1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-27 11:41:34 -05:00

Compare commits

...

5 Commits

Author SHA1 Message Date
ba6116bf6f
Remove unnecessary command
Signed-off-by: Tommy <contact@tommytran.io>
2024-07-09 22:46:07 -07:00
d434af04b4
Not overwrite USERGROUP_ENAB on anything but Ubuntu
The nonsense with umask is introduced by Canonical's infinite wisdom: https://git.launchpad.net/ubuntu/+source/pam/tree/debian/patches/pam_umask_usergroups_from_login.defs.patch?h=ubuntu/noble
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583958
We don't need to break sensible distributions because of Ubuntu nonsenses

Signed-off-by: Tommy <contact@tommytran.io>
2024-07-09 15:07:40 -07:00
mce0
4809dcb4ce
Fix typo and notices (#15)
* Fix typo in Fedora-Server-40.sh

Signed-off-by: mce0 <contact@mce0.dev>

* Fix notices in Fedora-Server-40.sh

Signed-off-by: mce0 <contact@mce0.dev>

---------

Signed-off-by: mce0 <contact@mce0.dev>
2024-07-08 11:10:27 -07:00
9f429d1b75
Remove unnecessary groups
Signed-off-by: Tommy <contact@tommytran.io>
2024-07-05 14:30:48 -07:00
55c1da3f33
Clarify Drupal documentation
Signed-off-by: Tommy <contact@tommytran.io>
2024-07-03 13:37:23 -07:00
5 changed files with 9 additions and 10 deletions

View File

@ -39,7 +39,6 @@ sudo systemctl mask kdump.service
umask 077 umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
# Make home directory private # Make home directory private
@ -48,7 +47,7 @@ sudo chmod 700 /home/*
# Setup NTS # Setup NTS
sudo rm -rf /etc/chrony.conf sudo rm -rf /etc/chrony.conf
unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null unpriv curl -s https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | sudo tee /etc/chrony.conf > /dev/null
sudp chmod 644 /etc/chrony.conf sudo chmod 644 /etc/chrony.conf
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | sudo tee /etc/sysconfig/chronyd > /dev/null
sudo chmod 544 /etc/sysconfig/chronyd sudo chmod 544 /etc/sysconfig/chronyd
@ -182,9 +181,9 @@ sudo systemctl restart irqbalance
# Setup notices # Setup notices
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue > /dev/null
sudo chmod 644 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue sudo chmod 644 /etc/issue
unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/issue | sudo tee /etc/issue.net > /dev/null
sudo chmod 644 /etc/issue.net sudo chmod 644 /etc/issue.net
# Final notes to the user # Final notes to the user
output 'Server setup complete. To use unbound for DNS, you need to reboot.' output 'Server setup complete. To use unbound for DNS, you need to reboot.'

View File

@ -39,7 +39,6 @@ sudo systemctl mask kdump.service
umask 077 umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
# Make home directory private # Make home directory private
@ -134,6 +133,9 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Script
sudo chmod 644 /etc/dnf/dnf.conf sudo chmod 644 /etc/dnf/dnf.conf
sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/* sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
# Remove unwanted groups
sudo dnf -y group remove 'Container Management' 'Desktop accessibility' 'Firefox Web Browser' 'Guest Desktop Agents' 'LibreOffice' 'Printing Support'
# Remove firefox packages # Remove firefox packages
sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem sudo dnf -y remove fedora-bookmarks fedora-chromium-config firefox mozilla-filesystem

View File

@ -85,9 +85,6 @@ curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/
mkdir -p /etc/systemd/coredump.conf.d mkdir -p /etc/systemd/coredump.conf.d
curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null curl -s https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf | tee /etc/systemd/coredump.conf.d/disable.conf > /dev/null
# Harden SSH
sed -i 's/#GSSAPIAuthentication no/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
# Setup automatic updates # Setup automatic updates
mkdir -p /etc/systemd/system/pve-daily-update.service.d mkdir -p /etc/systemd/system/pve-daily-update.service.d

View File

@ -34,7 +34,6 @@ sudo systemctl mask kdump.service
umask 077 umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/^USERGROUPS_ENAB.*/USERGROUPS_ENAB no/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
# Make home directory private # Make home directory private

View File

@ -106,6 +106,8 @@ server {
} }
``` ```
**Notes**: `listen 443 quic reuseport;` is only needed once. If you plan to have multiple vhosts on this setup with SSL, consider making a dedicated vhost for this config so that it is nicer and easier to manage. An example can be found [here](https://github.com/TommyTran732/NGINX-Configs/blob/main/etc/nginx/conf.d/sites_default_quic.conf).
## Setup the Database for Drupal ## Setup the Database for Drupal
As root, log into MariaDB: As root, log into MariaDB:
@ -122,7 +124,7 @@ GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORA
exit exit
``` ```
## Install drupal ## Configure Drupal
Go to drupal.yourdomain.tld and follow the prompts. Go to drupal.yourdomain.tld and follow the prompts.