-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathserver.sh
More file actions
executable file
·306 lines (254 loc) · 10.7 KB
/
server.sh
File metadata and controls
executable file
·306 lines (254 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
#!/bin/bash
# This script handles privilege escalation, system config, and user environment.
set -e
# Detect username (works both as root and as user)
USERNAME="${SUDO_USER:-$USER}"
# ============================================================================
# ROOT SETUP FUNCTION
# ============================================================================
root_setup() {
echo ""
echo "=========================================="
echo "PART 1: ROOT SETUP (System Configuration)"
echo "=========================================="
echo ""
if [ "$EUID" -eq 0 ] && [ -z "$USERNAME" ]; then
USERNAME=$(getent passwd | awk -F: '$3 == 1000 {print $1; exit}')
fi
echo "Configuring system for user: $USERNAME"
# 1. DNF Update (Allowed to fail if repos are locked)
echo "Updating system packages..."
dnf update -y || echo "Warning: DNF update had issues, continuing..."
# 2. Install GitHub CLI
echo "Installing GitHub CLI..."
if [ ! -f "/etc/yum.repos.d/gh-cli.repo" ]; then
dnf config-manager addrepo --from-repofile=https://cli.github.com/packages/rpm/gh-cli.repo -y
fi
dnf install -y gh --repo gh-cli 2>/dev/null || dnf install -y gh
# 3. Install standard packages
echo "Installing development packages..."
dnf install -y git zsh curl util-linux-user unzip fontconfig nvim tmux tzdata \
lm_sensors fd-find fzf luarocks wget procps-ng openssl-devel \
@development-tools rustup
# 4. Passwordless Sudoers (Bare Metal Safe)
if [ ! -f "/etc/sudoers.d/$USERNAME" ]; then
echo "Configuring sudo permissions..."
echo "$USERNAME ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/$USERNAME"
chmod 0440 "/etc/sudoers.d/$USERNAME"
fi
# 5. Set Default Shell
ZSH_PATH=$(which zsh)
if [ -n "$ZSH_PATH" ]; then
echo "Setting default shell to zsh..."
chsh -s "$ZSH_PATH" "$USERNAME" 2>/dev/null || usermod -s "$ZSH_PATH" "$USERNAME" 2>/dev/null || true
fi
# 6. Enable linger
echo "Enabling lingering for $USERNAME..."
loginctl enable-linger "$USERNAME"
echo "Root setup complete."
}
# ============================================================================
# USER SETUP FUNCTION
# ============================================================================
user_setup() {
echo ""
echo "=========================================="
echo "PART 2: USER SETUP (Personal Configuration)"
echo "=========================================="
echo ""
# Manually set the environment for systemctl --user
export XDG_RUNTIME_DIR="/run/user/$(id -u)"
export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus"
git config --global --unset url."https://github.com/".insteadOf
# 1. Directories
mkdir -p "$HOME/.local/bin" "$HOME/.config/tmux" "$HOME/.ssh" "$HOME/.local/share/fonts" "$HOME/.config/containers/systemd" "$HOME/.config/systemd/user"
chmod 700 "$HOME/.ssh"
# 2. JetBrains Mono Nerd Font
FONT_DIR="$HOME/.local/share/fonts/JetBrainsMonoNF"
if [ ! -d "$FONT_DIR" ]; then
echo "Installing JetBrains Mono Nerd Font..."
curl -fLo /tmp/fonts.zip https://github.com/ryanoasis/nerd-fonts/releases/download/v3.3.0/JetBrainsMono.zip
unzip -oq /tmp/fonts.zip -d "$FONT_DIR"
rm -f /tmp/fonts.zip
fc-cache -f > /dev/null 2>&1
fi
# 3. Lazygit
if [ ! -f "$HOME/.local/bin/lazygit" ]; then
echo "Installing Lazygit..."
LG_VER=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep -Po '"tag_name": "v\K[^"]*')
curl -sLo /tmp/lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LG_VER}_Linux_x86_64.tar.gz"
tar xf /tmp/lazygit.tar.gz -C /tmp lazygit
mv /tmp/lazygit "$HOME/.local/bin/"
rm -f /tmp/lazygit.tar.gz
fi
# 4. Neovim
echo "Setting up Neovim configuration..."
rm -rf "$HOME/.config/nvim"
git clone https://github.com/andreluisos/nvim.git "$HOME/.config/nvim"
# 5. Tmux (Handle potential 404)
echo "Setting up Tmux configuration..."
# Try 'tmux' filename first, then 'tmux.conf'
curl -sfLo "$HOME/.config/tmux/tmux.conf" https://raw.githubusercontent.com/andreluisos/linux/refs/heads/main/tmux || \
curl -sfLo "$HOME/.config/tmux/tmux.conf" https://raw.githubusercontent.com/andreluisos/linux/refs/heads/main/tmux.conf
curl -sfLo "$HOME/.config/tmux/status.sh" https://raw.githubusercontent.com/andreluisos/linux/refs/heads/main/status.sh
chmod +x "$HOME/.config/tmux/status.sh" 2>/dev/null || true
if [ ! -d "$HOME/.tmux/plugins/tpm" ]; then
git clone https://github.com/tmux-plugins/tpm "$HOME/.tmux/plugins/tpm"
fi
# 7. Oh My Zsh (Force HTTPS & Non-interactive)
echo "Installing Oh My Zsh..."
rm -rf "$HOME/.oh-my-zsh" "$HOME/.zshrc"
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" "" --unattended
# 8. Zsh Plugins (Explicit HTTPS)
echo "Installing Zsh plugins..."
ZSH_CUSTOM="$HOME/.oh-my-zsh/custom"
mkdir -p "${ZSH_CUSTOM}/plugins"
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git "${ZSH_CUSTOM}/plugins/zsh-syntax-highlighting" || true
git clone https://github.com/zsh-users/zsh-autosuggestions.git "${ZSH_CUSTOM}/plugins/zsh-autosuggestions" || true
git clone https://github.com/zsh-users/zsh-completions.git "${ZSH_CUSTOM}/plugins/zsh-completions" || true
git clone https://github.com/zsh-users/zsh-history-substring-search.git "${ZSH_CUSTOM}/plugins/zsh-history-substring-search" || true
# 9. Configure .zshrc
if [ -f "$HOME/.zshrc" ]; then
echo "Configuring .zshrc..."
sed -i 's/plugins=(git)/plugins=(git zsh-syntax-highlighting zsh-autosuggestions zsh-completions zsh-history-substring-search)/g' "$HOME/.zshrc"
echo 'export PATH=$HOME/.local/bin:$HOME/.cargo/bin:$PATH' >> "$HOME/.zshrc"
fi
# 10. Rust (Skip if exists)
if [ ! -d "$HOME/.cargo" ]; then
echo "Installing Rust..."
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
fi
# 11. SDKMAN! & Java
echo "Installing SDKMAN! & GraalVM..."
rm -rf "$HOME/.sdkman"
curl -s "https://get.sdkman.io" | bash
# Source it within the script to use immediately
export SDKMAN_DIR="$HOME/.sdkman"
[[ -s "$HOME/.sdkman/bin/sdkman-init.sh" ]] && source "$HOME/.sdkman/bin/sdkman-init.sh"
# Install Java & Gradle
sdk install java 25.0.2-graalce || true
sdk install gradle || true
# Ensure SDKMAN init is in .zshrc
if ! grep -q "sdkman-init.sh" "$HOME/.zshrc"; then
cat >> "$HOME/.zshrc" << 'SDKMAN_EOF'
# SDKMAN initialization
export SDKMAN_DIR="$HOME/.sdkman"
[[ -s "$HOME/.sdkman/bin/sdkman-init.sh" ]] && source "$HOME/.sdkman/bin/sdkman-init.sh"
SDKMAN_EOF
fi
# 12. OpenCode (AI Assistant)
echo "Installing OpenCode..."
curl -fsSL https://opencode.ai/install | bash || echo "OpenCode install failed, skipping..."
# 13. Handle Cloudflare Tunnel Secret
if ! podman secret inspect CLOUDFLARE_TUNNEL_TOKEN >/dev/null 2>&1; then
if [ -n "$CF_TOKEN" ]; then
echo "$CF_TOKEN" | podman secret create CLOUDFLARE_TUNNEL_TOKEN -
echo "Secret 'CLOUDFLARE_TUNNEL_TOKEN' created."
else
echo "Error: Cloudflare token was not provided. Skipping secret creation."
fi
fi
# 14. Create the Cloudflared Gateway Quadlet
# This single container handles both SSH (22) and Neovim (9999) traffic
systemctl --user stop cloudflared-gateway.service
rm ~/.config/containers/systemd/cloudflared-gateway.container
cat <<EOF > ~/.config/containers/systemd/cloudflared-gateway.container
[Unit]
Description=Cloudflare Tunnel Gateway
After=network-online.target
[Container]
Image=docker.io/cloudflare/cloudflared:latest
Secret=CLOUDFLARE_TUNNEL_TOKEN,type=env,target=TUNNEL_TOKEN
Exec=tunnel --no-autoupdate run --protocol quic
Network=host
[Service]
Restart=always
[Install]
WantedBy=default.target
EOF
# 15. Create a persistent SSH Agent Service
systemctl --user stop ssh-agent.service 2>/dev/null || true
cat <<EOF > ~/.config/systemd/user/ssh-agent.service
[Unit]
Description=SSH Key Agent
After=network.target
[Service]
Type=simple
# %t is a systemd shortcut for /run/user/1000
Environment="SSH_AUTH_SOCK=%t/ssh-agent.socket"
ExecStartPre=/usr/bin/rm -f %t/ssh-agent.socket
# -D prevents it from forking, -a sets the fixed path
ExecStart=/usr/bin/ssh-agent -D -a %t/ssh-agent.socket
Restart=always
[Install]
WantedBy=default.target
EOF
systemctl --user daemon-reload
systemctl --user enable --now ssh-agent.service
# 16. Create Cloudflare Neovim TCP Bridge
systemctl --user stop cloudflared-nvim.service
rm ~/.config/systemd/user/cloudflared-nvim.service
cat <<EOF > ~/.config/systemd/user/cloudflared-nvim.service
[Unit]
Description=Cloudflare Neovim TCP Bridge
After=network-online.target
[Service]
# This turns your local 9999 into a direct pipe to the server
ExecStart=/usr/bin/cloudflared access tcp --hostname nvim.dataverdict.com.br --listener localhost:9999
Restart=always
[Install]
WantedBy=default.target
EOF
# 17. Create the Neovim Server Service
systemctl --user disable --now nvim-server
rm ~/.config/systemd/user/nvim-server.service
cat <<EOF > ~/.config/systemd/user/nvim-server.service
[Unit]
Description=Neovim Remote Server
After=ssh-agent.service
[Service]
Type=simple
WorkingDirectory=%h
# Inject the fixed socket path into Neovim's environment
Environment="SSH_AUTH_SOCK=/run/user/1000/ssh-agent.socket"
Environment="XDG_RUNTIME_DIR=/run/user/%U"
Environment="DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/%U/bus"
ExecStart=/usr/bin/zsh -ic "nvim --headless --listen 127.0.0.1:9999"
Restart=always
[Install]
WantedBy=default.target
EOF
# 18. Automate SSH key loading
cat <<EOF >> ~/.ssh/config
Host *
# Automatically load keys into the agent on first use
AddKeysToAgent yes
# Use the persistent systemd socket
IdentityAgent /run/user/1000/ssh-agent.socket
EOF
# 19. Apply changes and fire it up
echo "Reloading systemd and starting services..."
systemctl --user daemon-reload
# Start the tunnel and the nvim server
systemctl --user start cloudflared-gateway.service
systemctl --user enable --now cloudflared-nvim.service
systemctl --user enable --now nvim-server
echo ""
echo "=========================================="
echo "SETUP COMPLETE! RE-LOG TO APPLY SHELL"
echo "=========================================="
}
# ============================================================================
# MAIN EXECUTION
# ============================================================================
if [ "$EUID" -eq 0 ]; then
root_setup
echo ""
echo "Switching to user: $USERNAME"
# Use sudo to run the function as the user while keeping the environment
sudo -E -u "$USERNAME" bash -c "$(declare -f user_setup); user_setup"
else
echo "Please run this script with: sudo bash $0"
exit 1
fi
echo "All done!"