Created
May 7, 2025 18:40
-
-
Save okaris/98ad39e9283853602a589f615877f350 to your computer and use it in GitHub Desktop.
ubuntu dev setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euxo pipefail | |
| # --- System Update --- | |
| sudo apt update && sudo apt upgrade -y | |
| # --- Core Packages --- | |
| sudo apt install -y \ | |
| curl \ | |
| git \ | |
| unzip \ | |
| gnupg \ | |
| ca-certificates \ | |
| htop \ | |
| tmux \ | |
| rsync \ | |
| tree \ | |
| net-tools \ | |
| lsof \ | |
| dnsutils \ | |
| software-properties-common \ | |
| build-essential \ | |
| zsh \ | |
| fzf \ | |
| ripgrep \ | |
| bat \ | |
| fd-find \ | |
| exa \ | |
| ncdu \ | |
| logrotate \ | |
| fail2ban \ | |
| ufw \ | |
| grub-pc \ | |
| systemd-timesyncd | |
| # --- Docker --- | |
| curl -fsSL https://get.docker.com -o get-docker.sh | |
| sh get-docker.sh | |
| # --- Go --- | |
| GO_VERSION=1.24.3 | |
| curl -fsSLO "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" | |
| sudo rm -rf /usr/local/go | |
| sudo tar -C /usr/local -xzf "go${GO_VERSION}.linux-amd64.tar.gz" | |
| echo 'export PATH=$PATH:/usr/local/go/bin:$HOME/go/bin' >> ~/.bashrc | |
| # --- NVM + Node.js --- | |
| curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash | |
| export NVM_DIR="$HOME/.nvm" | |
| . "$NVM_DIR/nvm.sh" | |
| nvm install 22 | |
| nvm use 22 | |
| # --- uv (Python alt) --- | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| # --- Go: air --- | |
| go install github.com/air-verse/air@latest | |
| # --- Firewall --- | |
| sudo ufw default deny incoming | |
| sudo ufw default allow outgoing | |
| sudo ufw allow ssh | |
| sudo ufw allow http | |
| sudo ufw allow https | |
| sudo ufw --force enable | |
| # --- Fail2ban --- | |
| sudo systemctl enable fail2ban | |
| sudo systemctl start fail2ban | |
| # --- SSH Hardening --- | |
| sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config | |
| sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| sudo sed -i 's/^#\?PermitEmptyPasswords.*/PermitEmptyPasswords no/' /etc/ssh/sshd_config | |
| sudo sed -i 's/^#\?X11Forwarding.*/X11Forwarding no/' /etc/ssh/sshd_config | |
| sudo sed -i 's/^#\?UseDNS.*/UseDNS no/' /etc/ssh/sshd_config | |
| sudo systemctl restart sshd | |
| # --- Time Sync --- | |
| sudo systemctl enable systemd-timesyncd | |
| sudo systemctl start systemd-timesyncd | |
| # --- Bootloader --- | |
| sudo grub-install /dev/nvme0n1 | |
| sudo update-grub | |
| echo "Setup complete. Relog or source ~/.bashrc to apply shell environment." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment