HackingGate · December 8, 2025 00:55 · HackingGate · Dec 8, 2025
diff --git a/debian-setup.sh b/debian-setup.sh
 #!/bin/bash
 set -e
 set -o pipefail

 # --- System and Time Configuration ---
 # Set system timezone to Tokyo, Japan
 sudo timedatectl set-timezone Asia/Tokyo

 # Configure hardware clock to use UTC (recommended for Linux)
 sudo timedatectl set-local-rtc 0

 # Display current time and date settings
 timedatectl

 # Reference for dual-booting with Windows 11 (requires Windows to use UTC)
 # https://gist.github.com/HackingGate/180aafbc6342ad4b1cb31309fa83c91a

 # --- Core Package Installation ---
 # Update package lists and upgrade the system
 sudo apt update
 sudo apt upgrade -y

 # Install essential development tools, utilities, and Nvidia dependencies
 sudo apt install emacs-nox vim-nox neovim curl wget gh git build-essential zsh efibootmgr jq fastfetch htop dkms linux-headers-$(uname -r) firmware-misc-nonfree -y

 # --- Nvidia Driver Installation (Debian 13 "Trixie" Method) ---
 # Support for GeForce 700 series and newer GPUs (Version 550.163.01)
 # For older devices, consider Version 535.216.03 or nouveau

 # Configure APT sources to include contrib, non-free, and non-free-firmware for drivers
 echo "Adding contrib, non-free, and non-free-firmware components to sources..."
 sudo tee /etc/apt/sources.list.d/debian.sources > /dev/null <<'EOF'
 Types: deb deb-src
 URIs: http://deb.debian.org/debian
 Suites: trixie
 Components: main contrib non-free non-free-firmware
 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

 Types: deb deb-src
 URIs: http://security.debian.org/debian-security
 Suites: trixie-security
 Components: main contrib non-free non-free-firmware
 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 EOF

 # Check if system uses dracut and configure it for nvidia
 if command -v dracut &> /dev/null; then
  echo "System uses dracut - configuring for NVIDIA..."
  sudo mkdir -p /etc/dracut.conf.d
  sudo tee /etc/dracut.conf.d/10-nvidia.conf > /dev/null <<'EOF'
 install_items+=" /etc/modprobe.d/nvidia-blacklists-nouveau.conf /etc/modprobe.d/nvidia.conf /etc/modprobe.d/nvidia-options.conf "
 EOF
  echo "Dracut configuration for NVIDIA created."
 fi

 # Update package lists
 echo "Updating package lists..."
 sudo apt update

 # Install linux-headers for current kernel (required for DKMS)
 echo "Installing linux headers for kernel $(uname -r)..."
 sudo apt install linux-headers-$(uname -r) -y

 # Install Nvidia proprietary drivers and DKMS
 sudo apt install nvidia-kernel-dkms nvidia-driver firmware-misc-nonfree -y

 # Verify DKMS build status
 echo "Checking DKMS build status..."
 sudo dkms status

 # Configure NVIDIA options for Wayland support and suspend/hibernate (if applicable)
 echo "Configuring NVIDIA options for Wayland and power management..."

 # Enable kernel modesetting for NVIDIA Wayland support
 echo "Enabling NVIDIA kernel modesetting for Wayland..."
 NVIDIA_GRUB_CONFIG="/etc/default/grub.d/nvidia-modeset.cfg"
 NVIDIA_CMDLINE='GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nvidia-drm.modeset=1 nvidia-drm.fbdev=1"'

 if [ ! -f "$NVIDIA_GRUB_CONFIG" ]; then
  sudo mkdir -p "$(dirname "$NVIDIA_GRUB_CONFIG")"
  echo "$NVIDIA_CMDLINE" | sudo tee "$NVIDIA_GRUB_CONFIG" > /dev/null
  echo "Created NVIDIA modeset configuration in GRUB"
 elif ! grep -q "nvidia-drm.modeset=1" "$NVIDIA_GRUB_CONFIG"; then
  echo "$NVIDIA_CMDLINE" | sudo tee "$NVIDIA_GRUB_CONFIG" > /dev/null
  echo "Updated NVIDIA modeset configuration in GRUB"
 else
  echo "NVIDIA modeset configuration already exists in GRUB"
 fi

 # Configure NVIDIA power management for suspend/hibernate support
 echo "Configuring NVIDIA power management..."
 NVIDIA_PM_CONFIG="/etc/modprobe.d/nvidia-power-management.conf"
 NVIDIA_PM_OPTION="options nvidia NVreg_PreserveVideoMemoryAllocations=1"

 if [ ! -f "$NVIDIA_PM_CONFIG" ]; then
  echo "$NVIDIA_PM_OPTION" | sudo tee "$NVIDIA_PM_CONFIG" > /dev/null
  echo "Created NVIDIA power management configuration"
 elif ! grep -q "NVreg_PreserveVideoMemoryAllocations=1" "$NVIDIA_PM_CONFIG"; then
  # Remove any existing conflicting line and add the correct one
  sudo sed -i '/NVreg_PreserveVideoMemoryAllocations=/d' "$NVIDIA_PM_CONFIG"
  echo "$NVIDIA_PM_OPTION" | sudo tee -a "$NVIDIA_PM_CONFIG" > /dev/null
  echo "Updated NVIDIA power management configuration"
 else
  echo "NVIDIA power management configuration already exists"
 fi

 # Install and enable NVIDIA suspend/hibernate services
 echo "Installing NVIDIA suspend/hibernate support..."
 sudo apt install nvidia-suspend-common -y

 # Enable NVIDIA power management services
 echo "Enabling NVIDIA power management services..."
 sudo systemctl enable nvidia-suspend.service 2>/dev/null || echo "nvidia-suspend.service already enabled or not available"
 sudo systemctl enable nvidia-hibernate.service 2>/dev/null || echo "nvidia-hibernate.service already enabled or not available"
 sudo systemctl enable nvidia-resume.service 2>/dev/null || echo "nvidia-resume.service already enabled or not available"

 # Update GRUB configuration to apply kernel modesetting changes
 sudo update-grub

 # Update the initial ramdisk to include the new drivers
 if command -v dracut &> /dev/null; then
  echo "Updating dracut initrd..."
  sudo dracut --regenerate-all --force
 else
  echo "Updating initramfs..."
  sudo update-initramfs -u
 fi

 # Clean up any old, uninstalled Nvidia packages
 if dpkg -l | grep -q '^rc.*nvidia'; then
  echo "Purging old Nvidia package configurations..."
  dpkg -l | awk '/^rc/ && /nvidia/ { print $2 }' | xargs sudo apt purge -y
 fi

 echo "NVIDIA driver installation complete."

 # --- Shell and Package Manager Setup ---
 # Install Oh My Zsh for a better terminal experience
 sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

 # Install Homebrew package manager for Linux
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
 echo >> ~/.zshrc
 echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.zshrc
 eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
 brew install gcc

 # Configure Flatpak for application management
 sudo apt install flatpak gnome-software-plugin-flatpak -y
 sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
 sudo flatpak update

 # --- Desktop Application Installation ---
 # Install GNOME Extensions utility and Extension Manager
 sudo flatpak install flathub org.gnome.Extensions -y
 sudo flatpak install flathub com.mattjakeman.ExtensionManager -y

 # Replace Firefox ESR with the latest Flatpak version
 # Note: Snap is not installed by default on Debian, so 'snap remove' may be unnecessary.
 if command -v snap &> /dev/null; then sudo snap remove firefox; fi
 sudo apt purge firefox-esr -y
 sudo flatpak install flathub org.mozilla.firefox

 # Install Brave browser
 sudo apt install curl -y
 sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
 echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
 sudo apt update
 sudo apt install brave-browser -y

 # Debloat Brave browser by disabling certain features via policy
 sudo mkdir -p /etc/brave/policies/managed/ && sudo chmod 755 /etc/brave/policies/managed/
 sudo tee /etc/brave/policies/managed/00_debloat.json > /dev/null << 'EOF'
 {
  "TorDisabled": true,
  "BraveRewardsDisabled": true,
  "BraveWalletDisabled": true,
  "BraveVPNDisabled": true,
  "BraveAIChatEnabled": false
 }
 EOF

 # Install Thunderbird email client
 sudo flatpak install flathub org.mozilla.Thunderbird

 # Set Flatpak Firefox as the default web browser
 xdg-settings set default-web-browser org.mozilla.firefox.desktop

 # Refresh snap packages if snapd is installed
 if command -v snap &> /dev/null; then sudo snap refresh; fi

 # --- User Environment and Tool Configuration ---
 # Configure Emacs as the default text editor
 sudo update-alternatives --set editor /usr/bin/emacs
 echo '
 # Set default editor to Emacs
 export EDITOR="/usr/bin/emacs"
 export VISUAL="/usr/bin/emacs"
 ' >> ~/.zshrc

 # Install 1Password password manager and CLI
 # https://support.1password.com/install-linux/#debian-or-ubuntu
 curl -sS https://downloads.1password.com/linux/keys/1password.asc | sudo gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
 echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/amd64 stable main' | sudo tee /etc/apt/sources.list.d/1password.list
 sudo mkdir -p /etc/debsig/policies/AC2D62742012EA22/
 curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol | sudo tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
 sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
 curl -sS https://downloads.1password.com/linux/keys/1password.asc | sudo gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
 sudo apt update && sudo apt install 1password-cli 1password -y
 op --version

 # Setup SSH key from 1Password
 mkdir -p ~/.ssh
 # Sign in to 1Password CLI
 eval $(op signin)
 # Retrieve and install SSH key with specific fingerprint
 echo "Retrieving SSH key with fingerprint SHA256:dsPhhaQhifJccmUhI2ZZIoSnEOUIWYRbSe1TWZs2JuA"
 ITEM_ID="mijcwmynssrwh33ad3mknt77fy"
 op item get "$ITEM_ID" --format json | jq -r '.fields[] | select(.label == "private key") | .value' > ~/.ssh/id_ed25519
 op item get "$ITEM_ID" --format json | jq -r '.fields[] | select(.label == "private key") | .ssh_formats.openssh.value' > ~/.ssh/id_ed25519
 chmod 600 ~/.ssh/id_ed25519.pub
 # Set proper security permissions
 chmod 600 ~/.ssh/id_ed25519
 echo "SSH private and public keys saved to ~/.ssh/"
 eval "$(ssh-agent -s)"
 ssh-add ~/.ssh/id_ed25519

 # Setup git global configuration
 git config --global user.name "HackingGate"
 git config --global user.email "[email protected]"
 git config --global core.editor "emacs"
 git config --global init.defaultBranch main
 git config --global gpg.format ssh
 git config --global commit.gpgSign true
 git config --global user.signingkey ~/.ssh/id_ed25519.pub
 git config --global submodule.recurse true

 # Setup 1Password browser integration for Flatpak
 # https://gist.github.com/LinuxSBC/7c39374130d2d443871ddde64cba18a3 1password-flatpak-browser-integration.sh
 curl -L https://gist.githubusercontent.com/LinuxSBC/7c39374130d2d443871ddde64cba18a3/raw/1password-flatpak-browser-integration.sh -o 1password-flatpak-browser-integration.sh
 chmod +x 1password-flatpak-browser-integration.sh
 ./1password-flatpak-browser-integration.sh

 # Auto start 1Password for GNOME Shell
 mkdir -p ~/.config/autostart
 cat > ~/.config/autostart/1password.desktop << 'EOF'
 [Desktop Entry]
 Name=1Password
 Exec=/usr/bin/1password --silent %U
 Terminal=false
 Type=Application
 Icon=1password
 StartupWMClass=1Password
 Comment=Password manager and secure wallet
 MimeType=x-scheme-handler/onepassword;
 Categories=Office;
 EOF
 chmod +x ~/.config/autostart/1password.desktop
 echo "1Password autostart configured"

 # --- Networking and System Customization ---
 # Install Tailscale for secure networking
 curl -fsSL https://tailscale.com/install.sh | sh
 sudo tailscale up

 # Install and configure Starship prompt
 brew install starship
 echo 'eval "$(starship init zsh)"' >> ~/.zshrc

 # Install essential fonts including CJK support
 sudo apt install -y fonts-firacode fonts-noto fonts-noto-cjk-extra fonts-noto-extra fonts-noto-ui-core fonts-noto-ui-extra fonts-noto-unhinted

 # NOTE: The 'mainline' PPA for kernel management is specific to Ubuntu and has been removed.
 # For newer kernels on Debian, consider using the 'backports' repository or manual installation.

 # Update firmware
 sudo fwupdmgr refresh --force
 sudo fwupdmgr update -y

 # Install rEFInd boot manager
 sudo apt install refind -y

 # Configure rEFInd boot timeout
 echo "Configuring rEFInd timeout to 5 seconds..."
 if [ -f /boot/efi/EFI/refind/refind.conf ]; then
  CURRENT_TIMEOUT=$(grep -oP 'timeout \K[0-9]+' /boot/efi/EFI/refind/refind.conf || echo "not set")
  sudo sed -i 's/timeout [0-9]\+/timeout 5/' /boot/efi/EFI/refind/refind.conf
  echo "rEFInd timeout successfully changed from $CURRENT_TIMEOUT to 5 seconds"
 else
  echo "Warning: rEFInd configuration file not found at /boot/efi/EFI/refind/refind.conf"
 fi

 # Configure GRUB boot timeout
 echo "Configuring GRUB timeout to 5 seconds..."
 if [ -f /etc/default/grub ]; then
  sudo sed -i 's/GRUB_TIMEOUT=[0-9]*/GRUB_TIMEOUT=5/' /etc/default/grub
  sudo update-grub
  echo "GRUB timeout successfully set to 5 seconds"
 else
  echo "Warning: GRUB configuration file not found at /etc/default/grub"
 fi

 # --- GNOME Desktop Tweaks ---
 # Enable Emacs keybindings across GTK applications
 gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"

 # Enable Emacs daemon for better performance for the current user
 systemctl --user enable --now emacs

 # Configure Caps Lock as an additional Ctrl key
 echo "Setting Caps Lock to function as Ctrl..."
 current_options=$(gsettings get org.gnome.desktop.input-sources xkb-options)
 if [[ $current_options == "@as []" ]]; then
  gsettings set org.gnome.desktop.input-sources xkb-options "['ctrl:nocaps']"
 else
  # Avoid adding if already present
  if [[ $current_options != *"ctrl:nocaps"* ]]; then
    current_options=${current_options:5:-1}
    gsettings set org.gnome.desktop.input-sources xkb-options "[$current_options, 'ctrl:nocaps']"
  fi
 fi

 echo "--- Debian setup script finished ---"
 echo "Please reboot your system to apply all changes, especially for the new drivers and kernel modules."
	#!/bin/bash
	set -e
	set -o pipefail

	# --- System and Time Configuration ---
	# Set system timezone to Tokyo, Japan
	sudo timedatectl set-timezone Asia/Tokyo

	# Configure hardware clock to use UTC (recommended for Linux)
	sudo timedatectl set-local-rtc 0

	# Display current time and date settings
	timedatectl

	# Reference for dual-booting with Windows 11 (requires Windows to use UTC)
	# https://gist.github.com/HackingGate/180aafbc6342ad4b1cb31309fa83c91a

	# --- Core Package Installation ---
	# Update package lists and upgrade the system
	sudo apt update
	sudo apt upgrade -y

	# Install essential development tools, utilities, and Nvidia dependencies
	sudo apt install emacs-nox vim-nox neovim curl wget gh git build-essential zsh efibootmgr jq fastfetch htop dkms linux-headers-$(uname -r) firmware-misc-nonfree -y

	# --- Nvidia Driver Installation (Debian 13 "Trixie" Method) ---
	# Support for GeForce 700 series and newer GPUs (Version 550.163.01)
	# For older devices, consider Version 535.216.03 or nouveau

	# Configure APT sources to include contrib, non-free, and non-free-firmware for drivers
	echo "Adding contrib, non-free, and non-free-firmware components to sources..."
	sudo tee /etc/apt/sources.list.d/debian.sources > /dev/null <<'EOF'
	Types: deb deb-src
	URIs: http://deb.debian.org/debian
	Suites: trixie
	Components: main contrib non-free non-free-firmware
	Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

	Types: deb deb-src
	URIs: http://security.debian.org/debian-security
	Suites: trixie-security
	Components: main contrib non-free non-free-firmware
	Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
	EOF

	# Check if system uses dracut and configure it for nvidia
	if command -v dracut &> /dev/null; then
	echo "System uses dracut - configuring for NVIDIA..."
	sudo mkdir -p /etc/dracut.conf.d
	sudo tee /etc/dracut.conf.d/10-nvidia.conf > /dev/null <<'EOF'
	install_items+=" /etc/modprobe.d/nvidia-blacklists-nouveau.conf /etc/modprobe.d/nvidia.conf /etc/modprobe.d/nvidia-options.conf "
	EOF
	echo "Dracut configuration for NVIDIA created."
	fi

	# Update package lists
	echo "Updating package lists..."
	sudo apt update

	# Install linux-headers for current kernel (required for DKMS)
	echo "Installing linux headers for kernel $(uname -r)..."
	sudo apt install linux-headers-$(uname -r) -y

	# Install Nvidia proprietary drivers and DKMS
	sudo apt install nvidia-kernel-dkms nvidia-driver firmware-misc-nonfree -y

	# Verify DKMS build status
	echo "Checking DKMS build status..."
	sudo dkms status

	# Configure NVIDIA options for Wayland support and suspend/hibernate (if applicable)
	echo "Configuring NVIDIA options for Wayland and power management..."

	# Enable kernel modesetting for NVIDIA Wayland support
	echo "Enabling NVIDIA kernel modesetting for Wayland..."
	NVIDIA_GRUB_CONFIG="/etc/default/grub.d/nvidia-modeset.cfg"
	NVIDIA_CMDLINE='GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nvidia-drm.modeset=1 nvidia-drm.fbdev=1"'

	if [ ! -f "$NVIDIA_GRUB_CONFIG" ]; then
	sudo mkdir -p "$(dirname "$NVIDIA_GRUB_CONFIG")"
	echo "$NVIDIA_CMDLINE" \| sudo tee "$NVIDIA_GRUB_CONFIG" > /dev/null
	echo "Created NVIDIA modeset configuration in GRUB"
	elif ! grep -q "nvidia-drm.modeset=1" "$NVIDIA_GRUB_CONFIG"; then
	echo "$NVIDIA_CMDLINE" \| sudo tee "$NVIDIA_GRUB_CONFIG" > /dev/null
	echo "Updated NVIDIA modeset configuration in GRUB"
	else
	echo "NVIDIA modeset configuration already exists in GRUB"
	fi

	# Configure NVIDIA power management for suspend/hibernate support
	echo "Configuring NVIDIA power management..."
	NVIDIA_PM_CONFIG="/etc/modprobe.d/nvidia-power-management.conf"
	NVIDIA_PM_OPTION="options nvidia NVreg_PreserveVideoMemoryAllocations=1"

	if [ ! -f "$NVIDIA_PM_CONFIG" ]; then
	echo "$NVIDIA_PM_OPTION" \| sudo tee "$NVIDIA_PM_CONFIG" > /dev/null
	echo "Created NVIDIA power management configuration"
	elif ! grep -q "NVreg_PreserveVideoMemoryAllocations=1" "$NVIDIA_PM_CONFIG"; then
	# Remove any existing conflicting line and add the correct one
	sudo sed -i '/NVreg_PreserveVideoMemoryAllocations=/d' "$NVIDIA_PM_CONFIG"
	echo "$NVIDIA_PM_OPTION" \| sudo tee -a "$NVIDIA_PM_CONFIG" > /dev/null
	echo "Updated NVIDIA power management configuration"
	else
	echo "NVIDIA power management configuration already exists"
	fi

	# Install and enable NVIDIA suspend/hibernate services
	echo "Installing NVIDIA suspend/hibernate support..."
	sudo apt install nvidia-suspend-common -y

	# Enable NVIDIA power management services
	echo "Enabling NVIDIA power management services..."
	sudo systemctl enable nvidia-suspend.service 2>/dev/null \|\| echo "nvidia-suspend.service already enabled or not available"
	sudo systemctl enable nvidia-hibernate.service 2>/dev/null \|\| echo "nvidia-hibernate.service already enabled or not available"
	sudo systemctl enable nvidia-resume.service 2>/dev/null \|\| echo "nvidia-resume.service already enabled or not available"

	# Update GRUB configuration to apply kernel modesetting changes
	sudo update-grub

	# Update the initial ramdisk to include the new drivers
	if command -v dracut &> /dev/null; then
	echo "Updating dracut initrd..."
	sudo dracut --regenerate-all --force
	else
	echo "Updating initramfs..."
	sudo update-initramfs -u
	fi

	# Clean up any old, uninstalled Nvidia packages
	if dpkg -l \| grep -q '^rc.*nvidia'; then
	echo "Purging old Nvidia package configurations..."
	dpkg -l \| awk '/^rc/ && /nvidia/ { print $2 }' \| xargs sudo apt purge -y
	fi

	echo "NVIDIA driver installation complete."

	# --- Shell and Package Manager Setup ---
	# Install Oh My Zsh for a better terminal experience
	sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

	# Install Homebrew package manager for Linux
	/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
	echo >> ~/.zshrc
	echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.zshrc
	eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
	brew install gcc

	# Configure Flatpak for application management
	sudo apt install flatpak gnome-software-plugin-flatpak -y
	sudo flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
	sudo flatpak update

	# --- Desktop Application Installation ---
	# Install GNOME Extensions utility and Extension Manager
	sudo flatpak install flathub org.gnome.Extensions -y
	sudo flatpak install flathub com.mattjakeman.ExtensionManager -y

	# Replace Firefox ESR with the latest Flatpak version
	# Note: Snap is not installed by default on Debian, so 'snap remove' may be unnecessary.
	if command -v snap &> /dev/null; then sudo snap remove firefox; fi
	sudo apt purge firefox-esr -y
	sudo flatpak install flathub org.mozilla.firefox

	# Install Brave browser
	sudo apt install curl -y
	sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
	echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main"\|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
	sudo apt update
	sudo apt install brave-browser -y

	# Debloat Brave browser by disabling certain features via policy
	sudo mkdir -p /etc/brave/policies/managed/ && sudo chmod 755 /etc/brave/policies/managed/
	sudo tee /etc/brave/policies/managed/00_debloat.json > /dev/null << 'EOF'
	{
	"TorDisabled": true,
	"BraveRewardsDisabled": true,
	"BraveWalletDisabled": true,
	"BraveVPNDisabled": true,
	"BraveAIChatEnabled": false
	}
	EOF

	# Install Thunderbird email client
	sudo flatpak install flathub org.mozilla.Thunderbird

	# Set Flatpak Firefox as the default web browser
	xdg-settings set default-web-browser org.mozilla.firefox.desktop

	# Refresh snap packages if snapd is installed
	if command -v snap &> /dev/null; then sudo snap refresh; fi

	# --- User Environment and Tool Configuration ---
	# Configure Emacs as the default text editor
	sudo update-alternatives --set editor /usr/bin/emacs
	echo '
	# Set default editor to Emacs
	export EDITOR="/usr/bin/emacs"
	export VISUAL="/usr/bin/emacs"
	' >> ~/.zshrc

	# Install 1Password password manager and CLI
	# https://support.1password.com/install-linux/#debian-or-ubuntu
	curl -sS https://downloads.1password.com/linux/keys/1password.asc \| sudo gpg --dearmor --output /usr/share/keyrings/1password-archive-keyring.gpg
	echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/amd64 stable main' \| sudo tee /etc/apt/sources.list.d/1password.list
	sudo mkdir -p /etc/debsig/policies/AC2D62742012EA22/
	curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol \| sudo tee /etc/debsig/policies/AC2D62742012EA22/1password.pol
	sudo mkdir -p /usr/share/debsig/keyrings/AC2D62742012EA22
	curl -sS https://downloads.1password.com/linux/keys/1password.asc \| sudo gpg --dearmor --output /usr/share/debsig/keyrings/AC2D62742012EA22/debsig.gpg
	sudo apt update && sudo apt install 1password-cli 1password -y
	op --version

	# Setup SSH key from 1Password
	mkdir -p ~/.ssh
	# Sign in to 1Password CLI
	eval $(op signin)
	# Retrieve and install SSH key with specific fingerprint
	echo "Retrieving SSH key with fingerprint SHA256:dsPhhaQhifJccmUhI2ZZIoSnEOUIWYRbSe1TWZs2JuA"
	ITEM_ID="mijcwmynssrwh33ad3mknt77fy"
	op item get "$ITEM_ID" --format json \| jq -r '.fields[] \| select(.label == "private key") \| .value' > ~/.ssh/id_ed25519
	op item get "$ITEM_ID" --format json \| jq -r '.fields[] \| select(.label == "private key") \| .ssh_formats.openssh.value' > ~/.ssh/id_ed25519
	chmod 600 ~/.ssh/id_ed25519.pub
	# Set proper security permissions
	chmod 600 ~/.ssh/id_ed25519
	echo "SSH private and public keys saved to ~/.ssh/"
	eval "$(ssh-agent -s)"
	ssh-add ~/.ssh/id_ed25519

	# Setup git global configuration
	git config --global user.name "HackingGate"
	git config --global user.email "[email protected]"
	git config --global core.editor "emacs"
	git config --global init.defaultBranch main
	git config --global gpg.format ssh
	git config --global commit.gpgSign true
	git config --global user.signingkey ~/.ssh/id_ed25519.pub
	git config --global submodule.recurse true

	# Setup 1Password browser integration for Flatpak
	# https://gist.github.com/LinuxSBC/7c39374130d2d443871ddde64cba18a3 1password-flatpak-browser-integration.sh
	curl -L https://gist.githubusercontent.com/LinuxSBC/7c39374130d2d443871ddde64cba18a3/raw/1password-flatpak-browser-integration.sh -o 1password-flatpak-browser-integration.sh
	chmod +x 1password-flatpak-browser-integration.sh
	./1password-flatpak-browser-integration.sh

	# Auto start 1Password for GNOME Shell
	mkdir -p ~/.config/autostart
	cat > ~/.config/autostart/1password.desktop << 'EOF'
	[Desktop Entry]
	Name=1Password
	Exec=/usr/bin/1password --silent %U
	Terminal=false
	Type=Application
	Icon=1password
	StartupWMClass=1Password
	Comment=Password manager and secure wallet
	MimeType=x-scheme-handler/onepassword;
	Categories=Office;
	EOF
	chmod +x ~/.config/autostart/1password.desktop
	echo "1Password autostart configured"

	# --- Networking and System Customization ---
	# Install Tailscale for secure networking
	curl -fsSL https://tailscale.com/install.sh \| sh
	sudo tailscale up

	# Install and configure Starship prompt
	brew install starship
	echo 'eval "$(starship init zsh)"' >> ~/.zshrc

	# Install essential fonts including CJK support
	sudo apt install -y fonts-firacode fonts-noto fonts-noto-cjk-extra fonts-noto-extra fonts-noto-ui-core fonts-noto-ui-extra fonts-noto-unhinted

	# NOTE: The 'mainline' PPA for kernel management is specific to Ubuntu and has been removed.
	# For newer kernels on Debian, consider using the 'backports' repository or manual installation.

	# Update firmware
	sudo fwupdmgr refresh --force
	sudo fwupdmgr update -y

	# Install rEFInd boot manager
	sudo apt install refind -y

	# Configure rEFInd boot timeout
	echo "Configuring rEFInd timeout to 5 seconds..."
	if [ -f /boot/efi/EFI/refind/refind.conf ]; then
	CURRENT_TIMEOUT=$(grep -oP 'timeout \K[0-9]+' /boot/efi/EFI/refind/refind.conf \|\| echo "not set")
	sudo sed -i 's/timeout [0-9]\+/timeout 5/' /boot/efi/EFI/refind/refind.conf
	echo "rEFInd timeout successfully changed from $CURRENT_TIMEOUT to 5 seconds"
	else
	echo "Warning: rEFInd configuration file not found at /boot/efi/EFI/refind/refind.conf"
	fi

	# Configure GRUB boot timeout
	echo "Configuring GRUB timeout to 5 seconds..."
	if [ -f /etc/default/grub ]; then
	sudo sed -i 's/GRUB_TIMEOUT=[0-9]*/GRUB_TIMEOUT=5/' /etc/default/grub
	sudo update-grub
	echo "GRUB timeout successfully set to 5 seconds"
	else
	echo "Warning: GRUB configuration file not found at /etc/default/grub"
	fi

	# --- GNOME Desktop Tweaks ---
	# Enable Emacs keybindings across GTK applications
	gsettings set org.gnome.desktop.interface gtk-key-theme "Emacs"

	# Enable Emacs daemon for better performance for the current user
	systemctl --user enable --now emacs

	# Configure Caps Lock as an additional Ctrl key
	echo "Setting Caps Lock to function as Ctrl..."
	current_options=$(gsettings get org.gnome.desktop.input-sources xkb-options)
	if [[ $current_options == "@as []" ]]; then
	gsettings set org.gnome.desktop.input-sources xkb-options "['ctrl:nocaps']"
	else
	# Avoid adding if already present
	if [[ $current_options != "ctrl:nocaps" ]]; then
	current_options=${current_options:5:-1}
	gsettings set org.gnome.desktop.input-sources xkb-options "[$current_options, 'ctrl:nocaps']"
	fi
	fi

	echo "--- Debian setup script finished ---"
	echo "Please reboot your system to apply all changes, especially for the new drivers and kernel modules."
No results found