diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2020-12-13 10:25:19 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2020-12-13 10:25:19 -0300 |
commit | 7799e36e0f057625f29bba0394597da5645fcc30 (patch) | |
tree | ae294d1c763f38f9d0b007f71291aa22b9f7e846 /share/provision/debian | |
parent | 71e615a3faae973342ae5debdd76b28a33430817 (diff) | |
download | kvmx-7799e36e0f057625f29bba0394597da5645fcc30.tar.gz kvmx-7799e36e0f057625f29bba0394597da5645fcc30.tar.bz2 |
Fix: provision cleanup and organize
Diffstat (limited to 'share/provision/debian')
-rwxr-xr-x | share/provision/debian/basic | 79 | ||||
-rwxr-xr-x | share/provision/debian/desktop-basic | 78 | ||||
-rwxr-xr-x | share/provision/debian/desktop-full | 34 | ||||
-rwxr-xr-x | share/provision/debian/development | 37 | ||||
-rw-r--r-- | share/provision/debian/files/desktop-basic/etc/default/keyboard | 10 | ||||
-rw-r--r-- | share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf | 165 | ||||
-rw-r--r-- | share/provision/debian/files/desktop-basic/home/user/.custom/xsession | 48 | ||||
-rwxr-xr-x | share/provision/debian/lsd | 57 | ||||
-rwxr-xr-x | share/provision/debian/messenger | 39 | ||||
-rwxr-xr-x | share/provision/debian/openbox | 40 | ||||
-rwxr-xr-x | share/provision/debian/openvpn | 36 | ||||
-rwxr-xr-x | share/provision/debian/tor-browser | 33 | ||||
-rwxr-xr-x | share/provision/debian/trashman | 37 | ||||
-rwxr-xr-x | share/provision/debian/web-basic | 50 | ||||
-rwxr-xr-x | share/provision/debian/web-full | 47 | ||||
-rwxr-xr-x | share/provision/debian/webserver | 22 | ||||
-rwxr-xr-x | share/provision/debian/wireguard | 36 |
17 files changed, 848 insertions, 0 deletions
diff --git a/share/provision/debian/basic b/share/provision/debian/basic new file mode 100755 index 0000000..11a4d7d --- /dev/null +++ b/share/provision/debian/basic @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +# +# Basic provisioner example +# +# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Upgrade +if which hydractl &> /dev/null; then + hydractl upgrade +else + sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1 +fi + +# Dependencies +echo "Installing basic dependencies..." +$APT_INSTALL zsh || exit 1 + +# Set user shell +if [ -x "/bin/zsh" ]; then + sudo chsh -s /bin/zsh `whoami` +fi + +# Provision LSD +$DIRNAME/lsd $HOSTNAME $DOMAIN $MIRROR + +# Provision trashman +#$DIRNAME/trashman $HOSTNAME $DOMAIN $MIRROR + +# +# System tuning +# + +# Configure some system behavior using trashman +sudo apps/trashman/trashman install swapfile +sudo apps/trashman/trashman install grub-serial-console + +# Security +sudo sysctl kernel.unprivileged_bpf_disabled=1 +echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null + +# Configuring APT +sudo apt-get update +$APT_INSTALL apt-transport-https || exit 1 +sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 +sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 +sudo sed -i -e "s|main$|main contrib non-free|g" /etc/apt/sources.list || exit 1 + +# GRUB timeout +if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then + sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub + sudo update-grub +fi + +# Fstrim +# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files +sudo fstrim -av +sudo sync diff --git a/share/provision/debian/desktop-basic b/share/provision/debian/desktop-basic new file mode 100755 index 0000000..ec49414 --- /dev/null +++ b/share/provision/debian/desktop-basic @@ -0,0 +1,78 @@ +#!/usr/bin/env bash +# +# Basic desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR + +# QXL +# See https://labs.riseup.net/code/issues/11518 +# https://bugs.mageia.org/show_bug.cgi?id=14607 +#if [ ! -e "/etc/modprobe.d/qxl-no-kms.conf" ]; then +# echo 'options qxl modeset=0' | sudo tee /etc/modprobe.d/qxl-no-kms.conf +# sudo update-initramfs -v -u +#fi + +# Ensure we are in the user home folder +cd + +# Aditional metadot modules +apps/metadot/metadot load-bundle desktop-basic +apps/metadot/metadot deps-bundle desktop-basic + +# Additional packages +echo "Installing additional desktop-basic packages..." +$APT_INSTALL xpra lightdm firejail xsel tigervnc-viewer + +# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861744 +$APT_INSTALL torbrowser-launcher alsa-utils pulseaudio + +# System-wide configuration +sudo cp $DIRNAME/files/desktop-basic/etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf +sudo cp $DIRNAME/files/desktop-basic/etc/default/keyboard /etc/default/keyboard +sudo update-alternatives --set x-window-manager /usr/bin/ratpoison + +# Removing the dotfiles' version of .dmrc ensures that +# +# the default x-window-manager automatically starts. Otherwise we may end up +# having lightdm unable to login automatically into ratpoison or even starting +# the wrong window manager. +rm -f $HOME/.dmrc + +# Load qlx module during initramfs phase otherwise the X server might start +# before this module gets loaded, resulting in weird spice errors. +if ! grep -q qxl /etc/initramfs-tools/modules; then + echo qxl | sudo tee -a /etc/initramfs-tools/modules > /dev/null + sudo update-initramfs -u +fi + +# User configuration +mkdir -p $HOME/.custom + +if [ ! -e "$HOME/.custom/xsession" ]; then + cp $DIRNAME/files/desktop-basic/home/user/.custom/xsession $HOME/.custom/xsession +fi diff --git a/share/provision/debian/desktop-full b/share/provision/debian/desktop-full new file mode 100755 index 0000000..b4dce46 --- /dev/null +++ b/share/provision/debian/desktop-full @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR + +# Install awesome +apps/metadot/metadot load awesome +apps/metadot/metadot deps awesome diff --git a/share/provision/debian/development b/share/provision/debian/development new file mode 100755 index 0000000..bb2f890 --- /dev/null +++ b/share/provision/debian/development @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Basic development provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR + +# Ensure we're in the home folder +cd + +# Load development config +apps/metadot/metadot load-bundle development +apps/metadot/metadot deps-bundle development diff --git a/share/provision/debian/files/desktop-basic/etc/default/keyboard b/share/provision/debian/files/desktop-basic/etc/default/keyboard new file mode 100644 index 0000000..f18fc73 --- /dev/null +++ b/share/provision/debian/files/desktop-basic/etc/default/keyboard @@ -0,0 +1,10 @@ +# KEYBOARD CONFIGURATION FILE + +# Consult the keyboard(5) manual page. + +XKBMODEL="abnt2" +XKBLAYOUT="br" +XKBVARIANT="thinkpad" +XKBOPTIONS="compose:ralt,terminate:ctrl_alt_bksp" + +BACKSPACE="guess" diff --git a/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf new file mode 100644 index 0000000..7614cc2 --- /dev/null +++ b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf @@ -0,0 +1,165 @@ +# +# General configuration +# +# start-default-seat = True to always start one seat if none are defined in the configuration +# greeter-user = User to run greeter as +# minimum-display-number = Minimum display number to use for X servers +# minimum-vt = First VT to run displays on +# lock-memory = True to prevent memory from being paged to disk +# user-authority-in-system-dir = True if session authority should be in the system location +# guest-account-script = Script to be run to setup guest account +# logind-check-graphical = True to on start seats that are marked as graphical by logind +# log-directory = Directory to log information to +# run-directory = Directory to put running state in +# cache-directory = Directory to cache to +# sessions-directory = Directory to find sessions +# remote-sessions-directory = Directory to find remote sessions +# greeters-directory = Directory to find greeters +# backup-logs = True to move add a .old suffix to old log files when opening new ones +# +[LightDM] +#start-default-seat=true +#greeter-user=lightdm +#minimum-display-number=0 +#minimum-vt=7 +#lock-memory=true +#user-authority-in-system-dir=false +#guest-account-script=guest-account +#logind-check-graphical=false +#log-directory=/var/log/lightdm +#run-directory=/var/run/lightdm +#cache-directory=/var/cache/lightdm +#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions +#remote-sessions-directory=/usr/share/lightdm/remote-sessions +#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters +#backup-logs=true + +# +# Seat configuration +# +# Seat configuration is matched against the seat name glob in the section, for example: +# [Seat:*] matches all seats and is applied first. +# [Seat:seat0] matches the seat named "seat0". +# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client". +# +# type = Seat type (xlocal, xremote, unity) +# pam-service = PAM service to use for login +# pam-autologin-service = PAM service to use for autologin +# pam-greeter-service = PAM service to use for greeters +# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) +# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option) +# xserver-config = Config file to pass to X server +# xserver-layout = Layout to pass to X server +# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server +# xserver-share = True if the X server is shared for both greeter and session +# xserver-hostname = Hostname of X server (only for type=xremote) +# xserver-display-number = Display number of X server (only for type=xremote) +# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) +# xdmcp-port = XDMCP UDP/IP port to communicate on +# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) +# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) +# unity-compositor-timeout = Number of seconds to wait for compositor to start +# greeter-session = Session to load for greeter +# greeter-hide-users = True to hide the user list +# greeter-allow-guest = True if the greeter should show a guest login option +# greeter-show-manual-login = True if the greeter should offer a manual login option +# greeter-show-remote-login = True if the greeter should offer a remote login option +# user-session = Session to load for users +# allow-user-switching = True if allowed to switch users +# allow-guest = True if guest login is allowed +# guest-session = Session to load for guests (overrides user-session) +# session-wrapper = Wrapper script to run session with +# greeter-wrapper = Wrapper script to run greeter with +# guest-wrapper = Wrapper script to run guest sessions with +# display-setup-script = Script to run when starting a greeter session (runs as root) +# display-stopped-script = Script to run after stopping the display server (runs as root) +# greeter-setup-script = Script to run when starting a greeter (runs as root) +# session-setup-script = Script to run when starting a user session (runs as root) +# session-cleanup-script = Script to run when quitting a user session (runs as root) +# autologin-guest = True to log in as guest by default +# autologin-user = User to log in with by default (overrides autologin-guest) +# autologin-user-timeout = Number of seconds to wait before loading default user +# autologin-session = Session to load for automatic login (overrides user-session) +# autologin-in-background = True if autologin session should not be immediately activated +# exit-on-failure = True if the daemon should exit if this seat fails +# +[Seat:*] +#type=xlocal +#pam-service=lightdm +#pam-autologin-service=lightdm-autologin +#pam-greeter-service=lightdm-greeter +#xserver-command=X +#xmir-command=Xmir +#xserver-config= +#xserver-layout= +xserver-allow-tcp=true +#xserver-share=true +#xserver-hostname= +#xserver-display-number= +#xdmcp-manager= +#xdmcp-port=177 +#xdmcp-key= +#unity-compositor-command=unity-system-compositor +#unity-compositor-timeout=60 +#greeter-session=example-gtk-gnome +#greeter-hide-users=false +#greeter-allow-guest=true +#greeter-show-manual-login=false +#greeter-show-remote-login=true +#user-session=default +#allow-user-switching=true +#allow-guest=true +#guest-session= +#session-wrapper=lightdm-session +#greeter-wrapper= +#guest-wrapper= +#display-setup-script= +#display-stopped-script= +#greeter-setup-script= +#session-setup-script= +#session-cleanup-script= +#autologin-guest=false +autologin-user=user +autologin-user-timeout=0 +#autologin-in-background=false +#autologin-session= +#exit-on-failure=false + +# +# XDMCP Server configuration +# +# enabled = True if XDMCP connections should be allowed +# port = UDP/IP port to listen for connections on +# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present) +# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) +# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset) +# +# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively +# it can be a word and the first 7 characters are used as the key. +# +[XDMCPServer] +enabled=true +port=177 +#listen-address= +#key= +#hostname= + +# +# VNC Server configuration +# +# enabled = True if VNC connections should be allowed +# command = Command to run Xvnc server with +# port = TCP/IP port to listen for connections on +# listen-address = Host/address to listen for VNC connections (use all addresses if not present) +# width = Width of display to use +# height = Height of display to use +# depth = Color depth of display to use +# +[VNCServer] +#enabled=false +#command=Xvnc +#port=5900 +#listen-address= +#width=1024 +#height=768 +#depth=8 diff --git a/share/provision/debian/files/desktop-basic/home/user/.custom/xsession b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession new file mode 100644 index 0000000..ee206e0 --- /dev/null +++ b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession @@ -0,0 +1,48 @@ +# +# Custom X11 session config +# + +# Parameters +HOSTNAME="`cat /etc/hostname | cut -d . -f 1`" + +# Set window manager +WINDOW_MANAGER="ratpoison" + +# Display device +DISPLAY_DEVICE="Virtual-0" # or maybe qlx-0 + +# +# Set screen size +# + +# Modeline determined by running "cvt 1280 780" +#xrandr --newmode "1280x780_60.00" 81.50 1280 1352 1480 1680 780 783 793 810 -hsync +vsync +#xrandr --addmode $DISPLAY_DEVICE 1280x780_60.00 + +# Modeline determined by running "cvt 1368 748" +#xrandr --newmode "1368x748_60.00" 83.00 1368 1440 1576 1784 748 751 761 777 -hsync +vsync +#xrandr --addmode $DISPLAY_DEVICE 1368x748_60.00 + +# Set default modeline +#xrandr --output $DISPLAY_DEVICE --mode 1368x748_60.00 +#xrandr --output $DISPLAY_DEVICE --mode 1280x780_60.00 + +# Workaround for programs that depend on a system fully operational +# Example: chromium browser running with firejail when your ${DOWNLOADS} +# path is a shared folder to be mounted by kvmx. If you don't sleep here, +# you mind find a whitelisting error at the firejail profile in your +# ~/.xsession-errors. +sleep 8 + +# Startup programs +if [ "$HOSTNAME" = "web" ]; then + PROGRAMS="$PROGRAMS tor-browser" +elif [ "$HOSTNAME" = "vnc" ]; then + PROGRAMS="$PROGRAMS vnc" +else + PROGRAMS="$PROGRAMS terminal" +fi + +# Fix keyboard layout if needed +# https://wiki.debian.org/Keyboard +#setxkbmap -model abnt2 -layout br -variant thinkpad diff --git a/share/provision/debian/lsd b/share/provision/debian/lsd new file mode 100755 index 0000000..2b4a35e --- /dev/null +++ b/share/provision/debian/lsd @@ -0,0 +1,57 @@ +#!/usr/bin/env bash +# +# Provisioner for the Lightweight Software Distribution - LSD. +# +# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Ensure we're in the home folder +cd + +# Dependencies +echo "Installing basic dependencies..." +$APT_INSTALL git curl make wipe man zsh || exit 1 + +# Tools +if [ ! -e "apps/infection" ]; then + rm -rf apps + git clone --recursive https://git.fluxo.info/rhatto/apps + apps/infection init +else + echo "Updating locally-installed apps and dotfiles..." + apps/infection fetch + apps/infection merge + apps/metadot/metadot fetch + apps/metadot/metadot merge +fi + +# Load basic config +apps/metadot/metadot load-bundle console +apps/metadot/metadot deps-bundle console + +# Install hydra system-wide +apps/hydra/hydractl install + +# Install trashman system-wide +sudo apps/trashman/trashman install trashman diff --git a/share/provision/debian/messenger b/share/provision/debian/messenger new file mode 100755 index 0000000..bdd8f7e --- /dev/null +++ b/share/provision/debian/messenger @@ -0,0 +1,39 @@ +#!/usr/bin/env bash +# +# Messenger provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR + +# Signal Desktop +sudo trashman install signal-desktop + +# Install Ricochet +#$APT_INSTALL ricochet-im + +# Install Gajim +$APT_INSTALL gajim gajim-omemo diff --git a/share/provision/debian/openbox b/share/provision/debian/openbox new file mode 100755 index 0000000..df47622 --- /dev/null +++ b/share/provision/debian/openbox @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# +# Openbox provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Use a stacked window manager to reduce browser fingerprinting +$APT_INSTALL openbox gmrun + +# Dotfiles configuration +if [ -x "$HOME/apps/metadot/metadot" ]; then + $HOME/apps/metadot/metadot load openbox +fi + +# Custom xsession config +if [ -f "$HOME/.custom/xsession" ]; then + sed -i -e 's/^WINDOW_MANAGER=.*$/WINDOW_MANAGER="openbox"/' $HOME/.custom/xsession +fi diff --git a/share/provision/debian/openvpn b/share/provision/debian/openvpn new file mode 100755 index 0000000..5722c3e --- /dev/null +++ b/share/provision/debian/openvpn @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR + +# Install OpenVPN and dnsutils (which provides nslookup) +$APT_INSTALL openvpn resolvconf dnsutils curl + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox diff --git a/share/provision/debian/tor-browser b/share/provision/debian/tor-browser new file mode 100755 index 0000000..afbab58 --- /dev/null +++ b/share/provision/debian/tor-browser @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +# +# Tor desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox diff --git a/share/provision/debian/trashman b/share/provision/debian/trashman new file mode 100755 index 0000000..b1f7bc5 --- /dev/null +++ b/share/provision/debian/trashman @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Trashman provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Install requirements +$APT_INSTALL git rsync + +# Get trashman +if [ -d "/usr/local/share/trashman" ]; then + ( cd /usr/local/share/trashman && sudo git pull ) +else + sudo git clone https://git.fluxo.info/trashman /usr/local/share/trashman +fi + +# Install trashman +sudo /usr/local/share/trashman/trashman install trashman diff --git a/share/provision/debian/web-basic b/share/provision/debian/web-basic new file mode 100755 index 0000000..11a94b5 --- /dev/null +++ b/share/provision/debian/web-basic @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# +# Web desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR + +# Additional packages +echo "Installing additional web packages..." +$APT_INSTALL firefox-esr chromium + +# Use addons.mozilla.org version instead +sudo apt-get remove -y webext-treestyletab + +# Mozilla configuration +# Create this config using "cd $HOME && /bin/tar jcvf mozilla.tar.bz2 .mozilla" +#if [ ! -d "$HOME/.mozilla" ]; then +# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/mozilla/mozilla.tar.bz2 ) +#fi + +# Chromium configuration +# Create this config using "cd $HOME && /bin/tar jcvf chromium.tar.bz2 .config/chromium" +#if [ ! -d "$HOME/.config/chromium" ]; then +# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium.tar.bz2 ) +# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium-profiles.tar.bz2 ) +#fi diff --git a/share/provision/debian/web-full b/share/provision/debian/web-full new file mode 100755 index 0000000..a21a15d --- /dev/null +++ b/share/provision/debian/web-full @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +# +# Web desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR + +# Office Suite +$APT_INSTALL libreoffice gimp inkscape mat + +# Lave Tor available if the user wants to route other software besides running Tor Browser +$APT_INSTALL tor + +# Luakit using stowpkg +#if [ ! -x "$HOME/apps/stowpkg/tree/`uname -m`/bin/luakit" ]; then +# $APT_INSTALL make stow +# apps/stowpkg/stowpkg install luakit +#else +# apps/stowpkg/stowpkg upgrade luakit +#fi + +# Ensure we have an updated qutebrowser +#apps/qutebrowser/qutebrowser update diff --git a/share/provision/debian/webserver b/share/provision/debian/webserver new file mode 100755 index 0000000..650452f --- /dev/null +++ b/share/provision/debian/webserver @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# +# Webserver provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean +sudo apt-get install -y apache2 diff --git a/share/provision/debian/wireguard b/share/provision/debian/wireguard new file mode 100755 index 0000000..0aad2c9 --- /dev/null +++ b/share/provision/debian/wireguard @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR + +# Install OpenVPN and dnsutils (which provides nslookup) +$APT_INSTALL wireguard-tools resolvconf dnsutils curl + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox |