distro post-install

.sh/path

@@ -1,8 +1,4 @@
 #!/bin/sh
-# Android
-if [ -d /system/bin ]; then
-	PATH="$PATH:/system/bin"
-fi
 
 if [ -d "$HOME/bin" ]; then
 	PATH="$HOME/bin:$PATH"

README.md

@@ -40,15 +40,15 @@ Non-Termux:
 ```sh
 cd
 curl -#L https://github.com/Rudxain/dotfiles/tarball/main | \
-tar -xzv --strip-components 1 --exclude={.termux,bin/termux-\*,.gitattributes,install,README.md,LICENSE} \
+tar -xzv --strip-components 1 --exclude={.termux,bin/termux-\*,.gitattributes,setup-distro,install,README.md,LICENSE} \
 && . .profile
 ```
 
 Termux:
 ```sh
 cd
 curl -#L https://github.com/Rudxain/dotfiles/tarball/main | \
-tar -xzv --strip-components 1 --exclude={.gitattributes,install,README.md,LICENSE} \
+tar -xzv --strip-components 1 --exclude={.gitattributes,setup-distro,install,README.md,LICENSE} \
 && . .profile
 ```
 

install

@@ -7,7 +7,8 @@ do_it() {
 	rsync \
 		--exclude '.git/' \
 		--exclude '.gitattributes' \
-		--exclude 'bootstrap.sh' \
+		--exclude 'setup-distro' \
+		--exclude 'install' \
 		--exclude 'README.md' \
 		--exclude 'LICENSE' \
 		-avh --no-perms . ~

post-install/Enable_AppArmor

@@ -0,0 +1,9 @@
+#!/bin/sh
+set -euf
+# https://wiki.debian.org/AppArmor/HowToUse#Enable_AppArmor
+sudo mkdir -p /etc/default/grub.d
+echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT apparmor=1 security=apparmor"' \
+  | sudo tee /etc/default/grub.d/apparmor.cfg
+sudo update-grub
+# user should choose when to do so
+#sudo reboot

post-install/README.md

@@ -0,0 +1,9 @@
+This sub-repo isn't necessary, but if you're setting-up a clean install of a Debian-based distro it'll be very convenient.
+
+I'm considering switching to NixOS, to make this process seamless.
+
+> [!warning]
+> `main` isn't idempotent!
+> You should only run it once.
+>
+> I'm considering to make it idempotent by default, with an opt-in flag to use old behavior

post-install/apt-autopurge-busybox-dupes

@@ -0,0 +1,23 @@
+#!/bin/bash
+set -euf -o pipefail
+# https://wiki.debian.org/ReduceDebian#Use_busybox_built-ins_instead_of_full_packages
+
+# auto-marks packs that installed same cmds as busybox subcmds, then autopurges
+
+# to-do:
+# filter cmds that belong to "Essential" & "Required" packs,
+# for optimization.
+readonly bb="$(busybox --list)"
+
+readonly c="$(wc -l <<< "$bb")"
+i=0
+for cmd in $bb
+do
+	echo "$i / $c"
+	if pack="$(dpkg -S "$(type -P "$cmd")" 2> /dev/null)"
+	then
+		apt-mark auto "$(cut -d: -f1 <<< "$pack")" > /dev/null
+	fi
+	((i++))
+done
+apt -y autopurge

post-install/apt-purge-retro

@@ -0,0 +1,2 @@
+#!/bin/sh
+apt-get purge $(dpkg -l | grep \^rc | awk '{print $2}')

post-install/apt.conf

@@ -0,0 +1,3 @@
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
+APT::AutoRemove::SuggestsImportant "0";

post-install/dpkg-list-essential

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -euf
+
+dpkg-query -Wf '${Package;-40}${Essential}\n' \
+| grep yes \
+| awk '{print $1}'

post-install/dpkg-list-sizes

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -euf
+
+n="${1-16}"
+
+dpkg-query -Wf '${Installed-size}\t${Package}\n' |
+  sort -rn |
+  head "-n$((n))"

post-install/main

@@ -0,0 +1,44 @@
+#!/bin/bash
+set -euf -o pipefail
+
+readonly HELP='$1 must be a path to a file
+that contains old output from:
+`apt-mark showmanual`
+'
+
+if [[ $# -lt 1 ]]
+then
+	printf '%s' "$HELP"
+	exit 1
+fi
+readonly pack_ls="$(cat -- "$1")"
+
+# to reduce time between auto-marking & installing,
+# we must config now
+cp apt.conf "${PREFIX:-}/etc/apt/apt.conf"
+# Termux compatibility
+
+# cleanup
+apt-mark auto \*
+
+apt-get update
+
+# mark manual if existent.
+# "--" for extra safety
+apt-get -y install -- $pack_ls
+
+apt-mark auto $(./dpkg-list-essential)
+# more cleanup, just-in-case
+apt-mark minimize-manual
+
+apt autopurge
+
+apt-get -y upgrade
+
+mv path.sh "${PREFIX:-}/etc/profile.d/"
+
+mv apt-purge-retro "${PREFIX:-/usr}/local/bin/"
+chown root:root apt-purge-retro
+chmod 755 "${PREFIX:-/usr}/local/bin/"*
+
+./Enable_AppArmor

post-install/nftables.conf

@@ -0,0 +1,20 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	# 9 December 2021, at 00:51
+	# https://wiki.nftables.org/wiki-nftables/index.php/Simple_ruleset_for_a_workstation#fw.inet.basic
+	chain input {
+		type filter hook input priority 0; policy drop;
+		iif lo accept
+		ct state established,related accept
+		icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
+	}
+	chain forward {
+		type filter hook forward priority filter;
+	}
+	chain output {
+		type filter hook output priority filter;
+	}
+}

post-install/path.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Android
+if [ -d /system/bin ]; then
+	PATH="$PATH:/system/bin"
+fi
+
+if [ -d "${PREFIX:-/usr}/local/bin" ]; then
+	PATH="$PATH:${PREFIX:-/usr}/local/bin"
+fi
+
+export PATH

post-install/update-hx

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+#shellcheck disable=2317
+set -euf -o pipefail
+
+# to-do: use official GH API rather than scraping
+readonly RELEASE_URL='https://github.com/helix-editor/helix/releases/'
+wget "${RELEASE_URL}latest" -O - | \
+grep -E 'download/\d+\.\d+/helix-\d+\.\d+-x86_64\.AppImage'
+#to-do check version before download
+
+exit 0
+
+readonly ROOT_URL='https://raw.githubusercontent.com/helix-editor/helix/master/'
+readonly ROOT_DIR='/usr/share/'
+readonly ICO="${ROOT_DIR}icons/"
+
+wget "${ROOT_URL}contrib/helix.png" -P "$ICO"
+wget "${ROOT_URL}logo.svg" -O "${ICO}helix.svg"
+unset ICO
+
+wget "${ROOT_URL}contrib/Helix.desktop" -P "${ROOT_DIR}applications" || true
+
+wget "${ROOT_URL}contrib/completion/hx.bash" -P '/etc/bash_completion.d' || true
+

post-install/update-packs

@@ -0,0 +1,21 @@
+#!/bin/sh
+set -uf
+
+if [ -n "${TERMUX_VERSION:-}" ]; then
+	# https://wiki.termux.com/wiki/Package_Management
+	if pkg upgrade; then
+		# I'm aware of the consequences
+		pkg autoclean
+		apt-get autopurge
+
+		npm update -g # for LSPs
+	fi
+else
+	if apt-get update && apt-get upgrade
+	then
+		apt-get autoclean
+		apt-get autopurge
+
+		npm update -g # for LSPs
+	fi
+fi