kevinkub · September 16, 2020 09:25
diff --git a/Arch Linux Setup.sh b/Arch Linux Setup.sh
 # See https://gist.github.com/chris-redbeed/b3cee239532cee25b2357b4225e7f791 for a Debian version of this script.

 # Change root password
 echo "# Change password of root user"
 passwd

 # Change hostname
 echo "# Change hostname"
 read hostname
 hostname $hostname

 # Setup mirror-list
 echo "# Finding fastest mirrors"
 cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
 sed -i 's/^#Server/Server/' /etc/pacman.d/mirrorlist.backup
 rankmirrors -n 10 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

 # Self-upgrade
 echo "# Update system with pacman"
 pacman -Syu

 # Create user
 echo "# Create new user"
 echo "Please enter username:"
 read username
 useradd -m $username
 passwd $username
 echo "Please enter public key:"
 read publickey
 mkdir "/home/"$username"/.ssh/"
 echo $publickey > "/home/"$username"/.ssh/authorized_keys"

 # Configure sshd
 echo "# Configure sshd"
 echo "Please enter a ssh port:"
 read sshport
 echo "# Custom sshd configurations

 # Set the ssh port
 Port "$sshport"
 # Forbid root login
 PermitRootLogin no
 # End login-attempts after 30s
 LoginGraceTime 30s
 # Give only one try to auth
 MaxAuthTries 1
 # Use public key authentication only
 PubkeyAuthentication yes
 # Find the file in .ssh/authorized_keys
 AuthorizedKeysFile .ssh/authorized_keys
 # Use the pam authentication module
 UsePAM no
 # Disable password auth
 PasswordAuthentication no
 # Disable challenge response
 ChallengeResponseAuthentication no
 # Limit the maximum number of not-logged-in connections to 2
 MaxStartups 2
 # Print no default message after login as this will be handeled by pam
 PrintMotd no
 # Load sftp-subsystem (default arch linux)
 Subsystem sftp /usr/lib/ssh/sftp-server
 # Add permissions for specific users
 AllowUsers "$username > /etc/ssh/sshd_config

 # Setup firewall
 echo "# Setup firewall with ufw."
 pacman -S ufw
 ufw default allow outgoing
 ufw default deny incoming
 ufw allow $sshport/tcp
 ufw limit $sshport/tcp
 ufw enable
 systemctl start ufw
 systemctl enable ufw

 # Setup auto-update
 echo "# Setup auto-update"
 echo "[Unit]
 Description=Automatic Update
 After=network-online.target 

 [Service]
 Type=simple
 ExecStart=/usr/bin/pacman -Syuq --noconfirm
 TimeoutStopSec=180
 KillMode=process
 KillSignal=SIGINT

 [Install]
 WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.service
 echo "[Unit]
 Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes

 [Timer]
 OnBootSec=5min
 OnUnitActiveSec=60min
 Unit=autoupdate.service

 [Install]
 WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.timer
 systemctl enable /etc/systemd/system/autoupdate.timer

 # Setup timezone and ntp
 timedatectl set-timezone Europe/Berlin
 timedatectl set-ntp true
	# See https://gist.github.com/chris-redbeed/b3cee239532cee25b2357b4225e7f791 for a Debian version of this script.

	# Change root password
	echo "# Change password of root user"
	passwd

	# Change hostname
	echo "# Change hostname"
	read hostname
	hostname $hostname

	# Setup mirror-list
	echo "# Finding fastest mirrors"
	cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
	sed -i 's/^#Server/Server/' /etc/pacman.d/mirrorlist.backup
	rankmirrors -n 10 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

	# Self-upgrade
	echo "# Update system with pacman"
	pacman -Syu

	# Create user
	echo "# Create new user"
	echo "Please enter username:"
	read username
	useradd -m $username
	passwd $username
	echo "Please enter public key:"
	read publickey
	mkdir "/home/"$username"/.ssh/"
	echo $publickey > "/home/"$username"/.ssh/authorized_keys"

	# Configure sshd
	echo "# Configure sshd"
	echo "Please enter a ssh port:"
	read sshport
	echo "# Custom sshd configurations

	# Set the ssh port
	Port "$sshport"
	# Forbid root login
	PermitRootLogin no
	# End login-attempts after 30s
	LoginGraceTime 30s
	# Give only one try to auth
	MaxAuthTries 1
	# Use public key authentication only
	PubkeyAuthentication yes
	# Find the file in .ssh/authorized_keys
	AuthorizedKeysFile .ssh/authorized_keys
	# Use the pam authentication module
	UsePAM no
	# Disable password auth
	PasswordAuthentication no
	# Disable challenge response
	ChallengeResponseAuthentication no
	# Limit the maximum number of not-logged-in connections to 2
	MaxStartups 2
	# Print no default message after login as this will be handeled by pam
	PrintMotd no
	# Load sftp-subsystem (default arch linux)
	Subsystem sftp /usr/lib/ssh/sftp-server
	# Add permissions for specific users
	AllowUsers "$username > /etc/ssh/sshd_config

	# Setup firewall
	echo "# Setup firewall with ufw."
	pacman -S ufw
	ufw default allow outgoing
	ufw default deny incoming
	ufw allow $sshport/tcp
	ufw limit $sshport/tcp
	ufw enable
	systemctl start ufw
	systemctl enable ufw

	# Setup auto-update
	echo "# Setup auto-update"
	echo "[Unit]
	Description=Automatic Update
	After=network-online.target

	[Service]
	Type=simple
	ExecStart=/usr/bin/pacman -Syuq --noconfirm
	TimeoutStopSec=180
	KillMode=process
	KillSignal=SIGINT

	[Install]
	WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.service
	echo "[Unit]
	Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes

	[Timer]
	OnBootSec=5min
	OnUnitActiveSec=60min
	Unit=autoupdate.service

	[Install]
	WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.timer
	systemctl enable /etc/systemd/system/autoupdate.timer

	# Setup timezone and ntp
	timedatectl set-timezone Europe/Berlin
	timedatectl set-ntp true