dotfiles/scripts/install.sh

#!/bin/bash
set -e

# install.sh
#	This script installs a basic setup for a debian machine

USERNAME=fschl
SUDO="sudo"

check_root() {
    # We need root rights at some point
    if [ "$(whoami)" != "root" ]; then
      if ! which $SUDO >/dev/null; then
        echo "ERROR: $0 is not run as root and $SUDO is not available" >&2
        exit 1
      fi
    else
      SUDO="" # We're already root
    fi
}

apt_sources() {
    #  https://www.debian.org/releases/
    ddist=$1
    DIST="${ddist:-stable}"

    allowed_dists=("testing stable buster bullseye")
    if [ ! ${DIST} in "${allowed_dists[@]}" ]; then
        echo "... $DIST was not in allowed dists... setting to stable"
        DIST="stable"
    fi

    echo "writing /etc/apt/sources.list..."
    echo "using ${DIST}"
    cat <<-EOF > /etc/apt/sources.list
deb http://deb.debian.org/debian ${DIST} main
deb-src http://deb.debian.org/debian ${DIST} main

deb http://deb.debian.org/debian-security/ ${DIST}/updates main
deb-src http://deb.debian.org/debian-security/ ${DIST}/updates main

# backports for wireguard
# https://www.wireguard.com/install/
# https://backports.debian.org/Instructions/
deb http://deb.debian.org/debian buster-backports main

deb http://deb.debian.org/debian ${DIST}-updates main
deb-src http://deb.debian.org/debian ${DIST}-updates main
EOF
}

base_applications() {
    echo "update and installing baseapps..."

    $SUDO apt update
    $SUDO apt upgrade

    DEBIAN_FRONTEND=noninteractive

    $SUDO apt install -y \
        apt-transport-https \
        automake \
        bash-completion \
        bat \
        bmon \
        bzip2 \
        ca-certificates \
        cmake \
        coreutils \
        cryptsetup \
        curl \
        dnsutils \
        fzf \
        gcc \
        git \
        gnupg \
        gnupg-agent \
        gnupg2 \
        grep \
        htop \
        iotop \
        locales \
        linux-headers-$(uname -r) \
        make \
        mount \
        net-tools \
        restic \
        ripgrep \
        rsync \
        ssh \
        sudo \
        tar \
        tmux \
        tree \
        unzip \
        vim \
        vpnc \
        vpnc-scripts \
        wireguard \
        wireguard-dkms \
        wireguard-tools \
        zip \
        --no-install-recommends

    $SUDO restic self-update
    echo "... DONE... cleaning up\n\n"
    $SUDO apt autoremove
    $SUDO apt autoclean
    $SUDO apt clean


}

install_server_base() {
    echo "update and installing server base tools..."

    DEBIAN_FRONTEND=noninteractive

    apt update
    apt install -y \
        fail2ban \
        logwatch \
        unattended-upgrades \
        --no-install-recommends

    echo "... DONE... cleaning up\n\n"
    apt autoremove
    apt autoclean
    apt clean

    echo "setting up logwatch..."
    echo "... TODO require email to be set as parameter"
    echo "... TODO require email to be set as parameter"
    cat <<-EOF > /etc/cron.daily/00logwatch
/usr/sbin/logwatch --output mail --mailto you@example.com --detail high

EOF
    echo " ... DONE"

    # TODO: is this really needed? or default behavior anyway?
    echo "set unattended upgrades..."
    cat <<-EOF > /etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

EOF
    echo " ... DONE"

}

no_suspend() {
    # https://wiki.debian.org/SystemdSuspendSedation
    $SUDO sed -i "s/HandleLidSwitch=.*/HandleLidSwitch=ignore/" /etc/systemd/logind.conf
    $SUDO sed -i "s/HandleLidSwitchDocked=.*/HandleLidSwitchDocked=ignore/" /etc/systemd/logind.conf
    $SUDO sed -i "s/IdleActionSec=.*/IdleActionSec=90min/" /etc/systemd/logind.conf

    # turn off screen blanking
    # https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=18200&sid=135af53eb82496bc64f4c0eefbc86d2c&start=25
    # http://raspberrypi.stackexchange.com/questions/752/how-do-i-prevent-the-screen-from-going-blank
    xset s noblank

    $SUDO systemctl restart systemd-logind.service
}

install_nvidia_docker() {
    # get latest driver from https://www.nvidia.com/object/unix.html
    # https://github.com/NVIDIA/nvidia-docker/wiki/Installation-(version-2.0)#prerequisites
    curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | \
            sudo tee /etc/apt/sources.list.d/nvidia-docker.list
            sudo apt-get update

            # Install nvidia-docker2 and reload the Docker daemon configuration
            sudo apt-get install -y nvidia-docker2
            sudo pkill -SIGHUP dockerd
}

install_latex() {
    apt update
    apt install -y \
        evince \
        texlive \
        texlive-bibtex-extra \
        texlive-fonts-extra \
        texlive-fonts-recommended \
        texlive-lang-english \
        texlive-lang-german \
        texlive-latex-extra \
        texlive-latex-recommended \
        texlive-pictures \
        texlive-plain-generic \
        zathura \
        --no-install-recommends
}

install_workstation_apps() {

    DEBIAN_FRONTEND=noninteractive

    $SUDO apt update
    $SUDO apt install -y \
        alsa-tools \
        alsa-utils \
        aspell \
        aspell-de \
        aspell-en \
        cups-browsed \
        emacs \
        firefox-esr \
        firmware-iwlwifi \
        firmware-linux-nonfree \
        firmware-realtek \
        fonts-font-awesome \
        fonts-noto \
        fonts-noto-cjk \
        fonts-powerline \
        gimp \
        keepassxc \
        libnotify-bin \
        libnotify-dev \
        libreoffice-calc \
        libreoffice-impress \
        libreoffice-l10n-de \
        libreoffice-l10n-en-gb \
        libreoffice-writer \
        ntfs-3g \
        network-manager \
        network-manager-openvpn \
        nmap \
        openvpn \
        openvpn-systemd-resolved \
        thunderbird \
        thunderbird-l10n-de \
        thunderbird-l10n-en-gb \
        --no-install-recommends

    TARGET="/home/$USERNAME/.emacs.d"
    rm -rf ${TARGET}
    git clone https://github.com/syl20bnr/spacemacs "${TARGET}"
    #    rm -rf "${TARGET}"/private/snippets
    #    git clone https://github.com/AndreaCrotti/yasnippet-snippets "${TARGET}"/private/yas-snippets
    #    ln -s "${TARGET}"/private/yas-snips/snippets "${TARGET}"/private/snippets/
}

install_sway() {
    echo " installing sway and wayland tools..."
    DEBIAN_FRONTEND=noninteractive
    apt update
    apt install -y \
        brightnessctl \
        mako \
        sway \
        udiskie \
        udisks2 \
        wl-clipboard \
        wob \
        wofi \
        ydotool \
        --no-install-recommends

    mv /home/${USERNAME}/.bashrc /home/${USERNAME}/.bashrc~
    ln -s /home/${USERNAME}/dotfiles/.bashrc /home/${USERNAME}/.bashrc
    cp ../sway/mako.conf /home/${USERNAME}/.config/mako/conf

    (
        git clone https://github.com/Biont/sway-launcher-desktop /home/${USERNAME}/projects/sway-launcher-desktop
    )

    # build swaylock-effects because its not available on Debian
    # https://github.com/voidgloom/swaylock-effects
    (
        apt update
        apt install -y \
            wayland-protocols \
            libwayland-client++0 \
            libcairo2-dev \
            libwayland-client0 \
            --no-install-recommends

        TARGET=/home/${USERNAME}/projects/swaylock-effects
        git clone https://github.com/voidgloom/swaylock-effects ${TARGET}
        cd ${TARGET}
        meson build && ninja -C build && sudo ninja -C build install
        sudo chmod a+s /usr/local/bin/swaylock
    )

}

install_i3() {
    echo "Xorg with i3wm and some tools..."

    # check if CJK and other eastern letters are displayed correctly:
    # https://meta.wikimedia.org/wiki/List_of_Wikipedias

    DEBIAN_FRONTEND=noninteractive

    $SUDO apt update
    $SUDO apt install -y \
        feh \
        fswebcam \
        i3 \
        i3lock \
        i3lock-fancy \
        i3status \
	      lightdm \
        network-manager-gnome \
        network-manager-vpnc \
        network-manager-vpnc-gnome \
        remmina \
        rxvt-unicode \
        scrot \
        shotwell \
        suckless-tools \
        vlc \
        xdotool \
        xorg \
        --no-install-recommends

    # for f in (); do
    #     ln -s $f /home/$USER/$f
    # done

    echo "... setting capslock to control"
    $SUDO sed -i "s/^XKBOPTIONS=.*/XKBOPTIONS=\"ctrl:nocaps\"/" /etc/default/keyboard

}

install_syncthing() {
    # install Syncthing via https://apt.syncthing.net/
    # Add the release PGP keys:
    curl -s https://syncthing.net/release-key.txt | sudo apt-key add -

    # Add the "stable" channel to your APT sources:
    cat "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

    # pin the correct apt repo
    printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" | sudo tee /etc/apt/preferences.d/syncthing

    # Update and install syncthing:
    $SUDO apt-get update
    $SUDO apt-get install syncthing
    echo "... DONE... cleaning up\n\n"
    $SUDO apt autoremove
    $SUDO apt autoclean
    $SUDO apt clean

    echo "enable and start the syncthing per-user service for ${USERNAME}"
    $SUDO cp ../etc/systemd/system/syncth* /etc/systemd/system/
    user=${USERNAME}
    $SUDO systemctl daemon-reload
    $SUDO systemctl enable syncthing@${USERNAME}
    $SUDO systemctl start syncthing@${USERNAME}.service
    systemctl status syncthing@${USERNAME}.service

    no_suspend

    echo "... setting capslock to control"
    sed -i "s/^XKBOPTIONS=.*/XKBOPTIONS=\"ctrl:nocaps\"/" /etc/default/keyboard

    TARGET="/home/$USERNAME/.emacs.d"
    git clone https://github.com/syl20bnr/spacemacs "${TARGET}"
    #rm -rf "${TARGET}"/private/snippets
    #git clone https://github.com/AndreaCrotti/yasnippet-snippets "${TARGET}"/private/yas-snips
    #ln -s "${TARGET}"/private/yas-snips/snippets "${TARGET}"/private/snippets/

}

link_userdirs() {

    mount_dir=$1
    target_mount="${mount_dir:-/mnt/docs/}"
    user_dirs=("Documents Downloads Music Pictures Videos")
    for DIR in $user_dirs
    do
        echo "removing and linking ${DIR}..."
        rm -rfv /home/$USERNAME/$DIR
        echo "link target: ${target_mount}/${DIR}"
        ln -vs ${target_mount}/${DIR} /home/${USERNAME}/${DIR}
    done

    projects_mount=$docs_mount
}

install_vscodium() {
    # https://vscodium.com/

    wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | sudo apt-key add -

    echo 'deb https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/repos/debs/ vscodium main' | sudo tee --append /etc/apt/sources.list.d/vscodium.list

    $SUDO apt update
    $SUDO apt install -y \
        codium \
        --no-install-recommends

    codium version

    # ms-azuretools.vscode-docker
    # ms-vscode.go
    # vscodevim.vim
}

install_wine() {

    # https://wiki.winehq.org/Debian
    curl https://dl.winehq.org/wine-builds/winehq.key | gpg --dearmor > /etc/apt/trusted.gpg.d/winehq.gpg
    echo 'deb https://dl.winehq.org/wine-builds/debian/ bookworm main' | sudo tee /etc/apt/sources.list.d/wine.list

    $SUDO sudo dpkg --add-architecture i386
    $SUDO apt update
    $SUDO apt install \
        winehq-staging \
        --install-recommends

    wine --version

}

install_docker() {
    # https://docs.docker.com/install/linux/docker-ce/debian/#install-using-the-repository

    # bad experiences with static binaries...
    # https://docs.docker.com/engine/installation/binaries/#install-static-binaries
    echo "installing docker binary Version $VERS ..."
    # https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount

    $SUDO apt install -y \
            apt-transport-https \
            ca-certificates \
            curl \
            gnupg2 \
            software-properties-common \
            --no-install-recommends

    curl -fsSL https://download.docker.com/linux/debian/gpg | $SUDO apt-key add -

    # add docker apt repo
    cat <<-EOF > /etc/apt/sources.list.d/docker.list
    deb [arch=amd64] https://download.docker.com/linux/debian buster stable
    # deb [arch=amd64] https://download.docker.com/linux/debian buster test
    # deb [arch=amd64] https://download.docker.com/linux/debian buster nightly
EOF

    $SUDO apt update
    $SUDO apt install -y \
        docker-ce \
        --no-install-recommends

    $SUDO addgroup ${USERNAME} docker

    docker version
    docker info
}

install_compose() {
    # https://github.com/docker/compose/releases
    # btw: *not* for raspbian! you got 3 choices: hypriot, install via pip or build yourself
    # https://www.berthon.eu/2017/getting-docker-compose-on-raspberry-pi-arm-the-easy-way/
    VERS="1.29.2"
    FILE="docker-compose-$(uname -s)-$(uname -m)"
    echo "installing docker-compose $VERS ... curling from github"

    curl -SL "https://github.com/docker/compose/releases/download/${VERS}/${FILE}" -o /tmp/${FILE}

    curl -SL "https://github.com/docker/compose/releases/download/${VERS}/${FILE}.sha256" -o /tmp/${FILE}.sha256

    if [ ! $(cat /tmp/${FILE}.sha256 | sha256sum -c -) ]; then
        echo "... checksum failed... stopping"
        exit 1;
    fi

    chmod +x /tmp/${FILE}
    mv /tmp/${FILE} /usr/bin/docker-compose
    rm /tmp/${FILE}.sha256

    echo "... done"

    /usr/bin/docker-compose version
}

install_nvidia() {
    echo "Prepare install for NVIDIA proprietary display driver"

    apt update
    apt install -y \
        gcc \
        linux-source \
        linux-headers-`uname -r` \
        --no-install-recommends

    echo ""
    echo "Please find a link to the current Package"
    echo "  https://devtalk.nvidia.com/default/topic/533434/linux/current-graphics-driver-releases/"
    echo ""
    echo "1. Download the self extracting archive. (*.run)"
    echo "2. reboot into recovery mode and login as root"
    echo "3. sh DRIVER_ARCHIVE.run"
    echo ""
    echo "... check if driver was installed correctly: $ nvidia-smi"
    echo "more information can be found in README at link above"

    echo ""
    echo "Install NVIDIA-docker"
    echo ""
    echo "since Docker 19.03 no additional runtime required."
    echo "  https://github.com/NVIDIA/nvidia-docker"

    # https://nvidia.github.io/nvidia-docker/
    distribution="debian10"

    curl -s -L https://nvidia.github.io/nvidia-docker/gpgkey | sudo apt-key add -
    curl -s -L https://nvidia.github.io/nvidia-docker/$distribution/nvidia-docker.list | sudo tee /etc/apt/sources.list.d/nvidia-docker.list
    apt update
    apt install -y nvidia-container-toolkit
    systemctl restart docker
    docker pull nvidia/cuda:9.0-base

    echo ""
    echo "... check if driver was installed correctly: "
    echo "$ docker run --gpus all nvidia/cuda:9.0-base nvidia-smi"
    echo "   should give same output as above"
}

install_virtualbox() {
    # https://wiki.debian.org/VirtualBox#Installation_of_non-free_edition
    $SUDO apt install -y \
            apt-transport-https \
            ca-certificates \
            curl \
            gnupg2 \
            software-properties-common \
            --no-install-recommends

}

# install/update golang from source
install_golang() {
    export GO_VERSION=1.16.0
    export GO_SRC=/usr/local/go

    # if we are passing the version
    if [[ ! -z "$1" ]]; then
        export GO_VERSION=$1
    fi

    # subshell because we `cd`
    (
        curl -sSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" | $SUDO tar -v -C /usr/local -xz
    )
}

install_rust() {
    echo "... rustup.sh ... "
    curl --proto 'https' --tlsv1.2 https://sh.rustup.rs | sh

    eco "... adding dependencies for alacritty and i3status-rs ... "
    sudo apt install -y \
         cmake \
         fonts-font-awesome \
         gcc \
         pkg-config \
         libdbus-1-dev \
         libfreetype6-dev \
         libfontconfig1-dev \
         libssl-dev \
         libxcb-xfixes0-dev \
         libxkbcommon-dev \
         python3 \
         --no-install-recommends

    # for whatever reason alacritty is not available in debian repos
    cargo install alacritty
    cargo install du-dust

    (
        mkdir -p "/home/$USERNAME/projects"
        TARGET="/home/$USERNAME/projects/i3status-rust"
        git clone https://github.com/greshake/i3status-rust ${TARGET}
        cd ${TARGET}
        cargo install --path .
        ./install.sh
    )

}

main() {
    local cmd=$1

    if [[ -z "$cmd" ]]; then
        echo "Usage: \n base (incl docker+compose)| i3 | sway | server | latex | update-docker | vscode | go | rust"
    fi

    case "$cmd" in
        base)
            base_applications
            ;;
        server)
            apt_sources buster
            base_applications
            install_server_base
            install_docker
            install_compose
            ;;
        i3)
            base_applications
            install_syncthing
            install_i3
            install_workstation_apps
            ;;
        sway)
            base_applications
            install_syncthing
            install_sway
            install_workstation_apps
            ;;
        links)
            link_userdirs /mnt/docs/
            ;;
        latex)
            install_latex
            ;;
        vscode)
            install_vscodium
            ;;
        update-docker)
            install_docker
            install_compose
            ;;
        go)
            install_golang
            ;;
        rust)
            install_rust
            ;;
        wine)
            install_wine
            ;;
    esac
}

main "$@"