From 1a02980bbcf5a3b541fb52d4af40b60a5bd7f700 Mon Sep 17 00:00:00 2001
From: julien <julien.deb@netig.net>
Date: Wed, 14 Jan 2026 13:05:05 +0100
Subject: [PATCH] first commit

---
 README.md         | 49 ++++++++++++++++++++++++++++++++
 modules.sh        | 38 +++++++++++++++++++++++++
 modules/config.sh | 48 +++++++++++++++++++++++++++++++
 modules/docker.sh | 49 ++++++++++++++++++++++++++++++++
 modules/pkgs.sh   | 72 +++++++++++++++++++++++++++++++++++++++++++++++
 modules/zram.sh   | 23 +++++++++++++++
 run.sh            | 64 +++++++++++++++++++++++++++++++++++++++++
 7 files changed, 343 insertions(+)
 create mode 100755 README.md
 create mode 100755 modules.sh
 create mode 100755 modules/config.sh
 create mode 100755 modules/docker.sh
 create mode 100755 modules/pkgs.sh
 create mode 100755 modules/zram.sh
 create mode 100755 run.sh

diff --git a/README.md b/README.md
new file mode 100755
index 0000000..ce994f8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,49 @@
+# NETbian
+
+Debian 13 NETig configuration for `server`, `desktop` or `full-desktop` profiles.
+
+What it does :
+* Update the system
+* Install a firewall
+* Install a set of packages accordingly to the selected profile
+* Add a ZRAM
+* Apply any needed system configuration for your profile
+
+What it doesn't :
+* Add `contrib` nor `non-free` repositories
+* Add server [maintenance scripts](https://git.netig.net/netig/srv-scripts)
+* Configure the desktop for you
+
+## Prerequisites
+
+A fresh Debian 13 install without `Debian desktop environment` nor any desktop installed.
+
+## Usage
+
+> Warning ! The `server` profile will disable passwords SSH connection in favor of SSH keys, make sure to `ssh-copy-id` your key before rebooting the server.
+
+Downlad and extract the archive :
+```
+# cd /tmp
+# wget https://git.netig.net/netig/netbian/archive/main.tar.gz
+# tar -xvzf main.tar.gz
+# cd netbian/
+```
+
+And then run the `./run.sh` script, choose your profile and reboot the machine once done.
+
+## Tips
+
+### Docker Rootless mode
+
+If you want to use Docker as normal user first disable the system-wide Docker daemon :
+```
+# systemctl disable --now docker.service docker.socket
+# rm /var/run/docker.sock
+```
+Install the `uidmap` package, then run `dockerd-rootless-setuptool.sh install` as a non-root user to set up the daemon.
+
+## Links
+
+* [Official Debian website](https://www.debian.org/index.html)
+
diff --git a/modules.sh b/modules.sh
new file mode 100755
index 0000000..f00feed
--- /dev/null
+++ b/modules.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+source $config_file
+
+# Modules for each profile
+if [ $profile = server ]; then
+    modules="pkgs.sh
+             docker.sh
+             zram.sh
+             config.sh"
+fi
+
+if [ $profile = desktop ]; then
+    modules="pkgs.sh
+             zram.sh
+             config.sh"
+fi
+
+if [ $profile = full-desktop ]; then
+    modules="pkgs.sh
+             docker.sh
+             zram.sh
+             config.sh"
+fi
+
+# Modules execution
+for i in $modules
+do
+    modules/$i
+done
+
+# End message
+echo
+echo "  => End"
+echo
+echo "Successfully completed !"
+echo
+
diff --git a/modules/config.sh b/modules/config.sh
new file mode 100755
index 0000000..8a34753
--- /dev/null
+++ b/modules/config.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+source $config_file
+
+echo
+echo "  => Configuration"
+echo
+
+# Check config
+if [ ! -z $config ]; then
+    echo "Configuration already applied."
+    exit
+fi
+
+# Enable firewall
+ufw enable
+ufw default deny incoming
+ufw default allow outgoing
+
+# Grub configuration
+sed -i "s/GRUB_CMDLINE_LINUX_DEFAULT=\"quiet/& loglevel=3 nowatchdog/" /etc/default/grub
+update-grub
+
+# Server only configuration
+if [ $profile = server ]; then
+    # Firewall configuration
+    ports="ssh
+           http
+           https
+           imap
+           imaps
+           smtp
+           smtps"
+    for i in $ports
+    do
+        ufw allow $i
+    done
+
+    # SSH keys only
+    echo -e "# SSH keys only\nPasswordAuthentication no\nPubkeyAuthentication yes" > /etc/ssh/sshd_config.d/custom.conf
+fi
+
+# Desktop only configuration
+if [ $profile = desktop ]; then
+    # Disable all managed interfaces excerpt loopback from /etc/network/interfaces file to allow NetworkManager to manage them
+    sed -i '/# The primary network interface/Q' /etc/network/interfaces
+fi
+
diff --git a/modules/docker.sh b/modules/docker.sh
new file mode 100755
index 0000000..ae6db98
--- /dev/null
+++ b/modules/docker.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+echo
+echo "  => Docker"
+echo
+
+# Check for Docker
+pkgs="docker-ce
+      docker-ce-cli
+      containerd.io
+      docker-buildx-plugin
+      docker-compose-plugin"
+
+for pkg in $pkgs
+do
+    dpkg-query -W -f='${Status}' $pkg 2>&1 | grep -q " installed"
+    if [ $? -ne 0 ]; then
+        installed=false
+    fi
+done
+if [ -z $installed ]; then
+    echo "Docker found."
+    exit
+fi
+
+# Install needed packages
+pkgs="ca-certificates
+      curl"
+for pkg in $pkgs
+do
+    dpkg-query -W -f='${Status}' $pkg 2>&1 | grep -q " installed"
+    if [ $? -ne 0 ]; then
+        apt-get install $pkg -y
+    fi
+done
+# Add Docker's official GPG key:
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+
+# Add the repository to Apt sources:
+echo \
+    "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+    tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt-get update
+# Install packages
+apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+
diff --git a/modules/pkgs.sh b/modules/pkgs.sh
new file mode 100755
index 0000000..dc726b7
--- /dev/null
+++ b/modules/pkgs.sh
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+source $config_file
+
+echo
+echo "  => Packages"
+echo
+
+# Localization
+if [ $profile = desktop ] || [ $profile = full-desktop ]; then
+    echo "What is your language code for localization packages ? (eg. de, en-gb, fr)"
+    read  -p "> " lang
+fi
+
+# Packages sets by profile
+base="git
+      htop
+      rsync
+      tree
+      ufw"
+
+server=""
+
+desktop="gnome-core gnome-console
+         gnome-shell-extension-caffeine
+         gnome-shell-extension-tiling-assistant
+         gnome-themes-extra
+         gnome-tweaks
+         gufw
+         papirus-icon-theme"
+
+applications="firefox-esr
+              firefox-esr-l10n-$lang
+              gimp
+              libreoffice
+              libreoffice-gnome
+              libreoffice-l10n-$lang"
+
+if [ $profile = server ]; then
+    pkgs="$base
+          $server"
+fi
+
+if [ $profile = desktop ]; then
+    pkgs="$base
+          $desktop"
+fi
+
+if [ $profile = full-desktop ]; then
+    pkgs="$base
+          $desktop
+          $applications"
+fi
+
+# Check updates
+apt-get update && apt-get upgrade -y
+echo
+
+# Install packages
+for pkg in $pkgs
+do
+    dpkg-query -W -f='${Status}' $pkg 2>&1 | grep -q " installed"
+    if [ $? -ne 0 ]; then
+        installed=false
+    fi
+done
+if [ ! -z $installed ]; then
+    apt-get install $pkgs -y
+else
+    echo "All packages are already installed."
+fi
+
diff --git a/modules/zram.sh b/modules/zram.sh
new file mode 100755
index 0000000..ecd29e7
--- /dev/null
+++ b/modules/zram.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+echo
+echo "  => ZRAM"
+echo
+
+# Check for zram
+pkg=zram-tools
+dpkg-query -W -f='${Status}' $pkg 2>&1 | grep -q " installed"
+if [ $? -eq 0 ]; then
+    echo "ZRAM found."
+    exit
+fi
+
+# Install zram
+apt-get install zram-tools -y
+
+# Configure zram
+sed -i '/#ALGO=lz4/s/^#//g' /etc/default/zramswap
+sed -i '/#PERCENT=50/s/^#//g' /etc/default/zramswap
+sed -i 's/ALGO=lz4/ALGO=zstd/g' /etc/default/zramswap
+systemctl restart zramswap.service
+
diff --git a/run.sh b/run.sh
new file mode 100755
index 0000000..9983c89
--- /dev/null
+++ b/run.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# If root
+ID=$(id -u)
+if [ "$ID" -ne 0 ]
+then
+    echo
+    echo "Please run as root !"
+    exit
+fi
+
+# Check network
+if ! ping -q -c 3 -W 5 kernel.org >/dev/null
+then
+    echo
+    echo "The network is down, check your connection."
+    exit
+fi
+
+# Welcome message
+echo
+echo "Welcome to NETbian Debian post-installation script !"
+echo
+echo "  => Profile selection"
+echo
+
+# Configuration file
+export config_file="/etc/netbian.conf"
+
+# Check for existing config
+if [ -f $config_file ]; then
+    source $config_file
+    if [ ! -z $profile ]; then
+        echo "Profile is already set as $profile."
+        export config=done
+        ./modules.sh
+        exit
+    fi
+fi
+
+# Profile selection
+while true
+do
+    echo "Do you want to install the server, desktop or full-desktop profile ? (server/desktop/full-desktop)"
+    read  -p "> " answer
+    echo "profile=$answer" > $config_file
+    chmod +x $config_file
+    case $answer in
+        server)
+            break
+            ;;
+        desktop)
+            break
+            ;;
+        full-desktop)
+            break
+            ;;
+        * )
+            echo "Please answer server/desktop/full-desktop."
+            ;;
+    esac
+done
+./modules.sh
+