Last active
January 30, 2020 16:22
-
-
Save isac322/0c0a2afee68a3f4cedc6ed500f5243f2 to your computer and use it in GitHub Desktop.
Archlinux initialization script for Raspberry Pi zero
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -ex | |
USER_NAME='bhyoo' | |
HOST_NAME='raspi-zero' | |
pacman-key --init | |
pacman-key --populate archlinuxarm | |
pacman -Syu base base-devel git zsh vim --noconfirm | |
userdel -r alarm | |
useradd -m -G wheel,storage -s "$(command -v zsh)" -u 1000 ${USER_NAME} | |
echo "password for ${USER_NAME}" | |
passwd ${USER_NAME} | |
echo "password for root" | |
passwd root | |
sed /etc/sudoers -i -Ee 's/^\s*#\s*%wheel\s*ALL=\(ALL\)\s*ALL$/%wheel\tALL=(ALL)\tALL/' | |
echo "$HOST_NAME" >/etc/hostname | |
ln -sf /usr/share/zoneinfo/Asia/Seoul /etc/localtime | |
# Select appropriate locale | |
locales=('en_US.UTF-8' 'ko_KR.UTF-8') | |
for locale in "${locales[@]}"; do | |
sed -Ei "s/#(${locale}.*)/\1/" /etc/locale.gen | |
done | |
echo 'LANG=ko_KR.UTF-8' >/etc/locale.conf | |
locale-gen | |
# setup shell & install yay | |
packages=( | |
'oh-my-zsh-git' | |
'zsh-history-search-multi-word-git' | |
'zsh-fast-syntax-highlighting-git' | |
'zsh-autosuggestions' | |
'zsh-completions' | |
'zsh-theme-powerlevel10k-git' | |
'alias-tips-git' | |
'ssh-audit' | |
'pkgfile' | |
'pygmentize' # for colorize plugin of oh-my-zsh | |
'r8152-dkms' | |
'linux-raspberrypi-headers' | |
) | |
su "${USER_NAME}" -c "mkdir /home/${USER_NAME}/yay" | |
cd /home/"${USER_NAME}"/yay | |
su "${USER_NAME}" -c 'git clone https://aur.archlinux.org/yay.git .' | |
su -P "${USER_NAME}" -c 'makepkg -cirs --noconfirm && yay -S '"${packages[*]}"' --noconfirm --removemake && cp /usr/share/oh-my-zsh/zshrc ~/.zshrc' | |
rm -rf /home/"${USER_NAME}"/yay | |
{ | |
echo '' | |
echo 'source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh' | |
echo 'source /usr/share/zsh/plugins/fast-syntax-highlighting/fast-syntax-highlighting.plugin.zsh' | |
echo 'source /usr/share/zsh/plugins/history-search-multi-word/history-search-multi-word.plugin.zsh' | |
echo 'source /usr/share/zsh/plugins/alias-tips/alias-tips.plugin.zsh' | |
echo 'source /usr/share/zsh-theme-powerlevel10k/powerlevel10k.zsh-theme' | |
} >>/home/"${USER_NAME}"/.zshrc | |
plugins=( | |
'colored-man-pages' | |
'colorize' | |
'command-not-found' | |
'extract' | |
'sudo' | |
'tmux' | |
'vundle' | |
'docker' | |
'git' | |
'pip' | |
'python' | |
'virtualenv' | |
'archlinux' | |
'systemd' | |
) | |
perl -0777 -i -pe 's/^\s*plugins\s*=\s*\([^)]*\)$/plugins=('"${plugins[*]}"')/gm' /home/"${USER_NAME}"/.zshrc | |
# setup udisks2 & ufw (firewall) | |
pacman -Syu udisks2 ufw --noconfirm | |
systemctl enable udisks2.service ufw.service pkgfile-update.timer --now | |
ufw --force enable | |
ufw default deny | |
ufw limit ssh | |
ufw logging on | |
# setup sshd | |
function modify_sshd_config() { | |
local val="$1" | |
shift | |
local cfg_path='/etc/ssh/sshd_config' | |
local exprs=() | |
for key in "$@"; do | |
if grep -qE "^\s*#\s*${key}\s+${val}\s*$" "$cfg_path"; then | |
exprs+=(-e "s/^\s*#\s*${key}\s+.+$/${key} ${val}/") | |
else | |
exprs+=(-e "s/^\s*#\s*${key}\s+(.+)$/${key} ${val}\t# \1/") | |
fi | |
done | |
sed -i -E "${exprs[@]}" "$cfg_path" | |
} | |
modify_sshd_config 'no' 'PermitEmptyPasswords' 'PermitRootLogin' 'PasswordAuthentication' 'Compression' | |
modify_sshd_config 'yes' 'PubkeyAuthentication' 'StrictModes' | |
modify_sshd_config '5' 'MaxAuthTries' | |
# install pacakges for maintainence | |
pacman -Syu htop tmux powertop lshw --noconfirm | |
# setup vim | |
# setup pi-hole | |
su "${USER_NAME}" -P -c "yay -S pi-hole-server php-sqlite nginx-mainline php-fpm --noconfirm --removemake" | |
systemctl disable systemd-resolved.service --now | |
sed -i -E -e 's/^\s*#\s*DBINTERVAL\s*=\s*.+$/DBINTERVAL=60.0/' /etc/pihole/pihole-FTL.conf | |
systemctl enable pihole-FTL.service --now | |
function join_by() { | |
local IFS="$1" | |
shift | |
echo "$*" | |
} | |
exceptions=( | |
'/srv/http/pihole' | |
'/run/pihole-ftl/pihole-FTL.port' | |
'/run/log/pihole/pihole.log' | |
'/run/log/pihole-ftl/pihole-FTL.log' | |
'/etc/pihole' | |
'/etc/hosts' | |
'/etc/hostname' | |
'/etc/dnsmasq.d/02-pihole-dhcp.conf' | |
'/etc/dnsmasq.d/03-pihole-wildcard.conf' | |
'/etc/dnsmasq.d/04-pihole-static-dhcp.conf' | |
'/proc/meminfo' | |
'/proc/cpuinfo' | |
'/sys/class/thermal/thermal_zone0/temp' | |
'/tmp' | |
) | |
sed -i -E -e 's/^\s*;\s*extension=(pdo_sqlite|sockets|sqlite3)\s*$/extension=\1/' /etc/php/php.ini | |
sed -i -E -e "s/^\s*;\s*open_basedir\s*=\s*.*$/open_basedir = ${$(join_by : "${exceptions[@]}")//\//\\/}/" /etc/php/php.ini | |
sed -i -E -e 's/^(\s*listen\s*=\s*.+)$/;\1\nlisten = 127.0.0.1:9000/' /etc/php/php-fpm.d/www.conf | |
# TODO: setup /etc/nginx/nginx.conf (https://wiki.archlinux.org/index.php/Pi-hole#Nginx_instead_of_Lighttpd) | |
mkdir /etc/nginx/conf.d | |
cp /usr/share/pihole/configs/nginx.example.conf /etc/nginx/conf.d/pihole.conf | |
systemctl enable nginx.service php-fpm.service --now | |
# TODO: setup hosts file (https://wiki.archlinux.org/index.php/Pi-hole#Update_hosts_file) | |
echo 'setup password for pi-hole' | |
pihole -a -p |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://wiki.archlinux.org/index.php/Pi-hole#Optimise_for_solid_state_drives