Skip to content

Instantly share code, notes, and snippets.

@openoms
Forked from CandleHater/initial-setup.sh
Created January 16, 2020 06:11
Show Gist options
  • Save openoms/943d2c98625fec790b2bd401fe643ddb to your computer and use it in GitHub Desktop.
Save openoms/943d2c98625fec790b2bd401fe643ddb to your computer and use it in GitHub Desktop.
Initial setup on Debian (incl. Raspbian)
#!/bin/bash
# bash <(curl -s https://gist.githubusercontent.com/CandleHater/c36f8c205b31f70081d9e821bde36ebb/raw/initial-setup.sh)
clear
# show system info
echo "- system"
echo -e "Kernel\t: $(uname -rvm)"
cat /proc/cpuinfo | grep "model name" | sed "s/model name/CPU/g"
# raspberry?
IS_RASPBERRY=false
IS_RASPBERRY_ZERO=false
if grep -Fq "Raspberry" /proc/cpuinfo; then
echo -n -e "Model\t: Raspberry Pi"
IS_RASPBERRY=true
if grep -Fq "Raspberry Pi Zero" /proc/cpuinfo; then
IS_RASPBERRY_ZERO=true
echo -n " Zero"
fi
echo
fi
# config - general
echo
echo "- config (ENTER = no/skip)"
read -r -p "change hostname '$(hostname)': " HOSTNAME_NEW
read -n 1 -r -p "reboot? [Y/n] " REBOOT
echo
echo
# config - raspberry
if [ IS_RASPBERRY ]; then
echo "- config Raspberry Pi"
read -n 1 -r -p "disable Bluetooth? [Y/n] " DISABLE_BLUETOOTH
echo
read -n 1 -r -p "disable HDMI and audio? [Y/n] " DISABLE_HDMI
echo
read -n 1 -r -p "disable USB? [Y/n] " DISABLE_USB
echo
read -n 1 -r -p "run stresstest? [Y/n] " STRESSTEST
echo
echo
fi
# password
echo "- change password of current user '$USER' (CTRL+D to keep current)"
sudo passwd $USER
echo
# add user
echo "- add user"
read -r -p "username: " USER_NEW
if [ ! -z "$USER_NEW" ]; then
read -n 1 -r -p "copy groups of current user '$USER'? [Y/n] " USER_NEW_GROUPS
echo
read -n 1 -r -p "lock current user '$USER' in two days? [Y/n] " USER_NEW_LOCK_OLD
echo
echo
sudo useradd -m $USER_NEW
echo "user added"
echo
sudo passwd $USER_NEW
echo
echo
sudo usermod -s /bin/bash $USER_NEW
echo "bash configured"
if [[ $USER_NEW_GROUPS =~ ^[Yy|]$ ]]; then
USER_GROUPS=$(groups | sed -e "s/$USER //g" | sed -e "s/ /,/g")
sudo usermod -a -G $USER_GROUPS $USER_NEW
echo
echo "groups copied from user '$USER': $USER_GROUPS"
fi
if [[ $USER_NEW_LOCK_OLD =~ ^[Yy|]$ ]]; then
echo
sudo usermod --expiredate $(date -d "2 days" +"%Y-%m-%d") $USER
echo "current user locked"
fi
echo
fi
# hostname
if [ ! -z "$HOSTNAME_NEW" ]; then
echo
echo "- hostname"
HOSTNAME_OLD=$(hostname)
sudo sh -c "echo '$HOSTNAME_NEW' > /etc/hostname"
sudo sed -i -e "s/$HOSTNAME_OLD/$HOSTNAME_NEW/g" /etc/hosts
sudo hostname $HOSTNAME_NEW
echo "hostname set to: $(hostname)"
fi
# locale
if [ ! "$(locale | grep LANGUAGE | cut -d= -f2)" = "en_GB:en" ]; then
echo
echo "- locale"
sudo sh -c "echo 'LC_ALL=en_GB.UTF-8\nLANG=en_GB.UTF-8\nLANGUAGE=\"en_GB:en\"\n' > /etc/default/locale"
sudo dpkg-reconfigure --frontend=noninteractive locales
fi
# keyboard layout
if [ ! "$(localectl | grep Keymap | cut -d: -f2 | xargs)" = "de-latin1" ]; then
echo
echo "- keyboard layout"
sudo localectl set-keymap de-latin1
echo "changed to DE"
fi
# timezone
if [ ! "$(timedatectl | grep "Time zone" | cut -d: -f2 | cut -d\( -f1 | xargs)" = "Europe/Berlin" ]; then
echo
echo -n "- timezone"
sudo timedatectl set-timezone Europe/Berlin
sudo dpkg-reconfigure -f noninteractive tzdata
fi
# lock root user
if [ "$(sudo grep root /etc/shadow | grep '\!')" = "" ]; then
echo "- lock root user"
sudo passwd -u root --lock
fi
# apt - update
echo
echo "- apt update"
sudo apt update
echo
sudo apt upgrade -y
echo
sudo apt dist-upgrade -y
echo
sudo apt autoremove --purge -y
# install basic packages
INSTALL_BASIC="git bash-completion htop curl wget tmux jq bc python3-pip"
echo
echo "- apt install basic ($INSTALL_BASIC)"
sudo apt install -y $INSTALL_BASIC
# fail2ban
if [ ! "$(systemctl is-active fail2ban.service)" = "active" ]; then
echo
echo "- fail2ban"
sudo apt install -y fail2ban
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
fi
# unattended upgrades
if [ ! -f /etc/apt/apt.conf.d/02periodic ]; then
echo
echo "- unattended upgrades"
sudo apt install -y unattended-upgrades
sudo sh -c "echo '
APT::Periodic::Enable \"1\";
APT::Periodic::Update-Package-Lists \"1\";
APT::Periodic::Download-Upgradeable-Packages \"1\";
APT::Periodic::Unattended-Upgrade \"1\";
APT::Periodic::AutocleanInterval \"1\";
APT::Periodic::Verbose \"2\";' > /etc/apt/apt.conf.d/02periodic"
echo
sudo unattended-upgrades -d
fi
# SSH host key renew
SSH_KEY_SIZE="8192"
if ! ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub | grep -q "$SSH_KEY_SIZE"; then
echo
echo "- renew SSH host key ($SSH_KEY_SIZE bit)"
sudo rm /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server
echo y | sudo ssh-keygen -N "" -t rsa -b $SSH_KEY_SIZE -f /etc/ssh/ssh_host_rsa_key
fi
# remove welcome message
sudo sh -c "echo -n '' > /etc/motd"
# raspberry
if [ IS_RASPBERRY ]; then
# remove commented "exit 0" for later replaces
sudo sed -i -e "s/\"exit 0\"/exit_0/g" /etc/rc.local
# add customization comments
if ! grep -q "# candle customizations" /boot/config.txt; then
sudo sh -c "echo '\n# candle customizations [$(date)]' >> /boot/config.txt"
fi
if ! grep -q "# candle customizations" /etc/rc.local; then
sudo sed -i -e "s/exit 0/# candle customizations [$(date)]\nexit 0/g" /etc/rc.local
fi
# update firmware
echo
echo "- rpi update"
sudo SKIP_WARNING=1 rpi-update
# disable avahi (multi-cast DNS)
if [ "$(systemctl is-active avahi.service)" = "active" ]; then
echo
echo "- disable avahi (multi-cast DNS)"
sudo systemctl disable avahi-daemon
sudo systemctl stop avahi-daemon
fi
# disable TriggerHappy (button service)
if [ "$(systemctl is-active triggerhappy.service)" = "active" ]; then
echo
echo "- disable TriggerHappy (button service)"
sudo systemctl disable triggerhappy.socket
sudo systemctl stop triggerhappy.socket
sudo systemctl disable triggerhappy
sudo systemctl stop triggerhappy
fi
# ZRAM swap
echo
echo "- ZRAM swap install/update"
sudo wget -O /usr/bin/zram.sh https://raw.githubusercontent.com/novaspirit/rpi_zram/master/zram.sh
sudo chmod +x /usr/bin/zram.sh
if ! grep -q "zram.sh" /etc/rc.local; then
sudo sed -i -e "s/exit 0/\/usr\/bin\/zram.sh \&\nexit 0/g" /etc/rc.local
echo "ZRAM installed"
else
echo "ZRAM updated"
fi
# disable bluetooth
if [[ $DISABLE_BLUETOOTH =~ ^[Yy]$ ]]; then
echo
echo "- disable bluetooth"
if ! grep -q "dtoverlay=pi3-disable-bt" /boot/config.txt; then
sudo systemctl disable hciuart.service
sudo systemctl disable bluealsa.service
sudo systemctl disable bluetooth.service
echo
sudo apt remove -y --purge pi-bluetooth bluez bluez-firmware
echo
sudo sh -c "echo 'dtoverlay=pi3-disable-bt' >> /boot/config.txt"
echo "disabled"
else
echo "was already disabled"
fi
fi
# disable HDMI/audio
if [[ $DISABLE_HDMI =~ ^[Yy|]$ ]]; then
echo
echo "- disable HDMI/audio"
# disable HDMI
if ! grep -q "/usr/bin/tvservice -o" /etc/rc.local; then
sudo sed -i -e "s/exit 0/\/usr\/bin\/tvservice -o # disable HDMI\nexit 0/g" /etc/rc.local
sudo /usr/bin/tvservice -o
echo "HDMI disabled"
else
echo "HDMI was already disabled"
fi
# audio off
if ! grep -q "dtparam=audio=off" /boot/config.txt; then
sudo sh -c "echo 'dtparam=audio=off' >> /boot/config.txt"
echo "audio disabled"
else
echo "audio was already disabled"
fi
# minimum RAM shared with GPU
sudo raspi-config nonint do_memory_split 16
fi
# disable USB
if [[ $DISABLE_USB =~ ^[Yy|]$ ]]; then
echo
echo "- disable USB"
if ! grep -q "/sys/devices/platform/soc/20980000.usb/buspower" /etc/rc.local; then
sudo sed -i -e "s/exit 0/echo 0 | sudo tee \/sys\/devices\/platform\/soc\/20980000.usb\/buspower # disable USB\nexit 0/g" /etc/rc.local
echo 0 | sudo tee /sys/devices/platform/soc/20980000.usb/buspower
echo "disabled"
else
echo "was already disabled"
fi
else
echo
echo "- higher USB current"
if ! grep -q "max_usb_current=1" /boot/config.txt; then
sudo sh -c "echo 'max_usb_current=1' >> /boot/config.txt"
echo "OK"
else
echo "was already set"
fi
fi
# disable splash screen
if ! grep -q "disable_splash=1" /boot/config.txt; then
echo
echo "- disable splash screen"
sudo sh -c "echo 'disable_splash=1' >> /boot/config.txt"
echo "OK"
fi
# disable LEDs
echo
echo "- disable LEDs"
if [ IS_RASPBERRY_ZERO ]; then
if ! grep -q "dtparam=act_led_activelow=on" /boot/config.txt; then
sudo sh -c "echo 'dtparam=act_led_trigger=none' >> /boot/config.txt"
sudo sh -c "echo 'dtparam=act_led_activelow=on' >> /boot/config.txt"
echo "ACT LED disabled"
else
echo "ACT LED was already disabled"
fi
else
if ! grep -q "dtparam=act_led_trigger=none" /boot/config.txt; then
sudo sh -c "echo 'dtparam=act_led_trigger=none' >> /boot/config.txt"
sudo sh -c "echo 'dtparam=act_led_activelow=off' >> /boot/config.txt"
echo "ACT LED disabled"
else
echo "ACT LED was already disabled"
fi
if ! grep -q "dtparam=pwr_led_trigger=none" /boot/config.txt; then
sudo sh -c "echo 'dtparam=pwr_led_trigger=none' >> /boot/config.txt"
sudo sh -c "echo 'dtparam=pwr_led_activelow=off' >> /boot/config.txt"
echo "PWR LED disabled"
else
echo "PWR LED was already disabled"
fi
fi
# wifi country
echo
echo "- set WiFi country"
sudo raspi-config nonint do_wifi_country DE
# expand rootfs
echo
echo -n "- expand rootfs"
sudo raspi-config --expand-rootfs
# remove uneeded packages
echo
echo "- apt remove uneeded packages"
sudo apt remove -y --purge libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi minecraft-pi plymouth python2
fi
# stresstest
if [[ $STRESSTEST =~ ^[Yy|]$ ]]; then
echo
echo "- stresstest"
bash <(curl -s https://raw.githubusercontent.com/rootzoll/raspiblitz/master/home.admin/config.scripts/blitz.stresstest.sh)
echo
sudo apt remove --purge -y sysbench
fi
# apt - clean
echo
echo "- apt clean"
sudo apt autoremove -y
echo
sudo apt autoclean -y
echo
sudo apt clean -y
# reboot
if [[ $REBOOT =~ ^[Yy|]$ ]]; then
echo
echo "- reboot"
sudo reboot
fi
@CandleHater
Copy link

Changed some stuff here and there in my original script ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment