From 63309d8f51db63bc7e48d8cd47c7840d350d7a86 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 13:06:39 +0100 Subject: [PATCH 1/9] add packages and dir --- directories.txt | 1 + packages.txt | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/directories.txt b/directories.txt index 29b358e..0fbc620 100644 --- a/directories.txt +++ b/directories.txt @@ -2,6 +2,7 @@ .config/zsh/configs .config/X11/xsession.d .local/state +.local/log .local/share/applications .local/share/gnupg .local/bin/cron diff --git a/packages.txt b/packages.txt index 9172c9a..b892a42 100644 --- a/packages.txt +++ b/packages.txt @@ -67,3 +67,9 @@ gnome-keyring gnupg2-scdaemon yubikey-manager mediainfo +ranger +brave-bin +ueberzug +seahorse +tokyonight-theme +tokyonight-icons From 7c4746468addf1c761b9300858ef600f48f24771 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 13:29:39 +0100 Subject: [PATCH 2/9] add repokey for custom repo --- bootstrap.sh | 8 ++++---- ...6:90:1e:ca:60:a2:18:8d:ca:1d:79:9c:d8:a7:59.plist | 12 ++++++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 files/var/db/xbps/keys/65:c6:90:1e:ca:60:a2:18:8d:ca:1d:79:9c:d8:a7:59.plist diff --git a/bootstrap.sh b/bootstrap.sh index 4756631..71ff810 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -70,7 +70,7 @@ check_root() { setup() { tput sc info "Synchronizing XBPS index..." - xbps-install -Sy >/dev/null 2>&1 || error "Failed to synchronize XBPS index!" + xbps-install -S >/dev/null 2>&1 || error "Failed to synchronize XBPS index! (Try manually running xbps-install -S)" tput rc tput el @@ -224,15 +224,15 @@ finalize() { check_root +emphasize "-- Copying Files --" +install_files + emphasize "-- Preparing Installation --" setup emphasize "-- Installing Packages --" install_packages "${SCRIPT_DIR}/packages.txt" -emphasize "-- Copying Files --" -install_files - emphasize "-- Creating User Account --" create_user diff --git a/files/var/db/xbps/keys/65:c6:90:1e:ca:60:a2:18:8d:ca:1d:79:9c:d8:a7:59.plist b/files/var/db/xbps/keys/65:c6:90:1e:ca:60:a2:18:8d:ca:1d:79:9c:d8:a7:59.plist new file mode 100644 index 0000000..f08673e --- /dev/null +++ b/files/var/db/xbps/keys/65:c6:90:1e:ca:60:a2:18:8d:ca:1d:79:9c:d8:a7:59.plist @@ -0,0 +1,12 @@ + + + + + public-key + LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF0QmkxSjJOTC83MXEzZ2ZCK3VKcAo3WUNnazRtcEJLMFVyM2VHNzd4Sjk0R3pseW0yZ1ZnZXN3bkRTWENIMm94a3FJM3A3a0E1UHpwZkV5K2RIRlgwCi9PTmdPRlBSaEtNemRBR3dVNy9sZk9VUUNad0pIc1d0c2p4VmZCY0E1d0FvWTk0Szh3RldDak5DOU1zSVc2TVMKbGNQNGdYTzdZczRSVUNuUXVyVFBXVkpJNEYxSWxheXg5KzVKTFJBdVlMeHFFOVBwTmVIUHVmRVZJb0YzV1BxdQpQYzFZTDdvbXpUOUpYWC82RTZVQ3A1bVo2em5jRDlEZ29TZFNUTVFCbjF3RWpFOVNKcktKdFBRczRKU1J2dDQyClNKL05ZTkFScmFIT01XMDZ3RzZuQkNYM212M0ZXdFp1ZWxBSTZQOGtnZmNKWTBjbWJFb3hzSEpJT2JGajRNMWMKYS9tTG1xcTBqc2UxYitxdzQ4WlJZZnh1bmt2YjQ4dCtoTE8veUNXRXAvN0hFaGxrcTdncUtNZ1E0WmF0L1JmNwplVUY0ZHc0cUl6MHZ1cTVpTTJQZTdEd2U4N09yUGRzcE8zZGhucWUvZGRYYTdxakdpaS9KTjN5OXE4dmFmbGw4CnB4aUFLakFRb3k2WStjU21HOUpTRyt3NHdLNFhXTWFmQWMxcVczRmFhbE5sUzdRRzFLS2cxeHhzU1lUVkJWT2EKZUQ1dnFiZ2RGeCtSLzhubEtnbXJROGJqMkFNWkFRT2VwRDNFRUNFM1FsanhVejVqc3ppZ0tsS3hNVlBwR2tmYQpNWjExbmlVR0ZwL2pmUS8rTlhhT21sSnJkVmpxZTlwSk1HdkdhZVBZc1huY3pTaU04YTU4RUU0RDIwY3ZmRmU4CmhpOVlKT3lGQ0NSYlFiSmdoUzZxRENrQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo= + public-key-size + 4096 + signature-by + luca <luca@snaile.de> + + From 543072e9e0e06b92013047e1923b7b6a21208f05 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 13:31:33 +0100 Subject: [PATCH 3/9] autounlock gnome-keyring on start --- files/etc/pam.d/login | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 files/etc/pam.d/login diff --git a/files/etc/pam.d/login b/files/etc/pam.d/login new file mode 100644 index 0000000..aaa56c2 --- /dev/null +++ b/files/etc/pam.d/login @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth requisite pam_nologin.so +auth optional pam_gnome_keyring.so +auth include system-local-login +account include system-local-login +session include system-local-login +session optional pam_gnome_keyring.so auto_start From 706e845456a691a34b7bd26a1344f37f3d9dad11 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 14:59:15 +0100 Subject: [PATCH 4/9] optimizations (mostly for consecutive runs) --- bootstrap.sh | 62 +++++++++++++++++++++++++--------------------------- validate.sh | 20 +++++++++++++++++ 2 files changed, 50 insertions(+), 32 deletions(-) create mode 100755 validate.sh diff --git a/bootstrap.sh b/bootstrap.sh index 71ff810..b5d921e 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -21,8 +21,7 @@ error() { prompt() { message=$1 - tty=$2 - printf "%b" "${BLUE}${message}${RESET}" >"$tty" + printf "%b" "${BLUE}${message}${RESET}" >"$(tty)" # shellcheck disable=SC3037,SC2046 read -r x echo "$x" @@ -70,36 +69,29 @@ check_root() { setup() { tput sc info "Synchronizing XBPS index..." - xbps-install -S >/dev/null 2>&1 || error "Failed to synchronize XBPS index! (Try manually running xbps-install -S)" + xbps-install -S >/dev/null 2>&1 || error "Failed to synchronize XBPS index! (Try manually running xbps-install -S)" tput rc tput el - info "Installing ntp..." - xbps-install -y ntp >/dev/null 2>&1 - tput rc - tput el + if ! xbps-query ntp >/dev/null 2>&1; then + info "Installing ntp..." + xbps-install -y ntp >/dev/null 2>&1 + tput rc + tput el - info "Synchronizing time..." - ntpdate "pool.ntp.org" >/dev/null 2>&1 || warn "Failed to synchronize time!" - tput rc - tput el + info "Synchronizing time..." + ntpdate "pool.ntp.org" >/dev/null 2>&1 || warn "Failed to synchronize time!" + tput rc + tput el + fi info "Done!" } install_packages() { - failed_packages="" - #shellcheck disable=SC2016 - _loop_wrapper "$1" \ - 'Installing ${x}' \ - 'xbps-install -y "$x" >/dev/null 2>&1 || failed_packages="${failed_packages} ${x}"' - if [ -n "$failed_packages" ]; then - tput rc - tput el - warn "Failed to install:${failed_packages}" - else - info "Done!" - fi + #shellcheck disable=SC2016,SC2046 + xbps-install $(xargs -a "$1") 2>&1 | grep -q "not found in repository pool." && error "Invalid package in packages.txt, run validate.sh" + info "Done!" command -v git 1>/dev/null 2>&1 || error "git isn't installed even though it should be!" command -v stow 1>/dev/null 2>&1 || error "stow isn't installed even though it should be!" } @@ -116,16 +108,17 @@ create_user() { tput sc failed=false - while ! echo "$username" | grep -q "[a-z_][a-z0-9_-]*$"; do + while ! echo "$username" | grep "^[a-z_][a-z0-9_-]*$" | grep -qv "root"; do $failed && warn "Invalid username, try again!" - username=$(prompt "Input Username: " "$(tty)") + username=$(prompt "Input Username: ") failed=true tput rc tput el done if id -u "$username" >/dev/null 2>&1; then - warn "User \"$username\" already exists! Skipping user creation!" + warn "User \"$username\" already exists, Skipping user creation!" + usermod -aG "$USER_GROUPS" "$username" else info "Creating user \"$username\" with the following groups: \"$USER_GROUPS\"..." useradd -m -G "$USER_GROUPS" "$username" @@ -134,10 +127,10 @@ create_user() { $failed && warn "Passwords do not match or are empty, try again!" tput rc tput el - pass1=$(prompt "Input Password: " "$(tty)") + pass1=$(prompt "Input Password: ") tput rc tput el - pass2=$(prompt "Repeat Password: " "$(tty)") + pass2=$(prompt "Repeat Password: ") tput rc tput el failed=true @@ -190,8 +183,8 @@ install_dotfiles() { } select_keymap() { + [ -L "${user_home}/.local/share/xkb/compiled/default" ] && return map="$(find "${user_home}/.local/share/xkb/compiled" -type f -printf "%f\n" | fzf --header="Select a default keymap:")" - rm "${user_home}/.local/share/xkb/compiled/default" ln -s "$map" "${user_home}/.local/share/xkb/compiled/default" } @@ -199,7 +192,7 @@ enable_services() { tput sc info "Installing user service service..." target="/etc/sv/runsvdir-${username}" - mkdir -p "$(dirname "$target")" + mkdir -p "$target" sed "s//$username/" "${SCRIPT_DIR}/runsvdir-user" >"$target/run" [ ! -L "/var/service/$(basename "$target")" ] && ln -s "$target" "/var/service/" @@ -233,8 +226,13 @@ setup emphasize "-- Installing Packages --" install_packages "${SCRIPT_DIR}/packages.txt" -emphasize "-- Creating User Account --" -create_user +username="$SUDO_USER" +if [ -z "$username" ]; then + emphasize "-- Creating User Account --" + create_user +else + user_home=$(getent passwd "$username" | cut -d ':' -f 6) +fi emphasize "-- Creating Standard Home Directories --" create_directories "${SCRIPT_DIR}/directories.txt" diff --git a/validate.sh b/validate.sh new file mode 100755 index 0000000..c5e85cf --- /dev/null +++ b/validate.sh @@ -0,0 +1,20 @@ +#!/bin/sh +info() { + printf "%b\n" "${1}" +} + +SCRIPT_DIR="$(dirname "$(readlink -f "$0")")" +skip_regex="^(#.*)?$" + +total=$(grep -cvP "$skip_regex" "${SCRIPT_DIR}/packages.txt") +tput sc +while read -r package; do + echo "$package" | grep -qvP "$skip_regex" || continue + n=$((n + 1)) + eval "info \"(${n}/${total}) Validating $package\"" + xbps-query -R "$package" >/dev/null 2>&1 || failed_packages="${failed_packages} ${package}" + tput rc + tput el +done <"${SCRIPT_DIR}/packages.txt" + +echo "Failed packages:${failed_packages}" From 14c99cdaed4ce235ddc33d3b70a8387d22e118dd Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 16:00:48 +0100 Subject: [PATCH 5/9] pamd fixes --- files/etc/pam.d/login | 2 +- files/etc/pam.d/passwd | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 files/etc/pam.d/passwd diff --git a/files/etc/pam.d/login b/files/etc/pam.d/login index aaa56c2..3bcc0cb 100644 --- a/files/etc/pam.d/login +++ b/files/etc/pam.d/login @@ -2,8 +2,8 @@ auth required pam_securetty.so auth requisite pam_nologin.so -auth optional pam_gnome_keyring.so auth include system-local-login +auth optional pam_gnome_keyring.so account include system-local-login session include system-local-login session optional pam_gnome_keyring.so auto_start diff --git a/files/etc/pam.d/passwd b/files/etc/pam.d/passwd new file mode 100644 index 0000000..01b456b --- /dev/null +++ b/files/etc/pam.d/passwd @@ -0,0 +1,2 @@ +password required pam_unix.so sha512 shadow nullok +password optional pam_gnome_keyring.so From f97ae50e0b4c1df619b47a7d7a13630c75c46f2f Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 16:00:58 +0100 Subject: [PATCH 6/9] change groups, remove tldr package --- bootstrap.sh | 2 +- packages.txt | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/bootstrap.sh b/bootstrap.sh index b5d921e..0ee3f5b 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -4,7 +4,7 @@ DOTS_BRANCH="main" STOW_DIR=".local/share/stow" DOTS_PACKAGE="dots" -USER_GROUPS="wheel,plugdev" # Comma separated list +USER_GROUPS="wheel,floppy,audio,video,cdrom,optical,kvm,xbuilder,plugdev" # Comma separated list SCRIPT_DIR="$(dirname "$(readlink -f "$0")")" BOLD="$(tput bold)" diff --git a/packages.txt b/packages.txt index b892a42..daa6044 100644 --- a/packages.txt +++ b/packages.txt @@ -10,7 +10,6 @@ nsxiv xwallpaper ffmpeg man-db -tldr pipewire wireplumber pulsemixer From 159f900f4ec6a9ca3d5b32e813bdbd1c302627f7 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 16:02:22 +0100 Subject: [PATCH 7/9] fix freeze --- bootstrap.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bootstrap.sh b/bootstrap.sh index 0ee3f5b..a4495a2 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -90,7 +90,7 @@ setup() { install_packages() { #shellcheck disable=SC2016,SC2046 - xbps-install $(xargs -a "$1") 2>&1 | grep -q "not found in repository pool." && error "Invalid package in packages.txt, run validate.sh" + xbps-install -y $(xargs -a "$1") 2>&1 | grep -q "not found in repository pool." && error "Invalid package in packages.txt, run validate.sh" info "Done!" command -v git 1>/dev/null 2>&1 || error "git isn't installed even though it should be!" command -v stow 1>/dev/null 2>&1 || error "stow isn't installed even though it should be!" From 79d02eed11c3b5789319b373218edc335e6bef39 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Sat, 13 Jan 2024 16:22:42 +0100 Subject: [PATCH 8/9] add polkit package --- packages.txt | 1 + services.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/packages.txt b/packages.txt index daa6044..524cc74 100644 --- a/packages.txt +++ b/packages.txt @@ -72,3 +72,4 @@ ueberzug seahorse tokyonight-theme tokyonight-icons +polkit diff --git a/services.txt b/services.txt index 1354ad0..b070455 100644 --- a/services.txt +++ b/services.txt @@ -5,3 +5,4 @@ elogind crond bluetoothd pcscd +polkitd From edb78346e82954b649b07864b7b754c9e7d4b733 Mon Sep 17 00:00:00 2001 From: Luca Bilke Date: Mon, 15 Jan 2024 21:29:25 +0100 Subject: [PATCH 9/9] fix udev rules --- files/etc/udev/rules.d/69-yubikey.rules | 2 +- files/etc/udev/rules.d/70-yubikey.rules | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/files/etc/udev/rules.d/69-yubikey.rules b/files/etc/udev/rules.d/69-yubikey.rules index fdde8ec..0ef5c7a 100644 --- a/files/etc/udev/rules.d/69-yubikey.rules +++ b/files/etc/udev/rules.d/69-yubikey.rules @@ -4,7 +4,7 @@ ACTION!="add|change", GOTO="yubico_end" # device node, needed for challenge/response to work correctly. # Yubico Yubikey II -ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410", +ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410", \ ENV{ID_SECURITY_TOKEN}="1" LABEL="yubico_end" diff --git a/files/etc/udev/rules.d/70-yubikey.rules b/files/etc/udev/rules.d/70-yubikey.rules index 0778ad7..14b4d98 100644 --- a/files/etc/udev/rules.d/70-yubikey.rules +++ b/files/etc/udev/rules.d/70-yubikey.rules @@ -2,7 +2,7 @@ # Udev rules for letting the console user access the Yubikey USB # device node, needed for challenge/response to work correctly. -ACTION=="add|change", SUBSYSTEM=="usb", +ACTION=="add|change", SUBSYSTEM=="usb", \ ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0404|0405|0407|0410", \ TEST=="/var/run/ConsoleKit/database", \ RUN+="udev-acl --action=$env{ACTION} --device=$env{DEVNAME}"