36 lines
1.2 KiB
Bash
36 lines
1.2 KiB
Bash
#!/bin/bash
|
|
|
|
REPO=https://git.xoservice.nl/marcel/archlinux
|
|
|
|
echo "Setting remote control requirements..."
|
|
groupadd admins
|
|
useradd -g admins -m -r -c "System administrator" sysadmin
|
|
echo "%admins ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/admins
|
|
mkdir -p /home/sysadmin/.ssh
|
|
chmod 700 /home/sysadmin/.ssh
|
|
curl -so /home/sysadmin/.ssh/authorized_keys $REPO/raw/master/post/ansible.pub
|
|
chown -R sysadmin:admins /home/sysadmin/.ssh
|
|
|
|
echo "Disable root user SSH access..."
|
|
sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
|
|
sed -i 's/PermitRootLogin without-password/PermitRootLogin no/' /etc/ssh/sshd_config
|
|
|
|
echo "Configuring and enabling default firewall..."
|
|
curl -so /etc/iptables/iptables.rules $REPO/raw/master/post/iptables.rules
|
|
curl -so /etc/iptables/ip6tables.rules $REPO/raw/master/post/ip6tables.rules
|
|
systemctl enable iptables
|
|
systemctl enable ip6tables
|
|
|
|
echo "Install minimal required packages..."
|
|
pacman --noconfirm -S iftop htop bash-completion iotop lsof screen neofetch neovim
|
|
ln -s /usr/bin/nvim /usr/bin/vi
|
|
|
|
echo "Setup motd default..."
|
|
echo "" > /etc/motd
|
|
echo "neofetch" >> /etc/profile.d/neofetch.sh
|
|
chmod +x /etc/profile.d/neofetch.sh
|
|
|
|
echo "All done, reboot in 5 seconds..."
|
|
sleep 5
|
|
reboot
|