mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-22 09:31:34 -05:00
Sane apt upgrades
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
0ce4a7b30e
commit
77c3b23e3d
@ -22,9 +22,17 @@ unpriv(){
|
|||||||
sudo -u nobody "$@"
|
sudo -u nobody "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Compliance
|
# Compliance and updates
|
||||||
sudo systemctl mask debug-shell.service
|
sudo systemctl mask debug-shell.service
|
||||||
|
|
||||||
|
## Avoid phased updates
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
|
||||||
|
sudo apt update
|
||||||
|
sudo apt full-upgrade -y
|
||||||
|
sudo apt autoremove -y
|
||||||
|
|
||||||
# Make home directory private
|
# Make home directory private
|
||||||
sudo chmod 700 /home/*
|
sudo chmod 700 /home/*
|
||||||
|
|
||||||
@ -36,10 +44,6 @@ sudo systemctl restart chronyd
|
|||||||
# Setup repositories
|
# Setup repositories
|
||||||
sudo find /etc/apt/sources.list.d -type f -exec sudo sed -i 's/http:/https:/g' {} \;
|
sudo find /etc/apt/sources.list.d -type f -exec sudo sed -i 's/http:/https:/g' {} \;
|
||||||
|
|
||||||
# Update and install packages
|
|
||||||
sudo apt update
|
|
||||||
sudo apt upgrade -y
|
|
||||||
|
|
||||||
# Setup ufw
|
# Setup ufw
|
||||||
sudo apt install ufw -y
|
sudo apt install ufw -y
|
||||||
sudo ufw enable
|
sudo ufw enable
|
||||||
|
16
Proxmox-8.sh
16
Proxmox-8.sh
@ -20,9 +20,17 @@ output(){
|
|||||||
echo -e '\e[36m'"$1"'\e[0m';
|
echo -e '\e[36m'"$1"'\e[0m';
|
||||||
}
|
}
|
||||||
|
|
||||||
# Compliance
|
# Compliance and updates
|
||||||
systemctl mask debug-shell.service
|
systemctl mask debug-shell.service
|
||||||
|
|
||||||
|
## Avoid phased updates
|
||||||
|
curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
|
||||||
|
apt update
|
||||||
|
apt full-upgrade -y
|
||||||
|
apt autoremove -y
|
||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
rm -rf /etc/chrony/chrony.conf
|
rm -rf /etc/chrony/chrony.conf
|
||||||
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf
|
curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony/chrony.conf
|
||||||
@ -56,10 +64,8 @@ deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription' | tee /
|
|||||||
|
|
||||||
echo 'deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription' | tee /etc/apt/sources.list.d/ceph.list
|
echo 'deb http://download.proxmox.com/debian/ceph-quincy bookworm no-subscription' | tee /etc/apt/sources.list.d/ceph.list
|
||||||
|
|
||||||
# Update and install packages
|
# Install packages
|
||||||
apt update
|
apt install -y intel-microcode tuned fwupd dropbear-initramfs
|
||||||
apt upgrade -y
|
|
||||||
apt install -y --no-install-recommends intel-microcode tuned fwupd dropbear-initramfs
|
|
||||||
|
|
||||||
### This part assumes that you are using systemd-boot
|
### This part assumes that you are using systemd-boot
|
||||||
echo -e "spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none ia32_emulation=0 page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off $(cat /etc/kernel/cmdline)" > /etc/kernel/cmdline
|
echo -e "spectre_v2=on spec_store_bypass_disable=on l1tf=full,force mds=full,nosmt tsx=off tsx_async_abort=full,nosmt kvm.nx_huge_pages=force nosmt=force l1d_flush=on mmio_stale_data=full,nosmt random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none ia32_emulation=0 page_alloc.shuffle=1 randomize_kstack_offset=on extra_latent_entropy debugfs=off $(cat /etc/kernel/cmdline)" > /etc/kernel/cmdline
|
||||||
|
@ -29,9 +29,14 @@ sudo systemctl mask debug-shell.service
|
|||||||
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
|
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue
|
||||||
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
|
echo 'Authorized uses only. All activity may be monitored and reported.' | sudo tee /etc/issue.net
|
||||||
|
|
||||||
|
## Avoid phased updates
|
||||||
|
sudo apt install -y curl
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
|
||||||
sudo apt update -y
|
sudo apt update -y
|
||||||
sudo apt full-upgrade -y
|
sudo apt full-upgrade -y
|
||||||
sudo apt install -y curl
|
sudo apt autoremove -y
|
||||||
|
|
||||||
# Default to gcc-12 instead of gcc-11
|
# Default to gcc-12 instead of gcc-11
|
||||||
sudo rm /usr/bin/gcc
|
sudo rm /usr/bin/gcc
|
||||||
|
@ -27,6 +27,11 @@ unpriv(){
|
|||||||
# Compliance and updates
|
# Compliance and updates
|
||||||
sudo systemctl mask debug-shell.service
|
sudo systemctl mask debug-shell.service
|
||||||
|
|
||||||
|
## Avoid phased updates
|
||||||
|
sudo apt install curl -y
|
||||||
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades | sudo tee /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
sudo chmod 644 /etc/apt/apt.conf.d/99sane-upgrades
|
||||||
|
|
||||||
sudo apt update -y
|
sudo apt update -y
|
||||||
sudo apt full-upgrade -y
|
sudo apt full-upgrade -y
|
||||||
sudo apt autoremove -y
|
sudo apt autoremove -y
|
||||||
@ -43,7 +48,7 @@ echo 'umask 077' | sudo tee --append /etc/profile
|
|||||||
|
|
||||||
# Setup NTS
|
# Setup NTS
|
||||||
sudo systemctl disable systemd-timesyncd
|
sudo systemctl disable systemd-timesyncd
|
||||||
sudo apt install -y curl chrony
|
sudo apt install -y chrony
|
||||||
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf
|
unpriv curl https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony/chrony.conf
|
||||||
sudo systemctl restart chronyd
|
sudo systemctl restart chronyd
|
||||||
|
|
||||||
|
5
etc/apt/apt.conf.d/99sane-upgrades
Normal file
5
etc/apt/apt.conf.d/99sane-upgrades
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
Update-Manager::Always-Include-Phased-Updates;
|
||||||
|
APT::Get::Always-Include-Phased-Updates;
|
||||||
|
APT::Get::Upgrade-Allow-New;
|
||||||
|
APT::Get::Install-Recommends "false";
|
||||||
|
APT::Get::Install-Suggests "false";
|
Loading…
Reference in New Issue
Block a user