foo@bar:~$ sudo -- sh -c "timedatectl set-timezone Australia/Sydney && date" && \
sudo -- sh -c "apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y && apt-get autoremove -y" && \
sudo -- sh -c "apt-get install -y vim-nox && wget --output-document=/etc/vim/vimrc.local https://git.io/JvpS2" && \
sudo -- sh -c "apt-get install -y curl direnv exa git lnav mosh tig tree vifm watchman" && \
sudo -- sh -c "apt-get install -y python3-pip python3-testresources python3-pywatchman"foo@bar:~$ sudo -- sh -c "apt-get install -y curl fzf gawk git python3-pygments sqlite3 ssh-askpass wget zsh" && \
chsh --shell `which zsh` && \
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattendedThen, set ZSH_THEME="powerlevel10k/powerlevel10k" in ~/.zshrc.
foo@bar:~$ curl -fsSL https://tailscale.com/install.sh | sh && \
sudo -- sh -c "tailscale up"foo@bar:~$ curl -fsSL https://get.docker.com -o get-docker.sh
foo@bar:~$ sudo sh get-docker.shfoo@bar:~$ sudo adduser grammy-jiang
...
foo@bar:~$ sudo usermod --append --groups sudo grammy-jiang
...Then switch to the created user.
foo@bar:~$ su --login grammy-jiang
...foo@bar:~$ [ -d ~/.ssh ] || mkdir ~/.ssh && chmod 700 ~/.ssh && \
touch ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa && \
touch ~/.ssh/id_rsa.pub && chmod 644 ~/.ssh/id_rsa.pubfoo@bar:~$ [ -d ~/.ssh ] || mkdir ~/.ssh && chmod 700 ~/.ssh && \
touch ~/.ssh/authorized_keys && chmod 644 ~/.ssh/authorized_keys && \
curl -fsSL https://git.io/JfUqi >> ~/.ssh/authorized_keysfoo@bar:~$ sudo apt install -y tmux && \
git clone https://github.com/gpakosz/.tmux.git ~/projects/tmux-config && \
ln -s -f ~/projects/tmux-config/.tmux.conf && \
ln -s -f ~/projects/tmux-config/.tmux.conf.localfoo@bar:~$ echo "
command! FZFlocate :set noquickview | :execute 'goto' fnameescape(term('locate $HOME | fzf --height 10 2>/dev/tty'))
command! FZFfind :set noquickview | :execute 'goto' fnameescape(term('find | fzf --height 10 2>/dev/tty'))
nnoremap <c-g> :FZFlocate<cr>
nnoremap <c-f> :FZFfind<cr>" | tee -a ~/.vifm/vifmrc > /dev/null...
PermitRootLogin prohibit-password
...
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
...
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
...
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM no
Then restart sshd service:
foo@bar:~$ sudo systemctl reload sshInstall knockd first:
foo@bar:~$ sudo apt install -y knockd
...Then backup the default configuration:
foo@bar:~$ sudo cp /etc/default/knockd /etc/default/knockd.bak
foo@bar:~$ sudo cp /etc/knockd.conf /etc/knockd.conf.bakDownload /etc/default/knockd from here:
foo@bar:~$ sudo wget --output-document=/etc/default/knockd https://gist.githubusercontent.com/grammy-jiang/1149ccade81fe73d3c42be303ba1eaa1/raw
...Download /etc/knockd.conf from here:
foo@bar:~$ sudo wget --output-document=/etc/knockd.conf https://gist.githubusercontent.com/grammy-jiang/be984e674ea557a2c124b46eb1f342a0/raw
...Start knockd.service:
foo@bar:~$ sudo service knockd start
...Read the log messages from knockd:
foo@bar:~$ sudo journalctl --follow --unit knockd.service
...
foo@bar:~$ sudo lnav /var/log/syslog
...Edit ~/.ssh/config:
Host raspbian.raspi
ProxyCommand bash -c "knock %h <port_01> <port_02> <port_03>; sleep 2; nc %h %p"
Watchman
Watchman exists to watch files and record when they change. It can also trigger actions (such as rebuilding assets) when matching files change.