Dot Files




The configs are intentionally simple. I usually try to use the default configurations as much as possible, so I can easily switch between different computers without spending time configuring each of them. Also, I’m not too fond of code or configuration that I don’t understand. It might do magical things, but when things go awry, which they do, I need to be able to fix it.

Setup MacOS


# xcode
xcode-select --install
# ~/.oh-my-zsh
if [ ! -d ~/.oh-my-zsh ]; then
  sh -c "$(curl -fsSL"
  echo '
  export PATH=/opt/homebrew/opt/node@20/bin:/opt/homebrew/opt/curl/bin:/opt/homebrew/bin:/opt/homebrew/sbin:~/go/bin:$PATH
  export ZSH="$HOME/.oh-my-zsh"
  source $ZSH/
  alias ss="source ~/.zshrc"
  alias findgit="find . -type f -name config -not -path node_modules -exec grep -H github {} \; 2> /dev/null"
  alias cleanmac="brew update && brew upgrade && brew cleanup && brew cleanup -s && brew autoremove && brew doctor"
  alias deploy_site="rsync -avr --exclude={.git,node_modules,.DS_Store} \
  ~/apps/site/ [email protected]:/var/www/site && \
  ssh [email protected] "cd /var/www/site; docker compose up -d --build; docker system prune -f; exit""
  ' | awk '{$1=$1;print}' > ~/.zshrc
# ~/.vimrc
if [ ! -f ~/.vimrc ]; then
  echo '
  set tabstop=2 shiftwidth=2 expandtab autoindent linebreak wrap number
  ' | awk '{$1=$1;print}' > ~/.vimrc
# ~/.gitconfig
if [ ! -f ~/.gitconfig ]; then
  git config --global "x"
  git config --global "[email protected]"
  git config --global init.defaultBranch main
# brew
if ( ! command -v brew &> /dev/null ); then
  /bin/bash -c "$(curl -fsSL"
  brew analytics off
  brew update
  brew upgrade
  brew install jq
  brew install go
  brew install git
  brew install php
  brew install composer
  brew install node@18
  brew install node@20
  brew install deno
  brew install llvm
  brew install rust
  brew install ruby
  brew install grep
  brew install curl
  brew install wget
  brew install tmux
  brew install gnupg
  brew install awscli
  brew install openssl
  brew install nmap
  brew install netcat
  brew install whois
  brew install qrencode
  brew install wireguard-tools
  brew install --cask google-chrome
  brew install --cask firefox
  brew install --cask tor-browser
  brew install --cask docker
  brew install --cask iterm2
  brew install --cask visual-studio-code
  brew install --cask tableplus
  brew install --cask telegram
  brew install --cask spotify
  brew install --cask trezor-suite
  brew install --cask vlc
  brew install --cask wireshark
  brew install --cask mullvadvpn

Setup Debian


# prompt
read -p "Install basic? [y/n] " install_basic
read -p "Install fail2ban? [y/n] " install_fail2ban
read -p "Install docker? [y/n] " install_docker
read -p "Install caddy? [y/n] " install_caddy
read -p "Install hack? [y/n] " install_hack
if [ "$install_basic" = "y" ] && ( ! command -v docker &> /dev/null ); then
  # install
  sudo apt update
  sudo apt upgrade -y
  sudo apt install -y ufw
  sudo apt install -y git
  sudo apt install -y htop
  sudo apt install -y tmux
  # ssh
  cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
  echo "PermitRootLogin prohibit-password" >> /etc/ssh/sshd_config
  echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
  echo "Port 55666" >> /etc/ssh/sshd_config
  echo "MaxSessions 5" >> /etc/ssh/sshd_config
  echo "MaxAuthTries 2" >> /etc/ssh/sshd_config
  echo "LoginGraceTime 30" >> /etc/ssh/sshd_config
  echo "MaxStartUps 5:30:10" >> /etc/ssh/sshd_config
  # re-generate the RSA and ED25519 keys
  rm /etc/ssh/ssh_host_*
  ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N ""
  ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ""
  # remove small Diffie-Hellman moduli
  awk '$5 >= 3071' /etc/ssh/moduli > /etc/ssh/
  mv /etc/ssh/ /etc/ssh/moduli
  # enable the RSA and ED25519 keys
  sed -i 's/^\#HostKey \/etc\/ssh\/ssh_host_\(rsa\|ed25519\)_key$/HostKey \/etc\/ssh\/ssh_host_\1_key/g' /etc/ssh/sshd_config
  # restrict supported key exchange, cipher, and MAC algorithms
  echo -e "# Restrict key exchange, cipher, and MAC algorithms, as per\n# hardening guide.\nKexAlgorithms [email protected],curve25519-sha256,[email protected],gss-curve25519-sha256-,diffie-hellman-group16-sha512,gss-group16-sha512-,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256\n\nCiphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr\n\nMACs [email protected],[email protected],[email protected]\n\nHostKeyAlgorithms [email protected],[email protected],[email protected],[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\nCASignatureAlgorithms [email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256\n\nGSSAPIKexAlgorithms gss-curve25519-sha256-,gss-group16-sha512-\n\nHostbasedAcceptedAlgorithms [email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,[email protected],rsa-sha2-256\n\nPubkeyAcceptedAlgorithms [email protected],[email protected],[email protected],ssh-ed25519,[email protected],rsa-sha2-512,[email protected],rsa-sha2-256" > /etc/ssh/sshd_config.d/ssh-audit_hardening.conf
  # restart OpenSSH server
  service ssh restart
# fail2ban
if [ "$install_fail2ban" = "y" ] && [ ! -d /etc/fail2ban ]; then
  sudo apt install -y fail2ban
  sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  sudo sed -i 's/^bantime.*=.*10m$/bantime = 1d/g' /etc/fail2ban/jail.local
  sudo sed -i 's/^findtime.*=.*10m$/findtime = 1d/g' /etc/fail2ban/jail.local
  sudo sed -i 's/^maxretry.*=.*5$/maxretry = 3/g' /etc/fail2ban/jail.local
  sudo sed -i 's/^#mode.*=.*normal$/mode = aggressive/g' /etc/fail2ban/jail.local
  sudo systemctl enable fail2ban
  sudo systemctl restart fail2ban
# docker
if [ "$install_docker" = "y" ] && ( ! command -v docker &> /dev/null ); then
  sudo apt install -y ca-certificates curl
  sudo install -m 0755 -d /etc/apt/keyrings
  sudo curl -fsSL -o /etc/apt/keyrings/docker.asc
  sudo chmod a+r /etc/apt/keyrings/docker.asc
  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  sudo apt update
  sudo apt install -y docker-ce docker-ce-cli docker-buildx-plugin docker-compose-plugin
# caddy
if [ "$install_caddy" = "y" ] && ( ! command -v caddy &> /dev/null ); then
  sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
  curl -1sLf '' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
  curl -1sLf '' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
  sudo apt update
  sudo apt install -y caddy
# hack
if [ "$install_hack" = "y" ] && ( command -v go &> /dev/null ); then
  curl -O -L
  rm -rf /usr/local/go
  tar -C /usr/local -xzf go1.20.2.linux-amd64.tar.gz
  rm -rf go1.20.2.linux-amd64.tar.gz
  echo 'PATH=$PATH:/usr/local/go/bin:$HOME/go/bin' > ~/.bash_profile
  source ~/.bash_profile
  go install
  go install
  go install
  go install
  go install
  go install
  go install
  go install
  go install
  go install
  go install -v