Bootstrap my installer

bootstrap.sh

#!/bin/bash

# After installing Ubuntu on a machine I run this script. It removes packages I don't use, 
# improves the security situation slightly, and installs the minimal set of packages I need 
# to do all my work.

# Usage:
# sudo chmod +x bootstrap.sh
# sudo ./bootstrap.sh

# Copyright (c) 2015 Jim Rybarski

# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

if [[ $EUID -ne 0 ]]; then
   echo -ne "\nbootstrap.sh must be run as root. Aborting...\n\n" 1>&2
   exit 1
fi

# Ensure our system is up-to-date
apt update && apt upgrade -y

# Install the few basic packages we need to proceed
apt install -y --no-install-recommends \
    apparmor-profiles \
    apparmor-utils \
    curl \
    dconf-cli \
    flashplugin-installer \
    git \
    rsync \
    vim \
    unattended-upgrades

# Automatically install stable updates
dpkg-reconfigure -plow unattended-upgrades

# Disable guest user login
# printf "[SeatDefaults]\nallow-guest=false\n" >/usr/share/lightdm/lightdm.conf.d/50-no-guest.conf

# Disable webcam
if grep -q "blacklist uvcvideo" "/etc/modprobe.d/blacklist.conf"; then
  echo "webcam already disabled"
else
  printf "\n# Disable webcam\nblacklist uvcvideo\n" >> /etc/modprobe.d/blacklist.conf
fi

# Install dotfiles
git clone --separate-git-dir=$HOME/.cfg git@github.com:jimrybarski/dotfiles.git my-dotfiles-tmp
rsync --recursive --verbose --exclude '.git' my-dotfiles-tmp/ $HOME/
rm --recursive my-dotfiles-tmp

# Install the latest version of Rust and Cargo
if ! which rustc; then
  curl -sSf https://static.rust-lang.org/rustup.sh | sh
fi

# Install Docker
if ! which docker; then
  curl -sSL https://get.docker.com/ | sh
  usermod -aG docker jim 
fi

# Lock down some applications
aa-enforce /etc/apparmor.d/usr.bin.firefox
aa-enforce /etc/apparmor.d/docker

# Get rid of nano
update-alternatives --set editor /usr/bin/vim.basic

# Remap caps lock to escape (great when using Vim)
# Does not work -- need to rethink
# dconf write /org/gnome/desktop/input-sources/xkb-options "['caps:escape']

apt purge -y \
    blueman \
    bluez \
    bluez-cups \
    bluez-obexd \
    brltty \
    brltty-x11 \
    chromium-codecs-ffmpeg-extra \
    dc \
    espeak \
    espeak-data \
    fonts-guru \
    fonts-guru-extra \
    fonts-kacst \
    fonts-kacst-one \
    fonts-khmeros-core \
    fonts-lao \
    fonts-lohit-guru \
    fonts-nanum \
    fonts-sil-abyssinica \
    fonts-sil-padauk \
    fonts-takao-pgothic \
    fonts-thai-tlwg \
    fonts-tibetan-machine \
    fonts-tlwg-garuda \
    fonts-tlwg-kinnari \
    fonts-tlwg-laksaman \
    fonts-tlwg-loma \
    fonts-tlwg-mono \
    fonts-tlwg-norasi \
    fonts-tlwg-purisa \
    fonts-tlwg-sawasdee \
    fonts-tlwg-typewriter \
    fonts-tlwg-typist \
    fonts-tlwg-typo \
    fonts-tlwg-umpush \
    fonts-tlwg-waree \
    freepats \
    gigolo \
    gmusicbrowser \
    gnome-mines \
    gnome-sudoku \
    gucharmap \
    libespeak1 \
    mobile-broadband-provider-info \
    mousepad \
    mscompress \
    nano \
    onboard \
    onboard-data \
    oneconf \
    oneconf-common \
    openoffice.org-hyphenation \
    orage \
    parole \
    pastebinit \
    pidgin \
    pidgin-data \
    pidgin-otr \
    popularity-contest \
    ppp \
    pppconfig \
    pppoeconf \
    ristretto \
    samba-libs \
    simple-scan \
    speech-dispatcher \
    speech-dispatcher-audio-plugins \
    tcpdump \
    telnet \
    thunderbird \
    ttf-indic-fonts-core \
    wbritish \
    xfburn \
    xfce4-dict \
    xfce4-notes

# clean up any cruft
apt autoremove && apt clean

# Tell Git who I am
git config --global user.name "Jim Rybarski"
git config --global user.email jim@rybarski.com

if [ ! -d ~/code ]; then
  mkdir -p ~/code
fi

# Install my password manager
if [ ! -d ~/code/scripts ]; then
  mkdir -p ~/code/scripts
  git clone https://github.com/jimrybarski/password.git ~/code/scripts/password
fi
	
# Download all my docker images
if [ ! -d ~/code/dockerfiles ]; then
  git clone https://github.com/jimrybarski/dockerfiles.git ~/code/dockerfiles
fi

# Set up some files for doing encrypted backups with Duplicity
if [ ! -d ~/.duplicity ]; then
  mkdir /home/jim/.duplicity
  touch /home/jim/.duplicity/notice.log
  chmod -R 755 /home/jim/.duplicity
  chown -R jim:jim /home/jim/.duplicity
fi