Add bootstrap.ps1

1 files changed, 511 insertions, 0 deletions

diff --git a/documents/powershell/bootstrap.ps1 b/documents/powershell/bootstrap.ps1
new file mode 100644
index 0000000..4ae88e6
--- /dev/null
+++ b/documents/powershell/bootstrap.ps1
@@ -0,0 +1,511 @@
+# Requires -RunAsAdministrator
+
+# Variables
+#$newUsername = "srdusr"
+$dotfiles_url = 'https://github.com/srdusr/dotfiles.git'
+$dotfiles_dir = "$HOME\.cfg"
+$oldUsername = $env:USERNAME
+
+# Function to handle errors
+function handle_error {
+    param ($message)
+    Write-Host $message -ForegroundColor Red
+    exit 1
+}
+
+# Function to check if the current session is elevated
+function Test-IsAdmin {
+    $currentUser = [Security.Principal.WindowsIdentity]::GetCurrent()
+    $principal = New-Object Security.Principal.WindowsPrincipal($currentUser)
+    return $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
+}
+
+# Ensure the script is run as administrator
+if (-not (Test-IsAdmin)) {
+    handle_error "This script must be run as an administrator."
+}
+
+$bloatware = @(
+    #"Anytime"
+    "BioEnrollment"
+    #"Browser"
+    "ContactSupport"
+    "Cortana"
+    #"Defender"
+    "Feedback"
+    "Flash"
+    #"Gaming"	# Breaks Xbox Live Account Login
+    #"Holo"
+    #"InternetExplorer"
+    "Maps"
+    #"MiracastView"
+    "OneDrive"
+    #"SecHealthUI"
+    "Wallet"
+    #"Xbox"     # Causes a bootloop since upgrade 1511?
+)
+
+# Helper functions ------------------------
+function force-mkdir($path) {
+    if (!(Test-Path $path)) {
+        #Write-Host "-- Creating full path to: " $path -ForegroundColor White -BackgroundColor DarkGreen
+        New-Item -ItemType Directory -Force -Path $path
+    }
+}
+
+function Takeown-Registry($key) {
+    # TODO does not work for all root keys yet
+    switch ($key.split('\')[0]) {
+        "HKEY_CLASSES_ROOT" {
+            $reg = [Microsoft.Win32.Registry]::ClassesRoot
+            $key = $key.substring(18)
+        }
+        "HKEY_CURRENT_USER" {
+            $reg = [Microsoft.Win32.Registry]::CurrentUser
+            $key = $key.substring(18)
+        }
+        "HKEY_LOCAL_MACHINE" {
+            $reg = [Microsoft.Win32.Registry]::LocalMachine
+            $key = $key.substring(19)
+        }
+    }
+
+    # get administraor group
+    $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
+    $admins = $admins.Translate([System.Security.Principal.NTAccount])
+
+    # set owner
+    $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
+    $acl = $key.GetAccessControl()
+    $acl.SetOwner($admins)
+    $key.SetAccessControl($acl)
+
+    # set FullControl
+    $acl = $key.GetAccessControl()
+    $rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow")
+    $acl.SetAccessRule($rule)
+    $key.SetAccessControl($acl)
+}
+
+function Takeown-File($path) {
+    takeown.exe /A /F $path
+    $acl = Get-Acl $path
+
+    # get administraor group
+    $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
+    $admins = $admins.Translate([System.Security.Principal.NTAccount])
+
+    # add NT Authority\SYSTEM
+    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow")
+    $acl.AddAccessRule($rule)
+
+    Set-Acl -Path $path -AclObject $acl
+}
+
+function Takeown-Folder($path) {
+    Takeown-File $path
+    foreach ($item in Get-ChildItem $path) {
+        if (Test-Path $item -PathType Container) {
+            Takeown-Folder $item.FullName
+        }
+        else {
+            Takeown-File $item.FullName
+        }
+    }
+}
+
+function Elevate-Privileges {
+    param($Privilege)
+    $Definition = @"
+    using System;
+    using System.Runtime.InteropServices;
+
+    public class AdjPriv {
+        [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
+            internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
+
+        [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
+            internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
+
+        [DllImport("advapi32.dll", SetLastError = true)]
+            internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
+
+        [StructLayout(LayoutKind.Sequential, Pack = 1)]
+            internal struct TokPriv1Luid {
+                public int Count;
+                public long Luid;
+                public int Attr;
+            }
+
+        internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
+        internal const int TOKEN_QUERY = 0x00000008;
+        internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
+
+        public static bool EnablePrivilege(long processHandle, string privilege) {
+            bool retVal;
+            TokPriv1Luid tp;
+            IntPtr hproc = new IntPtr(processHandle);
+            IntPtr htok = IntPtr.Zero;
+            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
+            tp.Count = 1;
+            tp.Luid = 0;
+            tp.Attr = SE_PRIVILEGE_ENABLED;
+            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
+            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
+            return retVal;
+        }
+    }
+"@
+    $ProcessHandle = (Get-Process -id $pid).Handle
+    $type = Add-Type $definition -PassThru
+    $type[0]::EnablePrivilege($processHandle, $Privilege)
+}
+
+# Elevate so I can run everything ------------------------
+Write-Output "Elevating priviledges for this process"
+do { } until (Elevate-Privileges SeTakeOwnershipPrivilege)
+
+# Remove Features ------------------------
+foreach ($bloat in $bloatware) {
+   Write-Output "Removing packages containing $bloat"
+   $pkgs = (Get-ChildItem "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages" |
+       Where-Object Name -Like "*$bloat*")
+
+   foreach ($pkg in $pkgs) {
+       $pkgname = $pkg.Name.split('\')[-1]
+       Takeown-Registry($pkg.Name)
+       Takeown-Registry($pkg.Name + "\Owners")
+       Set-ItemProperty -Path ("HKLM:" + $pkg.Name.Substring(18)) -Name Visibility -Value 1
+       New-ItemProperty -Path ("HKLM:" + $pkg.Name.Substring(18)) -Name DefVis -PropertyType DWord -Value 2
+       Remove-Item      -Path ("HKLM:" + $pkg.Name.Substring(18) + "\Owners")
+       dism.exe /Online /Remove-Package /PackageName:$pkgname /NoRestart
+   }
+}
+
+
+# Remove default apps and bloat ------------------------
+Write-Output "Uninstalling default apps"
+foreach ($app in $apps) {
+   Write-Output "Trying to remove $app"
+   Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage -AllUsers
+   Get-AppXProvisionedPackage -Online |
+   Where-Object DisplayName -EQ $app |
+   Remove-AppxProvisionedPackage -Online
+}
+
+# Prevents "Suggested Applications" returning
+force-mkdir "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content"
+Set-ItemProperty "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Cloud Content" "DisableWindowsConsumerFeatures" 1
+
+# Kill OneDrive with fire ------------------------
+Write-Output "Kill OneDrive process"
+taskkill.exe /F /IM "OneDrive.exe"
+taskkill.exe /F /IM "explorer.exe"
+
+Write-Output "Remove OneDrive"
+if (Test-Path "$env:systemroot\System32\OneDriveSetup.exe") {
+    & "$env:systemroot\System32\OneDriveSetup.exe" /uninstall
+}
+if (Test-Path "$env:systemroot\SysWOW64\OneDriveSetup.exe") {
+    & "$env:systemroot\SysWOW64\OneDriveSetup.exe" /uninstall
+}
+
+Write-Output "Removing OneDrive leftovers"
+Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:localappdata\Microsoft\OneDrive"
+Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:programdata\Microsoft OneDrive"
+Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:systemdrive\OneDriveTemp"
+# check if directory is empty before removing:
+If ((Get-ChildItem "$env:userprofile\OneDrive" -Recurse | Measure-Object).Count -eq 0) {
+    Remove-Item -Recurse -Force -ErrorAction SilentlyContinue "$env:userprofile\OneDrive"
+}
+
+Write-Output "Disable OneDrive via Group Policies"
+force-mkdir "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive"
+Set-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\OneDrive" "DisableFileSyncNGSC" 1
+
+Write-Output "Remove Onedrive from explorer sidebar"
+New-PSDrive -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" -Name "HKCR"
+force-mkdir "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
+Set-ItemProperty "HKCR:\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
+force-mkdir "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}"
+Set-ItemProperty "HKCR:\Wow6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" "System.IsPinnedToNameSpaceTree" 0
+Remove-PSDrive "HKCR"
+
+# Thank you Matthew Israelsson
+Write-Output "Removing run hook for new users"
+reg load "hku\Default" "C:\Users\Default\NTUSER.DAT"
+reg delete "HKEY_USERS\Default\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "OneDriveSetup" /f
+reg unload "hku\Default"
+
+Write-Output "Removing startmenu entry"
+Remove-Item -Force -ErrorAction SilentlyContinue "$env:userprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"
+
+Write-Output "Removing scheduled task"
+Get-ScheduledTask -TaskPath '\' -TaskName 'OneDrive*' -ea SilentlyContinue | Unregister-ScheduledTask -Confirm:$false
+
+Write-Output "Restarting explorer"
+Start-Process "explorer.exe"
+
+Write-Output "Waiting for explorer to complete loading"
+Start-Sleep 10
+
+Write-Output "Removing additional OneDrive leftovers"
+foreach ($item in (Get-ChildItem "$env:WinDir\WinSxS\*onedrive*")) {
+    Takeown-Folder $item.FullName
+    Remove-Item -Recurse -Force $item.FullName
+}
+
+# As a last step, disable UAC ------------------------
+#New-ItemProperty -Path HKLM:Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -PropertyType DWord -Value 0 -Force
+
+
+# Remove OneDrive directory
+Write-Host "Removing OneDrive directory"
+cd $HOME
+rm OneDrive -r -force
+
+ Configure PowerShell
+Write-Host "Configuring PowerShell"
+Write-Host "----------------------------------------"
+
+# Get the "MyDocuments" path for the current user, excluding OneDrive
+$UserMyDocumentsPath = [System.Environment]::GetFolderPath('MyDocuments').Replace("OneDrive", "") + "\Documents"
+
+$PowerShellProfileDirectory = "$UserMyDocumentsPath\PowerShell"
+$PowerShellLegacySymlink = "$UserMyDocumentsPath\WindowsPowerShell"
+
+$PowerShellProfileTemplate = "$PSScriptRoot\$USERNAME\Documents\PowerShell\Microsoft.PowerShell_profile.ps1"
+$env:PSModulePath = $env:PSModulePath -replace "\\OneDrive\\Documents\\WindowsPowerShell\\","\.powershell\"
+
+# Set documents path to user's local Documents folder
+$documentsPath = "$UserMyDocumentsPath"
+$powerShellProfileDir = "$documentsPath\PowerShell"
+
+# Output the chosen PowerShell profile directory
+$PROFILE = "$powerShellProfileDir\Microsoft.PowerShell_profile.ps1"
+Write-Host "PowerShell profile directory set to: $powerShellProfileDir"
+
+if (-not (Test-Path -Path $powerShellProfileDir)) {
+    New-Item -ItemType Directory -Path $powerShellProfileDir -Force
+}
+
+New-Item -ItemType HardLink -Force `
+    -Path "$powerShellProfileDir\Microsoft.PowerShell_profile.ps1" `
+    -Target "$home\.config\powershell\Microsoft.PowerShell_profile.ps1"
+
+# Set environment variable
+[System.Environment]::SetEnvironmentVariable('PowerShellProfileDir', $powerShellProfileDir, [System.EnvironmentVariableTarget]::User)
+
+Write-Host "PowerShell profile directory set to: $powerShellProfileDir"
+Write-Host "Environment variable 'PowerShellProfileDir' set to: $powerShellProfileDir"
+
+# Verify profile sourcing
+if (!(Test-Path -Path "$home\.config\powershell\Microsoft.PowerShell_profile.ps1")) {
+    handle_error "PowerShell profile does not exist. Please create it at $home\.config\powershell\Microsoft.PowerShell_profile.ps1"
+}
+
+# Define the `config` alias in the current session
+function global:config {
+    git --git-dir="$env:USERPROFILE\.cfg" --work-tree="$env:USERPROFILE" $args
+}
+
+# Add .gitignore entries
+Add-Content -Path "$HOME\.gitignore" -Value ".cfg"
+Add-Content -Path "$HOME\.gitignore" -Value "install.bat"
+Add-Content -Path "$HOME\.gitignore" -Value ".config/powershell/bootstrap.ps1"
+
+## Check if the profile exists, otherwise create it
+#if (!(Test-Path -Path $PROFILE)) {
+#    New-Item -Type File -Path $PROFILE -Force
+#}
+#Add-Content -Path $PROFILE -Value "`nfunction config { git --git-dir=`$env:USERPROFILE/.cfg/ --work-tree=`$env:USERPROFILE @args }"
+#Add-Content -Path $PROFILE -Value "`n. $PROFILE"
+
+# Source the profile immediately to make the alias available
+
+#echo '. "$HOME\Documents\PowerShell\Microsoft.PowerShell_profile.ps1"' >> $PROFILE
+
+# Function to install dotfiles
+function install_dotfiles {
+    if (Test-Path -Path $dotfiles_dir) {
+        config pull | Out-Null
+        $update = $true
+    } else {
+        git clone --bare $dotfiles_url $dotfiles_dir | Out-Null
+        $update = $false
+    }
+
+    $std_err_output = config checkout 2>&1
+
+    if ($std_err_output -match "following untracked working tree files would be overwritten") {
+        if (-not $update) {
+            config checkout | Out-Null
+        }
+    }
+    config config status.showUntrackedFiles no
+
+    git config --global include.path "$HOME\.gitconfig.aliases"
+
+    if ($update -or (Read-Host "Do you want to overwrite existing files and continue with the dotfiles setup? [Y/n]" -eq "Y")) {
+        config fetch origin main:main | Out-Null
+        config reset --hard main | Out-Null
+        config checkout -f
+        if ($?) {
+            Write-Host "Successfully imported $dotfiles_dir."
+        } else {
+            handle_error "Mission failed."
+        }
+    } else {
+        handle_error "Aborted by user. Exiting..."
+    }
+}
+
+install_dotfiles
+
+#. $PROFILE
+
+# Install Chocolatey if not installed
+Write-Host "Installing Chocolatey"
+Write-Host "----------------------------------------"
+
+Set-ExecutionPolicy Bypass -Scope Process -Force
+
+if (-not (Get-Command choco -ErrorAction SilentlyContinue)) {
+    [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
+    Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
+
+    # Check if Chocolatey installed successfully
+    if (-not (Get-Command choco -ErrorAction SilentlyContinue)) {
+        handle_error "Chocolatey installation failed."
+    }
+} else {
+    Write-Host "Chocolatey is already installed."
+}
+
+# Install Applications
+Write-Host "Installing Applications"
+Write-Host "----------------------------------------"
+
+# Define the list of applications to install
+$apps = @("ripgrep", "fd", "sudo", "win32yank", "neovim", "microsoft-windows-terminal")
+
+foreach ($app in $apps) {
+    # Check if the application is already installed
+    if (-not (choco list --local-only | Select-String -Pattern "^$app\s")) {
+        Write-Host "Installing $app"
+        choco install $app -y
+
+        if ($LASTEXITCODE -ne 0) {
+            handle_error "Installation of $app failed."
+        } else {
+            Write-Host "$app installed successfully."
+        }
+    } else {
+        Write-Host "$app is already installed."
+    }
+}
+
+## WSL
+#Write-Host "Configuring WSL"
+#wsl --install -d Ubuntu
+
+## Function to install SSH
+#function install_ssh {
+#    Write-Host "Setting Up SSH"
+#    Start-Service ssh-agent
+#    Start-Service sshd
+#    Set-Service -Name ssh-agent -StartupType 'Automatic'
+#    Set-Service -Name sshd -StartupType 'Automatic'
+#
+#    # Generate SSH key if not exists
+#    if (-not (Test-Path -Path "$env:USERPROFILE\.ssh\id_rsa.pub")) {
+#        ssh-keygen -t rsa -b 4096 -C "$env:USERNAME@$(hostname)" -f "$env:USERPROFILE\.ssh\id_rsa" -N ""
+#    }
+#
+#    # Start ssh-agent and add key
+#    eval $(ssh-agent -s)
+#    ssh-add "$env:USERPROFILE\.ssh\id_rsa"
+#
+#    # Display the SSH key
+#    $sshKey = Get-Content "$env:USERPROFILE\.ssh\id_rsa.pub"
+#    Write-Host "Add the following SSH key to your GitHub account:"
+#    Write-Host $sshKey
+#}
+#
+#install_ssh
+
+# Configure Neovim
+Write-Host "Configuring Neovim"
+Write-Host "----------------------------------------"
+
+$neovimLocalPath = "$home\AppData\Local\nvim"
+$neovimConfigPath = "$home\.config\nvim"
+
+# Check if nvim directory already exists in AppData\Local
+if (-not (Test-Path -Path $neovimLocalPath)) {
+    New-Item -ItemType Junction -Force -Path $neovimLocalPath -Target $neovimConfigPath
+} else {
+    Write-Host "Neovim directory ($neovimLocalPath) already exists."
+}
+
+# Install Windows Terminal, and configure
+Write-Host "Install Windows Terminal, and configure"
+Write-Host "----------------------------------------"
+
+$windowsTerminalSettingsPath = "$home\AppData\Local\Packages\Microsoft.WindowsTerminal_8wekyb3d8bbwe\LocalState\settings.json"
+$windowsTerminalConfigPath = "$home\.config\windows-terminal\settings.json"
+
+# Check if Windows Terminal settings.json already exists
+if (Test-Path -Path $windowsTerminalSettingsPath) {
+    # Backup existing settings.json
+    Move-Item -Force $windowsTerminalSettingsPath "$windowsTerminalSettingsPath.old"
+} else {
+    Write-Host "Windows Terminal settings.json not found."
+}
+
+# Create a hard link to the settings.json file in .config\windows-terminal
+New-Item -ItemType HardLink -Force -Path $windowsTerminalSettingsPath -Target $windowsTerminalConfigPath
+
+
+# Registry Tweaks
+Write-Host "Registry Tweaks"
+Write-Host "----------------------------------------"
+
+# Show hidden files
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name Hidden -Value 1
+
+# Show file extensions for known file types
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name HideFileExt -Value 0
+
+# Never Combine taskbar buttons when the taskbar is full
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name TaskbarGlomLevel -Value 2
+
+# Taskbar small icons
+Set-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name TaskbarSmallIcons -Value 1
+
+# Set Windows to use UTC time instead of local time for system clock
+Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation" -Name RealTimeIsUniversal -Value 1
+
+## Function to disable the Windows key
+#function Disable-WindowsKey {
+#    $scancodeMap = @(
+#        0x00000000, 0x00000000, 0x00000003, 0xE05B0000, 0xE05C0000, 0x00000000
+#    )
+#
+#    $binaryValue = New-Object byte[] ($scancodeMap.Length * 4)
+#    [System.Buffer]::BlockCopy($scancodeMap, 0, $binaryValue, 0, $binaryValue.Length)
+#
+#    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Keyboard Layout" -Name "Scancode Map" -Value $binaryValue
+#
+#    Write-Output "Windows key has been disabled. Please restart your computer for the changes to take effect."
+#}
+#
+## Check if running as Administrator and call the function
+#if (Test-IsAdmin) {
+#    Disable-WindowsKey
+#} else {
+#    Write-Output "You need to run this script as Administrator to disable the Windows key."
+#}
+# Restart to apply changes
+#Write-Host "Restarting system to apply changes..."
+#Restart-Computer -Force