moritz/linux-bootstrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
linux-bootstrap/README.md
moritzrfs c7261ba2b3 Update git url
2026-06-14 13:07:34 +02:00

2.2 KiB
Raw Permalink Blame History

linux-bootstrap

Oneliner


curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh | bash

Forward flags to the bootstrapper after --:

# skip hardening, set hostname
curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh \
  | bash -s -- --skip hardening --hostname web01

# everything including hardening
curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh | bash -s -- --only base,cli,neovim,motd,shell,hardening

Override repo/ref/dest via env:

REF=dev DEST=/srv/bootstrap curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh | bash

Pure-git alternative (if git is already present)

git clone --depth=1 https://gitea.big-chungus.me/moritz/linux-bootstrap.git /opt/linux-bootstrap \
  && /opt/linux-bootstrap/bootstrap.sh

Modules

module default description
base yes apt update/upgrade + essentials: git, curl, tmux, htop, tree, rsync, jq, dnsutils, mtr, build-essential, …
cli yes modern CLI: ripgrep, fd, bat, fzf, btop
neovim yes neovim + the lua config in config/nvim/
motd yes dynamic login banner (host, IP, uptime, load, mem, disk, updates)
shell yes fd/bat symlinks + system-wide aliases in /etc/profile.d, EDITOR=nvim
hardening no opt-in: unattended-upgrades, fail2ban sshd jail 
./bootstrap.sh --list            # show modules
./bootstrap.sh --only nvim       # just (re)deploy nvim config
./bootstrap.sh --skip motd       # run everything except motd

Customizing

  • nvim: edit config/nvim/lua/core/*.lua and config/nvim/lua/core/plugins.lua
  • banner: edit config/motd/01-banner.sh
  • aliases / packages: edit the mod_* functions in bootstrap.sh

Optional: SSH hardening (do this manually, with care)

After confirming key-based login works:

sudo tee /etc/ssh/sshd_config.d/99-hardening.conf >/dev/null <<'EOF'
PasswordAuthentication no
PermitRootLogin prohibit-password
KbdInteractiveAuthentication no
EOF
sudo systemctl reload ssh   # or sshd, depending on distro
Reference in New Issue View Git Blame Copy Permalink