lots of updates

configs/flatpak/com.github.tchx84.Flatseal

@@ -0,0 +1,2 @@
+[Context]
+filesystems=!xdg-download

configs/flatpak/com.gitlab.cutecom.cutecom

@@ -0,0 +1,2 @@
+[Context]
+filesystems=!xdg-download

configs/flatpak/com.obsproject.Studio

@@ -0,0 +1,2 @@
+[Context]
+filesystems=xdg-videos

configs/flatpak/com.prusa3d.PrusaSlicer

@@ -1,2 +1,2 @@
 [Context]
-filesystems=~/.local/share/PrusaSlicer
+filesystems=~/projects:ro

configs/flatpak/com.valvesoftware.Steam

@@ -0,0 +1,3 @@
+[Context]
+features=!bluetooth
+filesystems=!xdg-run/app/com.discordapp.Discord

configs/flatpak/com.visualstudio.code

@@ -1,2 +0,0 @@
-[Context]
-filesystems=xdg-documents/git

configs/flatpak/fr.handbrake.ghb

@@ -1,2 +1,2 @@
 [Context]
-filesystems=/media;/mnt/data/media/movies;!host
+filesystems=/mnt/media/

configs/flatpak/global

@@ -1,2 +1,3 @@
 [Context]
+sockets=fallback-x11;wayland;x11
 filesystems=xdg-download;!home;!host

configs/flatpak/md.obsidian.Obsidian

@@ -1,2 +1,2 @@
 [Context]
-filesystems=!xdg-download;!xdg-run/app/com.discordapp.Discord;!/run/media;!/mnt;!/media;~/projects/kladjes
+filesystems=!xdg-download;!xdg-run/app/com.discordapp.Discord;!/run/media;!/mnt;!/media;~/projects/freenen/kladjes

configs/flatpak/org.blender.Blender

@@ -1,2 +1,2 @@
 [Context]
-filesystems=xdg-documents/blender
+filesystems=~/projects

configs/flatpak/org.filezillaproject.Filezilla

@@ -0,0 +1,2 @@
+[Context]
+filesystems=~/projects:ro

configs/flatpak/org.freecad.FreeCAD

@@ -0,0 +1,2 @@
+[Context]
+filesystems=~/projects

configs/flatpak/org.inkscape.Inkscape

@@ -0,0 +1,2 @@
+[Context]
+filesystems=~/projects

configs/flatpak/org.kicad.KiCad

@@ -1,2 +1,2 @@
 [Context]
-filesystems=xdg-documents/kicad
+filesystems=~/projects

configs/flatpak/org.mozilla.Thunderbird

@@ -1,2 +1,2 @@
 [Context]
-filesystems=~/.thunderbird
+devices=!all

configs/flatpak/org.mozilla.firefox

@@ -0,0 +1,2 @@
+[Context]
+filesystems=~/.local/tiCloudAgent;~/.local/share/vdhcoapp:ro

configs/flatpak/org.openscad.OpenSCAD

@@ -0,0 +1,2 @@
+[Context]
+filesystems=~/projects:ro

configs/flatpak/org.raspberrypi.rpi-imager

@@ -0,0 +1,2 @@
+[Context]
+filesystems=!/media

configs/gitconfig

@@ -1,7 +1,7 @@
 [user]
-	name = FReenen
+	name = LailaTheElf
-	email = git@finnvanreenen.nl
+	email = mail@lailatheelf.nl
-	signingKey = 97BC6A12A9D93B120B2EDD7E1F4E6EE3E6DDF769
+	signingKey = EB05B87D06C84E807C8D128B8A3EF0226518C12D
 
 [commit]
 	gpgsign = true

elfDesktop.sh

@@ -3,9 +3,10 @@ HOSTNAME="elfDesktop"
 UEFI_DISK="/dev/nvme0n1"
 DISK="/dev/nvme0n1"
 
-USERNAME="freenen"
+USERNAME="laila"
 USER_SSH_KEYS="nl.freenen.elfLaptop nl.freenen.digipap.rsa nl.freenen.fp4.ed"
 
+ENCRYPT_DISK="false"
 SFDISK_FILE="./configs/elfDesktop.sfdisk"
 UEFI_PARTITION="${UEFI_DISK}p1"
 SWAP_PARTITION="${DISK}p2"

elfLaptop.sh

@@ -2,8 +2,11 @@
 HOSTNAME="ELFLaptop"
 UEFI_DISK="/dev/sdb"
 DISK="/dev/sdb"
-USERNAME="freenen"
 
+USERNAME="laila"
+USER_SSH_KEYS="nl.freenen.elfDesktop nl.freenen.digipap.rsa nl.freenen.fp4.ed"
+
+ENCRYPT_DISK="true"
 SFDISK_FILE="./configs/elfLaptop.sfdisk"
 UEFI_PARTITION="${UEFI_DISK}1"
 SWAP_PARTITION="${DISK}2"

elf_os.sh

@@ -34,18 +34,22 @@ function run-chroot(){
 
 echo "" >install.log
 
+if [[ $ENCRYPT_DISK = "true" ]]
+then
+
 echo -n "disk encryption password: "
 read -s PASS
 echo
 echo -n "retype password: "
 read -s PASSRE
 echo
-
 if [ "$PASS" != "$PASSRE" ]; then
   echo "password do not match"
   exit 1
 fi
 
+fi
+
 echo -n "password for freenen: "
 read -s PASS_USER
 echo
@@ -73,19 +77,30 @@ echo
 run "applly partion table"        "sfdisk $DISK <$SFDISK_FILE"	
 run "format boot partition"       "mkfs.fat -F 32 ${UEFI_PARTITION}"
 run "format swap partition"       "mkswap ${SWAP_PARTITION}"
+ROOT_PARTITION_MAP=""
+if [[ $ENCRYPT_DISK = "true" ]]
+then
+ROOT_PARTITION_MAP="/dev/mapper/cryptelfroot"
+ROOT_PARTITION_MAP_NAME="cryptelfroot"
 echo -n "$PASS" >keyfile.luks
 run "encrypt root partition"      "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${ROOT_PARTITION}"     "rm keyfile.luks"
-run "map root partitaion"         "cryptsetup open --batch-mode --key-file keyfile.luks ${ROOT_PARTITION} cryptelfroot" "rm keyfile.luks"
+run "map root partitaion"         "cryptsetup open --batch-mode --key-file keyfile.luks ${ROOT_PARTITION} ${ROOT_PARTITION_MAP_NAME}" "rm keyfile.luks"
 rm keyfile.luks
-run "format root partition"       "mkfs.btrfs /dev/mapper/cryptelfroot"
+run "format root partition"       "mkfs.btrfs ${ROOT_PARTITION_MAP}"
+else
+ROOT_PARTITION_MAP="${ROOT_PARTITION}"
+run "format root partition"       "mkfs.btrfs ${ROOT_PARTITION}"
+fi
 
-run "mount root partition"        "mount /dev/mapper/cryptelfroot /mnt"
+run "mount root partition"        "mount ${ROOT_PARTITION_MAP} /mnt"
 run "create root btrfs subvolume" "btrfs subvolume create /mnt/@elfRoot"
 run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home"
+run "create home btrfs subvolume" "btrfs subvolume create /mnt/@var"
 run "unmount btrfs"               "umount /mnt"
-run "mount root subvolume"        "mount -o subvol=@elfRoot /dev/mapper/cryptelfroot /mnt"
+run "mount root subvolume"        "mount -o subvol=@elfRoot ${ROOT_PARTITION_MAP} /mnt"
+run "mount home subvolume"        "mount --mkdir -o subvol=@home ${ROOT_PARTITION_MAP} /mnt/home"
+run "mount home subvolume"        "mount --mkdir -o subvol=@var ${ROOT_PARTITION_MAP} /mnt/var"
 run "mount boot partition"        "mount --mkdir ${UEFI_PARTITION} /mnt/boot"
-run "mount home subvolume"        "mount --mkdir -o subvol=@home /dev/mapper/cryptelfroot /mnt/home"
 run "enable swap"                 "swapon ${SWAP_PARTITION}"
 
 echo
@@ -122,19 +137,31 @@ run-chroot "config initramfs"            "sed --in-place -e 's/HOOKS=(.*)/HOOKS=
 run-chroot "generate initramfs"          "mkinitcpio -P"
 
 DISKUUID=$(blkid --output export ${ROOT_PARTITION} | grep '^UUID' | sed 's/UUID=//')
+BOAT_LOADER_OPTIONS=""
+if [[ $ENCRYPT_DISK = "true" ]]
+then
+BOAT_LOADER_OPTIONS="cryptdevice=UUID=${DISKUUID}:${ROOT_PARTITION_MAP_NAME}:allow-discards "
+fi
+BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}root=${ROOT_PARTITION_MAP} "
+BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}rootflags=subvol=@elfRoot "
+if [[ $ENCRYPT_DISK = "true" ]]
+then
+BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}rd.luks.options=discard "
+fi
+BOAT_LOADER_OPTIONS="${BOAT_LOADER_OPTIONS}rw"
 run-chroot "install systemd-boot"        "bootctl install"
 run-chroot "create boot config for main" "cat >/boot/loader/entries/arch.conf <<EOF
 title      E.L.F. OS
 linux      /vmlinuz-linux
 initrd     /initramfs-linux.img
-options    cryptdevice=UUID=$DISKUUID:cryptelfroot:allow-discards root=/dev/mapper/cryptelfroot rootflags=subvol=@elfRoot rd.luks.options=discard rw
+options    ${BOAT_LOADER_OPTIONS}
 EOF
 "
 run-chroot "create boot config fallback" "cat >/boot/loader/entries/arch-fallback.conf <<EOF
 title      E.L.F. OS fallback
 linux      /vmlinuz-linux
 initrd     /initramfs-linux-fallback.img
-options    cryptdevice=UUID=$DISKUUID:cryptelfroot:allow-discards root=/dev/mapper/cryptelfroot rootflags=subvol=@elfRoot rd.luks.options=discard rw
+options    ${BOAT_LOADER_OPTIONS}
 EOF
 "
 run-chroot "create main boot config"     "cat >/boot/loader/loader.conf <<EOF
@@ -152,7 +179,7 @@ echo
 run-chroot "add .ssh dir to skel"        "mkdir -p /etc/skel/.ssh"
 run-chroot "create admin group"          "groupadd admin"
 run-chroot "create user"                 "useradd --home-dir /home/${USERNAME} --create-home --skel /etc/skel ${USERNAME} --groups admin"
-run-chroot "set password for user"       "echo \"${USERNAME}:$PASS_USER\" | chpasswd"
+arch-chroot /mnt bash -c "echo \"${USERNAME}:\$PASS_USER\" | chpasswd" # don't log the password
 run-chroot "add user to sudoers"         "echo \"%admin ALL=(ALL:ALL) ALL\" >>/etc/sudoers"
 run        "clone keys repo"             "git clone https://gitea.finnvanreenen.nl/FReenen/keys.git /mnt/opt/keys"
 run-chroot "create authoized keys"       "cd /opt/keys/ssh && cat ${USER_SSH_KEYS} > /home/${USERNAME}/.ssh/authorized_keys"
@@ -186,8 +213,8 @@ WantedBy=multi-user.target
 EOF
 "
 run-chroot "enable first boot service"   "systemctl enable first_boot.service"
-run        "copy install log to disk"    "mkdir /mnt/var/log/elfOS"
+run        "make elfOS log dir"          "mkdir /mnt/var/log/elfOS && chmod 700 /mnt/var/log/elfOS"
-run        "copy install log to disk"    "cp $SCRIPT_DIR/install.log /mnt/var/log/elfOS/install.log"
+run        "copy install log to disk"    "cp $SCRIPT_DIR/install.log /mnt/var/log/elfOS/install.log && chmod 700 /mnt/var/log/elfOS/install.log"
 
 echo
 echo === umount and reboot

first-boot.sh

@@ -33,7 +33,7 @@ run root        "start NetworkMaanger"        "systemctl start NetworkManager.se
 run root        "wait for network"            "while [[ 1 ]] ; do ping -c1 1.1.1.1 && break ; done"
 run root        "install base tools"          "pacman -Sy --noconfirm \
    usbutils dosfstools exfat-utils net-tools bind nmap libfido2 \
-   base-devel vim curl ncdu neofetch btop git flatpak"
+   base-devel vim curl ncdu neofetch btop git flatpak screen"
 run root        "install dev tools"           "pacman -S --noconfirm ansible python3 gcc make cmake" # clangd
 run root        "install gnome"               "pacman -S --noconfirm gnome"
 run root        "enable gnome"                "systemctl enable gdm.service"
@@ -105,6 +105,8 @@ install_flatpak org.gnome.Rhythmbox3
 install_flatpak com.prusa3d.PrusaSlicer
 install_flatpak org.freecadweb.FreeCAD #TODO: install nightly instad
 install_flatpak org.kicad.KiCad
+install_flatpak org.openscad.OpenSCAD
+install_flatpak org.videolan.VLC
 
 echo
 echo === install vscodium
@@ -157,11 +159,13 @@ EOF"
 if [[ $HOSTNAME == "elfDesktop" ]]
 then
 
+run root        "install amd-ucode"          "pacman -S --noconfirm amd-ucode"
+
 echo
 echo === install Jellyfin Server
 echo
 
-run root        "install Jellifin-server"     "pacman -S --noconfirm jellifin-server"
+run root        "install Jellifin-server"     "pacman -S --noconfirm jellifin-server jellifin-web"
 run root        "add media disk to fstab"     "cat >>/etc/fstab <<EOF
 
 # data disk