum-vt=7
+#lock-memory=true
+#user-authority-in-system-dir=false
+#guest-account-script=guest-account
+#logind-check-graphical=false
+#log-directory=/var/log/lightdm
+#run-directory=/var/run/lightdm
+#cache-directory=/var/cache/lightdm
+#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
+#remote-sessions-directory=/usr/share/lightdm/remote-sessions
+#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters
+#backup-logs=true
+
+#
+# Seat configuration
+#
+# Seat configuration is matched against the seat name glob in the section, for example:
+# [Seat:*] matches all seats and is applied first.
+# [Seat:seat0] matches the seat named "seat0".
+# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
+#
+# type = Seat type (xlocal, xremote, unity)
+# pam-service = PAM service to use for login
+# pam-autologin-service = PAM service to use for autologin
+# pam-greeter-service = PAM service to use for greeters
+# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
+# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
+# xserver-config = Config file to pass to X server
+# xserver-layout = Layout to pass to X server
+# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
+# xserver-share = True if the X server is shared for both greeter and session
+# xserver-hostname = Hostname of X server (only for type=xremote)
+# xserver-display-number = Display number of X server (only for type=xremote)
+# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
+# xdmcp-port = XDMCP UDP/IP port to communicate on
+# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
+# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option)
+# unity-compositor-timeout = Number of seconds to wait for compositor to start
+# greeter-session = Session to load for greeter
+# greeter-hide-users = True to hide the user list
+# greeter-allow-guest = True if the greeter should show a guest login option
+# greeter-show-manual-login = True if the greeter should offer a manual login option
+# greeter-show-remote-login = True if the greeter should offer a remote login option
+# user-session = Session to load for users
+# allow-user-switching = True if allowed to switch users
+# allow-guest = True if guest login is allowed
+# guest-session = Session to load for guests (overrides user-session)
+# session-wrapper = Wrapper script to run session with
+# greeter-wrapper = Wrapper script to run greeter with
+# guest-wrapper = Wrapper script to run guest sessions with
+# display-setup-script = Script to run when starting a greeter session (runs as root)
+# display-stopped-script = Script to run after stopping the display server (runs as root)
+# greeter-setup-script = Script to run when starting a greeter (runs as root)
+# session-setup-script = Script to run when starting a user session (runs as root)
+# session-cleanup-script = Script to run when quitting a user session (runs as root)
+# autologin-guest = True to log in as guest by default
+# autologin-user = User to log in with by default (overrides autologin-guest)
+# autologin-user-timeout = Number of seconds to wait before loading default user
+# autologin-session = Session to load for automatic login (overrides user-session)
+# autologin-in-background = True if autologin session should not be immediately activated
+# exit-on-failure = True if the daemon should exit if this seat fails
+#
+[Seat:*]
+#type=xlocal
+#pam-service=lightdm
+#pam-autologin-service=lightdm-autologin
+#pam-greeter-service=lightdm-greeter
+#xserver-command=X
+#xmir-command=Xmir
+#xserver-config=
+#xserver-layout=
+xserver-allow-tcp=true
+#xserver-share=true
+#xserver-hostname=
+#xserver-display-number=
+#xdmcp-manager=
+#xdmcp-port=177
+#xdmcp-key=
+#unity-compositor-command=unity-system-compositor
+#unity-compositor-timeout=60
+#greeter-session=example-gtk-gnome
+#greeter-hide-users=false
+#greeter-allow-guest=true
+#greeter-show-manual-login=false
+#greeter-show-remote-login=true
+#user-session=default
+#allow-user-switching=true
+#allow-guest=true
+#guest-session=
+#session-wrapper=lightdm-session
+#greeter-wrapper=
+#guest-wrapper=
+#display-setup-script=
+#display-stopped-script=
+#greeter-setup-script=
+#session-setup-script=
+#session-cleanup-script=
+#autologin-guest=false
+autologin-user=user
+autologin-user-timeout=0
+#autologin-in-background=false
+#autologin-session=
+#exit-on-failure=false
+
+#
+# XDMCP Server configuration
+#
+# enabled = True if XDMCP connections should be allowed
+# port = UDP/IP port to listen for connections on
+# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
+# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
+# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
+#
+# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
+# it can be a word and the first 7 characters are used as the key.
+#
+[XDMCPServer]
+enabled=true
+port=177
+#listen-address=
+#key=
+#hostname=
+
+#
+# VNC Server configuration
+#
+# enabled = True if VNC connections should be allowed
+# command = Command to run Xvnc server with
+# port = TCP/IP port to listen for connections on
+# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
+# width = Width of display to use
+# height = Height of display to use
+# depth = Color depth of display to use
+#
+[VNCServer]
+#enabled=false
+#command=Xvnc
+#port=5900
+#listen-address=
+#width=1024
+#height=768
+#depth=8
diff --git a/share/provision/debian/files/desktop-basic/home/user/.custom/xsession b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession
new file mode 100644
index 0000000..ee206e0
--- /dev/null
+++ b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession
@@ -0,0 +1,48 @@
+#
+# Custom X11 session config
+#
+
+# Parameters
+HOSTNAME="`cat /etc/hostname | cut -d . -f 1`"
+
+# Set window manager
+WINDOW_MANAGER="ratpoison"
+
+# Display device
+DISPLAY_DEVICE="Virtual-0" # or maybe qlx-0
+
+#
+# Set screen size
+#
+
+# Modeline determined by running "cvt 1280 780"
+#xrandr --newmode "1280x780_60.00" 81.50 1280 1352 1480 1680 780 783 793 810 -hsync +vsync
+#xrandr --addmode $DISPLAY_DEVICE 1280x780_60.00
+
+# Modeline determined by running "cvt 1368 748"
+#xrandr --newmode "1368x748_60.00" 83.00 1368 1440 1576 1784 748 751 761 777 -hsync +vsync
+#xrandr --addmode $DISPLAY_DEVICE 1368x748_60.00
+
+# Set default modeline
+#xrandr --output $DISPLAY_DEVICE --mode 1368x748_60.00
+#xrandr --output $DISPLAY_DEVICE --mode 1280x780_60.00
+
+# Workaround for programs that depend on a system fully operational
+# Example: chromium browser running with firejail when your ${DOWNLOADS}
+# path is a shared folder to be mounted by kvmx. If you don't sleep here,
+# you mind find a whitelisting error at the firejail profile in your
+# ~/.xsession-errors.
+sleep 8
+
+# Startup programs
+if [ "$HOSTNAME" = "web" ]; then
+ PROGRAMS="$PROGRAMS tor-browser"
+elif [ "$HOSTNAME" = "vnc" ]; then
+ PROGRAMS="$PROGRAMS vnc"
+else
+ PROGRAMS="$PROGRAMS terminal"
+fi
+
+# Fix keyboard layout if needed
+# https://wiki.debian.org/Keyboard
+#setxkbmap -model abnt2 -layout br -variant thinkpad
diff --git a/share/provision/debian/lsd b/share/provision/debian/lsd
new file mode 100755
index 0000000..2b4a35e
--- /dev/null
+++ b/share/provision/debian/lsd
@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+#
+# Provisioner for the Lightweight Software Distribution - LSD.
+#
+# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Ensure we're in the home folder
+cd
+
+# Dependencies
+echo "Installing basic dependencies..."
+$APT_INSTALL git curl make wipe man zsh || exit 1
+
+# Tools
+if [ ! -e "apps/infection" ]; then
+ rm -rf apps
+ git clone --recursive https://git.fluxo.info/rhatto/apps
+ apps/infection init
+else
+ echo "Updating locally-installed apps and dotfiles..."
+ apps/infection fetch
+ apps/infection merge
+ apps/metadot/metadot fetch
+ apps/metadot/metadot merge
+fi
+
+# Load basic config
+apps/metadot/metadot load-bundle console
+apps/metadot/metadot deps-bundle console
+
+# Install hydra system-wide
+apps/hydra/hydractl install
+
+# Install trashman system-wide
+sudo apps/trashman/trashman install trashman
diff --git a/share/provision/debian/messenger b/share/provision/debian/messenger
new file mode 100755
index 0000000..bdd8f7e
--- /dev/null
+++ b/share/provision/debian/messenger
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+#
+# Messenger provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR
+
+# Signal Desktop
+sudo trashman install signal-desktop
+
+# Install Ricochet
+#$APT_INSTALL ricochet-im
+
+# Install Gajim
+$APT_INSTALL gajim gajim-omemo
diff --git a/share/provision/debian/openbox b/share/provision/debian/openbox
new file mode 100755
index 0000000..df47622
--- /dev/null
+++ b/share/provision/debian/openbox
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+#
+# Openbox provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Use a stacked window manager to reduce browser fingerprinting
+$APT_INSTALL openbox gmrun
+
+# Dotfiles configuration
+if [ -x "$HOME/apps/metadot/metadot" ]; then
+ $HOME/apps/metadot/metadot load openbox
+fi
+
+# Custom xsession config
+if [ -f "$HOME/.custom/xsession" ]; then
+ sed -i -e 's/^WINDOW_MANAGER=.*$/WINDOW_MANAGER="openbox"/' $HOME/.custom/xsession
+fi
diff --git a/share/provision/debian/openvpn b/share/provision/debian/openvpn
new file mode 100755
index 0000000..5722c3e
--- /dev/null
+++ b/share/provision/debian/openvpn
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR
+
+# Install OpenVPN and dnsutils (which provides nslookup)
+$APT_INSTALL openvpn resolvconf dnsutils curl
+
+# Use a stacked window manager to reduce browser fingerprinting
+$DIRNAME/openbox
diff --git a/share/provision/debian/tor-browser b/share/provision/debian/tor-browser
new file mode 100755
index 0000000..afbab58
--- /dev/null
+++ b/share/provision/debian/tor-browser
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+#
+# Tor desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR
+
+# Use a stacked window manager to reduce browser fingerprinting
+$DIRNAME/openbox
diff --git a/share/provision/debian/trashman b/share/provision/debian/trashman
new file mode 100755
index 0000000..b1f7bc5
--- /dev/null
+++ b/share/provision/debian/trashman
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+#
+# Trashman provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Install requirements
+$APT_INSTALL git rsync
+
+# Get trashman
+if [ -d "/usr/local/share/trashman" ]; then
+ ( cd /usr/local/share/trashman && sudo git pull )
+else
+ sudo git clone https://git.fluxo.info/trashman /usr/local/share/trashman
+fi
+
+# Install trashman
+sudo /usr/local/share/trashman/trashman install trashman
diff --git a/share/provision/debian/web-basic b/share/provision/debian/web-basic
new file mode 100755
index 0000000..11a94b5
--- /dev/null
+++ b/share/provision/debian/web-basic
@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+#
+# Web desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR
+
+# Additional packages
+echo "Installing additional web packages..."
+$APT_INSTALL firefox-esr chromium
+
+# Use addons.mozilla.org version instead
+sudo apt-get remove -y webext-treestyletab
+
+# Mozilla configuration
+# Create this config using "cd $HOME && /bin/tar jcvf mozilla.tar.bz2 .mozilla"
+#if [ ! -d "$HOME/.mozilla" ]; then
+# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/mozilla/mozilla.tar.bz2 )
+#fi
+
+# Chromium configuration
+# Create this config using "cd $HOME && /bin/tar jcvf chromium.tar.bz2 .config/chromium"
+#if [ ! -d "$HOME/.config/chromium" ]; then
+# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium.tar.bz2 )
+# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium-profiles.tar.bz2 )
+#fi
diff --git a/share/provision/debian/web-full b/share/provision/debian/web-full
new file mode 100755
index 0000000..a21a15d
--- /dev/null
+++ b/share/provision/debian/web-full
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+#
+# Web desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR
+
+# Office Suite
+$APT_INSTALL libreoffice gimp inkscape mat
+
+# Lave Tor available if the user wants to route other software besides running Tor Browser
+$APT_INSTALL tor
+
+# Luakit using stowpkg
+#if [ ! -x "$HOME/apps/stowpkg/tree/`uname -m`/bin/luakit" ]; then
+# $APT_INSTALL make stow
+# apps/stowpkg/stowpkg install luakit
+#else
+# apps/stowpkg/stowpkg upgrade luakit
+#fi
+
+# Ensure we have an updated qutebrowser
+#apps/qutebrowser/qutebrowser update
diff --git a/share/provision/debian/webserver b/share/provision/debian/webserver
new file mode 100755
index 0000000..650452f
--- /dev/null
+++ b/share/provision/debian/webserver
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+#
+# Webserver provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean
+sudo apt-get install -y apache2
diff --git a/share/provision/debian/wireguard b/share/provision/debian/wireguard
new file mode 100755
index 0000000..0aad2c9
--- /dev/null
+++ b/share/provision/debian/wireguard
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+#
+# Full desktop provision example
+#
+# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published
+# by the Free Software Foundation, either version 3 of the License,
+# or any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+# Parameters
+DIRNAME="`dirname $0`"
+BASENAME="`basename $0`"
+HOSTNAME="$1"
+DOMAIN="$2"
+MIRROR="$3"
+APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y"
+
+# Provision the basic stuff
+$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR
+
+# Install OpenVPN and dnsutils (which provides nslookup)
+$APT_INSTALL wireguard-tools resolvconf dnsutils curl
+
+# Use a stacked window manager to reduce browser fingerprinting
+$DIRNAME/openbox