diff --git a/configs/flatpak/com.github.tchx84.Flatseal b/configs/flatpak/com.github.tchx84.Flatseal new file mode 100644 index 0000000..560cd76 --- /dev/null +++ b/configs/flatpak/com.github.tchx84.Flatseal @@ -0,0 +1,2 @@ +[Context] +filesystems=!xdg-download diff --git a/configs/flatpak/com.gitlab.cutecom.cutecom b/configs/flatpak/com.gitlab.cutecom.cutecom new file mode 100644 index 0000000..560cd76 --- /dev/null +++ b/configs/flatpak/com.gitlab.cutecom.cutecom @@ -0,0 +1,2 @@ +[Context] +filesystems=!xdg-download diff --git a/configs/flatpak/com.obsproject.Studio b/configs/flatpak/com.obsproject.Studio new file mode 100644 index 0000000..cf39aaf --- /dev/null +++ b/configs/flatpak/com.obsproject.Studio @@ -0,0 +1,2 @@ +[Context] +filesystems=xdg-videos diff --git a/configs/flatpak/com.prusa3d.PrusaSlicer b/configs/flatpak/com.prusa3d.PrusaSlicer index 134cbcf..637dcf2 100644 --- a/configs/flatpak/com.prusa3d.PrusaSlicer +++ b/configs/flatpak/com.prusa3d.PrusaSlicer @@ -1,2 +1,2 @@ [Context] -filesystems=~/.local/share/PrusaSlicer +filesystems=~/projects:ro diff --git a/configs/flatpak/com.valvesoftware.Steam b/configs/flatpak/com.valvesoftware.Steam new file mode 100644 index 0000000..1435abc --- /dev/null +++ b/configs/flatpak/com.valvesoftware.Steam @@ -0,0 +1,3 @@ +[Context] +features=!bluetooth +filesystems=!xdg-run/app/com.discordapp.Discord diff --git a/configs/flatpak/com.visualstudio.code b/configs/flatpak/com.visualstudio.code deleted file mode 100644 index 72eab67..0000000 --- a/configs/flatpak/com.visualstudio.code +++ /dev/null @@ -1,2 +0,0 @@ -[Context] -filesystems=xdg-documents/git diff --git a/configs/flatpak/fr.handbrake.ghb b/configs/flatpak/fr.handbrake.ghb index 577d5f5..e32e061 100644 --- a/configs/flatpak/fr.handbrake.ghb +++ b/configs/flatpak/fr.handbrake.ghb @@ -1,2 +1,2 @@ [Context] -filesystems=/media;/mnt/data/media/movies;!host +filesystems=/mnt/media/ diff --git a/configs/flatpak/global b/configs/flatpak/global index 0de7cb4..69dc533 100644 --- a/configs/flatpak/global +++ b/configs/flatpak/global @@ -1,2 +1,3 @@ [Context] +sockets=fallback-x11;wayland;x11 filesystems=xdg-download;!home;!host diff --git a/configs/flatpak/md.obsidian.Obsidian b/configs/flatpak/md.obsidian.Obsidian index a7a8427..502ed61 100644 --- a/configs/flatpak/md.obsidian.Obsidian +++ b/configs/flatpak/md.obsidian.Obsidian @@ -1,2 +1,2 @@ [Context] -filesystems=!xdg-download;!xdg-run/app/com.discordapp.Discord;!/run/media;!/mnt;!/media;~/projects/kladjes +filesystems=!xdg-download;!xdg-run/app/com.discordapp.Discord;!/run/media;!/mnt;!/media;~/projects/freenen/kladjes diff --git a/configs/flatpak/org.blender.Blender b/configs/flatpak/org.blender.Blender index 1205a96..3a692d0 100644 --- a/configs/flatpak/org.blender.Blender +++ b/configs/flatpak/org.blender.Blender @@ -1,2 +1,2 @@ [Context] -filesystems=xdg-documents/blender +filesystems=~/projects diff --git a/configs/flatpak/org.filezillaproject.Filezilla b/configs/flatpak/org.filezillaproject.Filezilla new file mode 100644 index 0000000..637dcf2 --- /dev/null +++ b/configs/flatpak/org.filezillaproject.Filezilla @@ -0,0 +1,2 @@ +[Context] +filesystems=~/projects:ro diff --git a/configs/flatpak/org.freecad.FreeCAD b/configs/flatpak/org.freecad.FreeCAD new file mode 100644 index 0000000..3a692d0 --- /dev/null +++ b/configs/flatpak/org.freecad.FreeCAD @@ -0,0 +1,2 @@ +[Context] +filesystems=~/projects diff --git a/configs/flatpak/org.inkscape.Inkscape b/configs/flatpak/org.inkscape.Inkscape new file mode 100644 index 0000000..3a692d0 --- /dev/null +++ b/configs/flatpak/org.inkscape.Inkscape @@ -0,0 +1,2 @@ +[Context] +filesystems=~/projects diff --git a/configs/flatpak/org.kicad.KiCad b/configs/flatpak/org.kicad.KiCad index 2f50aeb..3a692d0 100644 --- a/configs/flatpak/org.kicad.KiCad +++ b/configs/flatpak/org.kicad.KiCad @@ -1,2 +1,2 @@ [Context] -filesystems=xdg-documents/kicad +filesystems=~/projects diff --git a/configs/flatpak/org.mozilla.Thunderbird b/configs/flatpak/org.mozilla.Thunderbird index 14656c3..b41fd13 100644 --- a/configs/flatpak/org.mozilla.Thunderbird +++ b/configs/flatpak/org.mozilla.Thunderbird @@ -1,2 +1,2 @@ [Context] -filesystems=~/.thunderbird +devices=!all diff --git a/configs/flatpak/org.mozilla.firefox b/configs/flatpak/org.mozilla.firefox new file mode 100644 index 0000000..e65d3f5 --- /dev/null +++ b/configs/flatpak/org.mozilla.firefox @@ -0,0 +1,2 @@ +[Context] +filesystems=~/.local/tiCloudAgent;~/.local/share/vdhcoapp:ro diff --git a/configs/flatpak/org.openscad.OpenSCAD b/configs/flatpak/org.openscad.OpenSCAD new file mode 100644 index 0000000..637dcf2 --- /dev/null +++ b/configs/flatpak/org.openscad.OpenSCAD @@ -0,0 +1,2 @@ +[Context] +filesystems=~/projects:ro diff --git a/configs/flatpak/org.raspberrypi.rpi-imager b/configs/flatpak/org.raspberrypi.rpi-imager new file mode 100644 index 0000000..879a4e6 --- /dev/null +++ b/configs/flatpak/org.raspberrypi.rpi-imager @@ -0,0 +1,2 @@ +[Context] +filesystems=!/media diff --git a/configs/gitconfig b/configs/gitconfig index e21a76c..4a5e2b1 100644 --- a/configs/gitconfig +++ b/configs/gitconfig @@ -1,7 +1,7 @@ [user] - name = FReenen - email = git@finnvanreenen.nl - signingKey = 97BC6A12A9D93B120B2EDD7E1F4E6EE3E6DDF769 + name = LailaTheElf + email = mail@lailatheelf.nl + signingKey = EB05B87D06C84E807C8D128B8A3EF0226518C12D [commit] gpgsign = true diff --git a/elfDesktop.sh b/elfDesktop.sh index 04e383e..8d9fabc 100644 --- a/elfDesktop.sh +++ b/elfDesktop.sh @@ -3,9 +3,10 @@ HOSTNAME="elfDesktop" UEFI_DISK="/dev/nvme0n1" DISK="/dev/nvme0n1" -USERNAME="freenen" +USERNAME="laila" USER_SSH_KEYS="nl.freenen.elfLaptop nl.freenen.digipap.rsa nl.freenen.fp4.ed" +ENCRYPT_DISK="false" SFDISK_FILE="./configs/elfDesktop.sfdisk" UEFI_PARTITION="${UEFI_DISK}p1" SWAP_PARTITION="${DISK}p2" diff --git a/elfLaptop.sh b/elfLaptop.sh index af8ec7e..ef9764c 100644 --- a/elfLaptop.sh +++ b/elfLaptop.sh @@ -2,8 +2,11 @@ HOSTNAME="ELFLaptop" UEFI_DISK="/dev/sdb" DISK="/dev/sdb" -USERNAME="freenen" +USERNAME="laila" +USER_SSH_KEYS="nl.freenen.elfDesktop nl.freenen.digipap.rsa nl.freenen.fp4.ed" + +ENCRYPT_DISK="true" SFDISK_FILE="./configs/elfLaptop.sfdisk" UEFI_PARTITION="${UEFI_DISK}1" SWAP_PARTITION="${DISK}2" diff --git a/elf_os.sh b/elf_os.sh index b72685c..c37b92c 100755 --- a/elf_os.sh +++ b/elf_os.sh @@ -34,18 +34,22 @@ function run-chroot(){ echo "" >install.log +if [[ $ENCRYPT_DISK = "true" ]] +then + echo -n "disk encryption password: " read -s PASS echo echo -n "retype password: " read -s PASSRE echo - if [ "$PASS" != "$PASSRE" ]; then echo "password do not match" exit 1 fi +fi + echo -n "password for freenen: " read -s PASS_USER echo @@ -73,19 +77,30 @@ echo run "applly partion table" "sfdisk $DISK <$SFDISK_FILE" run "format boot partition" "mkfs.fat -F 32 ${UEFI_PARTITION}" run "format swap partition" "mkswap ${SWAP_PARTITION}" +ROOT_PARTITION_MAP="" +if [[ $ENCRYPT_DISK = "true" ]] +then +ROOT_PARTITION_MAP="/dev/mapper/cryptelfroot" +ROOT_PARTITION_MAP_NAME="cryptelfroot" echo -n "$PASS" >keyfile.luks run "encrypt root partition" "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${ROOT_PARTITION}" "rm keyfile.luks" -run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${ROOT_PARTITION} cryptelfroot" "rm keyfile.luks" +run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${ROOT_PARTITION} ${ROOT_PARTITION_MAP_NAME}" "rm keyfile.luks" rm keyfile.luks -run "format root partition" "mkfs.btrfs /dev/mapper/cryptelfroot" +run "format root partition" "mkfs.btrfs ${ROOT_PARTITION_MAP}" +else +ROOT_PARTITION_MAP="${ROOT_PARTITION}" +run "format root partition" "mkfs.btrfs ${ROOT_PARTITION}" +fi -run "mount root partition" "mount /dev/mapper/cryptelfroot /mnt" +run "mount root partition" "mount ${ROOT_PARTITION_MAP} /mnt" run "create root btrfs subvolume" "btrfs subvolume create /mnt/@elfRoot" run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home" +run "create home btrfs subvolume" "btrfs subvolume create /mnt/@var" run "unmount btrfs" "umount /mnt" -run "mount root subvolume" "mount -o subvol=@elfRoot /dev/mapper/cryptelfroot /mnt" +run "mount root subvolume" "mount -o subvol=@elfRoot ${ROOT_PARTITION_MAP} /mnt" +run "mount home subvolume" "mount --mkdir -o subvol=@home ${ROOT_PARTITION_MAP} /mnt/home" +run "mount home subvolume" "mount --mkdir -o subvol=@var ${ROOT_PARTITION_MAP} /mnt/var" run "mount boot partition" "mount --mkdir ${UEFI_PARTITION} /mnt/boot" -run "mount home subvolume" "mount --mkdir -o subvol=@home /dev/mapper/cryptelfroot /mnt/home" run "enable swap" "swapon ${SWAP_PARTITION}" echo @@ -122,19 +137,31 @@ run-chroot "config initramfs" "sed --in-place -e 's/HOOKS=(.*)/HOOKS= run-chroot "generate initramfs" "mkinitcpio -P" DISKUUID=$(blkid --output export ${ROOT_PARTITION} | grep '^UUID' | sed 's/UUID=//') +BOAT_LOADER_OPTIONS="" +if [[ $ENCRYPT_DISK = "true" ]] +then +BOAT_LOADER_OPTIONS="cryptdevice=UUID=${DISKUUID}:${ROOT_PARTITION_MAP_NAME}:allow-discards " +fi +BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}root=${ROOT_PARTITION_MAP} " +BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}rootflags=subvol=@elfRoot " +if [[ $ENCRYPT_DISK = "true" ]] +then +BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}rd.luks.options=discard " +fi +BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}rw" run-chroot "install systemd-boot" "bootctl install" run-chroot "create boot config for main" "cat >/boot/loader/entries/arch.conf </boot/loader/entries/arch-fallback.conf </boot/loader/loader.conf <>/etc/sudoers" run "clone keys repo" "git clone https://gitea.finnvanreenen.nl/FReenen/keys.git /mnt/opt/keys" run-chroot "create authoized keys" "cd /opt/keys/ssh && cat ${USER_SSH_KEYS} > /home/${USERNAME}/.ssh/authorized_keys" @@ -186,8 +213,8 @@ WantedBy=multi-user.target EOF " run-chroot "enable first boot service" "systemctl enable first_boot.service" -run "copy install log to disk" "mkdir /mnt/var/log/elfOS" -run "copy install log to disk" "cp $SCRIPT_DIR/install.log /mnt/var/log/elfOS/install.log" +run "make elfOS log dir" "mkdir /mnt/var/log/elfOS && chmod 700 /mnt/var/log/elfOS" +run "copy install log to disk" "cp $SCRIPT_DIR/install.log /mnt/var/log/elfOS/install.log && chmod 700 /mnt/var/log/elfOS/install.log" echo echo === umount and reboot diff --git a/first-boot.sh b/first-boot.sh index 6fa014d..3054b4f 100755 --- a/first-boot.sh +++ b/first-boot.sh @@ -33,7 +33,7 @@ run root "start NetworkMaanger" "systemctl start NetworkManager.se run root "wait for network" "while [[ 1 ]] ; do ping -c1 1.1.1.1 && break ; done" run root "install base tools" "pacman -Sy --noconfirm \ usbutils dosfstools exfat-utils net-tools bind nmap libfido2 \ - base-devel vim curl ncdu neofetch btop git flatpak" + base-devel vim curl ncdu neofetch btop git flatpak screen" run root "install dev tools" "pacman -S --noconfirm ansible python3 gcc make cmake" # clangd run root "install gnome" "pacman -S --noconfirm gnome" run root "enable gnome" "systemctl enable gdm.service" @@ -105,6 +105,8 @@ install_flatpak org.gnome.Rhythmbox3 install_flatpak com.prusa3d.PrusaSlicer install_flatpak org.freecadweb.FreeCAD #TODO: install nightly instad install_flatpak org.kicad.KiCad +install_flatpak org.openscad.OpenSCAD +install_flatpak org.videolan.VLC echo echo === install vscodium @@ -157,11 +159,13 @@ EOF" if [[ $HOSTNAME == "elfDesktop" ]] then +run root "install amd-ucode" "pacman -S --noconfirm amd-ucode" + echo echo === install Jellyfin Server echo -run root "install Jellifin-server" "pacman -S --noconfirm jellifin-server" +run root "install Jellifin-server" "pacman -S --noconfirm jellifin-server jellifin-web" run root "add media disk to fstab" "cat >>/etc/fstab <