System Dotfiles

Set up a base environment on a new system as an administrator. It must be run as a user who has sudo access.

Please do not run it as root.

BEWARE — This tool will use sudo to modify system files. Proceed with caution.

DO NOT run the setup.sh script if you don't fully understand what it does. Seriously, DON'T!

Background
Requirements
Pre-Install
Install
Screenshots
Acknowledgements
Contributing
License

Background

Manually setting up a usable environment on a brand new server is always a tiring experience. I felt the need to create a tool which would automate this process as smoothly as possible. It should ideally —

Perform hardening operations
Install necessary tools
Manage system configurations

It should also follow these standards —

Bootstrap itself using only wget or curl
Be idempotent
Be easy to audit

Requirements

This tool is only meant for Linux variants. It has been verified to work on —

Debian 9
Ubuntu 16.04

Pre-Install

If you do not have a user with sudo access, create it as follows:

# Login to root
sudo -i

# Update the default text editor, select your desire
update-alternatives --config editor

# Edit sudoers file and add the following line
visudo
# Allow members of group sudo-users to execute any command, passwordless
%sudo-users ALL=(ALL) NOPASSWD: ALL

Run the following commands to:

Create a new user boss
Add your SSH public key to boss — must replace my SSH public key below
Add boss to sudo-users for passwordless sudo
Unlock this user by deleting its password

# Initialize USER variables
USER="boss"
USERNAME="Boss"
SSH_DIR="/home/$USER/.ssh"
SSH_PUBLIC_KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJK827/gzPAZQaNsLdtBz/WK6HHJaFL85pF+gsP41SDl ashish"

# Add user
useradd \
    --key UMASK=022 \
    --user-group \
    --create-home \
    --shell /bin/bash \
    --comment "$USER_NAME" \
    "$USER"

# Create sudo-users group
groupadd --system sudo-users

# Add your user to sudo-users
usermod \
    --append \
    --groups sudo-users \
    "$USER"

# Setup SSH access
mkdir -p "$SSH_DIR"
echo "$SSH_PUBLIC_KEY" >> "$SSH_DIR/authorized_keys"
chown -R "$USER":"$USER" "$SSH_DIR"

# Sometimes SSH access is prohibited because user is locked
# Unlock the user by deleting its password
passwd -d "$USER"

Install

The setup process will:

Download the dotfiles on your computer (by default it will suggest ~/projects/dotfiles-system)
Take versioned backup of files that might be changed and store them in ~/.backups/dotfiles-system-backup/v*
Symlink the etc/ssh/?, /etc/git/?, /usr/local/bin/? files and scripts
Create groups: ssh-users, nix-users and add current user to them
Install Nix and some necessary packages

One-line installer

Tool	Snippet
`wget`	`bash -c "$(wget -qO - https://raw.githubusercontent.com/musq/dotfiles-system/master/src/os/setup.sh)"`
`cURL`	`bash -c "$(curl -LsS https://raw.githubusercontent.com/musq/dotfiles-system/master/src/os/setup.sh)"`

Manual

# Clone this repo
git clone https://github.com/musq/dotfiles-system.git

# Go inside
cd dotfiles-system

# Run installer
./src/os/setup.sh

Update

# Go inside the project repo
cd path/to/dotfiles-system

# Update git repo
git pull origin master

# Run installer
./src/os/setup.sh

Non-Interactive

Pass -y or --yes to automatically answer yes to all the questions.

Tool	Snippet
`Manual`	`./src/os/setup.sh -y`
`wget`	`bash -c "$(wget -qO - https://raw.githubusercontent.com/musq/dotfiles-system/master/src/os/setup.sh) -y"`
`cURL`	`bash -c "$(curl -LsS https://raw.githubusercontent.com/musq/dotfiles-system/master/src/os/setup.sh) -y"`

Screenshots

Acknowledgements

Inspiration and code were taken from many sources, including:

Contributing

Feel free to dive in! Open an issue or submit PRs.

See contributing guidelines.

License

The code is available under GNU GPL v3, or later license
Parts from the original base are still available under MIT license

musq / dotfiles-system