-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall-packages.sh
executable file
·268 lines (216 loc) · 8.44 KB
/
install-packages.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
#!/bin/sh
set -eux
# We'll use this to specialize our installation.
hostname=$(hostname --short)
architecture=$(dpkg --print-architecture)
# First we have to set up our installation sources.
tee /etc/apt/sources.list > /dev/null << EOF
deb http://deb.debian.org/debian/ bullseye main contrib non-free
deb-src http://deb.debian.org/debian/ bullseye main contrib non-free
deb http://security.debian.org/ bullseye-security main contrib non-free
deb-src http://security.debian.org/ bullseye-security main contrib non-free
deb http://deb.debian.org/debian/ bullseye-updates main contrib non-free
deb-src http://deb.debian.org/debian/ bullseye-updates main contrib non-free
deb http://deb.debian.org/debian/ bullseye-backports main contrib non-free
deb http://deb.debian.org/debian/ unstable main contrib non-free
deb-src http://deb.debian.org/debian/ unstable main contrib non-free
deb http://deb.debian.org/debian/ experimental main contrib non-free
deb-src http://deb.debian.org/debian/ experimental main contrib non-free
EOF
# Track stable but make packages from Unstable and Experimental available.
tee /etc/apt/preferences.d/non-stable-repos > /dev/null << EOF
Package: *
Pin: release a=unstable
Pin-Priority: -1
Package: *
Pin: release a=experimental
Pin-Priority: -1
EOF
# The home server needs to install some tools from non-standard sources.
if [ "$hostname" = "molniya" ]; then
if { \
[ ! -f /usr/share/keyrings/tarsnap-archive.gpg ] || \
[ ! -f /usr/share/keyrings/tailscale-archive.gpg ] || \
[ ! -f /usr/share/keyrings/google-archive.gpg ];
} && { \
( ! command -v curl > /dev/null ) || \
( ! command -v gpg > /dev/null ) \
}
then
apt install --yes curl gnupg
fi
if [ ! -f /usr/share/keyrings/tarsnap-archive.gpg ]; then
curl -fsSL https://pkg.tarsnap.com/tarsnap-deb-packaging-key.asc \
| gpg --dearmor > /usr/share/keyrings/tarsnap-archive.gpg
fi
tee /etc/apt/preferences.d/limit-tarsnap-repo > /dev/null <<-EOF
Package: *
Pin: origin pkg.tarsnap.com
Pin-Priority: 100
EOF
tee /etc/apt/sources.list.d/tarsnap.list > /dev/null <<- EOF
deb [signed-by=/usr/share/keyrings/tarsnap-archive.gpg] http://pkg.tarsnap.com/deb/bullseye ./
EOF
if [ ! -f /usr/share/keyrings/tailscale-archive.gpg ]; then
curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.gpg \
| gpg --dearmor > /usr/share/keyrings/tailscale-archive.gpg
fi
tee /etc/apt/preferences.d/limit-tailscale-repo > /dev/null <<-EOF
Package: *
Pin: origin pkgs.tailscale.com
Pin-Priority: 100
EOF
tee /etc/apt/sources.list.d/tailscale.list > /dev/nul <<- EOF
deb [signed-by=/usr/share/keyrings/tailscale-archive.gpg] https://pkgs.tailscale.com/stable/debian bullseye main
EOF
if [ ! -f /usr/share/keyrings/google-archive.gpg ]; then
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg \
| gpg --dearmor > /usr/share/keyrings/google-archive.gpg
fi
tee /etc/apt/preferences.d/limit-google-repo > /dev/null <<-EOF
Package: *
Pin: origin packages.cloud.google.com
Pin-Priority: 100
EOF
tee /etc/apt/sources.list.d/google.list > /dev/nul <<- EOF
deb [signed-by=/usr/share/keyrings/google-archive.gpg] https://packages.cloud.google.com/apt coral-edgetpu-stable main
EOF
fi
# Machines for everyday personal use need to support i386 as well (for games).
if \
[ "$hostname" = "mir" ] || \
[ "$hostname" = "zond" ]
then
dpkg --add-architecture i386
fi
# To start, get into a clean and ready state.
apt update
apt --yes upgrade
# Base packages used on all systems.
apt install --yes \
bc curl daemontools debian-keyring dnsutils firmware-linux git make \
moreutils ripgrep rsync sudo tmux ufw unzip util-linux vim-nox zsh
tee /etc/apt/preferences.d/backports-core-packages > /dev/null <<- EOF
Package: amd64-microcode intel-microcode linux-image-amd64 linux-image-cloud-amd64
Pin: release a=bullseye-backports
Pin-Priority: 500
EOF
if lscpu | grep -q "GenuineIntel"; then
apt install --yes intel-microcode
elif lscpu | grep -q "AuthenticAMD"; then
apt install --yes amd64-microcode
fi
if [ "$architecture" = "amd64" ]; then
if \
[ "$hostname" = "vostok" ] || \
[ "$hostname" = "voskhod" ]
then
apt install --yes linux-image-cloud-amd64
else
apt install --yes linux-image-amd64
fi
fi
# Packages used only on servers/headless systems.
if \
[ "$hostname" = "vostok" ] || \
[ "$hostname" = "voskhod" ] || \
[ "$hostname" = "molniya" ]
then
apt install --yes emacs-nox openssh-server
fi
# Packages for systems where I want to keep track of HDD state.
if \
[ "$hostname" = "molniya" ] || \
[ "$hostname" = "mir" ]
then
apt install --yes smartmontools
fi
# Packages for non-server machines.
if \
[ "$hostname" = "mir" ] || \
[ "$hostname" = "zond" ]
then
apt install --yes \
alsa-utils anacron borgbackup build-essential chromium dunst dzen2 emacs \
entr eog evince feh ffmpeg fonts-dejavu fonts-inconsolata fonts-liberation \
fonts-symbola gdb gimp git-email git-extras gnome-disk-utility \
gnome-screenshot gnupg-agent gnupg2 gparted gron gvfs-backends imagemagick \
inkscape ipython3 irssi irssi-scripts keychain lbdb \
libghc-xmonad-contrib-dev libghc-xmonad-dev libsecret-tools libssl-dev \
lightdm net-tools msmtp ncal nemo nfs-common numlockx pass pavucontrol \
picom pulseaudio pylint3 python3 python3-flake8 python3-venv rxvt-unicode \
scdaemon shellcheck steam strace ttf-bitstream-vera \
ttf-mscorefonts-installer ttf-xfree86-nonfree unicode-screensaver unifont \
virtualenv vlc w3m wmctrl xbindkeys xsel xinit xlsx2csv xmonad xorg \
xscreensaver xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra \
xscreensaver-screensaver-bsod xserver-xorg-input-all
apt autoremove --purge \
yelp avahi-daemon xdg-desktop-portal gnome-online-accounts
fi
# Desktop packages.
if [ "$hostname" = "mir" ]; then
apt install --yes \
brotli darktable fonts-cantarell fonts-dejavu fonts-dejavu-extra \
fonts-ebgaramond fonts-ebgaramond-extra fonts-lato fonts-linuxlibertine \
fonts-ocr-a fonts-opensymbol fonts-sil-charis fonts-sil-gentium \
fonts-vollkorn fonts-yanone-kaffeesatz geeqie gnome-font-viewer goaccess \
ledger libdvd-pkg neomutt notmuch notmuch-mutt offlineimap3 \
par2 python3-keyring signing-party texlive texlive-bibtex-extra \
texlive-font-utils texlive-fonts-extra texlive-fonts-recommended \
texlive-pictures texlive-pstricks texlive-xetex
apt install --yes \
firmware-amd-graphics libgl1-mesa-dri libgl1-mesa-dri:i386 libglx-mesa0 \
libglx-mesa0:i386 mesa-vulkan-drivers mesa-vulkan-drivers:i386 \
mesa-va-drivers mesa-vdpau-drivers xserver-xorg-video-amdgpu
apt autoremove --purge \
wpasupplicant modemmanager
fi
# Laptop packages.
if [ "$hostname" = "zond" ]; then
apt install --yes \
acpi firmware-iwlwifi firmware-realtek laptop-mode-tools xbacklight \
xserver-xorg-input-synaptics xserver-xorg-video-intel
fi
# Home server packages.
if [ "$hostname" = "molniya" ]; then
apt install --yes \
apcupsd borgbackup certbot kodi kodi-vfs-libarchive libcec6 lm-sensors \
mdadm minidlna netdata nfs-common nfs-kernel-server nginx-light podman \
python3-certbot-dns-cloudflare rtorrent tailscale tarsnap \
xserver-xorg-video-amdgpu
tee /etc/apt/preferences.d/youtube-dl > /dev/null <<- EOF
Package: youtube-dl
Pin: release a=bullseye-backports
Pin-Priority: 500
EOF
apt install \
--no-install-recommends \
youtube-dl
apt autoremove --purge \
bluetooth dhcpcd5 wpasupplicant yelp
fi
# Web server packages.
if \
[ "$hostname" = "vostok" ] || \
[ "$hostname" = "voskhod" ]
then
apt install --yes \
certbot nginx-extras python3-certbot-dns-cloudflare
apt autoremove --purge \
awscli 'google-*' 'python*-boto*'
fi
# Media player
if [ "$hostname" = "almaz" ]; then
apt install --yes mopidy
apt autoremove --purge \
avahi-daemon bluetooth dhcpcd5 ifupdown wpasupplicant yelp
fi
# Configure unattended upgrades
apt install --yes unattended-upgrades
sed -Ei \
's|// "o=Debian Backports,a=\$\{distro_codename\}-backports,l=Debian Backports";| "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";|' \
/etc/apt/apt.conf.d/50unattended-upgrades
# Finally, clean up after ourselves.
apt autoremove --purge
apt purge $(dpkg -l | awk -v ORS=" " '/^rc/ { print $2 } END { printf("\n"); }')
apt clean