johan
/
clawd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clawd/scripts/new-server-phase1.sh

125 lines
3.6 KiB
Bash
Raw Blame History

#!/bin/bash
# Phase 1: Base system setup for new James server
# Run as: ssh johan@192.168.3.134 'bash -s' < scripts/new-server-phase1.sh
set -e
SUDO="echo Helder06 | sudo -S"
echo "=== Phase 1: Base System Setup ==="
# 1. Essentials
echo ">>> Installing essentials..."
$SUDO apt-get install -y -q \
curl wget git jq htop tmux build-essential \
pass gnupg2 \
sshpass rsync \
unzip zip \
python3-pip python3-venv \
net-tools dnsutils \
ufw fail2ban \
samba \
ffmpeg \
trash-cli \
apt-transport-https \
ca-certificates \
software-properties-common 2>&1 | tail -3
# 2. Minimal Xfce GUI (for headed Chrome)
echo ">>> Installing minimal Xfce + LightDM..."
$SUDO apt-get install -y -q \
xorg \
xfce4 \
xfce4-terminal \
lightdm \
lightdm-gtk-greeter \
dbus-x11 2>&1 | tail -3
# Set LightDM as default display manager
echo "/usr/sbin/lightdm" | $SUDO tee /etc/X11/default-display-manager > /dev/null
# Configure autologin
$SUDO mkdir -p /etc/lightdm/lightdm.conf.d
cat << 'AUTOLOGIN' | $SUDO tee /etc/lightdm/lightdm.conf.d/50-autologin.conf > /dev/null
[Seat:*]
autologin-user=johan
autologin-user-timeout=0
user-session=xfce
AUTOLOGIN
echo ">>> Disabling screensaver/power management..."
# Will be configured in Xfce session; install xfce4-power-manager
$SUDO apt-get install -y -q xfce4-power-manager 2>&1 | tail -1
# 3. NVIDIA Driver + CUDA (GTX 970 for inference)
echo ">>> Installing NVIDIA driver..."
$SUDO apt-get install -y -q nvidia-driver-535 nvidia-cuda-toolkit 2>&1 | tail -5
# 4. Configure Xorg to use Intel for display, leave NVIDIA for compute
echo ">>> Configuring Xorg for Intel display..."
cat << 'XORGCONF' | $SUDO tee /etc/X11/xorg.conf > /dev/null
# Intel iGPU for display output, NVIDIA GTX 970 for compute only
Section "Device"
Identifier "Intel"
Driver "modesetting"
BusID "PCI:0:2:0"
EndSection
Section "Screen"
Identifier "Screen0"
Device "Intel"
EndSection
Section "ServerLayout"
Identifier "Layout0"
Screen "Screen0"
EndSection
XORGCONF
# 5. Hardening
echo ">>> Hardening SSH..."
$SUDO sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
$SUDO sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
$SUDO sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
$SUDO systemctl restart sshd
echo ">>> Configuring UFW firewall..."
$SUDO ufw default deny incoming
$SUDO ufw default allow outgoing
$SUDO ufw allow ssh
$SUDO ufw allow from 192.168.0.0/16 to any # LAN access for all services
$SUDO ufw --force enable
echo ">>> Configuring fail2ban..."
cat << 'F2B' | $SUDO tee /etc/fail2ban/jail.local > /dev/null
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600
F2B
$SUDO systemctl enable fail2ban
$SUDO systemctl start fail2ban
echo ">>> Enabling unattended security updates..."
$SUDO apt-get install -y -q unattended-upgrades
$SUDO dpkg-reconfigure -plow unattended-upgrades 2>/dev/null || true
# 6. Enable lingering for user services
echo ">>> Enabling systemd linger for johan..."
$SUDO loginctl enable-linger johan
# 7. Node.js 22
echo ">>> Installing Node.js 22..."
curl -fsSL https://deb.nodesource.com/setup_22.x | $SUDO bash - 2>&1 | tail -3
$SUDO apt-get install -y -q nodejs 2>&1 | tail -3
# 8. NPM global directory (no sudo needed)
mkdir -p ~/.npm-global
npm config set prefix ~/.npm-global
grep -q 'npm-global' ~/.bashrc || echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
echo "=== Phase 1 Complete ==="
echo "Reboot recommended for NVIDIA driver + GUI"
Reference in New Issue View Git Blame Copy Permalink