1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-24 18:21:34 -05:00
Linux-Setup-Scripts/Ubuntu-Desktop-20.04-LTS.sh

199 lines
8.6 KiB
Bash
Raw Normal View History

2021-04-04 01:09:26 -04:00
#!/bin/bash
#Please note that this is how I PERSONALLY setup my computer - I do some stuff such as not using anything to download GNOME extensions from extensions.gnome.org and installing the extensions as a package instead
#Customize it to your liking
#Run this script as your user, NOT root
2021-04-04 05:19:59 -04:00
#Note: BTRFS Setup is not included in this script. I highly recommend using encrypted ZFS instead: https://linsomniac.gitlab.io/post/2020-04-09-ubuntu-2004-encrypted-zfs/
2021-04-04 14:02:33 -04:00
#I also took some codes from https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/ubuntu-18-04-lts as well
2021-04-04 01:09:26 -04:00
#Written by yours truly, Tomster
#Variables
USER=$(whoami)
output(){
echo -e '\e[36m'$1'\e[0m';
}
#Moving to the home directory
#Note that I always use /home/${USER} because gnome-terminal is wacky and sometimes doesn't load the environment variables in correctly (Right click somewhere in nautilus, click on open in terminal, then hit create new tab and you will see.)
cd /home/${USER} || exit
#Setting umask to 077
umask 077
2021-04-04 06:43:36 -04:00
sudo sed -ie '/^DIR_MODE=/ s/=[0-9]*\+/=0700/' /etc/adduser.conf
sudo sed -ie '/^UMASK\s\+/ s/022/077/' /etc/login.defs
2021-04-04 17:50:59 -04:00
sudo sed -i 's/USERGROUPS_ENAB no/USERGROUPS_ENAB yes/g' /etc/login.defs
echo "umask 077" | sudo tee --append /etc/profile
2021-04-04 01:09:26 -04:00
2021-04-04 14:02:33 -04:00
#Disable shell access for new users
sudo sed -ie '/^SHELL=/ s/=.*\+/=\/usr\/sbin\/nologin/' /etc/default/useradd
sudo sed -ie '/^DSHELL=/ s/=.*\+/=\/usr\/sbin\/nologin/' /etc/adduser.conf
#Prevent normal users from accessing su
sudo dpkg-statoverride --update --add root adm 4750 /bin/su
2021-04-04 10:26:11 -04:00
#Remove unnecessary permissions
sudo chmod o-w /var/cache
sudo chmod o-w /var/metrics
2021-04-04 05:12:54 -04:00
#Make home directory private
2021-04-04 08:47:25 -04:00
sudo chmod 700 /home/*
2021-04-04 06:43:36 -04:00
2021-04-04 05:50:35 -04:00
#Disable crash reports
gsettings set com.ubuntu.update-notifier show-apport-crashes false
ubuntu-report -f send no
2021-04-04 06:04:37 -04:00
sudo systemctl stop apport.service
sudo systemctl disable apport.service
sudo systemctl mask apport.service
sudo systemctl stop whoopsie.service
sudo systemctl disable whoopsie.service
sudo systemctl mask whoopsie.service
2021-04-04 05:50:35 -04:00
2021-04-04 01:09:26 -04:00
#Disable ptrace
2021-04-04 08:07:04 -04:00
sudo sed -i 's/kernel.yama.ptrace_scope = 1/kernel.yama.ptrace_scope = 3/g' /etc/sysctl.d/10-ptrace.conf
2021-04-04 07:19:29 -04:00
sudo sysctl --load=/etc/sysctl.d/10-ptrace.conf
2021-04-04 01:09:26 -04:00
2021-04-04 05:58:20 -04:00
#Blacklist Firewire SBP2
echo "blacklist firewire-sbp2" | sudo tee /etc/modprobe.d/blacklist.conf
2021-04-04 01:11:05 -04:00
#Enable UFW
2021-04-04 01:09:26 -04:00
sudo ufw enable
#Update packages and firmware
2021-04-04 01:11:05 -04:00
sudo apt update
sudo apt upgrade -y
sudp apt autoremove -y
2021-04-04 01:09:26 -04:00
sudo fwupdmgr get-devices
sudo fwupdmgr refresh --force
2021-04-04 08:07:04 -04:00
sudo fwupdmgr get-updates -y
2021-04-04 01:09:26 -04:00
sudo fwupdmgr update -y
#Remove unneeded packages
2021-04-04 05:55:01 -04:00
#Note that I remove unattended upgrades because GNOME Software will be handling auto updates
2021-04-06 10:57:54 -04:00
sudo apt purge gnome-calculator *evince* *seahorse* *gedit* *yelp* gnome-screenshot gnome-power-manager eog gnome-logs gnome-characters gnome-shell-extension-desktop-icons gnome-font-viewer *file-roller* network-manager-pptp* network-manager-openvpn* *nfs* apport* telnet *spice* tcpdump firefox* gnome-disk* gnome-initial-setup ubuntu-report popularity-contest whoopsie speech-dispatcher modemmanager avahi* gnome-shell-extension-ubuntu-dock mobile-broadband-provider-info ImageMagick* adcli libreoffice* ntfs* xfs* tracker* thermald sane* simple-scan *hangul* unattended-upgrades ibus-table ubuntu-restricted-addons* python3-reportlab-accel* *remote-desktop* xserver-xephyr info -y
2021-04-04 01:20:37 -04:00
sudo apt autoremove -y
2021-04-04 01:22:36 -04:00
sudo snap remove snap-store
2021-04-04 01:09:26 -04:00
#Install packages that I use
2021-04-04 01:26:48 -04:00
sudo add-apt-repository ppa:alexlarsson/flatpak -y
sudo apt update
2021-04-04 01:28:15 -04:00
sudo apt upgrade -y
2021-04-06 08:33:34 -04:00
sudo apt install neofetch gnome-software flatpak gnome-software-plugin-flatpak apparmor-profiles apparmor-profiles-extra apparmor-utils gnome-tweak-tool git-core libpam-pwquality python3-pip curl lm-sensors nvme-cli nautilus -y
2021-04-04 01:09:26 -04:00
2021-04-04 05:08:24 -04:00
#Put all AppArmor profiles into enforcing mode
2021-04-04 14:02:33 -04:00
sudo aa-enforce /etc/apparmor.d/*
2021-04-04 05:08:24 -04:00
#Install Yubico Stuff
2021-04-04 05:41:14 -04:00
sudo apt -y install libpam-u2f
2021-04-04 01:09:26 -04:00
mkdir -p /home/${USER}/.config/Yubico
2021-04-06 02:00:26 -04:00
sudo snap install yubioath-desktop
2021-04-04 01:09:26 -04:00
#Install IVPN
2021-04-04 07:19:29 -04:00
curl -fsSL https://repo.ivpn.net/stable/ubuntu/generic.gpg | sudo apt-key add -
curl -fsSL https://repo.ivpn.net/stable/ubuntu/generic.list | sudo tee /etc/apt/sources.list.d/ivpn.list
2021-04-04 04:17:40 -04:00
sudo chmod 644 /etc/apt/sources.list.d/ivpn.list
2021-04-04 03:26:27 -04:00
sudo apt update
sudo apt upgrade -y
sudo apt install ivpn-ui -y
2021-04-04 01:09:26 -04:00
2021-04-04 08:56:36 -04:00
#Install OpenSnitch
wget https://github.com/evilsocket/opensnitch/releases/download/v1.3.6/opensnitch_1.3.6-1_amd64.deb
wget https://github.com/evilsocket/opensnitch/releases/download/v1.3.6/python3-opensnitch-ui_1.3.6-1_all.deb
2021-04-04 10:24:19 -04:00
sudo dpkg -i opensnitch*.deb python3-opensnitch-ui*.deb
sudo apt -f install -y
2021-04-04 08:56:36 -04:00
rm -rf *opensnitch*
2021-04-04 14:22:16 -04:00
sudo chown -R $USER:$USER /home/${USER}/.config/autostart
2021-04-04 08:56:36 -04:00
2021-04-04 01:09:26 -04:00
#Setting up Flatpak
flatpak remote-add --user flathub https://flathub.org/repo/flathub.flatpakrepo
2021-04-04 02:08:52 -04:00
flatpak remote-add --user flathub-beta https://flathub.org/beta-repo/flathub-beta.flatpakrepo
2021-04-06 00:52:55 -04:00
flatpak remote-add --user gnome-nightly https://nightly.gnome.org/gnome-nightly.flatpakrepo
2021-04-04 01:09:26 -04:00
flatpak remove --unused
#Install default applications
2021-04-06 02:00:26 -04:00
flatpak install flathub com.github.tchx84.Flatseal org.mozilla.firefox org.videolan.VLC org.gnome.eog org.gnome.Calendar org.gnome.Contacts org.gnome.FileRoller com.vscodium.codium -y
2021-04-04 01:09:26 -04:00
#Enable auto TRIM
sudo systemctl enable fstrim.timer
2021-04-04 10:24:19 -04:00
#Download GNOME shell theme
git clone https://github.com/i-mint/midnight.git
mkdir /home/${USER}/.themes
ln -s /home/${USER}/midnight/Midnight-* /home/${USER}/.themes/
2021-04-04 01:09:26 -04:00
#Download and set icon theme
git clone https://github.com/NicoHood/arc-icon-theme.git
2021-04-04 07:19:29 -04:00
mkdir /home/${USER}/.icons
2021-04-04 01:09:26 -04:00
ln -s /home/${USER}/arc-icon-theme/Arc /home/${USER}/.icons/
git clone https://github.com/zayronxio/Mojave-CT.git
ln -s /home/${USER}/Mojave-CT /home/${USER}/.icons/
sed -i 's/Inherits=Moka,Adwaita,gnome,hicolor/Inherits=Mojave-CT,Moka,Adwaita,gnome,hicolor/g' /home/${USER}/arc-icon-theme/Arc/index.theme
find /home/${USER}/arc-icon-theme -name '*[Tt]rash*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Nn]autilus*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Gg]nome.[Ss]ettings*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Gg]nome.[Tt]weak*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Gg]nome.[Ss]oftware*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Gg]nome.[Bb]oxes*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Ss]team*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Tt]hunderbird*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Mm]inecraft*' -exec rm {} \;
find /home/${USER}/Mojave-CT -name '*[Ee]piphany*' -exec rm {} \;
2021-04-05 19:16:28 -04:00
find /home/${USER}/Mojave-CT -name '*[Rr]iot*' -exec rm {} \;
2021-04-04 01:09:26 -04:00
gsettings set org.gnome.desktop.interface icon-theme "Arc"
#Set GTK theme
2021-04-05 15:10:46 -04:00
sudo add-apt-repository ppa:daniruiz/flat-remix -y
sudo apt update
sudo apt install flat-remix-gtk -y
gsettings set org.gnome.desktop.interface gtk-theme "Flat-Remix-GTK-Blue-Dark"
2021-04-04 01:09:26 -04:00
flatpak upgrade -y
2021-04-04 09:11:53 -04:00
#Set Black GDM background
mkdir -p /home/${USER}/Pictures/Wallpapers/
wget https://wallpaperaccess.com/full/512679.jpg -O /home/${USER}/Pictures/Wallpapers/Black.png
wget github.com/thiggy01/change-gdm-background/raw/master/change-gdm-background
2021-04-04 10:24:19 -04:00
sudo chmod u+x /home/${USER}/change-gdm-background
output "Answer no to this or the script will get interupted"
2021-04-04 09:11:53 -04:00
sudo /home/${USER}/change-gdm-background /home/${USER}/Pictures/Wallpapers/Black.png
2021-04-04 04:00:34 -04:00
#Set Ubuntu 20.04 LTS Wallpaper
gsettings set org.gnome.desktop.background picture-uri 'file:///usr/share/backgrounds/matt-mcnulty-nyc-2nd-ave.jpg'
2021-04-04 01:09:26 -04:00
#Enable Titlebar buttons
gsettings set org.gnome.desktop.wm.preferences button-layout 'appmenu:minimize,maximize,close'
#Enable GNOME shell extensions
gsettings set org.gnome.shell disable-user-extensions false
#Enable tap to click
gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true
2021-04-06 06:50:00 -04:00
#Enable touchpad while typing
gsettings set org.gnome.desktop.peripherals.touchpad disable-while-typing false
2021-04-04 06:51:01 -04:00
#Setup GetExtensions
git clone https://github.com/ekistece/GetExtensions.git
pip3 install ./GetExtensions --user
2021-04-04 01:09:26 -04:00
#Reenable Wayland... They are working to support it, and if you aren't gaming you shouldn't stay on x11 anyways
2021-04-04 08:07:04 -04:00
sudo sed -i 's^DRIVER=="nvidia", RUN+="/usr/lib/gdm3/gdm-disable-wayland"^#DRIVER=="nvidia", RUN+="/usr/lib/gdm3/gdm-disable-wayland"^g' /usr/lib/udev/rules.d/61-gdm.rules
2021-04-04 01:09:26 -04:00
2021-04-05 15:10:46 -04:00
#Signing ashmem kernel module
2021-04-05 19:15:46 -04:00
sudo kmodsign sha512 /var/lib/shim-signed/mok/MOK.priv /var/lib/shim-signed/mok/MOK.der /lib/modules/`uname -r`/kernel/drivers/staging/android/ashmem_linux.ko
2021-04-04 14:29:09 -04:00
2021-04-04 01:09:26 -04:00
#Randomize MAC address
sudo bash -c 'cat > /etc/NetworkManager/conf.d/00-macrandomize.conf' <<-'EOF'
[device]
wifi.scan-rand-mac-address=yes
[connection]
wifi.cloned-mac-address=random
ethernet.cloned-mac-address=random
connection.stable-id=${CONNECTION}/${BOOT}
EOF
sudo systemctl restart NetworkManager