mirror of
				https://gitea.blesmrt.net/mikaela/shell-things.git
				synced 2025-10-26 14:47:36 +01:00 
			
		
		
		
	
		
			
				
	
	
		
			282 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			282 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| # Do not use this script unless you know what you are doing! Even then this
 | |
| # script isn't that much above `curl | bash`ing
 | |
| set -x
 | |
| 
 | |
| # Workaround Chromium selectively understanding --disk-cache-dir=nul
 | |
| ln -nsfv /dev/null $HOME/nul
 | |
| ln -nsfv /dev/null $HOME/null
 | |
| 
 | |
| # Of course LaTeX templates exist
 | |
| mkdir -vp ~/texmf/tex/latex/local
 | |
| 
 | |
| # If my allowed_signers are present, use them, if not, clone them, and try
 | |
| # again. The gitconfig expects them here.
 | |
| if [ -d $HOME/src/codeberg.org/Aminda/ssh-allowed_signers ]; then
 | |
| 	echo "git config --global gpg.ssh.allowedSignersFile $HOME/src/codeberg.org/Aminda/ssh-allowed_signers/allowed_signers"
 | |
| 	git verify-commit HEAD || exit 1
 | |
| 	sleep 3
 | |
| else
 | |
| 	echo "Keys not found, cloning..."
 | |
| 	# -vp - verbose, parent. This comment won't be repeated.
 | |
| 	mkdir -vp $HOME/src/codeberg.org/Aminda/
 | |
| 	git clone https://codeberg.org/Aminda/ssh-allowed_signers.git $HOME/src/codeberg.org/Aminda/ssh-allowed_signers
 | |
| 	echo "git config --global gpg.ssh.allowedSignersFile $HOME/src/codeberg.org/Aminda/ssh-allowed_signers/allowed_signers"
 | |
| 	git verify-commit HEAD || exit 1
 | |
| 	sleep 3
 | |
| fi
 | |
| 
 | |
| # marker that I have ran the other script that runs things like installing
 | |
| # my public keys as authorized. See bottom of this script.
 | |
| export MIKAELA_GREP=$HOME/.MIKAELA_GREP
 | |
| 
 | |
| # Copying files in places
 | |
| cp -v rc/bashrc $HOME/.bashrc
 | |
| cp -v conf/tmux.conf $HOME/.tmux.conf
 | |
| cp -v rc/zshrc $HOME/.zshrc
 | |
| cp -v rc/profile $HOME/.profile
 | |
| 
 | |
| # Git config, legacy support for old location as well.
 | |
| # The other script appends sourced file, so if thou aren't I, thou should
 | |
| # consider it as well; `git config --global --add include.path '$HOME/yourgitconfig'`
 | |
| mkdir -vp $HOME/.config/git
 | |
| cp -v conf/gitconfig $HOME/.config/git/config
 | |
| touch $HOME/.gitconfig
 | |
| rm $HOME/.gitconfig
 | |
| ln -nsfv $HOME/.config/git/config $HOME/.gitconfig
 | |
| # Used for `git init` and `git clone`, will contain pre-commit hooks
 | |
| mkdir -vp $HOME/.git-template
 | |
| 
 | |
| # {n,neo}vim
 | |
| cp -v rc/vimrc $HOME/.vimrc
 | |
| mkdir -vp $HOME/.config/nvim/
 | |
| cp -v conf/init.vim $HOME/.config/nvim/init.vim
 | |
| cp -v conf/makepkg.conf $HOME/.makepkg.conf
 | |
| 
 | |
| # the media player
 | |
| mkdir -vp $HOME/.config/mpv/
 | |
| cp -v conf/mpv.conf $HOME/.config/mpv/mpv.conf
 | |
| mkdir -vp $HOME/.var/app/io.mpv.Mpv/config/mpv
 | |
| cp -v conf/mpv.conf $HOME/.var/app/io.mpv.Mpv/config/mpv/mpv.conf
 | |
| 
 | |
| # systemd
 | |
| mkdir -vp $HOME/.config/systemd/user/
 | |
| 
 | |
| # Create KDE expected config files
 | |
| touch $HOME/.config/k{screenlocker,xkb}rc
 | |
| 
 | |
| # if I am performing ident spoofing already, I don't want to touch it
 | |
| if [ ! -f $HOME/.oidentd.conf ]; then
 | |
| 	cp -v conf/oidentd.conf $HOME/.oidentd.conf
 | |
| fi
 | |
| 
 | |
| # In addition to git, my gnupg configuration should be questioned
 | |
| mkdir -vp $HOME/.gnupg
 | |
| cp -v gpg/gpg.conf $HOME/.gnupg/gpg.conf
 | |
| cp -v gpg/gpg-agent.conf $HOME/.gnupg/gpg-agent.conf
 | |
| cp -v gpg/dirmngr.conf $HOME/.gnupg/dirmngr.conf
 | |
| # Issues with GPG? SIGHUP dirmngr
 | |
| killall -HUP dirmngr
 | |
| 
 | |
| # I don't remember using these in ages and I don't think they apply to
 | |
| # wayland
 | |
| #cp -v rc/xinitrc $HOME/.xinitrc
 | |
| cp -v conf/pastebinit.xml $HOME/.pastebinit.xml
 | |
| cp -v conf/Xresources $HOME/.Xresources
 | |
| 
 | |
| # Nice sysinfo script
 | |
| mkdir -vp $HOME/.inxi
 | |
| cp -v conf/inxi.conf $HOME/.inxi/inxi.conf
 | |
| 
 | |
| # laziness
 | |
| gpg --quiet --import .mikaela/keys/*.asc &
 | |
| 
 | |
| # Utilized by my ssh_config (not to be confused with sshd_config)
 | |
| mkdir -vp $HOME/.ssh/sockets/
 | |
| 
 | |
| # It will get used later
 | |
| mkdir -vp $HOME/.local/bin/
 | |
| 
 | |
| # Setting permissions
 | |
| chmod a+xr chmod
 | |
| bash -x ./chmod &
 | |
| 
 | |
| # The submodules contain nice things such as fonts
 | |
| git submodule update &
 | |
| git gc &
 | |
| 
 | |
| # Aforementioned git template directory and pre-commit
 | |
| if hash pre-commit 2> /dev/null; then
 | |
| 	pre-commit init-templatedir $HOME/.git-template
 | |
| 	pre-commit gc
 | |
| fi
 | |
| 
 | |
| # If symlinks are installed, remove dead/dangling ones from $HOME/.local/bin
 | |
| # so corepack won't get confused if those are present
 | |
| if hash symlinks 2> /dev/null; then
 | |
| 	symlinks -d $HOME/.local/bin/
 | |
| else
 | |
| 	echo "WARNING! Executable named symlinks not found in PATH."
 | |
| 	sleep 3
 | |
| fi
 | |
| 
 | |
| # node package manager manager
 | |
| if hash corepack 2> /dev/null; then
 | |
| 	# Will install symlinks for pnpm, yarn, etc., but not npm unless
 | |
| 	# explicitly requested as below
 | |
| 	corepack enable --install-directory $HOME/.local/bin/
 | |
| 	corepack enable npm --install-directory $HOME/.local/bin/
 | |
| 	# pnpm can utilize the same packagemanager field as corepack, even when
 | |
| 	# used alone
 | |
| 	corepack pnpm config set manage-package-manager-versions=true
 | |
| elif hash pnpm 2> /dev/null; then
 | |
| 	# see above which is more relevant in this case
 | |
| 	pnpm config set manage-package-manager-versions=true
 | |
| else
 | |
| 	echo "WARNING! corepack is not installed."
 | |
| 	sleep 3
 | |
| fi
 | |
| 
 | |
| # If running as root, which I am doing regardless of not being supposed to,
 | |
| if [ "$(id -u)" == "0" ]; then
 | |
| 
 | |
| 	# Fedora Atomic compatibility
 | |
| 	if [ -d /var/roothome ]; then
 | |
| 		chmod -v a+x /var/roothome
 | |
| 	fi
 | |
| 
 | |
| 	# Desktop entries
 | |
| 	mkdir -vp /usr/local/share/applications/
 | |
| 	cp -v local/share/applications/*.desktop /usr/local/share/applications/
 | |
| 
 | |
| 	# Profile configuration. SECURITY WARNING
 | |
| 	cp -v etc/profile.d/*.sh /etc/profile.d/
 | |
| 	chmod -v a+r /etc/profile.d/*.sh
 | |
| 
 | |
| 	# Kernel configuration. SECURITY WARNING
 | |
| 	cp -v etc/sysctl.d/*.conf /etc/sysctl.d/
 | |
| 	chmod -v a+r /etc/sysctl.d/*.conf
 | |
| 	(sysctl -p --system &)
 | |
| 
 | |
| 	# SSHd hardening hopefully. SECURITY WARNING
 | |
| 	mkdir -vp /etc/ssh/sshd_config.d/
 | |
| 	chmod -v a+x /etc/ssh/sshd_config.d/
 | |
| 	cp etc/ssh/sshd_config.d/00-basic-security.conf /etc/ssh/sshd_config.d/
 | |
| 	chmod -v a+r /etc/ssh/sshd_config.d/*.conf
 | |
| 
 | |
| 	# Systemd configuration directories. SECURITY WARNINGS!
 | |
| 	mkdir -vp /etc/systemd/{system,system-preset,user,network}/
 | |
| 	mkdir -vp /etc/systemd/system/{app.slice.d,service.d,socket.d}/
 | |
| 	cp -v etc/systemd/system/app.slice.d/90-cpuquota.conf /etc/systemd/system/app.slice.d/90-cpuquota.conf
 | |
| 	mkdir -vp /etc/systemd/{coredump,login,oomd,journald,resolved,system,timesyncd}.conf.d/
 | |
| 	cp -v etc/systemd/oomd.conf.d/20-oomd.conf /etc/systemd/oomd.conf.d/20-oomd.conf
 | |
| 	mkdir -vp /etc/systemd/system/{ssh,sshd,sshguard,systemd-resolved,systemd-networkd,NetworkManager,iwd,unbound,tor,oidentd,yggdrasil}.service.d/
 | |
| 	mkdir -vp /etc/systemd/system/{ssh,sshd,oidentd}.socket.d/
 | |
| 	# SECURITY WARNING!
 | |
| 	cp -v etc/systemd/system/service.d/rngd-wanted.conf /etc/systemd/system/service.d/
 | |
| 	cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/socket.d/
 | |
| 	# SECURITY WARNING!
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/ssh.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/sshd.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/sshguard.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/systemd-resolved.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/systemd-networkd.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/oidentd.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/NetworkManager.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/iwd.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/unbound.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/tor.service.d/
 | |
| 	cp -v etc/systemd/system/service.d/never-fail.conf /etc/systemd/system/yggdrasil.service.d/
 | |
| 	cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/ssh.socket.d/
 | |
| 	cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/sshd.socket.d/
 | |
| 	cp -v etc/systemd/system/socket.d/dualstack-bind.conf /etc/systemd/system/oidentd.socket.d/
 | |
| 
 | |
| 	if hash systemctl 2> /dev/null; then
 | |
| 		systemctl daemon-reload
 | |
| 	fi
 | |
| 
 | |
| 	# Enables laziness on checking whether or not apt is installed
 | |
| 	mkdir -vp /etc/apt/apt.conf.d/
 | |
| 	# Enables progress bar and colours for apt/dpkg, which are helpful at
 | |
| 	# times when guesstimating when will things happen
 | |
| 	echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar
 | |
| 	echo 'APT::Color "1";' > /etc/apt/apt.conf.d/99color
 | |
| 
 | |
| 	# If some locate variant is installed, now is a great time to ensure its
 | |
| 	# database is up-to-date. This may also enable automated database
 | |
| 	# updates.
 | |
| 	if hash updatedb 2> /dev/null; then
 | |
| 		(updatedb &)
 | |
| 	fi
 | |
| 
 | |
| 	# If LaTeX fonts are available, make them available for the rest of the
 | |
| 	# system too.
 | |
| 	if [ -d "/usr/share/texlive/texmf-dist/fonts/" ]; then
 | |
| 		mkdir -p /usr/local/share/fonts
 | |
| 		ln -nsfv /usr/share/texlive/texmf-dist/fonts /usr/local/share/fonts/texlive
 | |
| 	fi
 | |
| 
 | |
| 	# They say to not repeat yourself, but copy-pasting from below is the
 | |
| 	# easiest way to make the submodule fonts available to the system.
 | |
| 	if [ -d "$HOME/.shell-things" ]; then
 | |
| 		mkdir -p /usr/local/share/fonts
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/comicneue/Fonts/OTF /usr/local/share/fonts/comicneue
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/comic-shanns-mono/fonts/ComicShannsMono-Regular.otf /usr/local/share/fonts/
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/opendyslexic/compiled/OpenDyslexic-*.otf /usr/local/share/fonts/
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/otf /usr/local/share/fonts/SeriousShanns
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/NerdFont /usr/local/share/fonts/
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/NerdFontMono /usr/local/share/fonts/
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/NerdFontPropo /usr/local/share/fonts/
 | |
| 		ln -nsfv $HOME/.shell-things/submodules/Inclusive-Sans/fonts/variable /usr/local/share/fonts/Inclusive-Sans
 | |
| 	fi
 | |
| 
 | |
| 	# Font cleanup
 | |
| 	if hash symlinks 2> /dev/null; then
 | |
| 		symlinks -d /usr/local/share/fonts/
 | |
| 	else
 | |
| 		echo "WARNING! Executable named symlinks not found in PATH."
 | |
| 		sleep 3
 | |
| 	fi
 | |
| 
 | |
| fi
 | |
| 
 | |
| # Make the submoduled fonts available to the system
 | |
| if [ -d "$HOME/.shell-things" ]; then
 | |
| 	mkdir -p $HOME/.local/share/fonts
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/comicneue/Fonts/OTF $HOME/.local/share/fonts/comicneue
 | |
| 	#ln -nsfv $HOME/.shell-things/submodules/comic-shanns-mono/fonts $HOME/.local/share/fonts/comic-shanns-mono
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/comic-shanns-mono/fonts/ComicShannsMono-Regular.otf $HOME/.local/share/fonts/
 | |
| 	#ln -nsfv $HOME/.shell-things/submodules/opendyslexic/compiled $HOME/.local/share/fonts/opendyslexic
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/opendyslexic/compiled/OpenDyslexic-*.otf $HOME/.local/share/fonts/
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/otf $HOME/.local/share/fonts/SeriousShanns
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/NerdFont $HOME/.local/share/fonts/
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/NerdFontMono $HOME/.local/share/fonts/
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/serious-sans/SeriousShanns/NerdFontPropo $HOME/.local/share/fonts/
 | |
| 	ln -nsfv $HOME/.shell-things/submodules/Inclusive-Sans/fonts/variable $HOME/.local/share/fonts/Inclusive-Sans
 | |
| 	# Font cleanup
 | |
| 	if hash symlinks 2> /dev/null; then
 | |
| 		symlinks -d $HOME/.local/share/fonts/
 | |
| 	else
 | |
| 		echo "WARNING! Executable named symlinks not found in PATH."
 | |
| 		sleep 3
 | |
| 	fi
 | |
| fi
 | |
| 
 | |
| if hash fc-cache 2> /dev/null; then
 | |
| 	(fc-cache &)
 | |
| fi
 | |
| 
 | |
| # If the previously mentioned marker is present, include the even more
 | |
| # questionable script (yay!) into our current execution
 | |
| if [ -f "$MIKAELA_GREP" ]; then
 | |
| 	. .mikaela_install
 | |
| fi
 | |
| 
 | |
| # If git-lfs is installed, configure git with it, otherwise this will just
 | |
| # error in forked background process which will no longer hurt the current
 | |
| # execution.
 | |
| (git lfs install | true &)
 | |
| 
 | |
| set +x
 | |
| # vim : set ft=bash :
 |