Remove suspend option, enabled by default

.gitattributes

@@ -0,0 +1,51 @@
+# Common settings that generally should always be used with your language specific settings
+
+# Auto detect text files and perform LF normalization
+# http://davidlaing.com/2012/09/19/customise-your-gitattributes-to-become-a-git-ninja/
+* text=auto
+
+#
+# The above will handle all files NOT found below
+#
+
+# Documents
+*.doc	 diff=astextplain
+*.DOC	 diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot  diff=astextplain
+*.DOT  diff=astextplain
+*.pdf  diff=astextplain
+*.PDF	 diff=astextplain
+*.rtf	 diff=astextplain
+*.RTF	 diff=astextplain
+*.md text
+*.tex text
+*.adoc text
+*.textile text
+*.mustache text
+*.csv text
+*.tab text
+*.tsv text
+*.sql text
+
+# Graphics
+*.png binary
+*.jpg binary
+*.jpeg binary
+*.gif binary
+*.tif binary
+*.tiff binary
+*.ico binary
+# SVG treated as an asset (binary) by default. If you want to treat it as text,
+# comment-out the following line and uncomment the line after.
+*.svg binary
+#*.svg text
+*.eps binary
+
+#
+# Exclude files from exporting
+#
+
+.gitattributes export-ignore
+.gitignore export-ignore

README.md

@@ -6,85 +6,85 @@ something else like a webserver, git-server, cloud platform, programming
 workstation, etc.  Therefore, only a few core files applicable to nearly every
 conceivable installation are included here.
 
+This archive and included script are meant to supplement my article on setting
+up a Debian base-system found at my blog: [My
+Techie-Thoughts](https://mytechiethoughts.com/setting-up-a-debian-base-system/)
+
 ## Included files
 
-### bash template files
+Please refer to the `readme.md` in each subdirectory for a list and description of
+each included file.
 
-#### bash.rc
+Presently, configurations are included for:
 
-Included are *.bashrc* files for both new users (in the */etc/skel/* directory)
+- BASH profiles (including aliases and custom prompt)
-and the root user.  These files are the Debian default files.  They are included
+- SSHd (OpenSSH server)
-and copied so that user profiles start out at baseline settings and pull all
+- timesyncd (systemd-timesyncd configuration)
-initial customizations from */etc/bash.bashrc*.  Users are free to alter their
-*.bashrc* as they see fit and those settings will override or add to the ones
-I've included in */etc/bash.bashrc*
 
-#### profile
+## The script file (customize.sh)
 
-This is the Debian default *profile* and is copied to */etc/profile* to return
+The included script file copies all the files in this archive to the proper
-the system to a baseline configuration.  Again, this is done to ensure that only
+locations on a **default** Debian Stretch system.  It makes backups of your
-*/etc/bash.bashrc* is providing initial customizations to users.
+existing files in-place with the extension *.original*.  This simply saves you
+time and possible errors copying the files manually.  The structure of this
+archive exactly mirrors a default Debian installation, so you can use that as a
+guide if you choose not to use the script.
 
-#### bash.bashrc
+### Running the script
 
-Of the bash customization files, this is the only one that is NOT in a default
+Please note you must either make the script executable or call it explicitly via
-configuration. I have added the following customizations I find useful
+BASH.  In the latter case, you'd run the script as follows:
-especially for new users and system admins:
 
-- colourized directory listings with built-in automatic colour settings
+```bash
-- changed prompt to include 24-hour clock, username, hostname and current
+/bin/bash ./customize.sh
-  directory display
+```
-  - username changes to RED when working as ROOT (uid=0)
-- added the following command aliases
 
-  alias|full command|explanation
+If you want to make the script executable:
-  ---|---|---
-  ll|ls -l|default 'ls' output
-  l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
-  rm|rm -i|confirmation prompt when deleting file
-  mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
-  cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
 
-### nano defaults (nanorc)
+```bash
+chmod +x customize.sh
+./customize.sh
+```
 
-The following options have been enabled/set in nano to provide what I feel is an
+Due to location of the files being replaced, **you MUST run this script as ROOT**
-easier editing experience especially for people coming from a Windows background
+(the script will exit if you run as a different user) or run it via sudo like
-and new users/admins.
+this (assuming you made it executable):
 
-- 'rebind' numeric keypad to fix problems with using keypad with some SSH clients
+```bash
-- set 'smart home' some home key is useful
+sudo ./customize.sh
-- allow opening multiple files at once
+```
-- always display line numbers
-- constantly display cursor position at the bottom of the screen
-- set vim lock-files
-- autoindent ON, tab-size of 4 spaces
-- convert tabs to spaces
-- turn off hard line wrapping
-- turn ON soft line wrapping for ease of readability
-- closing 'brackets' (for alignment purposes) set as: "')>]}
-- cut to end of line by default
-- set proper bracket matching (ie. "<" matches ">", etc.)
-- turned on default colours so nano doesn't look so drab
-- added the following key-bindings
 
-binding|fuction
+### Passing a custom path to the script
----|---
-alt-c/alt-C|copy selected text
-alt-x/alt-X|cut selected text
-alt-v/alt-V|paste text on clipboard
 
-### time syncronization settings (timesyncd.conf)
+If you want to test out the script before having it update your actual system
+configuration, you can supply an alternate destination path.  This is referred
+to as a 'Base Path' by the script and it will show a warning if this option is
+used.  Please note, your 'Base Path' MUST have the same directory structure as
+an actual system.  The expected directories must already exist or the script
+will just throw errors and not actually copy files.
 
-This file configures *systemd-timesyncd.service* and allows for very simple
+Let's assume you wanted to test the script and copy files to */testdir*.  You
-NTP-sync setup.  Simply edit the **NTP=* to list your desired timeservers,
+would do the following to prepare the directory with the expected structure:
-each separated by a single space.  In the event those timeservers are not
-available, you can configure back servers by listing them on the
-**FallbackNTP=** line, again space delimited.
 
-I've set the default in this file to be the worldwide NTP.org servers.  This
+```bash
-should work for pretty much anyone that uses this file, but you really should
+mkdir -p /testdir/root
-customize the list to use geographically closer timeservers or the timeserver on
+mkdir -p /testdir/etc/{skel,ssh,systemd}
-your LAN, etc.
+```
 
-### SSH server configuration (sshd_config)
+Then you could invoke the script as follows (assuming you made it executable as
+described above):
 
+```bash
+./customize.sh /testdir
+```
+
+The script would then copy all files into */testdir* while mirroring the
+structure of a live system beneath that.  Again, this is useful only for testing
+and will NOT update your actual system!
+
+## Final thoughts
+
+Hopefully this saves you some time and helps you standardize your new system setups
+with a few useful defaults.  As always, if you have suggestions or want to leave
+feedback for me, please do so on my [blog
+post](https://mytechiethoughts.com/setting-up-a-debian-base-system/) related to this script!

config/etc/nanorc

@@ -50,7 +50,7 @@ set constantshow
 ## (The old form, 'const', is deprecated.)
 
 ## Use cut-to-end-of-line by default.
-set cut
+set cutfromcursor
 
 ## Set the line length for wrapping text and justifying paragraphs.
 ## If the value is 0 or less, the wrapping point will be the screen
@@ -136,7 +136,7 @@ set nowrap
 # set rebinddelete
 
 ## Fix numeric keypad key confusion problem.
-set rebindkeypad
+set rawsequences
 
 ## Do extended regular expression searches by default.
 # set regexp
@@ -162,8 +162,8 @@ set softwrap
 ## does not properly have a default value.
 # set speller "aspell -x -c"
 
-## Allow nano to be suspended.
+## Allow nano to be suspended. This is now enabled by default and this option is deprecated
-set suspend
+#set suspend
 
 ## Use this tab size instead of the default; it must be greater than 0.
 set tabsize 4
@@ -261,9 +261,9 @@ include "/usr/share/nano/*.nanorc"
 # alt-x to cut highlighted text
 # alt-v to paste text
 bind ^S savefile main
-bind M-C copytext main
+bind M-C copy main
 bind M-X cut main
-bind M-V uncut main
+bind M-V paste main
 # bind M-Q findprevious main
 # bind M-W findnext main
 # bind M-B cutwordleft main

config/etc/readme.md

@@ -1,29 +1,59 @@
-Configuration files and/or changes to default config files in /etc/
+# /etc: Included files
-=
 
- - Setup timesyncd for NTP syncing (using systemd, not ntp package)  
+The following are updated in the */etc* folder.
-   - set to use global pool.ntp.org, you should change this!
-   - verify timesyncd is working with 'timedatectl' command
 
- - Setup nano with helpful configurations both locally and via SSH  
+## BASH default profile (profile)
-   - rebind number lock
-   - constant show cursor position at bottom of screen
-   - constant show line numbers on the left
-   - added shortcuts for cut, copy, paste using alt-x,c,v respectively
-   - enable multi-buffer for concurrent open files
-   - cut to end-of-line
-   - bracket and quote matching
-   - tabs converted to spaces, tab = 4 spaces
-   - activate default colourization
 
- - Colourize prompt  
+This is the Debian Stretch default *profile* and is copied to */etc/profile* to
-   - red username for root user or shell accessed as root (su, sudo -s, etc.)
+return accounts to a baseline configuration.  Again, this is done to ensure that
-   - green username for regular users
+only */etc/bash.bashrc* is providing initial customization to users.
-   - display time and full path
 
- - Setup SSH server  
+## Default BASH settings (bash.bashrc)
-   - use non-standard port 222
+
-   - use host-keys (RSA and ED25519 - you need to generate these!)
+Of the bash customization files, this is the only one that is NOT in a default
-   - display a banner on sucessful connection
+configuration. I have added the following which I find useful
-   - do not allow root login
+especially for new users and system admins:
-   - require keyfile authentication (disable password authentication)
+
+- colourized directory listings with built-in automatic colour settings
+- changed prompt to include 24-hour clock, username, hostname and current
+  directory display
+  - username changes to RED when working as ROOT (uid=0)
+- added the following command aliases
+
+  alias|full command|explanation
+  ---|---|---
+  ll|ls -l|default 'ls' output
+  l|ls -lAsh --group-directories-first|far more useful and robust file display including sizes, permissions and owners
+  rm|rm -i|confirmation prompt when deleting file
+  mv|mv -i|confirmation prompt when moving file would result in overwriting existing file
+  cp|cp -i|confirmation prompt when copying file would result in overwriting existing file
+
+## nano defaults (nanorc)
+
+The following options have been enabled/set in nano to provide what I feel is an
+easier editing experience especially for people coming from a Windows background
+and new users/admins.
+
+- 'rebind' numeric keypad to fix problems using keypad with some SSH clients
+- set 'smart home' so home key is useful
+- allow opening multiple files at once
+- always display line numbers
+- constantly display cursor position at the bottom of the screen
+- set vim lock-files
+- auto-indent ON
+- tab-size of 4 spaces
+- convert tabs to spaces
+- turn off hard line wrapping
+- turn ON soft line wrapping for ease of readability
+- closing 'brackets' (for alignment purposes) set as: "')>]}
+- cut to end of line by default
+- set proper bracket matching (ie. "<" matches ">", etc.)
+- turned on default colours so nano doesn't look so drab
+- added the following key-bindings
+
+binding|function
+---|---
+ctrl-s/ctrl-S|save current file
+alt-c/alt-C|copy selected text
+alt-x/alt-X|cut selected text
+alt-v/alt-V|paste text on clipboard

config/etc/skel/readme.md

@@ -0,0 +1,10 @@
+# /etc/skel: Included files
+
+## bash.rc
+
+This file is used to create a new user's *~/.bashrc*.  The copy included here is
+the Debian Stretch default file.  Copying the default file resets all new users
+to a baseline state and ensures they pull their initial custom settings from the
+modified */etc/bash.bashrc* found in this archive.  If you need to reset
+existing users to a baseline configuration, have them copy this file to their
+home directory.

config/etc/ssh/readme.md

@@ -0,0 +1,38 @@
+# /etc/ssh: Included files
+
+## SSH server configuration (sshd_config)
+
+This is a pretty basic SSH server setup with a few options initially commented
+out for ease of setup.  You should generate SSH Host Keys and enable the
+relevant lines in the configuration.  In addition, you should generate ssh
+key-pairs for your users and then set both *PermitRootLogin* and
+*PasswordAuthentication* to **no**.
+
+The default configuration included here will:
+
+- listen on all configured interfaces
+- **listen on non-standard port 222**
+- permit root login
+- permit passwords for authentication
+
+The commented lines indicate the *recommended settings* and appear directly
+before the setting currently enabled that should be changed (i.e. line removed
+and replaced with the commented line above it).
+
+Please see my post at [My Techie-Thoughts](https://mytechiethoughts.com/setting-up-ssh-with-ed25519-user-and-host-keys-for-easy-secure-access/) for detailed
+instructions on setting up a secure SSH server.
+
+## Banner file (banner)
+
+This is a sample file that can be displayed upon successful authentication to
+your server via SSH.  It is included only as an example and does not need to be
+used.  You can delete/change/replace it freely.  It is referenced in the
+*sshd_config* on the line that reads:
+
+```ini
+#Banner /etc/ssh/banner
+```
+
+If you want to use the banner file, edit it as desired then un-comment this line
+in your *sshd_config*.  If you do not want a banner displayed, simply leave this
+line commented (as-is) in your configuration.

config/etc/ssh/sshd_config

@@ -27,6 +27,9 @@ MaxAuthTries 3
 MaxSessions 5
 #PermitRootLogin no
 PermitRootLogin yes
+# note: 'AllowUsers' overrides 'PermitRootLogin' so list root here
+# if you want root to have access!
+AllowUsers root username username2
 
 ### Program settings
 #Banner /etc/ssh/banner

config/etc/systemd/readme.md

@@ -0,0 +1,30 @@
+# /etc/systemd: Included files
+
+## Time synchronization settings (timesyncd.conf)
+
+This file configures the *systemd-timesyncd.service* and allows for a very
+simple NTP-sync setup.  Edit the **NTP=** line with a space-delimited list of
+your desired timeservers.  In the event those timeservers are not available, you
+can configure backup servers by listing them on the **FallbackNTP=** line, again
+space delimited.
+
+I've set the defaults in this file to be the worldwide NTP.org servers.  This
+should work for pretty much anyone that uses this file, but you *really should*
+customize the list to use geographically closer timeservers (check out the list
+[here](https://www.ntppool.org/zone/@)) or the timeserver on your LAN, etc.
+
+When you're done editing this file, make sure you restart the *timesyncd
+service* and check it's status to verify it is now using one of your defined NTP
+servers.
+
+```bash
+systemctl restart systemd-timesyncd.service && systemctl status systemd-timesyncd.service
+```
+
+Finally, you can confirm things are working properly by running timedatectl.
+
+```bash
+timedatectl
+```
+
+You should see the correct time listed and *NTP synchronized: yes*.

config/root/readme.md

@@ -1,3 +1,9 @@
-Changes/additions in the /root folder.
+# /root: Included files
-=
+
-- default .bashrc (for reference or to return to default state)
+## bash.rc
+
+The copy included here is the Debian Stretch default file for the **ROOT user**.
+Copying the default file resets the root user's profile to a baseline state and
+ensures they pull their initial custom settings from the modified
+*/etc/bash.bashrc* found in this archive.  If you ever need to reset your root
+user's profile, simply copy this file.

customize.sh

@@ -5,7 +5,8 @@
 ### original files
 ###
 ### Script by: Asif Bacchus for mytechiethoughts.com
-### Exclusively available from git.asifbacchus.app
+### Exclusively available from:
+###     https://git.asifbacchus.app/asif/DebianConfigs
 ### Some rights reserved.
 ###
 ### Anyone is allowed to use and alter this script and any or all accompanying