moritz/linux-bootstrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb83b30aa9bd0f2326340a9848b3db121d07fcad
linux-bootstrap/README.md
moritzrfs bb83b30aa9 Add scripts
2026-06-14 13:04:03 +02:00

67 lines
2.1 KiB
Markdown
Raw Blame History

# linux-bootstrap
## Oneliner
```bash
curl -fsSL https://raw.githubusercontent.com/CHANGE_ME/linux-bootstrap/main/install.sh | bash
```
Forward flags to the bootstrapper after `--`:
```bash
# skip hardening, set hostname
curl -fsSL https://raw.githubusercontent.com/CHANGE_ME/linux-bootstrap/main/install.sh \
| bash -s -- --skip hardening --hostname web01
# everything including hardening
curl -fsSL .../install.sh | bash -s -- --only base,cli,neovim,motd,shell,hardening
```
Override repo/ref/dest via env:
```bash
REF=dev DEST=/srv/bootstrap curl -fsSL .../install.sh | bash
```
### Pure-git alternative (if git is already present)
```bash
git clone --depth=1 https://github.com/CHANGE_ME/linux-bootstrap.git /opt/linux-bootstrap \
&& /opt/linux-bootstrap/bootstrap.sh
```
## Modules
| module | default | description |
|------------|:------:|-------------|
| `base` | yes | apt update/upgrade + essentials: git, curl, tmux, htop, tree, rsync, jq, dnsutils, mtr, build-essential, … |
| `cli` | yes | modern CLI: ripgrep, fd, bat, fzf, btop |
| `neovim` | yes | neovim + the lua config in `config/nvim/` |
| `motd` | yes | dynamic login banner (host, IP, uptime, load, mem, disk, updates) |
| `shell` | yes | `fd`/`bat` symlinks + system-wide aliases in `/etc/profile.d`, `EDITOR=nvim` |
| `hardening`| **no** | opt-in: unattended-upgrades, fail2ban sshd jail |
```bash
./bootstrap.sh --list # show modules
./bootstrap.sh --only nvim # just (re)deploy nvim config
./bootstrap.sh --skip motd # run everything except motd
```
## Customizing
- nvim: edit `config/nvim/lua/core/*.lua` and `config/nvim/lua/core/plugins.lua`
- banner: edit `config/motd/01-banner.sh`
- aliases / packages: edit the `mod_*` functions in `bootstrap.sh`
## Optional: SSH hardening (do this manually, with care)
After confirming key-based login works:
```bash
sudo tee /etc/ssh/sshd_config.d/99-hardening.conf >/dev/null <<'EOF'
PasswordAuthentication no
PermitRootLogin prohibit-password
KbdInteractiveAuthentication no
EOF
sudo systemctl reload ssh # or sshd, depending on distro
```
Reference in New Issue View Git Blame Copy Permalink