Skip to content

Instantly share code, notes, and snippets.

@dmitriysafronov

dmitriysafronov/clean_minimal_ubuntu.sh

Last active August 16, 2020 17:24
Show Gist options
  • Save dmitriysafronov/5a4084eced6edae49c835cbb0de00477 to your computer and use it in GitHub Desktop.
Save dmitriysafronov/5a4084eced6edae49c835cbb0de00477 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
clean_minimal_ubuntu.sh
#!/bin/bash
apt install --no-install-recommends systemd-cron ifupdown
# Step: Cleanup 1
apt purge -y popularity-contest \
laptop-detect os-prober \
snapd flatpak libflatpak0 \
lxd lxd-client lxcfs lxc-common \
language-selector-common ^language-pack-.* \
installation-report \
screen byobu \
open-iscsi \
update-manager-core update-notifier-common \
accountsservice \
dictionaries-common emacsen-common wamerican wbritish \
at \
ufw \
overlayroot \
ubuntu-advantage-tools \
wireless-regdb \
ubuntu-release-upgrader-core \
landscape-common \
plymouth \
libx11-data \
nano \
^libntfs-3g.* dosfstools \
linux-firmware ^linux-generic.* ^linux-headers.* \
xdg-user-dirs \
netplan.io networkd-dispatcher \
tmux htop mc
apt autoremove --purge -y
###############################################################
# STFU MOTD-NEWS
systemctl stop motd-news.timer
systemctl stop motd-news.service
systemctl disable motd-news.timer
systemctl disable motd-news.service
echo -e "ENABLED=0" > /etc/default/motd-news
###############################################################
# Step: InitRamFS - ZSWAP LZ4 compressor
grep -q -w 'lz4' /etc/initramfs-tools/modules || echo lz4 >> /etc/initramfs-tools/modules
grep -q -w 'lz4_compress' /etc/initramfs-tools/modules || echo lz4_compress >> /etc/initramfs-tools/modules
update-initramfs -u
# Step: Bootloader - ZSWAP
grep -v '#' /etc/default/grub | grep -w 'GRUB_CMDLINE_LINUX=' | tail -n 1 > /tmp/grub.cmdline
echo -e "GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\`
GRUB_CMDLINE_LINUX_DEFAULT=\"zswap.enabled=1 zswap.compressor=lz4\"
GRUB_TERMINAL=console
GRUB_DISABLE_OS_PROBER=true" > /etc/default/grub
cat /tmp/grub.cmdline >> /etc/default/grub
rm -f /tmp/grub.cmdline
update-grub
###############################################################
echo "[Unit]
Description=Generate New Machine ID
DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=systemd-sysusers.service sysinit.target shutdown.target systemd-journald.service
ConditionPathIsReadWrite=/etc
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStartPre=-/bin/rm -f /var/lib/dbus/machine-id
ExecStartPre=-/bin/rm -f /etc/machine-id
ExecStart=/bin/systemd-machine-id-setup
[Install]
WantedBy=basic.target" > /etc/systemd/system/systemd-machine-id-setup.service
systemctl daemon-reload
systemctl enable systemd-machine-id-setup.service
###############################################################
# Step: Cleanup 2
apt autoremove --purge -y
# Step: upgrade
apt full-upgrade -y
## Step: cleanup 3
# Unattended-upgrades
rm -f /etc/apt/apt.conf.d/20auto-upgrades.ucf-dist
rm -f /etc/apt/apt.conf.d/50unattended-upgrades.ucf-dist
# APT
apt clean
rm -f /var/lib/apt/lists/*/* 2> /dev/null
rm -f /var/lib/apt/lists/* 2> /dev/null
# DHCP
rm -rf /var/lib/dhcp/* 2> /dev/null
# DBUS
rm -rf /var/lib/dbus/* 2> /dev/null
# Logrotate
rm -rf /var/lib/logrotate/* 2> /dev/null
# Urandom
rm -rf /var/lib/urandomdev/null
# Supervise
rm -rf /var/lib/supervise
# update-manager
rm -rf /var/lib/update-manager
# release-upgrader
rm -rf /var/lib/ubuntu-release-upgrader
# Journal (if any)
rm -rf /var/log/journal/* 2> /dev/null
# LOGs
rm -f /var/log/*/* 2> /dev/null
rm -f /var/log/* 2> /dev/null
touch /var/log/lastlog
chown root:utmp /var/log/lastlog
chmod 0664 /var/log/lastlog
touch /var/log/dmesg
chown root:adm /var/log/dmesg
chmod 0640 /var/log/dmesg
touch /var/log/faillog
chown root:root /var/log/faillog
chmod 0644 /var/log/faillog
# sync
sync
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment