diff --git a/archlinux_setup.sh b/archlinux_setup.sh deleted file mode 100755 index 8509a67..0000000 --- a/archlinux_setup.sh +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/sh - -# List keyboard layouts from here -localectl list-keymaps - -# Test if boot mode is UEFI (true if no error) -ls /sys/firmware/efi/efivars - -# Connecting to WIFI using connmanctl (openrc | runit | s6 | 66 | dinit) -connmanctl << EOF -# Enabling wifi -enable wifi - -# Enabling the agent (only use if needed passphrase) -agent on - -# Scanning for access points -scan wifi - -# Printing the access points (services) names -services - -# Connecting to the access point -connect SERVICE_ID - -# Enable the auto connection at startup option -config SERVICE_ID --autoconnect yes -EOF - -# Connect to WIFI using iwctl (systemd) -iwctl << EOF -# Getting the list of available devices -device list - -# Scanning for access points -station scan - -# Printing the access points names -station get-networks - -# Password-less -station connect - -# Passphrase -iwctl --passphrase station connect -exit -EOF - -# Arch package name | Description -# base | Minimal package set to define a basic Arch Linux installation -# linux | The Linux kernel and modules -# linux-lts | The LTS Linux kernel and modules -# linux-zen | The Linux ZEN kernel and modules -# linux-hardened | The Security-Hardened Linux kernel and modules -# linux-firmware | Firmware files for Linux -# neovim | Fork of Vim, a terminal text editor -# doas | Run commands as super user or another user -# networkmanager | Network connection manager and user applications -# networkmanager-iwd | Network connection manager and user applications; using iwd backend instead of wpa_supplicant -# wpa_supplicant | A utility providing key negotiation for WPA wireless networks -# grub | GNU GRand Unified Bootloader -# efibootmgr | UEFI Boot manager -# neofetch | A CLI system information tool written in BASH that supports displaying images -# which | A utility to show the full path of commands -# iwd | Internet Wireless Daemon -# ntfs-3g | NTFS file system driver and utilities -# keepass | Easy-to-use password manager for Windows, Linux, Mac OS X and mobile devices -# keepassxc | Cross-platform community-driven port of Keepass password manager -# dmenu | shortcut to launch other applications -# nvidia | NVIDIA drivers for newer cards (see wiki if doubt) -# nvidia-utils | NVIDIA utilities -# nvidia-settings | NVIDIA settings page -# nvidia-prime | NVIDIA optimus like tool -# xf86-video-intel | Intel graphics card drivers -# pulseaudio | Audio support -# pulseaudio-bluetooth | Audio bluetooth support -# pulsemixer | CLI audio mixer -# bluez | Bluetooth support -# bluez-utils | Provides bluetoothctl to connect to devices -# openssh | Provides utilities to generate ssh keys -# xclip | Being able to copy from CLI -# picom | X compositor that may fix tearing issues -# vlc | Multi-platform MPEG, VCD/DVD, and DivX player -# i3-gaps | A fork of i3wm tiling window manager with more features, including gaps -# xorg-xinit | Xorg initialisation program -# xorg-server | Xorg X server -# xorg-xset | User preference utility for X -# feh | Fast and light imlib2-based image viewer -# alacritty | terminal emulator -# os-prober | Utility to detect other OSes on a set of drives -# git | The fast distributed version control system -# wget | Network utility to retrieve files from the Web -# unzip | For extracting and viewing files in .zip archives -# firefox | Standalone web browser from mozilla.org -# virtualbox | Powerful x86 virtualization for enterprise as well as home use -# virtualbox-guest-utils | VirtualBox Guest userspace utilities -# virtualbox-host-modules-arch | Virtualbox host kernel modules for Arch Kernel -# bash-completion | Programmable completion for the bash shell -# intel-ucode | Microcode update files for Intel CPUs -# reflector | Python utility to get the fastest pacman mirrors -# rsync | A fast and versatile file copying tool for remote and local files (optional dependency of reflector) -# nodejs | Evented I/O for V8 javascript -# npm | A package manager for javascript -# ripgrep | search tool that combines the usability of ag with the raw speed of grep -# cuda | NVIDIA's GPU programming toolkit -# python | Next generation of the python high-level scripting language -# python-pip | The PyPA recommended tool for installing Python packages -# lazygit | Simple terminal UI for git commands -# cryptsetup | Userspace setup tool for transparent encryption of block devices using dm-crypt -# discord | All-in-one voice and text chat for gamers that's free and secure. -# htop | Interactive process viewer -# thunderbird | Standalone mail and news reader from mozilla.org -# brightnessctl | Lightweight brightness control tool -# fakeroot | Tool for simulating superuser privileges -# sed | GNU stream editor -# gcc | The GNU Compiler Collection - C and C++ frontends -# grep | A string search utility -# make | GNU make utility to maintain groups of programs -# man-db | A utility for reading man pages -# openvpn | An easy-to-use, robust and highly configurable VPN -# pkgconf | Package compiler and linker metadata toolkit - -# Artix package name | Description -# openrc | Gentoo's universal init system -# elogind-openrc | OpenRC elogind init script -# connman-openrc | OpenRC connman init script -# runit | A cross-platform Unix init scheme with service supervision -# elogind-runit | Runit service scripts for elogind -# connman-runit | Runit service script for connman -# s6-base | Packages, hooks, and scripts to define a basic s6 init system implementation for Artix Linux. -# elogind-s6 | s6-rc service scripts for elogind -# connman-s6 | s6-rc service scripts for connman -# suite66 | small tools built around s6 and s6-rc programs -# elogind-suite66 | 66 script for elogind -# connman-suite66 | 66 script for connman -# dinit | Service monitoring/init system -- init package -# elogind-dinit | dinit service scripts for elogind -# connman-dinit | dinit service scripts for connman - -# AUR package name | Description | Upstream link -# polybar | A fast and easy-to-use status bar | https://aur.archlinux.org/polybar.git -# davmail | a POP/IMAP/SMTP/Caldav/LDAP gateway for the exchange service | https://aur.archlinux.org/davmail.git -# font-manager | A simple font management application for GTK+ Desktop Environments | https://aur.archlinux.org/font-manager.git -# tor-browser | anonymous browsing using Firefox and Tor | https://aur.archlinux.org/tor-browser.git -# lazydocker | A simple terminal UI for docker and docker-compose, written in Go with the gocui library | https://aur.archlinux.org/lazydocker.git - -# NOTE : Before installing tor, type : gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org - -# Get the list of all available time zones -timedatectl list-timezones - -# Removing users from specific group -gpasswd -d "$USERNAME" "$GROUP" - -# Dual boot setup with os-prober -echo 'GRUB_DISABLE_OS_PROBER=0' >> /etc/default/grub -update-grub - -# If bluez bluetooth device is org.bluez.Error.Blocked -rfkill block bluetooth -rfkill unblock bluetooth -# If it still doesn't work -## systemd -systemctl restart bluetooth -## OpenRC -rc-service bluetoothd restart - -# Setup a custom DNS server (systemd) -systemctl enable systemd-resolved -systemctl start systemd-resolved -mkdir /etc/systemd/resolved.conf.d -echo '[Resolve] -DNS=192.168.35.1 fd7b:d0bd:7a6e::1 -Domains=~.e' > /etc/systemd/resolved.conf.d/dns_servers.conf - diff --git a/create_arch_server.sh b/create_arch_server.sh deleted file mode 100755 index 656ed00..0000000 --- a/create_arch_server.sh +++ /dev/null @@ -1,249 +0,0 @@ -#!/usr/bin/env bash - -# Exit immediately if a command exits with a non-zero exit status -set -e - -echo -n Hostname : -read -r HOSTNAME - -echo -n Domain name : -read -r DOMAIN_NAME - -echo -n Username : -read -r USERNAME - -echo Password : -read -r -s PASSWORD - -echo MYSQL_ROOT_PASSWORD ? : -read -r -s MYSQL_ROOT_PASSWORD - -echo MYSQL_PASSWORD ? : -read -r -s MYSQL_PASSWORD - -echo Pihole admin password ? : -read -r -s PIHOLE_PASSWORD - -# Setup the hostname -hostnamectl hostname "$HOSTNAME" - -# Enable pacman's parallels downloads -sed -i 's/^#Para/Para/g' /etc/pacman.conf - -# Updating every packages -pacman -Syu --noconfirm -# Removing unwanted packages -pacman -Rc --noconfirm nano vim vim-runtime sudo -# Installing needed packages -pacman -S --noconfirm --needed docker neovim lazygit neofetch git wget unzip openssh bash-completion reflector \ - rsync nodejs npm python python-pip ripgrep htop opendoas which man sed fakeroot gcc flake8 autopep8 \ - python-pynvim - -# Installing npm dependencies -npm i -g neovim npm-check-updates - -# Enable the wheel group to use doas -echo 'permit persist :wheel' > /etc/doas.conf - -# Enabling docker -systemctl enable docker -systemctl start docker - -# Setup SSH -echo 'Port 777 -AddressFamily inet -ChallengeResponseAuthentication no -AuthorizedKeysFile .ssh/authorized_keys -PasswordAuthentication yes -PermitEmptyPasswords no -PermitRootLogin no -UsePAM no -PrintMotd no -Subsystem sftp /usr/lib/ssh/sftp-server -' > /etc/ssh/sshd_config -systemctl restart sshd - -# Disable systemctl resolved -systemctl stop systemd-resolved -systemctl disable systemd-resolved - -# Adding personnal account -useradd -m "$USERNAME" -passwd "$USERNAME" << EOF -$PASSWORD -$PASSWORD -EOF -usermod -aG wheel "$USERNAME" -usermod -aG docker "$USERNAME" -usermod -aG wheel root - -user_exec(){ - # Adding personnal SSH public key - mkdir ~/.ssh ~/aur git services - echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6nIqEuVlD6ouHf2OmhN5+gP3qP31+Z5x7+2GKLstTzkLo1wFUGQKsAgeAA3r47xXkUznSt0BHi7J6yaAJ7q2oSNxwbH73hemLlbQGAMkjRpvM4wL2jvVVBnILUMqLlzwEqBPlygng3DkT/KGTAcmWrt6kh/TV6npH4bf2LV7Z6g7YB9usmaJPTmw53/lQaDDxkMw7aYgDRc2oQwjZNOZ/uzb3IenvRyXfmegWYLHemiajtuj3e/Z7XRcJLhMp5XYQaPpy7RdkpBNiA7fIrITrXcjK+K71NGXLHRB8Ert5y8SzMs5gu3iOA4JnfcDnpdXyo1USduDDkDjH+N9ggQdaSXUmHCI3P1x1IJN56X0F20u287E/bMGApPiF4mkL5xbJdjZMKDgodm1QNdbBNu4vw4nm13TOM/neqPKcs+gzgPe/50gad2KOGoU+MQwPB2JA/vX9UGHUDTYkn4cmLeDR97OUq94yYZTJX3vMEKMxM9reZ/FR9pcdFvGWme46R1styyZExbPqLPA8b/FjX08USDE4aIDyi0GUHwx+exfdneFWm3yZ/G4XUENlKP3mlzPZql90sJu/ERdUX8fFZfJKdhjH0Q26SYJbD30Oh62IpUEoLFVovbhXO7r8nxgXoAgp7ArwZS2vv5P4xJt4I7gzFxS3cw/K9IOo4TXuXprfmQ== SAUNDERS@DESKTOP-95BAQ8S' > ~/.ssh/authorized_keys - - # Installing lazydocker - git clone https://aur.archlinux.org/lazydocker.git ~/aur/lazydocker - cd ~/aur/lazydocker - makepkg -sri --noconfirm - rm -rf ~/go - - # Adding dotfiles - git clone https://github.com/saundersp/dotfiles.git ~/git/dotfiles - cd ~/git/dotfiles - ./auto.sh server - sudo bash auto.sh server - - # Adding portfolio - git clone https://github.com/saundersp/portfolio.git ~/git/portfolio - cd ~/git/portfolio - docker pull node:lts-alpine - docker build -f Dockerfile.no_ssl -t saundersp/portfolio . - - # Setup the services used in the server - cd ~/services - echo -e "MYSQL_PASSWORD=$MYSQL_PASSWORD\nMYSQL_ROOT_PASSWORD=$MYSQL_ROOT_PASSWORD" > .env - echo 'nextcloud mariadb vaultwarden/server pihole/pihole caddy/caddy:alpine' | xargs -n1 docker pull - - mkdir bitwarden-data caddy mariadb-data nextcloud-data openvpn-etc pihole caddy/config caddy/data caddy/etc - - # Setup caddy - echo "$DOMAIN_NAME { - handle_path /bitwarden* { - reverse_proxy /notifications/hub/negotiate localhost:8080 - reverse_proxy /notifications/hub localhost:3012 - reverse_proxy localhost:8080 - } - handle_path /pihole* { - reverse_proxy localhost:8082 - route /* { - reverse_proxy localhost:8082 - } - } - handle_path /nextcloud* { - rewrite /.well-known/carddav /remote.php/dav - rewrite /.well-known/caldav /remote.php/dav - - header /* { - Script-Transport-Security max-age=15552000; - } - - reverse_proxy localhost:8084 - route /* { - reverse_proxy localhost:8084 - } - } - reverse_proxy localhost:8081 -}" > caddy/Caddyfile - - # Getting the docker-compose.yml ready - echo 'version: "3.9" - -services: - portfolio: - image: saundersp/portfolio:latest - restart: unless-stopped - ports: - - 8081:80 - - pihole: - image: cbcrowe/pihole-unbound:latest - restart: unless-stopped - ports: - - 53:53/tcp - - 53:53/udp - - 8082:80/tcp - volumes: - - ./pihole/data:/etc/pihole - - ./pihole/dnsmasq.d:/etc/dnsmasq.d - environment: - - ServerIP=127.0.0.1 - - TZ=Europe/London - - REV_SERVER=true - - REV_SERVER_TARGET=192.168.1.1 - - REV_SERVER_DOMAIN=local - - REV_SERVER_CIDR=192.168.0.0/16 - - DNS1=127.0.0.1#5335 - - DNS2=127.0.0.1#5335 - - DNSSEC="true" - -# NOTE Get rid of "reducing DNS packet size for nameserver ..." : echo "edns-packet-max=1232" | sudo tee /etc/dnsmasq.d/99-edns.conf - - bitwarden: - image: vaultwarden/server:latest - restart: unless-stopped - ports: - - 8080:80 - volumes: - - ./bitwarden-data:/data - - mariadb: - image: mariadb:latest - restart: unless-stopped - command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed - volumes: - - ./mariadb-data:/var/lib/mysql - environment: - - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - nextcloud: - image: nextcloud:latest - restart: unless-stopped - ports: - - 8084:80 - volumes: - - ./nextcloud-data:/var/www/html - environment: - - MYSQL_PASSWORD=${MYSQL_PASSWORD} - - MYSQL_DATABASE=nextcloud - - MYSQL_USER=nextcloud - - MYSQL_HOST=mariadb - - APACHE_DISABLE_REWRITE_IP=1 - links: - - mariadb - -# NOTE To setup a primary install : -# add "overwriteprotocol => https" to config/config.php -# add "overwritewebroot => /nextcloud" to config/config.php - - caddy: - image: caddy/caddy:alpine - restart: unless-stopped - network_mode: "host" - volumes: - - ./caddy/data:/data - - ./caddy/config:/config - - ./caddy/etc:/root/.local/share/caddy - - ./caddy/Caddyfile:/etc/caddy/Caddyfile -' > docker-compose.yml - docker-compose up -d - sleep 15 - - # Setup nextcloud web root - sudo sed -i "3a\ \ 'overwriteprotocol' => 'https',\n\ \ 'overwritewebroot' => '/nextcloud'," nextcloud-data/config/config.php - docker-compose restart nextcloud - - # Setup pihole - docker-compose exec pihole pihole -a -p "$PIHOLE_PASSWORD" - docker-compose exec pihole sqlite3 /etc/pihole/gravity.db ' - INSERT INTO "adlist" ("address","enabled","comment") VALUES ("https://raw.githubusercontent.com/jdlingyu/ad-war","1","Advertising Lists 1"), - ("https://adaway.org/hosts.txt","1","Advertising Lists 2"), - ("https://v.firebog.net/hosts/AdguardDNS.txt","1","Advertising Lists 3"), - ("https://v.firebog.net/hosts/Admiral.txt","1","Advertising Lists 4"), - ("https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt","1","Advertising Lists 5"), - ("https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt","1","Advertising Lists 6"), - ("https://v.firebog.net/hosts/Easylist.txt","1","Advertising Lists 7"), - ("https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext","1","Advertising Lists 8"), - ("https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts","1","Advertising Lists 9"), - ("https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts","1","Advertising Lists 10");' - docker-compose exec pihole pihole -g -} -export -f user_exec -su "$USERNAME" -c user_exec - -# Removing the nopass option in doas -sed -i '1s/nopass/persist/g' /etc/doas.conf - diff --git a/mv_docker.sh b/mv_docker.sh deleted file mode 100755 index 3a289dc..0000000 --- a/mv_docker.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -set -e - -WSL_DIR='/d/WSL2' - -WSLS="$(wsl --list | sed 1d | cut -d' ' -f 1 | sed $'s/[^[:print:]\t]//g' | head -n -1)" - -mkdir -p "$WSL_DIR" - -for WSL in "${WSLS[@]}"; do - if [ -d "$WSL_DIR"/"$WSL" ]; then - echo "$WSL already moved, continuing" - continue - fi - echo "Exporting $WSL to archive" - wsl --export "$WSL" "$WSL_DIR/$WSL.tar" - echo "Unregistering $WSL" - wsl --unregister "$WSL" - mkdir "$WSL_DIR/$WSL" - echo "Importing $WSL from archive" - wsl --import "$WSL" "$WSL_DIR/$WSL" "$WSL_DIR/$WSL.tar" --version 2 - echo "Removing $WSL archive" - rm "$WSL_DIR/$WSL.tar" -done diff --git a/secure_debian_server.md b/secure_debian_server.md deleted file mode 100644 index 20aa655..0000000 --- a/secure_debian_server.md +++ /dev/null @@ -1,49 +0,0 @@ -# Secure a debian server - -## Deny ping response - -In the file /etc/ufw/before.rules add the line after "ok icmp codes for INPUT" - -> -A ufw-before-input -p icmp --icmp-type echo-request -j DROP - -## Restraining SSH default behaviour - -In the file /etc/ssh/sshd_config or /etc/sshd_config - -> Port $SSH_PORT # Custom SSH port -> AddressFamily inet -> ChallengeResponseAuthentication no -> PasswordAuthentication no -> UsePAM no -> PermitRootLogin no - -```bash -# Apply changes -systemctl restart sshd -``` - -## Enabling security features - -In the file /etc/sysctl.conf, uncomment / add the lines : - -> net.ipv4.conf.default.rp_filter = 1 -> net.ipv4.conf.all.rp_filter = 1 -> net.ipv4.conf.all.accept_redirects = 0 -> net.ipv6.conf.all.accept_redirects = 0 -> net.ipv4.conf.all.send_redirects = 0 -> net.ipv4.conf.all.accept_source_route = 0 -> net.ipv6.conf.all.accept_source_route = 0 -> net.ipv4.conf.all.log_martians = 1 -> net.ipv4.conf.all.arp_notify = 1 - -```bash -# Apply changes -sysctl -p -``` - -## Prevent IP Spoof - -In the file /etc/host.conf, add / change the lines : - -> order bind,hosts -> multi on diff --git a/setup_unreal.sh b/setup_unreal.sh deleted file mode 100755 index 7db6570..0000000 --- a/setup_unreal.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -set -e - -test -z "$REPO_PATH" && REPO_PATH="$HOME"/git - -git clone git@github.com:EpicGames/UnrealEngine.git -b release --depth 1 "$REPO_PATH"/UnrealEngine -cd "$REPO_PATH"/UnrealEngine -./Setup.sh -./GenerateProjectFiles.sh -make -cd Engine/Binaries/Linux -./UnrealEditor diff --git a/vscodium-ext.sh b/vscodium-ext.sh deleted file mode 100755 index 8723364..0000000 --- a/vscodium-ext.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -### Add Microsoft's extensions to VSCodium - -# In the file resources/app/product.json change this : - -# "extensionsGallery": { -# "serviceUrl": "https://open-vsx.org/vscode/gallery", -# "itemUrl": "https://open-vsx.org/vscode/item" -# }, - -# to this : - -# "extensionsGallery": { -# "serviceUrl": "https://marketplace.visualstudio.com/_apis/public/gallery", -# "cacheUrl": "https://vscode.blob.core.windows.net/gallery/index", -# "itemUrl": "https://marketplace.visualstudio.com/items" -# }, - -apply(){ - FILE="$1" - test -z "$FILE" && FILE=/opt/vscodium/resources/app/product.json - SEP=' ' - OLD="$SEP\\\"extensionsGallery\": {\\n$SEP$SEP\\\"serviceUrl\\\": \\\"https://open-vsx.org/vscode/gallery\\\",\\n$SEP$SEP\\\"itemUrl\\\": \\\"https://open-vsx.org/vscode/item\\\"\\n$SEP}," - NEW="$SEP\"extensionsGallery\": {\\n$SEP$SEP\"serviceUrl\": \"https://marketplace.visualstudio.com/_apis/public/gallery\",\\n$SEP$SEP\"cacheUrl\": \"https://vscode.blob.core.windows.net/gallery/index\",\\n$SEP$SEP\"itemUrl\": \"https://marketplace.visualstudio.com/items\"\\n$SEP}," - - sed -i ":a;N;\$!ba;s&$OLD&$NEW&g" "$FILE" -} - -apply "$1" -