linux-bootstrap
Oneliner
curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh | bash
Forward flags to the bootstrapper after --:
# skip hardening, set hostname
curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh \
| bash -s -- --skip hardening --hostname web01
# everything including hardening
curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh | bash -s -- --only base,cli,neovim,motd,shell,hardening
Override repo/ref/dest via env:
REF=dev DEST=/srv/bootstrap curl -fsSL https://gitea.big-chungus.me/moritz/linux-bootstrap/raw/branch/master/install.sh | bash
Pure-git alternative (if git is already present)
git clone --depth=1 https://gitea.big-chungus.me/moritz/linux-bootstrap.git /opt/linux-bootstrap \
&& /opt/linux-bootstrap/bootstrap.sh
Modules
| module | default | description |
|---|---|---|
base |
yes | apt update/upgrade + essentials: git, curl, tmux, htop, tree, rsync, jq, dnsutils, mtr, build-essential, … |
cli |
yes | modern CLI: ripgrep, fd, bat, fzf, btop |
neovim |
yes | neovim + the lua config in config/nvim/ |
motd |
yes | dynamic login banner (host, IP, uptime, load, mem, disk, updates) |
shell |
yes | fd/bat symlinks + system-wide aliases in /etc/profile.d, EDITOR=nvim |
hardening |
no | opt-in: unattended-upgrades, fail2ban sshd jail |
./bootstrap.sh --list # show modules
./bootstrap.sh --only nvim # just (re)deploy nvim config
./bootstrap.sh --skip motd # run everything except motd
Customizing
- nvim: edit
config/nvim/lua/core/*.luaandconfig/nvim/lua/core/plugins.lua - banner: edit
config/motd/01-banner.sh - aliases / packages: edit the
mod_*functions inbootstrap.sh
Optional: SSH hardening (do this manually, with care)
After confirming key-based login works:
sudo tee /etc/ssh/sshd_config.d/99-hardening.conf >/dev/null <<'EOF'
PasswordAuthentication no
PermitRootLogin prohibit-password
KbdInteractiveAuthentication no
EOF
sudo systemctl reload ssh # or sshd, depending on distro