66 lines
2.4 KiB
PowerShell
66 lines
2.4 KiB
PowerShell
# Windows initial setup script
|
|
# Run as Administrator: powershell -ExecutionPolicy Bypass -File setup.ps1
|
|
|
|
# packages
|
|
$packages = @(
|
|
"Microsoft.WindowsTerminal"
|
|
"Microsoft.PowerShell"
|
|
"Microsoft.OpenSSH.Beta"
|
|
"Microsoft.VisualStudioCode"
|
|
"Microsoft.WSL"
|
|
"Microsoft.PowerToys"
|
|
"Git.Git"
|
|
"Vim.Vim"
|
|
"Nvidia.CUDA"
|
|
"Mozilla.Firefox"
|
|
"Python.Python.3.13"
|
|
"jqlang.jq"
|
|
"Anthropic.ClaudeCode"
|
|
)
|
|
|
|
foreach ($pkg in $packages) {
|
|
Write-Host "Installing $pkg ..." -ForegroundColor Cyan
|
|
winget install --id $pkg --accept-source-agreements --accept-package-agreements -e
|
|
}
|
|
|
|
# enable and start sshd
|
|
Write-Host "Setting up OpenSSH Server ..." -ForegroundColor Cyan
|
|
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 2>$null
|
|
Set-Service -Name sshd -StartupType Automatic
|
|
Start-Service sshd
|
|
New-NetFirewallRule -Name "OpenSSH-Server" -DisplayName "OpenSSH Server" -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 2>$null
|
|
|
|
# configure sshd
|
|
Write-Host "Configuring sshd ..." -ForegroundColor Cyan
|
|
$sshdConfig = "C:\ProgramData\ssh\sshd_config"
|
|
if (Test-Path $sshdConfig) {
|
|
$content = Get-Content $sshdConfig -Raw
|
|
# disable password auth, enable empty passwords, disable admin authorized_keys override
|
|
if ($content -notmatch "(?m)^PasswordAuthentication no") {
|
|
Add-Content $sshdConfig "`nPasswordAuthentication no"
|
|
}
|
|
if ($content -notmatch "(?m)^PermitEmptyPasswords yes") {
|
|
Add-Content $sshdConfig "PermitEmptyPasswords yes"
|
|
}
|
|
# comment out Match Group administrators if not already
|
|
(Get-Content $sshdConfig) | ForEach-Object {
|
|
if ($_ -match "^Match Group administrators") { "#$_" } else { $_ }
|
|
} | Set-Content $sshdConfig
|
|
Restart-Service sshd
|
|
Write-Host "sshd configured" -ForegroundColor Green
|
|
}
|
|
|
|
# set default shell to pwsh for ssh
|
|
# NOTE: if pwsh path is wrong, ssh auth will fail with "Permission denied"
|
|
# verify path with: (Get-Command pwsh).Source
|
|
$pwshPath = (Get-Command pwsh -ErrorAction SilentlyContinue).Source
|
|
if ($pwshPath) {
|
|
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value $pwshPath -PropertyType String -Force
|
|
Write-Host "Default SSH shell: $pwshPath" -ForegroundColor Green
|
|
}
|
|
|
|
# pin packages to exclude from upgrade --all
|
|
winget pin add --id EpicGames.EpicGamesLauncher 2>$null
|
|
|
|
Write-Host "Done" -ForegroundColor Green
|