#!/bin/sh
 
# Do a root check
if [ $(id -u) -ne 0 ]; then
  echo "This script must be run as root.";
  exit 99;
fi
 
# Disable installation of recommended and suggested packages
echo 'APT::Install-Recommends "0";
APT::Install-Suggests "0";' > /etc/apt/apt.conf
 
# Set all packages to automatically installed
apt-mark showmanual | xargs apt-mark auto
 
# Update the package sources and do a full upgrade
apt update
apt full-upgrade -y
 
# Install the base system
apt install -y alsa-utils anacron apparmor apparmor-profiles apparmor-profiles-extra apparmor-utils apt-transport-https avahi-autoipd avahi-daemon avahi-utils bash-completion console-setup cron dmidecode ed gawk grub-pc hwdata info irqbalance less libgl1-mesa-dri libnss-mdns linux-image-amd64 locales logrotate lshw lsof man-db manpages mawk mesa-utils nano openssh-server pciutils perl plymouth plymouth-themes sudo systemd tzdata unattended-upgrades usbutils whiptail
 
# Install X.org
apt install -y xserver-xorg xserver-xorg-core xserver-xorg-input-evdev xserver-xorg-input-libinput xserver-xorg-video-fbdev xserver-xorg-video-vesa xserver-xephyr
 
# Install file/disk tools
apt install -y btrfs-progs eject f2fs-tools file gdisk hdparm iotop lsscsi rsync sysfsutils time udftools unzip zip
 
# Install net tools
apt install -y curl dns-root-data dnsmasq-base dnsutils finger ftp geoip-database iftop ifupdown iptables iputils-arping iputils-ping iputils-tracepath isc-dhcp-client mtr-tiny net-tools netbase netcat-openbsd network-manager nmap tcpdump telnet traceroute ufw usb-modeswitch wget whois
 
# Install GNOME base
apt install -y adwaita-qt adwaita-qt4 dconf-cli desktop-base gdm3 gkbd-capplet gnome-backgrounds gnome-bluetooth gnome-color-manager gnome-control-center gnome-keyring gnome-menus gnome-online-accounts gnome-power-manager gnome-session gnome-shell gnome-shell-extension-dashtodock gnome-shell-extension-multi-monitors gnome-themes-standard gnome-user-guide gtk2-engines-pixbuf gvfs gvfs-backends gvfs-bin gvfs-fuse libcanberra-gtk-module libcanberra-gtk3-module libcanberra-pulse libnotify-bin libpam-gnome-keyring mutter network-manager-gnome notification-daemon packagekit packagekit-tools policykit-1-gnome qt5-gtk-platformtheme xdg-user-dirs-gtk
 
# Install GNOME applications
apt install -y baobab dconf-editor eog evince file-roller gedit gnome-calculator gnome-calendar gnome-characters gnome-disk-utility gnome-font-viewer gnome-screenshot gnome-software gnome-system-monitor gnome-terminal gnome-tweak-tool nautilus seahorse ssh-askpass-gnome
 
# Install fonts
apt install -y fonts-cantarell fonts-croscore fonts-crosextra-caladea fonts-crosextra-carlito fonts-dejavu-core fonts-hack-ttf fonts-liberation fonts-noto fonts-noto-mono fonts-symbola fonts-takao-gothic fonts-wqy-zenhei gsfonts
 
# Install printers and scanners
apt install -y cups cups-pk-helper foomatic-db-compressed-ppds foomatic-db-engine ghostscript hplip libsane-hpaio openprinting-ppds printer-driver-postscript-hp simple-scan system-config-printer
 
# Install multimedia
apt install -y ffmpegthumbnailer gstreamer1.0-alsa gstreamer1.0-libav gstreamer1.0-plugins-base gstreamer1.0-plugins-good gstreamer1.0-pulseaudio pulseaudio-module-bluetooth mpv pulseaudio rtkit
 
# Install browsers and e-mail
apt install -y chrome-gnome-shell chromium firefox-esr thunderbird
 
# Install office tools
apt install -y libgsf-bin libreoffice-avmedia-backend-gstreamer libreoffice-calc libreoffice-draw libreoffice-gnome libreoffice-gtk3 libreoffice-impress libreoffice-pdfimport libreoffice-style-galaxy libreoffice-style-sifr libreoffice-writer unoconv
 
# Install language packs
apt install -y chromium-l10n firefox-esr-l10n-nl hunspell-en-us hunspell-nl libreoffice-l10n-nl thunderbird-l10n-nl
 
# Install hardening tools
apt install -y apt-listchanges chkrootkit debian-goodies debian-security-support debsecan debsums lynis libpam-cracklib libpam-cap libpam-tmpdir needrestart rkhunter
 
# Remove packages
apt purge aspell aspell-nl idutch ispell laptop-detect os-prober sgml-base tasksel tasksel-data wdutch xml-core
 
# Automatically remove all unneeded packages
apt autoremove --purge
apt clean
 
# Purge all remaining configuration files
dpkg -l | grep  ^rc | awk '{print $2}' | xargs dpkg --purge remove
 
# Set Qt style sytem-wide
echo 'QT_STYLE_OVERRIDE=adwaita' >> /etc/environment
 
# Enable AppArmor
perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$1 apparmor=1 security=apparmor",' /etc/default/grub
 
# Set GRUB timeout to 1 second
sed -i 's/GRUB_TIMEOUT=5/GRUB_TIMEOUT=1/' /etc/default/grub
update-grub
 
# Set Plymouth theme
plymouth-set-default-theme softwaves
update-initramfs -u
 
# Clear the network interfaces, let NetworkManager take over
echo '# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback' > /etc/network/interfaces
 
rm /var/lib/dhcp/*
 
# Disable NetworkManager-wait-online.service
# It only causes race conditions and delays and has no use whatsoever
systemctl disable NetworkManager-wait-online.service