egorFiNE/depoison.sh

## depoison.sh
# first cleanup
apt -y purge --auto-remove systemd-timesyncd python3-systemd lxd-installer snapd systemd-resolved multipath-tools polkitd libpolkit-gobject-1-0 udisks2 open-iscsi systemd-hwe-hwdb update-notifier-common ubuntu-release-upgrader-core landscape-common unattended-upgrades apport uuid-runtime apparmor dbus dbus-daemon dbus-session-bus-common dbus-user-session dbus-system-bus-common

# we need network-synced time
apt -y install chrony

# at this point there should be no packages in "uninstalled not purged" state, but let's keep the command line here for refs
# dpkg --purge `dpkg -l | grep ^rc | awk '{print $2}'`

# cleanup after cleaning up
rm -rf /lib/udev/hwdb.d /var/lib/update-notifier /var/lib/ubuntu-release-upgrader /var/log/unattended-upgrades /var/lib/update-manager /etc/apparmor.d/ /var/run/dbus /var/lib/dbus /etc/xml /etc/sgml /usr/lib/systemd/system-shutdown /etc/cloud

# bring back sane resolv.conf
# it still going to be replaced by ifupdown later on, but we want to have resolver functional for the rest of the script
rm -f /etc/resolv.conf
echo 'nameserver 1.1.1.1' > /etc/resolv.conf

# bring back ssh daemon and get rid of socket activation
systemctl disable --now ssh.socket
systemctl mask ssh.socket
systemctl enable --now ssh.service

# now disabling the systemd masterpieces
SHIT="apt-daily.service apt-daily-upgrade.service systemd-rfkill.socket systemd-fsckd.socket systemd-journald-audit.socket systemd-initctl.socket dm-event.socket systemd-journald.service systemd-journald-dev-log.socket systemd-journald.socket systemd-journal-flush.service systemd-logind.service"

systemctl stop $SHIT
systemctl disable $SHIT

# it's not enough to disable and stop, they WILL reenable themselves at one point; here's why "masking" was invented
systemctl mask $SHIT

# won't help anyway, you'll need to run this script again after each major apt update

# remove binary logs
rm -rf /var/log/journal

# Not sure if we need these:
systemctl kill --kill-who=all apt-daily.service
systemctl kill --kill-who=all apt-daily-upgrade.service

# get rid of systemd timers, all of them
for i in `systemctl list-unit-files --type=timer --all --plain --no-legend | awk '{print $1}'`
do
  systemctl disable $i
  systemctl mask $i
done

# get rid of "useful" cronjobs, as in: updating motd, updating apt, rebuilding man pages, etc
rm -v /etc/cron.*/*

# bring back basic cron stuff that is actually needed
echo '/usr/sbin/logrotate /etc/logrotate.conf' > /etc/cron.daily/logrotate
echo 'fstrim -v -a' > /etc/cron.weekly/fstrim
chmod +x /etc/cron.*/*

# remove systemd and capabilities from pam chain
cd /etc/pam.d
cat common-session | grep -v systemd > tmp && mv tmp common-session
cat common-auth | grep -v pam_cap.so > tmp && mv tmp common-auth
cd -

# unmerging filesystems is not possible anymore either, we'll have to eat this up
rm -rf /*is-merged*

echo -n "What follows next is the removal of netplan and reinstall of ifupdown. ^C here if you are not sure"
read

# remove netplan and install ifupdown
apt -y purge --auto-remove netplan.io
apt -y install ifupdown

# write down basic interfaces
cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback

#auto enp0s1
#iface enp0s1 inet dhcp
EOF

# TODO: perhaps, awk the first network interface and specify it as dhcp one in `/etc/interfaces`?
# ifup enp0s1

# cleanup after cleanup
rm -rf /usr/share/netplan/netplan_cli/cli/commands /usr/lib/python3/dist-packages/netplan /etc/netplan

SHIT="systemd-networkd.service systemd-networkd.socket"
# can't be disabled, so we must mask and it won't come up after reboot
systemctl mask $SHIT

echo "Please reboot"
	# first cleanup
	apt -y purge --auto-remove systemd-timesyncd python3-systemd lxd-installer snapd systemd-resolved multipath-tools polkitd libpolkit-gobject-1-0 udisks2 open-iscsi systemd-hwe-hwdb update-notifier-common ubuntu-release-upgrader-core landscape-common unattended-upgrades apport uuid-runtime apparmor dbus dbus-daemon dbus-session-bus-common dbus-user-session dbus-system-bus-common

	# we need network-synced time
	apt -y install chrony

	# at this point there should be no packages in "uninstalled not purged" state, but let's keep the command line here for refs
	# dpkg --purge `dpkg -l \| grep ^rc \| awk '{print $2}'`

	# cleanup after cleaning up
	rm -rf /lib/udev/hwdb.d /var/lib/update-notifier /var/lib/ubuntu-release-upgrader /var/log/unattended-upgrades /var/lib/update-manager /etc/apparmor.d/ /var/run/dbus /var/lib/dbus /etc/xml /etc/sgml /usr/lib/systemd/system-shutdown /etc/cloud

	# bring back sane resolv.conf
	# it still going to be replaced by ifupdown later on, but we want to have resolver functional for the rest of the script
	rm -f /etc/resolv.conf
	echo 'nameserver 1.1.1.1' > /etc/resolv.conf

	# bring back ssh daemon and get rid of socket activation
	systemctl disable --now ssh.socket
	systemctl mask ssh.socket
	systemctl enable --now ssh.service

	# now disabling the systemd masterpieces
	SHIT="apt-daily.service apt-daily-upgrade.service systemd-rfkill.socket systemd-fsckd.socket systemd-journald-audit.socket systemd-initctl.socket dm-event.socket systemd-journald.service systemd-journald-dev-log.socket systemd-journald.socket systemd-journal-flush.service systemd-logind.service"

	systemctl stop $SHIT
	systemctl disable $SHIT

	# it's not enough to disable and stop, they WILL reenable themselves at one point; here's why "masking" was invented
	systemctl mask $SHIT

	# won't help anyway, you'll need to run this script again after each major apt update

	# remove binary logs
	rm -rf /var/log/journal

	# Not sure if we need these:
	systemctl kill --kill-who=all apt-daily.service
	systemctl kill --kill-who=all apt-daily-upgrade.service

	# get rid of systemd timers, all of them
	for i in `systemctl list-unit-files --type=timer --all --plain --no-legend \| awk '{print $1}'`
	do
	systemctl disable $i
	systemctl mask $i
	done

	# get rid of "useful" cronjobs, as in: updating motd, updating apt, rebuilding man pages, etc
	rm -v /etc/cron./

	# bring back basic cron stuff that is actually needed
	echo '/usr/sbin/logrotate /etc/logrotate.conf' > /etc/cron.daily/logrotate
	echo 'fstrim -v -a' > /etc/cron.weekly/fstrim
	chmod +x /etc/cron./

	# remove systemd and capabilities from pam chain
	cd /etc/pam.d
	cat common-session \| grep -v systemd > tmp && mv tmp common-session
	cat common-auth \| grep -v pam_cap.so > tmp && mv tmp common-auth
	cd -

	# unmerging filesystems is not possible anymore either, we'll have to eat this up
	rm -rf /is-merged

	echo -n "What follows next is the removal of netplan and reinstall of ifupdown. ^C here if you are not sure"
	read

	# remove netplan and install ifupdown
	apt -y purge --auto-remove netplan.io
	apt -y install ifupdown

	# write down basic interfaces
	cat > /etc/network/interfaces <<EOF
	auto lo
	iface lo inet loopback

	#auto enp0s1
	#iface enp0s1 inet dhcp
	EOF

	# TODO: perhaps, awk the first network interface and specify it as dhcp one in `/etc/interfaces`?
	# ifup enp0s1

	# cleanup after cleanup
	rm -rf /usr/share/netplan/netplan_cli/cli/commands /usr/lib/python3/dist-packages/netplan /etc/netplan

	SHIT="systemd-networkd.service systemd-networkd.socket"
	# can't be disabled, so we must mask and it won't come up after reboot
	systemctl mask $SHIT

	echo "Please reboot"