-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup.sh
More file actions
executable file
·193 lines (147 loc) · 4.93 KB
/
setup.sh
File metadata and controls
executable file
·193 lines (147 loc) · 4.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
#!/bin/bash
# APT Repositories
# Dotnet and Microsoft Defender
wget -q https://packages.microsoft.com/config/debian/13/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb
# Microsoft Edge
wget -qO- https://packages.microsoft.com/keys/microsoft.asc > /etc/apt/trusted.gpg.d/microsoft-edge.asc
cat > /etc/apt/sources.list.d/microsoft-edge.list <<EOF
deb [arch=amd64] https://packages.microsoft.com/repos/edge stable main
EOF
# VS Code
cat > /etc/apt/sources.list.d/vscode.list <<EOF
deb [arch=amd64,arm64,armhf] https://packages.microsoft.com/repos/code stable main
EOF
# Google Chrome
wget -qO- https://dl.google.com/linux/linux_signing_key.pub > /etc/apt/trusted.gpg.d/google-chrome.asc
cat > /etc/apt/sources.list.d/google-chrome.list <<EOF
deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main
EOF
# Signal app
wget -qO- https://updates.signal.org/desktop/apt/keys.asc > /etc/apt/trusted.gpg.d/signal.asc
echo "deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main" | tee /etc/apt/sources.list.d/signal-xenial.list
apt update
installPkgs=(
psmisc curl
# firmwares (SOF firmware for sound card)
fwupd firmware-sof-signed
firmware-realtek
xorg lightdm awesome chromium arandr autorandr dex light-locker
# Needed for zoom screensharing
# https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0060527
xcompmgr
tlp fdpowermon powertop
sudo krb5-user
# Network
network-manager network-manager-vpnc network-manager-openconnect network-manager-gnome network-manager-openconnect-gnome systemd-resolved
vim-nox
rxvt-unicode xfonts-terminus
ruby ruby-dev libyajl-dev build-essential libxml2-dev
# Screen backlight
xbacklight
# Screenshots
flameshot
# Bluetooth
blueman
pipewire-pulse libspa-0.2-bluetooth wireplumber
# todo: check if need for systemctl --user enable wireplumber
volumeicon-alsa alsa-utils pavucontrol
cups
# Update daily
unattended-upgrades
# Install snaps
snapd
dotnet-sdk-8.0
google-chrome-stable
default-jdk
signal-desktop
docker.io
nodejs
npm
# Microsoft Defender
mdatp
# VS Code
code
)
apt install ${installPkgs[@]}
# Grand sudo access
usermod -aG sudo m.brugidou
# update firmwares
fwupdmgr update
# Get all submodules
sudo -u m.brugidou git submodule update --init
# DNS resolver (useful for split DNS for VPN)
systemctl enable systemd-resolved && systemctl start systemd-resolved
# Install vim plugins
sudo -u m.brugidou vim +BundleInstall +q +q
# Setup urxvt
update-alternatives --set x-terminal-emulator /usr/bin/urxvt
# Set vim as default editor
update-alternatives --set editor /usr/bin/vim.nox
# Setup ruby
gem install bundler
# Criteo printers
if ! lpstat -p | grep -q Criteo4th ; then
echo Adding printer for Criteo 4th floor...
lpadmin -p Criteo4th -m lsb/usr/cupsfilters/Generic-PDF_Printer-PDF.ppd -v socket://172.29.8.38:9100 -L 172.29.8.38
fi
# Node + NPM
snap remove node
# IntelliJ
snap install intellij-idea-community --classic
# Zoom
wget https://zoom.us/client/latest/zoom_amd64.deb
apt install ./zoom_amd64.deb
rm -f ./zoom_amd64.deb
# Install docker
usermod -aG docker m.brugidou
# Install rclone
wget https://downloads.rclone.org/rclone-current-linux-amd64.deb
apt install ./rclone-current-linux-amd64.deb
rm -f ./rclone-current-linux-amd64.deb
# Full upgrade and cleanup
apt dist-upgrade
apt autoremove
#
# TODO: set up intune for Debian, for now this is done manually
#
cat > /etc/apt/sources.list.d/microsoft-intune.list <<EOF
# for intune-portal
#deb [arch=amd64] https://packages.microsoft.com/ubuntu/24.04/prod noble main
# for openjdk-11-jre
#deb [arch=amd64] http://deb.debian.org/debian/ unstable main
EOF
# Enable unstable
# apt install openjdk-11-jre
# update-alternatives --set java /usr/lib/jvm/java-11-openjdk-amd64/bin/java
# Enable microsoft ubuntu repo
# apt install microsoft-identity-broker=1.7.0
# apt-mark hold microsoft-identity-broker
# apt install intune-portal
# Don't forget to remove lsb_release and set /etc/os-release to
wget -O /etc/os-release https://raw.githubusercontent.com/chef/os_release/refs/heads/main/ubuntu_2404
# Fix uname -a kernel patch level
if ! grep 0-19 /usr/bin/uname; then
cp /usr/bin/uname{,.backup}
cat > /usr/bin/uname <<'EOF'
#!/bin/bash
if [ "$1" == "-r" ] ; then
echo "6.5.0-19"
else
/usr/bin/uname.backup $@
fi
EOF
chmod +x /usr/bin/uname
fi
# And tweak gsettings to have:
# org.gnome.desktop.screensaver lock-enabled true
# org.gnome.desktop.screensaver idle-activation-enabled true
# org.gnome.desktop.screensaver lock-delay uint32 0
# org.gnome.desktop.session idle-delay uint32 300
# Defender onboarding
if ! mdatp health --field healthy | grep -q true; then
wget -O /tmp/MicrosoftDefenderATPOnboardingLinuxServer.py https://repo.criteois.com/master/MicrosoftDefenderATPOnboardingLinuxServer.py
python3 /tmp/MicrosoftDefenderATPOnboardingLinuxServer.py
fi
# check status with mdatp health