From 7799e36e0f057625f29bba0394597da5645fcc30 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 13 Dec 2020 10:25:19 -0300 Subject: Fix: provision cleanup and organize --- share/provision/basic | 79 --------- share/provision/debian/basic | 79 +++++++++ share/provision/debian/desktop-basic | 78 +++++++++ share/provision/debian/desktop-full | 34 ++++ share/provision/debian/development | 37 +++++ .../files/desktop-basic/etc/default/keyboard | 10 ++ .../files/desktop-basic/etc/lightdm/lightdm.conf | 165 +++++++++++++++++++ .../files/desktop-basic/home/user/.custom/xsession | 48 ++++++ share/provision/debian/lsd | 57 +++++++ share/provision/debian/messenger | 39 +++++ share/provision/debian/openbox | 40 +++++ share/provision/debian/openvpn | 36 ++++ share/provision/debian/tor-browser | 33 ++++ share/provision/debian/trashman | 37 +++++ share/provision/debian/web-basic | 50 ++++++ share/provision/debian/web-full | 47 ++++++ share/provision/debian/webserver | 22 +++ share/provision/debian/wireguard | 36 ++++ share/provision/desktop-basic | 78 --------- share/provision/desktop-full | 34 ---- share/provision/development | 37 ----- .../files/desktop-basic/etc/default/keyboard | 10 -- .../files/desktop-basic/etc/lightdm/lightdm.conf | 165 ------------------- .../files/desktop-basic/home/user/.custom/xsession | 48 ------ .../files/njalla-openvpn/etc/ferm/ferm.conf | 181 --------------------- .../etc/udev/rules.d/81-vpn-firewall.rules | 2 - .../njalla-openvpn/usr/local/bin/fermreload.sh | 39 ----- .../files/njalla-wireguard/etc/ferm/ferm.conf | 179 -------------------- .../etc/udev/rules.d/81-vpn-firewall.rules | 2 - .../njalla-wireguard/usr/local/bin/fermreload.sh | 39 ----- share/provision/lsd | 57 ------- share/provision/messenger | 39 ----- share/provision/njalla-openvpn | 49 ------ share/provision/njalla-wireguard | 42 ----- share/provision/openbox | 32 ---- share/provision/openvpn | 36 ---- share/provision/tor-browser | 33 ---- share/provision/trashman | 37 ----- share/provision/web-basic | 50 ------ share/provision/web-full | 47 ------ share/provision/webserver | 22 --- share/provision/wireguard | 36 ---- 42 files changed, 848 insertions(+), 1373 deletions(-) delete mode 100755 share/provision/basic create mode 100755 share/provision/debian/basic create mode 100755 share/provision/debian/desktop-basic create mode 100755 share/provision/debian/desktop-full create mode 100755 share/provision/debian/development create mode 100644 share/provision/debian/files/desktop-basic/etc/default/keyboard create mode 100644 share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf create mode 100644 share/provision/debian/files/desktop-basic/home/user/.custom/xsession create mode 100755 share/provision/debian/lsd create mode 100755 share/provision/debian/messenger create mode 100755 share/provision/debian/openbox create mode 100755 share/provision/debian/openvpn create mode 100755 share/provision/debian/tor-browser create mode 100755 share/provision/debian/trashman create mode 100755 share/provision/debian/web-basic create mode 100755 share/provision/debian/web-full create mode 100755 share/provision/debian/webserver create mode 100755 share/provision/debian/wireguard delete mode 100755 share/provision/desktop-basic delete mode 100755 share/provision/desktop-full delete mode 100755 share/provision/development delete mode 100644 share/provision/files/desktop-basic/etc/default/keyboard delete mode 100644 share/provision/files/desktop-basic/etc/lightdm/lightdm.conf delete mode 100644 share/provision/files/desktop-basic/home/user/.custom/xsession delete mode 100644 share/provision/files/njalla-openvpn/etc/ferm/ferm.conf delete mode 100644 share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules delete mode 100755 share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh delete mode 100644 share/provision/files/njalla-wireguard/etc/ferm/ferm.conf delete mode 100644 share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules delete mode 100755 share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh delete mode 100755 share/provision/lsd delete mode 100755 share/provision/messenger delete mode 100755 share/provision/njalla-openvpn delete mode 100755 share/provision/njalla-wireguard delete mode 100755 share/provision/openbox delete mode 100755 share/provision/openvpn delete mode 100755 share/provision/tor-browser delete mode 100755 share/provision/trashman delete mode 100755 share/provision/web-basic delete mode 100755 share/provision/web-full delete mode 100755 share/provision/webserver delete mode 100755 share/provision/wireguard (limited to 'share') diff --git a/share/provision/basic b/share/provision/basic deleted file mode 100755 index 11a4d7d..0000000 --- a/share/provision/basic +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash -# -# Basic provisioner example -# -# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Upgrade -if which hydractl &> /dev/null; then - hydractl upgrade -else - sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1 -fi - -# Dependencies -echo "Installing basic dependencies..." -$APT_INSTALL zsh || exit 1 - -# Set user shell -if [ -x "/bin/zsh" ]; then - sudo chsh -s /bin/zsh `whoami` -fi - -# Provision LSD -$DIRNAME/lsd $HOSTNAME $DOMAIN $MIRROR - -# Provision trashman -#$DIRNAME/trashman $HOSTNAME $DOMAIN $MIRROR - -# -# System tuning -# - -# Configure some system behavior using trashman -sudo apps/trashman/trashman install swapfile -sudo apps/trashman/trashman install grub-serial-console - -# Security -sudo sysctl kernel.unprivileged_bpf_disabled=1 -echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null - -# Configuring APT -sudo apt-get update -$APT_INSTALL apt-transport-https || exit 1 -sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 -sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 -sudo sed -i -e "s|main$|main contrib non-free|g" /etc/apt/sources.list || exit 1 - -# GRUB timeout -if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then - sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub - sudo update-grub -fi - -# Fstrim -# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files -sudo fstrim -av -sudo sync diff --git a/share/provision/debian/basic b/share/provision/debian/basic new file mode 100755 index 0000000..11a4d7d --- /dev/null +++ b/share/provision/debian/basic @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +# +# Basic provisioner example +# +# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Upgrade +if which hydractl &> /dev/null; then + hydractl upgrade +else + sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean || exit 1 +fi + +# Dependencies +echo "Installing basic dependencies..." +$APT_INSTALL zsh || exit 1 + +# Set user shell +if [ -x "/bin/zsh" ]; then + sudo chsh -s /bin/zsh `whoami` +fi + +# Provision LSD +$DIRNAME/lsd $HOSTNAME $DOMAIN $MIRROR + +# Provision trashman +#$DIRNAME/trashman $HOSTNAME $DOMAIN $MIRROR + +# +# System tuning +# + +# Configure some system behavior using trashman +sudo apps/trashman/trashman install swapfile +sudo apps/trashman/trashman install grub-serial-console + +# Security +sudo sysctl kernel.unprivileged_bpf_disabled=1 +echo "kernel.unprivileged_bpf_disabled=1" | sudo tee /etc/sysctl.d/kernel.unprivileged_bpf_disabled.conf > /dev/null + +# Configuring APT +sudo apt-get update +$APT_INSTALL apt-transport-https || exit 1 +sudo sed -i -e "s|http://http.debian.net|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 +sudo sed -i -e "s|http://deb.debian.org|https://deb.debian.org|g" /etc/apt/sources.list || exit 1 +sudo sed -i -e "s|main$|main contrib non-free|g" /etc/apt/sources.list || exit 1 + +# GRUB timeout +if ! grep -q "GRUB_TIMEOUT=1" /etc/default/grub; then + sudo sed -i -e 's|GRUB_TIMEOUT=5|GRUB_TIMEOUT=1|' /etc/default/grub + sudo update-grub +fi + +# Fstrim +# See https://pve.proxmox.com/wiki/Shrink_Qcow2_Disk_Files +sudo fstrim -av +sudo sync diff --git a/share/provision/debian/desktop-basic b/share/provision/debian/desktop-basic new file mode 100755 index 0000000..ec49414 --- /dev/null +++ b/share/provision/debian/desktop-basic @@ -0,0 +1,78 @@ +#!/usr/bin/env bash +# +# Basic desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR + +# QXL +# See https://labs.riseup.net/code/issues/11518 +# https://bugs.mageia.org/show_bug.cgi?id=14607 +#if [ ! -e "/etc/modprobe.d/qxl-no-kms.conf" ]; then +# echo 'options qxl modeset=0' | sudo tee /etc/modprobe.d/qxl-no-kms.conf +# sudo update-initramfs -v -u +#fi + +# Ensure we are in the user home folder +cd + +# Aditional metadot modules +apps/metadot/metadot load-bundle desktop-basic +apps/metadot/metadot deps-bundle desktop-basic + +# Additional packages +echo "Installing additional desktop-basic packages..." +$APT_INSTALL xpra lightdm firejail xsel tigervnc-viewer + +# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861744 +$APT_INSTALL torbrowser-launcher alsa-utils pulseaudio + +# System-wide configuration +sudo cp $DIRNAME/files/desktop-basic/etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf +sudo cp $DIRNAME/files/desktop-basic/etc/default/keyboard /etc/default/keyboard +sudo update-alternatives --set x-window-manager /usr/bin/ratpoison + +# Removing the dotfiles' version of .dmrc ensures that +# +# the default x-window-manager automatically starts. Otherwise we may end up +# having lightdm unable to login automatically into ratpoison or even starting +# the wrong window manager. +rm -f $HOME/.dmrc + +# Load qlx module during initramfs phase otherwise the X server might start +# before this module gets loaded, resulting in weird spice errors. +if ! grep -q qxl /etc/initramfs-tools/modules; then + echo qxl | sudo tee -a /etc/initramfs-tools/modules > /dev/null + sudo update-initramfs -u +fi + +# User configuration +mkdir -p $HOME/.custom + +if [ ! -e "$HOME/.custom/xsession" ]; then + cp $DIRNAME/files/desktop-basic/home/user/.custom/xsession $HOME/.custom/xsession +fi diff --git a/share/provision/debian/desktop-full b/share/provision/debian/desktop-full new file mode 100755 index 0000000..b4dce46 --- /dev/null +++ b/share/provision/debian/desktop-full @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR + +# Install awesome +apps/metadot/metadot load awesome +apps/metadot/metadot deps awesome diff --git a/share/provision/debian/development b/share/provision/debian/development new file mode 100755 index 0000000..bb2f890 --- /dev/null +++ b/share/provision/debian/development @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Basic development provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR + +# Ensure we're in the home folder +cd + +# Load development config +apps/metadot/metadot load-bundle development +apps/metadot/metadot deps-bundle development diff --git a/share/provision/debian/files/desktop-basic/etc/default/keyboard b/share/provision/debian/files/desktop-basic/etc/default/keyboard new file mode 100644 index 0000000..f18fc73 --- /dev/null +++ b/share/provision/debian/files/desktop-basic/etc/default/keyboard @@ -0,0 +1,10 @@ +# KEYBOARD CONFIGURATION FILE + +# Consult the keyboard(5) manual page. + +XKBMODEL="abnt2" +XKBLAYOUT="br" +XKBVARIANT="thinkpad" +XKBOPTIONS="compose:ralt,terminate:ctrl_alt_bksp" + +BACKSPACE="guess" diff --git a/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf new file mode 100644 index 0000000..7614cc2 --- /dev/null +++ b/share/provision/debian/files/desktop-basic/etc/lightdm/lightdm.conf @@ -0,0 +1,165 @@ +# +# General configuration +# +# start-default-seat = True to always start one seat if none are defined in the configuration +# greeter-user = User to run greeter as +# minimum-display-number = Minimum display number to use for X servers +# minimum-vt = First VT to run displays on +# lock-memory = True to prevent memory from being paged to disk +# user-authority-in-system-dir = True if session authority should be in the system location +# guest-account-script = Script to be run to setup guest account +# logind-check-graphical = True to on start seats that are marked as graphical by logind +# log-directory = Directory to log information to +# run-directory = Directory to put running state in +# cache-directory = Directory to cache to +# sessions-directory = Directory to find sessions +# remote-sessions-directory = Directory to find remote sessions +# greeters-directory = Directory to find greeters +# backup-logs = True to move add a .old suffix to old log files when opening new ones +# +[LightDM] +#start-default-seat=true +#greeter-user=lightdm +#minimum-display-number=0 +#minimum-vt=7 +#lock-memory=true +#user-authority-in-system-dir=false +#guest-account-script=guest-account +#logind-check-graphical=false +#log-directory=/var/log/lightdm +#run-directory=/var/run/lightdm +#cache-directory=/var/cache/lightdm +#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions +#remote-sessions-directory=/usr/share/lightdm/remote-sessions +#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters +#backup-logs=true + +# +# Seat configuration +# +# Seat configuration is matched against the seat name glob in the section, for example: +# [Seat:*] matches all seats and is applied first. +# [Seat:seat0] matches the seat named "seat0". +# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client". +# +# type = Seat type (xlocal, xremote, unity) +# pam-service = PAM service to use for login +# pam-autologin-service = PAM service to use for autologin +# pam-greeter-service = PAM service to use for greeters +# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) +# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option) +# xserver-config = Config file to pass to X server +# xserver-layout = Layout to pass to X server +# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server +# xserver-share = True if the X server is shared for both greeter and session +# xserver-hostname = Hostname of X server (only for type=xremote) +# xserver-display-number = Display number of X server (only for type=xremote) +# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) +# xdmcp-port = XDMCP UDP/IP port to communicate on +# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) +# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) +# unity-compositor-timeout = Number of seconds to wait for compositor to start +# greeter-session = Session to load for greeter +# greeter-hide-users = True to hide the user list +# greeter-allow-guest = True if the greeter should show a guest login option +# greeter-show-manual-login = True if the greeter should offer a manual login option +# greeter-show-remote-login = True if the greeter should offer a remote login option +# user-session = Session to load for users +# allow-user-switching = True if allowed to switch users +# allow-guest = True if guest login is allowed +# guest-session = Session to load for guests (overrides user-session) +# session-wrapper = Wrapper script to run session with +# greeter-wrapper = Wrapper script to run greeter with +# guest-wrapper = Wrapper script to run guest sessions with +# display-setup-script = Script to run when starting a greeter session (runs as root) +# display-stopped-script = Script to run after stopping the display server (runs as root) +# greeter-setup-script = Script to run when starting a greeter (runs as root) +# session-setup-script = Script to run when starting a user session (runs as root) +# session-cleanup-script = Script to run when quitting a user session (runs as root) +# autologin-guest = True to log in as guest by default +# autologin-user = User to log in with by default (overrides autologin-guest) +# autologin-user-timeout = Number of seconds to wait before loading default user +# autologin-session = Session to load for automatic login (overrides user-session) +# autologin-in-background = True if autologin session should not be immediately activated +# exit-on-failure = True if the daemon should exit if this seat fails +# +[Seat:*] +#type=xlocal +#pam-service=lightdm +#pam-autologin-service=lightdm-autologin +#pam-greeter-service=lightdm-greeter +#xserver-command=X +#xmir-command=Xmir +#xserver-config= +#xserver-layout= +xserver-allow-tcp=true +#xserver-share=true +#xserver-hostname= +#xserver-display-number= +#xdmcp-manager= +#xdmcp-port=177 +#xdmcp-key= +#unity-compositor-command=unity-system-compositor +#unity-compositor-timeout=60 +#greeter-session=example-gtk-gnome +#greeter-hide-users=false +#greeter-allow-guest=true +#greeter-show-manual-login=false +#greeter-show-remote-login=true +#user-session=default +#allow-user-switching=true +#allow-guest=true +#guest-session= +#session-wrapper=lightdm-session +#greeter-wrapper= +#guest-wrapper= +#display-setup-script= +#display-stopped-script= +#greeter-setup-script= +#session-setup-script= +#session-cleanup-script= +#autologin-guest=false +autologin-user=user +autologin-user-timeout=0 +#autologin-in-background=false +#autologin-session= +#exit-on-failure=false + +# +# XDMCP Server configuration +# +# enabled = True if XDMCP connections should be allowed +# port = UDP/IP port to listen for connections on +# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present) +# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) +# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset) +# +# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively +# it can be a word and the first 7 characters are used as the key. +# +[XDMCPServer] +enabled=true +port=177 +#listen-address= +#key= +#hostname= + +# +# VNC Server configuration +# +# enabled = True if VNC connections should be allowed +# command = Command to run Xvnc server with +# port = TCP/IP port to listen for connections on +# listen-address = Host/address to listen for VNC connections (use all addresses if not present) +# width = Width of display to use +# height = Height of display to use +# depth = Color depth of display to use +# +[VNCServer] +#enabled=false +#command=Xvnc +#port=5900 +#listen-address= +#width=1024 +#height=768 +#depth=8 diff --git a/share/provision/debian/files/desktop-basic/home/user/.custom/xsession b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession new file mode 100644 index 0000000..ee206e0 --- /dev/null +++ b/share/provision/debian/files/desktop-basic/home/user/.custom/xsession @@ -0,0 +1,48 @@ +# +# Custom X11 session config +# + +# Parameters +HOSTNAME="`cat /etc/hostname | cut -d . -f 1`" + +# Set window manager +WINDOW_MANAGER="ratpoison" + +# Display device +DISPLAY_DEVICE="Virtual-0" # or maybe qlx-0 + +# +# Set screen size +# + +# Modeline determined by running "cvt 1280 780" +#xrandr --newmode "1280x780_60.00" 81.50 1280 1352 1480 1680 780 783 793 810 -hsync +vsync +#xrandr --addmode $DISPLAY_DEVICE 1280x780_60.00 + +# Modeline determined by running "cvt 1368 748" +#xrandr --newmode "1368x748_60.00" 83.00 1368 1440 1576 1784 748 751 761 777 -hsync +vsync +#xrandr --addmode $DISPLAY_DEVICE 1368x748_60.00 + +# Set default modeline +#xrandr --output $DISPLAY_DEVICE --mode 1368x748_60.00 +#xrandr --output $DISPLAY_DEVICE --mode 1280x780_60.00 + +# Workaround for programs that depend on a system fully operational +# Example: chromium browser running with firejail when your ${DOWNLOADS} +# path is a shared folder to be mounted by kvmx. If you don't sleep here, +# you mind find a whitelisting error at the firejail profile in your +# ~/.xsession-errors. +sleep 8 + +# Startup programs +if [ "$HOSTNAME" = "web" ]; then + PROGRAMS="$PROGRAMS tor-browser" +elif [ "$HOSTNAME" = "vnc" ]; then + PROGRAMS="$PROGRAMS vnc" +else + PROGRAMS="$PROGRAMS terminal" +fi + +# Fix keyboard layout if needed +# https://wiki.debian.org/Keyboard +#setxkbmap -model abnt2 -layout br -variant thinkpad diff --git a/share/provision/debian/lsd b/share/provision/debian/lsd new file mode 100755 index 0000000..2b4a35e --- /dev/null +++ b/share/provision/debian/lsd @@ -0,0 +1,57 @@ +#!/usr/bin/env bash +# +# Provisioner for the Lightweight Software Distribution - LSD. +# +# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Ensure we're in the home folder +cd + +# Dependencies +echo "Installing basic dependencies..." +$APT_INSTALL git curl make wipe man zsh || exit 1 + +# Tools +if [ ! -e "apps/infection" ]; then + rm -rf apps + git clone --recursive https://git.fluxo.info/rhatto/apps + apps/infection init +else + echo "Updating locally-installed apps and dotfiles..." + apps/infection fetch + apps/infection merge + apps/metadot/metadot fetch + apps/metadot/metadot merge +fi + +# Load basic config +apps/metadot/metadot load-bundle console +apps/metadot/metadot deps-bundle console + +# Install hydra system-wide +apps/hydra/hydractl install + +# Install trashman system-wide +sudo apps/trashman/trashman install trashman diff --git a/share/provision/debian/messenger b/share/provision/debian/messenger new file mode 100755 index 0000000..bdd8f7e --- /dev/null +++ b/share/provision/debian/messenger @@ -0,0 +1,39 @@ +#!/usr/bin/env bash +# +# Messenger provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR + +# Signal Desktop +sudo trashman install signal-desktop + +# Install Ricochet +#$APT_INSTALL ricochet-im + +# Install Gajim +$APT_INSTALL gajim gajim-omemo diff --git a/share/provision/debian/openbox b/share/provision/debian/openbox new file mode 100755 index 0000000..df47622 --- /dev/null +++ b/share/provision/debian/openbox @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +# +# Openbox provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Use a stacked window manager to reduce browser fingerprinting +$APT_INSTALL openbox gmrun + +# Dotfiles configuration +if [ -x "$HOME/apps/metadot/metadot" ]; then + $HOME/apps/metadot/metadot load openbox +fi + +# Custom xsession config +if [ -f "$HOME/.custom/xsession" ]; then + sed -i -e 's/^WINDOW_MANAGER=.*$/WINDOW_MANAGER="openbox"/' $HOME/.custom/xsession +fi diff --git a/share/provision/debian/openvpn b/share/provision/debian/openvpn new file mode 100755 index 0000000..5722c3e --- /dev/null +++ b/share/provision/debian/openvpn @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR + +# Install OpenVPN and dnsutils (which provides nslookup) +$APT_INSTALL openvpn resolvconf dnsutils curl + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox diff --git a/share/provision/debian/tor-browser b/share/provision/debian/tor-browser new file mode 100755 index 0000000..afbab58 --- /dev/null +++ b/share/provision/debian/tor-browser @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +# +# Tor desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox diff --git a/share/provision/debian/trashman b/share/provision/debian/trashman new file mode 100755 index 0000000..b1f7bc5 --- /dev/null +++ b/share/provision/debian/trashman @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# +# Trashman provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Install requirements +$APT_INSTALL git rsync + +# Get trashman +if [ -d "/usr/local/share/trashman" ]; then + ( cd /usr/local/share/trashman && sudo git pull ) +else + sudo git clone https://git.fluxo.info/trashman /usr/local/share/trashman +fi + +# Install trashman +sudo /usr/local/share/trashman/trashman install trashman diff --git a/share/provision/debian/web-basic b/share/provision/debian/web-basic new file mode 100755 index 0000000..11a94b5 --- /dev/null +++ b/share/provision/debian/web-basic @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# +# Web desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR + +# Additional packages +echo "Installing additional web packages..." +$APT_INSTALL firefox-esr chromium + +# Use addons.mozilla.org version instead +sudo apt-get remove -y webext-treestyletab + +# Mozilla configuration +# Create this config using "cd $HOME && /bin/tar jcvf mozilla.tar.bz2 .mozilla" +#if [ ! -d "$HOME/.mozilla" ]; then +# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/mozilla/mozilla.tar.bz2 ) +#fi + +# Chromium configuration +# Create this config using "cd $HOME && /bin/tar jcvf chromium.tar.bz2 .config/chromium" +#if [ ! -d "$HOME/.config/chromium" ]; then +# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium.tar.bz2 ) +# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium-profiles.tar.bz2 ) +#fi diff --git a/share/provision/debian/web-full b/share/provision/debian/web-full new file mode 100755 index 0000000..a21a15d --- /dev/null +++ b/share/provision/debian/web-full @@ -0,0 +1,47 @@ +#!/usr/bin/env bash +# +# Web desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR + +# Office Suite +$APT_INSTALL libreoffice gimp inkscape mat + +# Lave Tor available if the user wants to route other software besides running Tor Browser +$APT_INSTALL tor + +# Luakit using stowpkg +#if [ ! -x "$HOME/apps/stowpkg/tree/`uname -m`/bin/luakit" ]; then +# $APT_INSTALL make stow +# apps/stowpkg/stowpkg install luakit +#else +# apps/stowpkg/stowpkg upgrade luakit +#fi + +# Ensure we have an updated qutebrowser +#apps/qutebrowser/qutebrowser update diff --git a/share/provision/debian/webserver b/share/provision/debian/webserver new file mode 100755 index 0000000..650452f --- /dev/null +++ b/share/provision/debian/webserver @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# +# Webserver provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean +sudo apt-get install -y apache2 diff --git a/share/provision/debian/wireguard b/share/provision/debian/wireguard new file mode 100755 index 0000000..0aad2c9 --- /dev/null +++ b/share/provision/debian/wireguard @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# Full desktop provision example +# +# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published +# by the Free Software Foundation, either version 3 of the License, +# or any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +# Parameters +DIRNAME="`dirname $0`" +BASENAME="`basename $0`" +HOSTNAME="$1" +DOMAIN="$2" +MIRROR="$3" +APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" + +# Provision the basic stuff +$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR + +# Install OpenVPN and dnsutils (which provides nslookup) +$APT_INSTALL wireguard-tools resolvconf dnsutils curl + +# Use a stacked window manager to reduce browser fingerprinting +$DIRNAME/openbox diff --git a/share/provision/desktop-basic b/share/provision/desktop-basic deleted file mode 100755 index ec49414..0000000 --- a/share/provision/desktop-basic +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env bash -# -# Basic desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR - -# QXL -# See https://labs.riseup.net/code/issues/11518 -# https://bugs.mageia.org/show_bug.cgi?id=14607 -#if [ ! -e "/etc/modprobe.d/qxl-no-kms.conf" ]; then -# echo 'options qxl modeset=0' | sudo tee /etc/modprobe.d/qxl-no-kms.conf -# sudo update-initramfs -v -u -#fi - -# Ensure we are in the user home folder -cd - -# Aditional metadot modules -apps/metadot/metadot load-bundle desktop-basic -apps/metadot/metadot deps-bundle desktop-basic - -# Additional packages -echo "Installing additional desktop-basic packages..." -$APT_INSTALL xpra lightdm firejail xsel tigervnc-viewer - -# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861744 -$APT_INSTALL torbrowser-launcher alsa-utils pulseaudio - -# System-wide configuration -sudo cp $DIRNAME/files/desktop-basic/etc/lightdm/lightdm.conf /etc/lightdm/lightdm.conf -sudo cp $DIRNAME/files/desktop-basic/etc/default/keyboard /etc/default/keyboard -sudo update-alternatives --set x-window-manager /usr/bin/ratpoison - -# Removing the dotfiles' version of .dmrc ensures that -# -# the default x-window-manager automatically starts. Otherwise we may end up -# having lightdm unable to login automatically into ratpoison or even starting -# the wrong window manager. -rm -f $HOME/.dmrc - -# Load qlx module during initramfs phase otherwise the X server might start -# before this module gets loaded, resulting in weird spice errors. -if ! grep -q qxl /etc/initramfs-tools/modules; then - echo qxl | sudo tee -a /etc/initramfs-tools/modules > /dev/null - sudo update-initramfs -u -fi - -# User configuration -mkdir -p $HOME/.custom - -if [ ! -e "$HOME/.custom/xsession" ]; then - cp $DIRNAME/files/desktop-basic/home/user/.custom/xsession $HOME/.custom/xsession -fi diff --git a/share/provision/desktop-full b/share/provision/desktop-full deleted file mode 100755 index b4dce46..0000000 --- a/share/provision/desktop-full +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env bash -# -# Full desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR - -# Install awesome -apps/metadot/metadot load awesome -apps/metadot/metadot deps awesome diff --git a/share/provision/development b/share/provision/development deleted file mode 100755 index bb2f890..0000000 --- a/share/provision/development +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash -# -# Basic development provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/basic $HOSTNAME $DOMAIN $MIRROR - -# Ensure we're in the home folder -cd - -# Load development config -apps/metadot/metadot load-bundle development -apps/metadot/metadot deps-bundle development diff --git a/share/provision/files/desktop-basic/etc/default/keyboard b/share/provision/files/desktop-basic/etc/default/keyboard deleted file mode 100644 index f18fc73..0000000 --- a/share/provision/files/desktop-basic/etc/default/keyboard +++ /dev/null @@ -1,10 +0,0 @@ -# KEYBOARD CONFIGURATION FILE - -# Consult the keyboard(5) manual page. - -XKBMODEL="abnt2" -XKBLAYOUT="br" -XKBVARIANT="thinkpad" -XKBOPTIONS="compose:ralt,terminate:ctrl_alt_bksp" - -BACKSPACE="guess" diff --git a/share/provision/files/desktop-basic/etc/lightdm/lightdm.conf b/share/provision/files/desktop-basic/etc/lightdm/lightdm.conf deleted file mode 100644 index 7614cc2..0000000 --- a/share/provision/files/desktop-basic/etc/lightdm/lightdm.conf +++ /dev/null @@ -1,165 +0,0 @@ -# -# General configuration -# -# start-default-seat = True to always start one seat if none are defined in the configuration -# greeter-user = User to run greeter as -# minimum-display-number = Minimum display number to use for X servers -# minimum-vt = First VT to run displays on -# lock-memory = True to prevent memory from being paged to disk -# user-authority-in-system-dir = True if session authority should be in the system location -# guest-account-script = Script to be run to setup guest account -# logind-check-graphical = True to on start seats that are marked as graphical by logind -# log-directory = Directory to log information to -# run-directory = Directory to put running state in -# cache-directory = Directory to cache to -# sessions-directory = Directory to find sessions -# remote-sessions-directory = Directory to find remote sessions -# greeters-directory = Directory to find greeters -# backup-logs = True to move add a .old suffix to old log files when opening new ones -# -[LightDM] -#start-default-seat=true -#greeter-user=lightdm -#minimum-display-number=0 -#minimum-vt=7 -#lock-memory=true -#user-authority-in-system-dir=false -#guest-account-script=guest-account -#logind-check-graphical=false -#log-directory=/var/log/lightdm -#run-directory=/var/run/lightdm -#cache-directory=/var/cache/lightdm -#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions -#remote-sessions-directory=/usr/share/lightdm/remote-sessions -#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters -#backup-logs=true - -# -# Seat configuration -# -# Seat configuration is matched against the seat name glob in the section, for example: -# [Seat:*] matches all seats and is applied first. -# [Seat:seat0] matches the seat named "seat0". -# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client". -# -# type = Seat type (xlocal, xremote, unity) -# pam-service = PAM service to use for login -# pam-autologin-service = PAM service to use for autologin -# pam-greeter-service = PAM service to use for greeters -# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) -# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option) -# xserver-config = Config file to pass to X server -# xserver-layout = Layout to pass to X server -# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server -# xserver-share = True if the X server is shared for both greeter and session -# xserver-hostname = Hostname of X server (only for type=xremote) -# xserver-display-number = Display number of X server (only for type=xremote) -# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) -# xdmcp-port = XDMCP UDP/IP port to communicate on -# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) -# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) -# unity-compositor-timeout = Number of seconds to wait for compositor to start -# greeter-session = Session to load for greeter -# greeter-hide-users = True to hide the user list -# greeter-allow-guest = True if the greeter should show a guest login option -# greeter-show-manual-login = True if the greeter should offer a manual login option -# greeter-show-remote-login = True if the greeter should offer a remote login option -# user-session = Session to load for users -# allow-user-switching = True if allowed to switch users -# allow-guest = True if guest login is allowed -# guest-session = Session to load for guests (overrides user-session) -# session-wrapper = Wrapper script to run session with -# greeter-wrapper = Wrapper script to run greeter with -# guest-wrapper = Wrapper script to run guest sessions with -# display-setup-script = Script to run when starting a greeter session (runs as root) -# display-stopped-script = Script to run after stopping the display server (runs as root) -# greeter-setup-script = Script to run when starting a greeter (runs as root) -# session-setup-script = Script to run when starting a user session (runs as root) -# session-cleanup-script = Script to run when quitting a user session (runs as root) -# autologin-guest = True to log in as guest by default -# autologin-user = User to log in with by default (overrides autologin-guest) -# autologin-user-timeout = Number of seconds to wait before loading default user -# autologin-session = Session to load for automatic login (overrides user-session) -# autologin-in-background = True if autologin session should not be immediately activated -# exit-on-failure = True if the daemon should exit if this seat fails -# -[Seat:*] -#type=xlocal -#pam-service=lightdm -#pam-autologin-service=lightdm-autologin -#pam-greeter-service=lightdm-greeter -#xserver-command=X -#xmir-command=Xmir -#xserver-config= -#xserver-layout= -xserver-allow-tcp=true -#xserver-share=true -#xserver-hostname= -#xserver-display-number= -#xdmcp-manager= -#xdmcp-port=177 -#xdmcp-key= -#unity-compositor-command=unity-system-compositor -#unity-compositor-timeout=60 -#greeter-session=example-gtk-gnome -#greeter-hide-users=false -#greeter-allow-guest=true -#greeter-show-manual-login=false -#greeter-show-remote-login=true -#user-session=default -#allow-user-switching=true -#allow-guest=true -#guest-session= -#session-wrapper=lightdm-session -#greeter-wrapper= -#guest-wrapper= -#display-setup-script= -#display-stopped-script= -#greeter-setup-script= -#session-setup-script= -#session-cleanup-script= -#autologin-guest=false -autologin-user=user -autologin-user-timeout=0 -#autologin-in-background=false -#autologin-session= -#exit-on-failure=false - -# -# XDMCP Server configuration -# -# enabled = True if XDMCP connections should be allowed -# port = UDP/IP port to listen for connections on -# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present) -# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) -# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset) -# -# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively -# it can be a word and the first 7 characters are used as the key. -# -[XDMCPServer] -enabled=true -port=177 -#listen-address= -#key= -#hostname= - -# -# VNC Server configuration -# -# enabled = True if VNC connections should be allowed -# command = Command to run Xvnc server with -# port = TCP/IP port to listen for connections on -# listen-address = Host/address to listen for VNC connections (use all addresses if not present) -# width = Width of display to use -# height = Height of display to use -# depth = Color depth of display to use -# -[VNCServer] -#enabled=false -#command=Xvnc -#port=5900 -#listen-address= -#width=1024 -#height=768 -#depth=8 diff --git a/share/provision/files/desktop-basic/home/user/.custom/xsession b/share/provision/files/desktop-basic/home/user/.custom/xsession deleted file mode 100644 index ee206e0..0000000 --- a/share/provision/files/desktop-basic/home/user/.custom/xsession +++ /dev/null @@ -1,48 +0,0 @@ -# -# Custom X11 session config -# - -# Parameters -HOSTNAME="`cat /etc/hostname | cut -d . -f 1`" - -# Set window manager -WINDOW_MANAGER="ratpoison" - -# Display device -DISPLAY_DEVICE="Virtual-0" # or maybe qlx-0 - -# -# Set screen size -# - -# Modeline determined by running "cvt 1280 780" -#xrandr --newmode "1280x780_60.00" 81.50 1280 1352 1480 1680 780 783 793 810 -hsync +vsync -#xrandr --addmode $DISPLAY_DEVICE 1280x780_60.00 - -# Modeline determined by running "cvt 1368 748" -#xrandr --newmode "1368x748_60.00" 83.00 1368 1440 1576 1784 748 751 761 777 -hsync +vsync -#xrandr --addmode $DISPLAY_DEVICE 1368x748_60.00 - -# Set default modeline -#xrandr --output $DISPLAY_DEVICE --mode 1368x748_60.00 -#xrandr --output $DISPLAY_DEVICE --mode 1280x780_60.00 - -# Workaround for programs that depend on a system fully operational -# Example: chromium browser running with firejail when your ${DOWNLOADS} -# path is a shared folder to be mounted by kvmx. If you don't sleep here, -# you mind find a whitelisting error at the firejail profile in your -# ~/.xsession-errors. -sleep 8 - -# Startup programs -if [ "$HOSTNAME" = "web" ]; then - PROGRAMS="$PROGRAMS tor-browser" -elif [ "$HOSTNAME" = "vnc" ]; then - PROGRAMS="$PROGRAMS vnc" -else - PROGRAMS="$PROGRAMS terminal" -fi - -# Fix keyboard layout if needed -# https://wiki.debian.org/Keyboard -#setxkbmap -model abnt2 -layout br -variant thinkpad diff --git a/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf b/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf deleted file mode 100644 index a25a3d2..0000000 --- a/share/provision/files/njalla-openvpn/etc/ferm/ferm.conf +++ /dev/null @@ -1,181 +0,0 @@ -# -*- shell-script -*- -# -# Configuration file for ferm(1). -# -# V: 0.1 -# -# ferm manual: http://ferm.foo-projects.org/download/2.2/ferm.html -# Blog post: https://blog.ipredator.se/linux-firewall-howto.html -# - -# Really make sure that these modules exist and are loaded. -@hook pre "/sbin/modprobe nf_conntrack_ftp"; -@hook pre "/sbin/modprobe nfnetlink_log"; - -# Network interfaces. -#@def $DEV_LAN = eth0; -@def $DEV_LAN = ens3; -@def $DEV_LOOPBACK = lo0; -@def $DEV_VPN = tun0; - -# Network definition for the loopback device. This is needed to allow -# DNS resolution on Ubuntu Linux where the local resolver is bound -# to 127.0.1.1 - as opposed to the default 127.0.0.1. -@def $NET_LOOPBACK = 127.0.0.0/8; - -# Common application ports. -@def $PORT_DNS = 53; -@def $PORT_FTP = ( 20 21 ); -@def $PORT_NTP = 123; -@def $PORT_SSH = 22; -@def $PORT_WEB = ( 80 443 ); - -# The ports we allow OpenVPN to connect to. IPredator allows you -# to connect on _any_ port. Simply add more ports if desired but -# stick to only those that you really need. -@def $PORT_OPENVPN = (1194 1234 1337 2342 5060); - -# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html -# Ports Transmission is allowed to use. -@def $PORT_TRANSMISSION = 16384:65535; - -# Public DNS servers and those that are only reachable via VPN. -# DNS servers are specified in the outbound DNS rules to prevent DNS leaks -# (https://www.dnsleaktest.com/). The public DNS servers configured on your -# system should be the IPredator ones (https://www.ipredator.se/page/services#service_dns), -# but you need to verify this. -# -@def $IP_DNS_IPR_PUBLIC = (194.132.32.32/32 46.246.46.246/32); - -# Add your ISP name server to this object if you want to restrict -# which DNS servers can be queried. -@def $IP_DNS_PUBLIC = 0.0.0.0/0; - -# DNS server available within the VPN. -@def $IP_DNS_VPN = ( 46.246.46.46/32 194.132.32.23/32 ); - -# Make sure to use the proper VPN interface (e.g. tun0 in this case). -# Note: You cannot reference $DEV_VPN here, substition does not take -# place for commands passed to a sub shell. -@def $VPN_ACTIVE = `ip link show tun0 >/dev/null 2>/dev/null && echo 1 || echo`; - -# VPN interface conditional. If true the following rules are loaded. -@if $VPN_ACTIVE { - domain ip { - table filter { - chain INPUT { - interface $DEV_VPN { - proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT; - } - } - chain OUTPUT { - # Default allowed outbound services on the VPN interface. - # If you need more simply add your rules here. - outerface $DEV_VPN { - proto (tcp udp) daddr ( $IP_DNS_VPN $IP_DNS_IPR_PUBLIC ) dport $PORT_DNS ACCEPT; - proto tcp dport $PORT_FTP ACCEPT; - proto udp dport $PORT_NTP ACCEPT; - proto tcp dport $PORT_SSH ACCEPT; - proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT; - proto tcp dport $PORT_WEB ACCEPT; - } - } - } - } -} - -# The main IPv4 rule set. -domain ip { - table filter { - chain INPUT { - # The default policy for the chain. Usually ACCEPT or DROP or REJECT. - policy DROP; - - # Connection tracking. - mod state state INVALID DROP; - mod state state (ESTABLISHED RELATED) ACCEPT; - - # Allow local traffic to loopback interface. - daddr $NET_LOOPBACK ACCEPT; - - # Allow inbound SSH on your LAN interface _only_. - interface $DEV_LAN { - proto tcp dport $PORT_SSH ACCEPT; - } - - # Respond to ping ... makes debugging easier. - proto icmp icmp-type echo-request ACCEPT; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - - chain OUTPUT { - policy DROP; - - # Connection tracking. - mod state state INVALID DROP; - mod state state (ESTABLISHED RELATED) ACCEPT; - - # Allow local traffic from the loopback interface. - saddr $NET_LOOPBACK ACCEPT; - - # Respond to ping. - proto icmp icmp-type echo-request ACCEPT; - - # Allowed services on the LAN interface. - outerface $DEV_LAN { - proto (tcp udp) daddr $IP_DNS_PUBLIC dport $PORT_DNS ACCEPT; - proto udp dport $PORT_NTP ACCEPT; - proto (tcp udp) dport $PORT_OPENVPN ACCEPT; - proto tcp dport $PORT_SSH ACCEPT; - } - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - - chain FORWARD { - policy DROP; - - # If you use your machine to route traffic eg. - # from a VM you have to add rules here! - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - } -} - -# IPv6 is generally disabled, communication on the loopback device is allowed. -domain ip6 { - table filter { - chain INPUT { - policy DROP; - - # Allow local traffic. - interface $DEV_LOOPBACK ACCEPT; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - chain OUTPUT { - policy DROP; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - chain FORWARD { - policy DROP; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - } -} diff --git a/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules b/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules deleted file mode 100644 index 64d8bd1..0000000 --- a/share/provision/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules +++ /dev/null @@ -1,2 +0,0 @@ -KERNEL=="tun0", ACTION=="add", RUN+="/usr/local/bin/fermreload.sh add" -KERNEL=="tun0", ACTION=="remove", RUN+="/usr/local/bin/fermreload.sh remove" diff --git a/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh b/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh deleted file mode 100755 index cebf7cc..0000000 --- a/share/provision/files/njalla-openvpn/usr/local/bin/fermreload.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# -# fermreload.sh -# V: 0.1 -# -# Reloads the ferm firewall ruleset and is invoked by -# the udev via /etc/udev/rules.d/81-vpn-firewall.rules. -# -# IPredator 2014 -# Released under the Kopimi license. -# -# Blog post: https://blog.ipredator.se/linux-firewall-howto.html -# - -LOGGER=/usr/bin/logger -LOGGER_TAG=$0 - -UDEV_ACTION=$1 - -FERM=/usr/sbin/ferm -FERM_CONF=/etc/ferm/ferm.conf - -MSG_FW_RULE_ADD="Adding VPN firewall rules." -MSG_FW_RULE_REMOVE="Removing VPN firewall rules." -MSG_UDEV_ACTION_UNKNOWN="Unknown udev action." - -case "$UDEV_ACTION" in - add) - $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_ADD - $FERM $FERM_CONF - ;; - remove) - $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_REMOVE - $FERM $FERM_CONF - ;; - *) - $LOGGER -t $LOGGER_TAG $MSG_UDEV_ACTION_UNKNOWN - exit 1 -esac diff --git a/share/provision/files/njalla-wireguard/etc/ferm/ferm.conf b/share/provision/files/njalla-wireguard/etc/ferm/ferm.conf deleted file mode 100644 index 9ef8208..0000000 --- a/share/provision/files/njalla-wireguard/etc/ferm/ferm.conf +++ /dev/null @@ -1,179 +0,0 @@ -# -*- shell-script -*- -# -# Configuration file for ferm(1). -# -# V: 0.1 -# -# ferm manual: http://ferm.foo-projects.org/download/2.2/ferm.html -# Blog post: https://blog.ipredator.se/linux-firewall-howto.html -# - -# Really make sure that these modules exist and are loaded. -@hook pre "/sbin/modprobe nf_conntrack_ftp"; -@hook pre "/sbin/modprobe nfnetlink_log"; - -# Network interfaces. -#@def $DEV_LAN = eth0; -@def $DEV_LAN = ens3; -@def $DEV_LOOPBACK = lo0; -@def $DEV_VPN = wg0; - -# Network definition for the loopback device. This is needed to allow -# DNS resolution on Ubuntu Linux where the local resolver is bound -# to 127.0.1.1 - as opposed to the default 127.0.0.1. -@def $NET_LOOPBACK = 127.0.0.0/8; - -# Common application ports. -@def $PORT_DNS = 53; -@def $PORT_FTP = ( 20 21 ); -@def $PORT_NTP = 123; -@def $PORT_SSH = 22; -@def $PORT_WEB = ( 80 443 ); - -# The ports we allow to connect to. -@def $PORT_WIREGUARD = ( 51820 ); - -# See https://blog.ipredator.se/howto/restricting-transmission-to-the-vpn-interface-on-ubuntu-linux.html -# Ports Transmission is allowed to use. -@def $PORT_TRANSMISSION = 16384:65535; - -# Public DNS servers and those that are only reachable via VPN. -# DNS servers are specified in the outbound DNS rules to prevent DNS leaks -# (https://www.dnsleaktest.com/). The public DNS servers configured on your -# system should be the IPredator ones (https://www.ipredator.se/page/services#service_dns), -# but you need to verify this. -# -@def $IP_DNS_IPR_PUBLIC = ( 95.215.19.53/32 ); - -# Add your ISP name server to this object if you want to restrict -# which DNS servers can be queried. -@def $IP_DNS_PUBLIC = 0.0.0.0/0; - -# DNS server available within the VPN. -@def $IP_DNS_VPN = ( 95.215.19.53/32 ); - -# Make sure to use the proper VPN interface (e.g. wg0 in this case). -# Note: You cannot reference $DEV_VPN here, substition does not take -# place for commands passed to a sub shell. -@def $VPN_ACTIVE = `ip link show wg0 >/dev/null 2>/dev/null && echo 1 || echo`; - -# VPN interface conditional. If true the following rules are loaded. -@if $VPN_ACTIVE { - domain ip { - table filter { - chain INPUT { - interface $DEV_VPN { - proto (tcp udp) dport $PORT_TRANSMISSION ACCEPT; - } - } - chain OUTPUT { - # Default allowed outbound services on the VPN interface. - # If you need more simply add your rules here. - outerface $DEV_VPN { - proto (tcp udp) daddr ( $IP_DNS_VPN $IP_DNS_IPR_PUBLIC ) dport $PORT_DNS ACCEPT; - proto tcp dport $PORT_FTP ACCEPT; - proto udp dport $PORT_NTP ACCEPT; - proto tcp dport $PORT_SSH ACCEPT; - proto (tcp udp) sport $PORT_TRANSMISSION ACCEPT; - proto tcp dport $PORT_WEB ACCEPT; - } - } - } - } -} - -# The main IPv4 rule set. -domain ip { - table filter { - chain INPUT { - # The default policy for the chain. Usually ACCEPT or DROP or REJECT. - policy DROP; - - # Connection tracking. - mod state state INVALID DROP; - mod state state (ESTABLISHED RELATED) ACCEPT; - - # Allow local traffic to loopback interface. - daddr $NET_LOOPBACK ACCEPT; - - # Allow inbound SSH on your LAN interface _only_. - interface $DEV_LAN { - proto tcp dport $PORT_SSH ACCEPT; - } - - # Respond to ping ... makes debugging easier. - proto icmp icmp-type echo-request ACCEPT; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - - chain OUTPUT { - policy DROP; - - # Connection tracking. - mod state state INVALID DROP; - mod state state (ESTABLISHED RELATED) ACCEPT; - - # Allow local traffic from the loopback interface. - saddr $NET_LOOPBACK ACCEPT; - - # Respond to ping. - proto icmp icmp-type echo-request ACCEPT; - - # Allowed services on the LAN interface. - outerface $DEV_LAN { - proto (tcp udp) daddr $IP_DNS_PUBLIC dport $PORT_DNS ACCEPT; - proto udp dport $PORT_NTP ACCEPT; - proto (tcp udp) dport $PORT_WIREGUARD ACCEPT; - proto tcp dport $PORT_SSH ACCEPT; - } - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - - chain FORWARD { - policy DROP; - - # If you use your machine to route traffic eg. - # from a VM you have to add rules here! - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - } -} - -# IPv6 is generally disabled, communication on the loopback device is allowed. -domain ip6 { - table filter { - chain INPUT { - policy DROP; - - # Allow local traffic. - interface $DEV_LOOPBACK ACCEPT; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - chain OUTPUT { - policy DROP; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - chain FORWARD { - policy DROP; - - # Log dropped packets. - NFLOG nflog-group 1; - DROP; - } - } -} diff --git a/share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules b/share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules deleted file mode 100644 index 8c9d744..0000000 --- a/share/provision/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules +++ /dev/null @@ -1,2 +0,0 @@ -KERNEL=="wg0", ACTION=="add", RUN+="/usr/local/bin/fermreload.sh add" -KERNEL=="wg0", ACTION=="remove", RUN+="/usr/local/bin/fermreload.sh remove" diff --git a/share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh b/share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh deleted file mode 100755 index cebf7cc..0000000 --- a/share/provision/files/njalla-wireguard/usr/local/bin/fermreload.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# -# fermreload.sh -# V: 0.1 -# -# Reloads the ferm firewall ruleset and is invoked by -# the udev via /etc/udev/rules.d/81-vpn-firewall.rules. -# -# IPredator 2014 -# Released under the Kopimi license. -# -# Blog post: https://blog.ipredator.se/linux-firewall-howto.html -# - -LOGGER=/usr/bin/logger -LOGGER_TAG=$0 - -UDEV_ACTION=$1 - -FERM=/usr/sbin/ferm -FERM_CONF=/etc/ferm/ferm.conf - -MSG_FW_RULE_ADD="Adding VPN firewall rules." -MSG_FW_RULE_REMOVE="Removing VPN firewall rules." -MSG_UDEV_ACTION_UNKNOWN="Unknown udev action." - -case "$UDEV_ACTION" in - add) - $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_ADD - $FERM $FERM_CONF - ;; - remove) - $LOGGER -t $LOGGER_TAG $MSG_FW_RULE_REMOVE - $FERM $FERM_CONF - ;; - *) - $LOGGER -t $LOGGER_TAG $MSG_UDEV_ACTION_UNKNOWN - exit 1 -esac diff --git a/share/provision/lsd b/share/provision/lsd deleted file mode 100755 index 2b4a35e..0000000 --- a/share/provision/lsd +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env bash -# -# Provisioner for the Lightweight Software Distribution - LSD. -# -# Copyright (C) 2020 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Ensure we're in the home folder -cd - -# Dependencies -echo "Installing basic dependencies..." -$APT_INSTALL git curl make wipe man zsh || exit 1 - -# Tools -if [ ! -e "apps/infection" ]; then - rm -rf apps - git clone --recursive https://git.fluxo.info/rhatto/apps - apps/infection init -else - echo "Updating locally-installed apps and dotfiles..." - apps/infection fetch - apps/infection merge - apps/metadot/metadot fetch - apps/metadot/metadot merge -fi - -# Load basic config -apps/metadot/metadot load-bundle console -apps/metadot/metadot deps-bundle console - -# Install hydra system-wide -apps/hydra/hydractl install - -# Install trashman system-wide -sudo apps/trashman/trashman install trashman diff --git a/share/provision/messenger b/share/provision/messenger deleted file mode 100755 index bdd8f7e..0000000 --- a/share/provision/messenger +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash -# -# Messenger provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR - -# Signal Desktop -sudo trashman install signal-desktop - -# Install Ricochet -#$APT_INSTALL ricochet-im - -# Install Gajim -$APT_INSTALL gajim gajim-omemo diff --git a/share/provision/njalla-openvpn b/share/provision/njalla-openvpn deleted file mode 100755 index eb8d1f4..0000000 --- a/share/provision/njalla-openvpn +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env bash -# -# Full desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/openvpn $HOSTNAME $DOMAIN $MIRROR - -# Firewall -$APT_INSTALL ferm ulogd2 ulogd2-pcap -sudo cp $DIRNAME/files/njalla-openvpn/etc/ferm/ferm.conf /etc/ferm -sudo cp $DIRNAME/files/njalla-openvpn/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d -sudo cp $DIRNAME/files/njalla-openvpn/usr/local/bin/fermreload.sh /usr/local/bin -sudo chmod 555 /usr/local/bin/fermreload.sh -sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm -sudo service ferm restart - -# Njalla -#sudo cp $DIRNAME/files/njalla/etc/openvpn/njalla.conf /etc/openvpn -#sudo touch /etc/openvpn/njalla.auth -#sudo chown root:root /etc/openvpn/njalla.conf -#sudo chown root:root /etc/openvpn/njalla.auth -#sudo chmod 400 /etc/openvpn/njalla.conf -#sudo chmod 400 /etc/openvpn/njalla.auth -#echo "Please set user/password at /etc/openvpn/njalla.auth" -echo "Please configure /etc/openvpn/njalla.conf" diff --git a/share/provision/njalla-wireguard b/share/provision/njalla-wireguard deleted file mode 100755 index df364bf..0000000 --- a/share/provision/njalla-wireguard +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env bash -# -# Full desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/wireguard $HOSTNAME $DOMAIN $MIRROR - -# Firewall -$APT_INSTALL ferm ulogd2 ulogd2-pcap -sudo cp $DIRNAME/files/njalla-wireguard/etc/ferm/ferm.conf /etc/ferm -sudo cp $DIRNAME/files/njalla-wireguard/etc/udev/rules.d/81-vpn-firewall.rules /etc/udev/rules.d -sudo cp $DIRNAME/files/njalla-wireguard/usr/local/bin/fermreload.sh /usr/local/bin -sudo chmod 555 /usr/local/bin/fermreload.sh -sudo sed -i -e 's/^ENABLED=.*$/ENABLED="yes"/' /etc/default/ferm -sudo service ferm restart - -# Njalla -echo "Please configure /etc/wireguard/ng0.conf" diff --git a/share/provision/openbox b/share/provision/openbox deleted file mode 100755 index 26a6db0..0000000 --- a/share/provision/openbox +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env bash -# -# Openbox provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Use a stacked window manager to reduce browser fingerprinting -$APT_INSTALL openbox gmrun -apps/metadot/metadot load openbox -sed -i -e 's/^WINDOW_MANAGER=.*$/WINDOW_MANAGER="openbox"/' $HOME/.custom/xsession diff --git a/share/provision/openvpn b/share/provision/openvpn deleted file mode 100755 index 5722c3e..0000000 --- a/share/provision/openvpn +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash -# -# Full desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR - -# Install OpenVPN and dnsutils (which provides nslookup) -$APT_INSTALL openvpn resolvconf dnsutils curl - -# Use a stacked window manager to reduce browser fingerprinting -$DIRNAME/openbox diff --git a/share/provision/tor-browser b/share/provision/tor-browser deleted file mode 100755 index afbab58..0000000 --- a/share/provision/tor-browser +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash -# -# Tor desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR - -# Use a stacked window manager to reduce browser fingerprinting -$DIRNAME/openbox diff --git a/share/provision/trashman b/share/provision/trashman deleted file mode 100755 index b1f7bc5..0000000 --- a/share/provision/trashman +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash -# -# Trashman provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Install requirements -$APT_INSTALL git rsync - -# Get trashman -if [ -d "/usr/local/share/trashman" ]; then - ( cd /usr/local/share/trashman && sudo git pull ) -else - sudo git clone https://git.fluxo.info/trashman /usr/local/share/trashman -fi - -# Install trashman -sudo /usr/local/share/trashman/trashman install trashman diff --git a/share/provision/web-basic b/share/provision/web-basic deleted file mode 100755 index 11a94b5..0000000 --- a/share/provision/web-basic +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env bash -# -# Web desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/desktop-basic $HOSTNAME $DOMAIN $MIRROR - -# Additional packages -echo "Installing additional web packages..." -$APT_INSTALL firefox-esr chromium - -# Use addons.mozilla.org version instead -sudo apt-get remove -y webext-treestyletab - -# Mozilla configuration -# Create this config using "cd $HOME && /bin/tar jcvf mozilla.tar.bz2 .mozilla" -#if [ ! -d "$HOME/.mozilla" ]; then -# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/mozilla/mozilla.tar.bz2 ) -#fi - -# Chromium configuration -# Create this config using "cd $HOME && /bin/tar jcvf chromium.tar.bz2 .config/chromium" -#if [ ! -d "$HOME/.config/chromium" ]; then -# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium.tar.bz2 ) -# ( cd $HOME && tar xvf $DIRNAME/files/web-basic/chromium/chromium-profiles.tar.bz2 ) -#fi diff --git a/share/provision/web-full b/share/provision/web-full deleted file mode 100755 index a21a15d..0000000 --- a/share/provision/web-full +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env bash -# -# Web desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/web-basic $HOSTNAME $DOMAIN $MIRROR - -# Office Suite -$APT_INSTALL libreoffice gimp inkscape mat - -# Lave Tor available if the user wants to route other software besides running Tor Browser -$APT_INSTALL tor - -# Luakit using stowpkg -#if [ ! -x "$HOME/apps/stowpkg/tree/`uname -m`/bin/luakit" ]; then -# $APT_INSTALL make stow -# apps/stowpkg/stowpkg install luakit -#else -# apps/stowpkg/stowpkg upgrade luakit -#fi - -# Ensure we have an updated qutebrowser -#apps/qutebrowser/qutebrowser update diff --git a/share/provision/webserver b/share/provision/webserver deleted file mode 100755 index 650452f..0000000 --- a/share/provision/webserver +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash -# -# Webserver provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get autoremove -y && sudo apt-get clean -sudo apt-get install -y apache2 diff --git a/share/provision/wireguard b/share/provision/wireguard deleted file mode 100755 index 0aad2c9..0000000 --- a/share/provision/wireguard +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash -# -# Full desktop provision example -# -# Copyright (C) 2017 Silvio Rhatto - rhatto at riseup.net -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation, either version 3 of the License, -# or any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# - -# Parameters -DIRNAME="`dirname $0`" -BASENAME="`basename $0`" -HOSTNAME="$1" -DOMAIN="$2" -MIRROR="$3" -APT_INSTALL="sudo LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get install -y" - -# Provision the basic stuff -$DIRNAME/web-full $HOSTNAME $DOMAIN $MIRROR - -# Install OpenVPN and dnsutils (which provides nslookup) -$APT_INSTALL wireguard-tools resolvconf dnsutils curl - -# Use a stacked window manager to reduce browser fingerprinting -$DIRNAME/openbox -- cgit v1.2.3