kevinkub/Arch Linux Setup.sh

## Arch Linux Setup.sh
# See https://gist.github.com/chris-redbeed/b3cee239532cee25b2357b4225e7f791 for a Debian version of this script.

# Change root password
echo "# Change password of root user"
passwd

# Change hostname
echo "# Change hostname"
read hostname
hostname $hostname

# Setup mirror-list
echo "# Finding fastest mirrors"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
sed -i 's/^#Server/Server/' /etc/pacman.d/mirrorlist.backup
rankmirrors -n 10 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

# Self-upgrade
echo "# Update system with pacman"
pacman -Syu

# Create user
echo "# Create new user"
echo "Please enter username:"
read username
useradd -m $username
passwd $username
echo "Please enter public key:"
read publickey
mkdir "/home/"$username"/.ssh/"
echo $publickey > "/home/"$username"/.ssh/authorized_keys"

# Configure sshd
echo "# Configure sshd"
echo "Please enter a ssh port:"
read sshport
echo "# Custom sshd configurations

# Set the ssh port
Port "$sshport"
# Forbid root login
PermitRootLogin no
# End login-attempts after 30s
LoginGraceTime 30s
# Give only one try to auth
MaxAuthTries 1
# Use public key authentication only
PubkeyAuthentication yes
# Find the file in .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
# Use the pam authentication module
UsePAM no
# Disable password auth
PasswordAuthentication no
# Disable challenge response
ChallengeResponseAuthentication no
# Limit the maximum number of not-logged-in connections to 2
MaxStartups 2
# Print no default message after login as this will be handeled by pam
PrintMotd no
# Load sftp-subsystem (default arch linux)
Subsystem sftp /usr/lib/ssh/sftp-server
# Add permissions for specific users
AllowUsers "$username > /etc/ssh/sshd_config

# Setup firewall
echo "# Setup firewall with ufw."
pacman -S ufw
ufw default allow outgoing
ufw default deny incoming
ufw allow $sshport/tcp
ufw limit $sshport/tcp
ufw enable
systemctl start ufw
systemctl enable ufw

# Setup auto-update
echo "# Setup auto-update"
echo "[Unit]
 Description=Automatic Update
 After=network-online.target

[Service]
 Type=simple
 ExecStart=/usr/bin/pacman -Syuq --noconfirm
 TimeoutStopSec=180
 KillMode=process
 KillSignal=SIGINT

[Install]
 WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.service
echo "[Unit]
 Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes

[Timer]
 OnBootSec=5min
 OnUnitActiveSec=60min
 Unit=autoupdate.service

[Install]
 WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.timer
systemctl enable /etc/systemd/system/autoupdate.timer

# Setup timezone and ntp
timedatectl set-timezone Europe/Berlin
timedatectl set-ntp true
	# See https://gist.github.com/chris-redbeed/b3cee239532cee25b2357b4225e7f791 for a Debian version of this script.

	# Change root password
	echo "# Change password of root user"
	passwd

	# Change hostname
	echo "# Change hostname"
	read hostname
	hostname $hostname

	# Setup mirror-list
	echo "# Finding fastest mirrors"
	cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
	sed -i 's/^#Server/Server/' /etc/pacman.d/mirrorlist.backup
	rankmirrors -n 10 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

	# Self-upgrade
	echo "# Update system with pacman"
	pacman -Syu

	# Create user
	echo "# Create new user"
	echo "Please enter username:"
	read username
	useradd -m $username
	passwd $username
	echo "Please enter public key:"
	read publickey
	mkdir "/home/"$username"/.ssh/"
	echo $publickey > "/home/"$username"/.ssh/authorized_keys"

	# Configure sshd
	echo "# Configure sshd"
	echo "Please enter a ssh port:"
	read sshport
	echo "# Custom sshd configurations

	# Set the ssh port
	Port "$sshport"
	# Forbid root login
	PermitRootLogin no
	# End login-attempts after 30s
	LoginGraceTime 30s
	# Give only one try to auth
	MaxAuthTries 1
	# Use public key authentication only
	PubkeyAuthentication yes
	# Find the file in .ssh/authorized_keys
	AuthorizedKeysFile .ssh/authorized_keys
	# Use the pam authentication module
	UsePAM no
	# Disable password auth
	PasswordAuthentication no
	# Disable challenge response
	ChallengeResponseAuthentication no
	# Limit the maximum number of not-logged-in connections to 2
	MaxStartups 2
	# Print no default message after login as this will be handeled by pam
	PrintMotd no
	# Load sftp-subsystem (default arch linux)
	Subsystem sftp /usr/lib/ssh/sftp-server
	# Add permissions for specific users
	AllowUsers "$username > /etc/ssh/sshd_config

	# Setup firewall
	echo "# Setup firewall with ufw."
	pacman -S ufw
	ufw default allow outgoing
	ufw default deny incoming
	ufw allow $sshport/tcp
	ufw limit $sshport/tcp
	ufw enable
	systemctl start ufw
	systemctl enable ufw

	# Setup auto-update
	echo "# Setup auto-update"
	echo "[Unit]
	Description=Automatic Update
	After=network-online.target

	[Service]
	Type=simple
	ExecStart=/usr/bin/pacman -Syuq --noconfirm
	TimeoutStopSec=180
	KillMode=process
	KillSignal=SIGINT

	[Install]
	WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.service
	echo "[Unit]
	Description=Automatic Update when booted up after 5 minutes then check the system for updates every 60 minutes

	[Timer]
	OnBootSec=5min
	OnUnitActiveSec=60min
	Unit=autoupdate.service

	[Install]
	WantedBy=multi-user.target" > /etc/systemd/system/autoupdate.timer
	systemctl enable /etc/systemd/system/autoupdate.timer

	# Setup timezone and ntp
	timedatectl set-timezone Europe/Berlin
	timedatectl set-ntp true