#!/bin/sh
# post_install_deb.sh
# 2024-10-25
# by Gernot Walzl
# Configure a fresh installation of Debian Linux.
. /etc/os-release
EDITOR=${EDITOR:-nano}
edit_apt_sources () {
local MSGBOX
MSGBOX="# deb cdrom:[Debian GNU/Linux 12.0.0 _Bookworm_ - Official amd64 DVD Binary-1 with firmware 20230610-10:23]/ bookworm main non-free-firmware
deb http://deb.debian.org/debian bookworm main non-free-firmware contrib non-free
deb-src http://deb.debian.org/debian bookworm main non-free-firmware contrib non-free
deb http://security.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free
deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free
deb http://deb.debian.org/debian bookworm-updates main non-free-firmware contrib non-free
deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware contrib non-free
"
if [ "$VERSION_ID" -le "11" ]; then
MSGBOX="# deb cdrom:[Debian GNU/Linux 11.0.0 _Bullseye_ - Official amd64 DVD Binary-1 20210814-10:04]/ bullseye contrib main
deb http://deb.debian.org/debian bullseye main contrib non-free
deb-src http://deb.debian.org/debian bullseye main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
"
fi
whiptail \
--title "Edit /etc/apt/sources.list" \
--msgbox "$MSGBOX" \
23 76
$EDITOR /etc/apt/sources.list
}
upgrade_packages () {
apt-get update
apt-get dist-upgrade
}
install_unattended_upgrades () {
apt-get install unattended-upgrades
dpkg-reconfigure unattended-upgrades
}
enable_services_on_battery () {
# /usr/share/doc/anacron/README.Debian
mkdir -p /etc/systemd/system/anacron.service.d
cat > /etc/systemd/system/anacron.service.d/on-ac.conf <<EOF
[Unit]
ConditionACPower=
EOF
mkdir -p /etc/systemd/system/apt-daily.service.d
cat > /etc/systemd/system/apt-daily.service.d/override.conf <<EOF
[Unit]
ConditionACPower=
EOF
mkdir -p /etc/systemd/system/apt-daily-upgrade.service.d
cat > /etc/systemd/system/apt-daily-upgrade.service.d/override.conf <<EOF
[Unit]
ConditionACPower=
EOF
systemctl daemon-reload
whiptail \
--title "Edit /etc/apt/apt.conf.d/50unattended-upgrades" \
--msgbox "Unattended-Upgrade::OnlyOnACPower \"false\";" \
10 76
$EDITOR /etc/apt/apt.conf.d/50unattended-upgrades
}
add_repositories () {
local REPOS
REPOS=$(whiptail \
--title "Add repositories" \
--checklist "Which repositories do you want to add?" \
20 70 12 \
"backports" off \
"gernot-walzl" on \
--noitem \
--separate-output \
3>&1 1>&2 2>&3)
if [ -n "$REPOS" ]; then
for REPO in $REPOS; do
case "$REPO" in
'backports')
cat > '/etc/apt/sources.list.d/backports.list' <<EOF
deb http://deb.debian.org/debian ${VERSION_CODENAME}-backports main contrib non-free
deb-src http://deb.debian.org/debian ${VERSION_CODENAME}-backports main contrib non-free
EOF
;;
'gernot-walzl')
cat > '/etc/apt/sources.list.d/gernot-walzl.list' <<EOF
deb http://gernot-walzl.at/Debian/Packages $VERSION_CODENAME main
EOF
wget -O /etc/apt/trusted.gpg.d/gernot-walzl.asc \
https://gernot-walzl.at/About/GPG-KEY
;;
esac
done
apt-get update
fi
}
install_firewall () {
if [ ! -f /etc/nftables.conf.orig ]; then
mv /etc/nftables.conf /etc/nftables.conf.orig
fi
wget -O /etc/nftables.conf \
https://gernot-walzl.at/Debian/Netfilter/nftables.conf
chmod 750 /etc/nftables.conf
systemctl enable nftables.service
}
install_additional_packages () {
# https://www.linuxquestions.org/questions/2021mca.php
local PKGS
PKGS=$(whiptail \
--title "Install additional software" \
--checklist "Which packages do you want to install?" \
20 70 12 \
"sudo" on \
"emacs" on \
"firmware-iwlwifi" on \
"firmware-misc-nonfree" on \
"printer-driver-gutenprint" on \
"build-essential" on \
"debsums" on \
"gernot-walzl-keyring" on \
"plasma-workspace-wallpapers" on \
"plasma-workspace-data-gernot" on \
"firefox-esr" on \
"firefox-esr-l10n-de" on \
"webext-bulk-media-downloader" on \
"webext-ublock-origin-firefox" off \
"thunderbird" on \
"thunderbird-l10n-de" on \
"hexchat" on \
"pidgin" on \
"audacious" on \
"vlc" on \
"geany" on \
"geany-plugins" on \
"keepassxc" on \
"qbittorrent" on \
"default-jre" on \
--noitem \
--separate-output \
3>&1 1>&2 2>&3)
if [ -n "$PKGS" ]; then
for PKG in $PKGS; do
echo
echo "apt-get install $PKG"
echo
apt-get install "$PKG"
done
fi
}
add_users_to_sudo () {
local USERNAMES=$(getent passwd 1000 | cut -d: -f1)
USERNAMES=$(whiptail \
--title "Add users to group sudo" \
--inputbox "Which users do you want to grant sudo privileges?" \
8 70 \
"$USERNAMES" \
3>&1 1>&2 2>&3)
if [ -n "$USERNAMES" ]; then
for USERNAME in $USERNAMES; do
usermod -a -G sudo "$USERNAME"
done
fi
}
edit_inputrc () {
whiptail \
--title "Edit /etc/inputrc" \
--msgbox "# alternate mappings for \"page up\" and \"page down\" to search the history
\"\e[5~\": history-search-backward
\"\e[6~\": history-search-forward" \
10 76
$EDITOR /etc/inputrc
}
edit_grub () {
whiptail \
--title "Edit /etc/default/grub" \
--msgbox "GRUB_TIMEOUT=3" \
10 76
$EDITOR /etc/default/grub
update-grub
}
dynamic_motd () {
local URL="https://gernot-walzl.at/Debian/motd"
cd /etc/update-motd.d || return 1
wget -O 50-sysinfo "$URL/50-sysinfo"
chmod +x 50-sysinfo
wget -O 98-reboot-required "$URL/98-reboot-required"
chmod +x 98-reboot-required
}
hibernate_on_lid_closed () {
whiptail \
--title "Edit /etc/systemd/logind.conf " \
--msgbox "[Login]
HandleLidSwitch=hibernate
HandleLidSwitchExternalPower=hibernate" \
10 76
$EDITOR /etc/systemd/logind.conf
}
enable_touchpad_tapping () {
# https://wiki.debian.org/SynapticsTouchpad
mkdir -p /etc/X11/xorg.conf.d
cat > /etc/X11/xorg.conf.d/40-libinput.conf <<EOF
Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "Tapping" "on"
EndSection
EOF
}
enable_java_antialiasing () {
cat > /etc/profile.d/java_options.sh <<EOF
#!/bin/sh
export _JAVA_OPTIONS='-Dawt.useSystemAAFontSettings=on -Dswing.aatext=true'
EOF
chmod +x /etc/profile.d/java_options.sh
}
edit_sddm_Xsetup () {
whiptail \
--title "Edit /usr/share/sddm/scripts/Xsetup" \
--msgbox "setxkbmap at" \
10 76
$EDITOR /usr/share/sddm/scripts/Xsetup
}
fix_trackpoint_drift () {
# /sys/devices/rmi4-00/rmi4-00.fn03/serio2
# https://wiki.debian.org/udev
cat > /etc/udev/rules.d/z70_trackpoint.rules <<EOF
SUBSYSTEM=="serio", DRIVERS=="psmouse", ATTR{protocol}=="TPPS/2", ATTR{drift_time}="2"
SUBSYSTEM=="serio", DRIVERS=="psmouse", ATTR{protocol}=="TPPS/2", ATTR{sensitivity}="150"
EOF
}
while :; do
SELECTED=1
if [ "$FUN" != "" ]; then
SELECTED=$(($FUN + 1))
fi
FUN=$(whiptail \
--title "Configure Debian" \
--menu "Welcome to the post installation script of Debian Linux.
Please choose an option:" \
--default-item "$SELECTED" \
--cancel-button "Finish" \
20 70 11 \
1 "edit_apt_sources" \
2 "upgrade_packages" \
3 "install_unattended_upgrades" \
4 "enable_services_on_battery" \
5 "add_repositories" \
6 "install_firewall" \
7 "install_additional_packages" \
8 "add_users_to_sudo" \
9 "edit_inputrc" \
10 "edit_grub" \
11 "dynamic_motd" \
12 "hibernate_on_lid_closed" \
13 "enable_touchpad_tapping" \
14 "enable_java_antialiasing" \
15 "edit_sddm_Xsetup" \
16 "fix_trackpoint_drift" \
3>&1 1>&2 2>&3)
RET=$?
if [ $RET -eq 0 ]; then
case $FUN in
1) edit_apt_sources ;;
2) upgrade_packages ;;
3) install_unattended_upgrades ;;
4) enable_services_on_battery ;;
5) add_repositories ;;
6) install_firewall ;;
7) install_additional_packages ;;
8) add_users_to_sudo ;;
9) edit_inputrc ;;
10) edit_grub ;;
11) dynamic_motd ;;
12) hibernate_on_lid_closed ;;
13) enable_touchpad_tapping ;;
14) enable_java_antialiasing ;;
15) edit_sddm_Xsetup ;;
16) fix_trackpoint_drift ;;
*) break
esac
else
break
fi
echo
echo "Press Enter to continue."
read CONTINUE
done