diff --git a/.local/bin/svlogtail b/.local/bin/svlogtail new file mode 100755 index 0000000..b6ebaeb --- /dev/null +++ b/.local/bin/svlogtail @@ -0,0 +1,54 @@ +#!/bin/sh + +#copied from: https://github.com/void-linux/socklog-void/blob/master/svlogtail + +usage () { + cat <<-'EOF' + svlogtail [-f] [LOG...] - show svlogd logs conveniently + Without arguments, show current logs of all services, uniquely. + With arguments, show all logs of mentioned services + + With -f, follow log output. + EOF +} + +globexist() { + [ -f "$1" ] +} + +IFS=' +' + +fflag=false +if [ "$1" = -f ]; then + shift + fflag=true +fi + +if [ $# = 0 ]; then + cat /var/log/socklog/*/current | sort -u + if $fflag; then + tail -Fq -n0 /var/log/socklog/*/current | uniq + fi +else + old= + cur= + for log; do + case "$log" in + -*) usage; exit 1;; + esac + if [ -d /var/log/socklog/$log ]; then + if globexist /var/log/socklog/$log/*.[us]; then + old="$old$IFS/var/log/socklog/$log/*.[us]" + fi + cur="$cur$IFS/var/log/socklog/$log/current" + else + echo "no logs for $log" 1>&2 + exit 1 + fi + done + cat $old $cur | sort + if $fflag; then + tail -Fq -n0 $cur + fi +fi diff --git a/.local/installers/artix2/TODO b/.local/installers/artix2/TODO new file mode 100644 index 0000000..e155415 --- /dev/null +++ b/.local/installers/artix2/TODO @@ -0,0 +1,24 @@ +had to remove some pkgs from base.list + +only had to enable multilib in pacman.conf + +was prompted to replace jack2 which caused base.list install to not work + +removed grub update since using systemd boot + +commented out runit setup + +dont need to install: chronie, cronie?(systemd timers) + +#Remember for next install +*make sure to enter in the kernel image names correctly (especially if using zen kernel) +*for systemd boot for PARTUUID get this from blkid +*remember to generate locales (locale-gen) + + +**ARTIX** +add back in code to enable all repos, need universe for arch repos now + +think of way to setup ~/.local/init/setup which can work with systemd or artix + + diff --git a/.local/installers/artix2/arch-install.sh b/.local/installers/artix2/arch-install.sh new file mode 100755 index 0000000..fd05b1d --- /dev/null +++ b/.local/installers/artix2/arch-install.sh @@ -0,0 +1,306 @@ +#!/bin/sh + + +. ./programs.sh + +#$1 -> repo name to enable +#$2 -> mirror list file name in /etc/pacman.d/ (default: mirrorlist) +#ex: enable_repo lib32 +#ex: enable_repo community mirrorlist-arch +enable_repo() { + REPO="$1" + MIRRORLIST="mirrorlist" + [ "$2" ] && MIRRORLIST="$2" + + if [ $# -gt 0 ] && [ -z "$(grep "^\[$1" /etc/pacman.conf)" ]; then + sudo sh -c "echo "[$REPO]" >> /etc/pacman.conf" + sudo sh -c "echo "Include\ =\ /etc/pacman.d/$MIRRORLIST" >> /etc/pacman.conf" + sudo sh -c "echo "" >> /etc/pacman.conf" + fi +} + + +#TODO only needed to enable multilib for arch +enable_repos() { + sudo pacman -Sy + + + #commenting since this is done during archinstall + #enable multilib + #sudo sh -c "echo "[multilib]" >> /etc/pacman.conf" + #sudo sh -c "echo "Include\ =\ /etc/pacman.d/mirrorlist" >> /etc/pacman.conf" + #sudo sh -c "echo "" >> /etc/pacman.conf" + + sudo pacman -Sy + + #install yay for aur support + sudo pacman -S git fakeroot base-devel + + mkdir -p ~/.local/src/ + git clone https://aur.archlinux.org/yay.git ~/.local/src/yay/ + cd ~/.local/src/yay || return + makepkg -si + cd - + +} + +init_setup() { + sudo timedatectl set-ntp true + + #system services + #sudo systemctl enable connman.service + #sudo systemctl enable ufw.service + #sudo systemctl enable cronie.service + #sudo systemctl enable systemd-timesyncd.service + #sudo systemctl enable nix-daemon.service + sudo ln -s /etc/runit/sv/ufw /run/runit/service/ + sudo ln -s /etc/runit/sv/cronie /run/runit/service/ + sudo ln -s /etc/runit/sv/chrony /run/runit/service/ + sudo ln -s /etc/runit/sv/socklog /run/runit/service/ + + + + #user services + #systemctl --user enable mako.service + #systemctl --user enable mpd.service + #systemctl --user enable pipewire.service + #systemctl --user enable pipewire-pulse.service + #systemctl --user enable wireplumber.service +} + +wireless() { + sudo pacman -S tlp iwd bluez bluez-utils + sudo pacman -S tp_smapi smartmontools ethtool #opts for tlp + + sudo pacman -S tlp-runit iwd-runit bluez-runit + + sudo ln -s /etc/runit/sv/tlp /run/runit/service/ + sudo ln -s /etc/runit/sv/iwd /run/runit/service/ + sudo ln -s /etc/runit/sv/bluetoothd /run/runit/service/ + +} + +harden() { + #install required programs + sudo pacman -S firejail apparmor + + #enable apparmor service + sudo systemctl enable apparmor.service + sudo systemctl start apparmor.service + + #configure apparmor to use firejail and configure firejail to automatically run for supported programs + sudo apparmor_parser -r /etc/apparmor.d/firejail-default + sudo firecfg + + #add user to /etc/firejail/firejail.users if it is not already in the file + if [ -z "$(grep "$USER" /etc/firejail/firejail.users)" ]; then + sudo sh -c "echo '$USER' >> /etc/firejail/firejail.users" + fi + + echo "============================================" + echo " Applying Hardening Configuration" + echo "============================================" + echo "" + echo "append this to your kernel params:" + echo " lsm=landlock,lockdown,yama,integrity,apparmor,bpf" + echo " systemd-boot: /boot/loader/entries/*.conf, append to end of line beginning with \"options\"" + echo " grub: /etc/default/grub" + echo "" + echo " run this script with the --harden flag again after rebooting to ensure all settings are applied correctly." + echo " press enter to continue." + read input +} + + +configure() { + #setup home directories + mkdir ~/docs/ + mkdir ~/dl/ + mkdir ~/media/ + mkdir -p ~/.local/share/gnupg/ + mkdir -p ~/.config/mpd/playlists + mkdir -p ~/.local/share/desktop + + mkdir .local/share/public + mkdir .local/share/templates + mkdir media/audio + mkdir media/video + + #setup ufw + sudo ufw default deny incoming + sudo ufw default allow outgoing + sudo ufw allow http + sudo ufw allow https + #sudo ufw allow ssh + sudo ufw allow ntp + sudo ufw allow 67:68/tcp + sudo ufw allow 53 + + #allow torrent client traffic + sudo ufw allow 56881:56889/tcp + + #rules to allow steam + sudo ufw allow 27000:27036/udp + sudo ufw allow 27036:27037/tcp + sudo ufw allow 4380/udp + + sudo ufw enable + + + + #install zsh shell + chsh -s /bin/zsh "$USER" + + #setup .zprofile and zsh history file + cd ~ || return + ln -s ~/.profile ~/.zprofile + mkdir -p ~/.cache/zsh + touch ~/.cache/zsh/history + + + + #replace sudo with doas + echo "installing doas, symlinking to sudo, and UNINSTALLING SUDO. sudo is uninstalled using doas so permissions should be setup right if you are able to uninstall. (y/N)" + + read input + if [ "$input" = "y" ]; then + echo "permit persist $USER as root" > ~/.cache/doas.conf + echo "permit nopass :wheel as root cmd /sbin/poweroff" >> ~/.cache/doas.conf + echo "permit nopass :wheel as root cmd /sbin/reboot" >> ~/.cache/doas.conf + sudo cp ~/.cache/doas.conf /etc/doas.conf + rm ~/.cache/doas.conf + doas pacman -R sudo && doas ln -s /bin/doas /bin/sudo #TODO ARCH SPECIFIC + fi + + + #set limits for esync + sudo sh -c "echo '$USER hard nofile 524288' >> /etc/security/limits.conf" + + #set limits for monero + sudo sh -c "echo '$USER hard memlock 2048' >> /etc/security/limits.conf" + sudo sh -c "echo '$USER hard memlock 2048' >> /etc/security/limits.conf" + + #fix issue with arduino ide and tiling wms + sudo sh -c 'echo "export _JAVA_AWT_WM_NONREPARENTING=1" >> /etc/profile.d/jre.sh' + + #set console terminal font + sudo sh -c 'echo "FONT=Lat2-Terminus16" >> /etc/vconsole.conf' + + #set grub theme + sudo sed -i 's/#GRUB_COLOR_NORMAL/GRUB_COLOR_NORMAL/g' /etc/default/grub + sudo sed -i 's/#GRUB_COLOR_HIGHLIGHT/GRUB_COLOR_HIGHLIGHT/g' /etc/default/grub + + #nix configuration + #add user to nix-users group + sudo adduser -a -G nix-users "$USER" + #add nix unstable channel + nix-channel --add https://nixos.org/channels/nixpkgs-unstable + nix-channel --update + + #download collapse OS + mkdir -p "$HOME"/.local/src/ + cd "$HOME"/.local/src/ + wget http://collapseos.org/files/collapseos-latest.tar.gz + cd - + + #set wallpaper + ln -s ~/media/img/wallpapers/alena-aenami-eclipse-1k.jpg ~/.config/wall + + #link Xresources for xwayland + ln -s ~/.config/Xresources ~/.Xdefaults + + #set /tmp to tmpfs + if [ -z "$(grep "/tmp" /etc/fstab)" ]; then + sudo sh -c 'echo "tmpfs /tmp tmpfs rw,nodev,nosuid,size=2G 0 0" >> /etc/fstab' + fi + +} + +base() { + + #enable repos (lib32, community, and universe) and install yay + enable_repos + + #install all packages in $PKGS + sudo pacman --noconfirm --needed -S - < ./pkgs/base.list + + #install all packages in $AUR_PKGS + yay --needed -S - < ./pkgs/aur.list + + #setup local git repos defined in $GIT_REPOS to $GIT_REPOS_DIR + sh ~/.local/scripts/install.sh add-repos ./pkgs/repos.list + + #link rofi themes directory so that theming works + mkdir -p "$HOME"/.local/share/rofi/ + ln -s "$HOME"/.local/src/base16-rofi/themes/ "$HOME"/.local/share/rofi/themes + + init_setup + + #configure programs, directories, change shell, etc + configure + + + + #install microcode for CPU + #echo "enter CPU type to install microcode for (amd intel)" + #read input + #if [ "$input" = "amd" ]; then + # sudo pacman -S amd-ucode + #elif [ "$input" = "intel" ]; then + # sudo pacman -S intel-ucode + #fi + + #rebuild kernel after install for microcode + sudo mkinitcpio -P #rebuild kernel + #sudo grub-mkconfig -o /boot/grub/grub.cfg #update grub + + echo "installation finished" + +} + +help() { + echo " artix-install.sh" + echo " --base perform basic install. Enable repos, install programs" + echo "" + echo " --gaming install steam and lutris. Use flags --amd, --nvidia, --intel to install" + echo " with corresponding graphics drivers. Otherwise you will be prompted" + echo "" + echo " --virt-manager install virt-manager" + echo "" + echo " --wireless install/setup programs for wifi/bluetooth" + echo "" + echo " --ungoogled-chromium install ungoogled-chromium. also installs chrome-web-store and ublock origin" + echo "" + echo " --harden enable extra security settings (apparmor, firejail), THIS NEEDS TO BE RUN" + echo " AGAIN AFTER INSTALL AND REBOOT, to ensure settings are applied correctly." + echo " make sure to follow on screen instructions to set kernel params" +} + +BASE="" +GAMING="" +WIRELESS="" +UNGOOGLED_CHROMIUM="" +VIRT_MANAGER="" +HARDEN="" + +for arg in "$@" +do + [ "$arg" = "--base" ] && BASE="true" + [ "$arg" = "--gaming" ] && GAMING="true" + [ "$arg" = "--virt-manager" ] && VIRTMGR="true" + [ "$arg" = "--wireless" ] && WIRELESS="true" + [ "$arg" = "--ungoogled-chromium" ] && UNGOOGLED_CHROMIUM="true" + [ "$arg" = "--harden" ] && HARDEN="true" + [ "$arg" = "--help" ] && help && exit + +done + +[ "$#" = "0" ] && help && exit + +[ "$BASE" ] && base +[ "$GAMING" ] && gaming "$@" +[ "$WIRELESS" ] && wireless +[ "$UNGOOGLED_CHROMIUM" ] && ungoogled_chromium "$@" +[ "$VIRT_MANAGER" ] && virt_manager +[ "$HARDEN" ] && harden + diff --git a/.local/installers/artix2/pkgs/aur.list b/.local/installers/artix2/pkgs/aur.list new file mode 100644 index 0000000..6d223b0 --- /dev/null +++ b/.local/installers/artix2/pkgs/aur.list @@ -0,0 +1,19 @@ +lf +mutt-wizard +htim +jmtpfs +tremc-git +dashbinsh +pfetch +sysrq-enabler +wlr-randr +sfeed +kjv-apocrypha +yt-watch +yt-dlp-drop-in +udiskie +waylogout-git +ani-cli-git +rofi-lbonn-wayland-git +pipe-viewer-git +connman-gtk diff --git a/.local/installers/artix2/pkgs/base.list b/.local/installers/artix2/pkgs/base.list new file mode 100644 index 0000000..f663ff2 --- /dev/null +++ b/.local/installers/artix2/pkgs/base.list @@ -0,0 +1,87 @@ +pipewire +pipewire-alsa +pipewire-pulse +pipewire-jack +gst-plugin-pipewire +wireplumber +wireplumber-docs +alsa-utils +pacman-contrib +man-db +freetype2 +gst-libav +xdg-utils +xdg-user-dirs +fuse +python-urwid +btrfs-progs +reiserfsprogs +ufw +wget +curl +zip +unzip +p7zip +dash +mesa +rsync +cronie +connman +fakeroot +python-pip +udisks2 +pavucontrol +yt-dlp +transmission-cli +neovim +mpd +mpv +opendoas +zsh +clang +lynx +shellcheck +noto-fonts +noto-fonts-emoji +noto-fonts-cjk +lxappearance +qt5ct +imagemagick +ffmpegthumbnailer +python-pywal +pulsemixer +pamixer +papirus-icon-theme +python-pdftotext +viu +bat +imv +ncmpcpp +zathura +zathura-cb +zathura-djvu +zathura-pdf-mupdf +sway +swaybg +swayidle +swaylock +waybar +mako +wl-clipboard +grim +slurp +xorg-xwayland +alacritty +gammastep +openssh +aria2 +libva-mesa-driver +bc +firefox +chromium +flatpak +chrony +ufw-runit +cronie-runit +chrony-runit +socklog diff --git a/.local/installers/artix2/pkgs/repos.list b/.local/installers/artix2/pkgs/repos.list new file mode 100644 index 0000000..2bdf5c6 --- /dev/null +++ b/.local/installers/artix2/pkgs/repos.list @@ -0,0 +1,3 @@ +https://github.com/aarowill/base16-alacritty.git +https://github.com/rkubosz/base16-sway.git +https://gitlab.com/jordiorlando/base16-rofi.git diff --git a/.local/installers/artix2/programs.sh b/.local/installers/artix2/programs.sh new file mode 100644 index 0000000..628c105 --- /dev/null +++ b/.local/installers/artix2/programs.sh @@ -0,0 +1,106 @@ +#!/bin/sh +############################################################################## +# This script provides functions to install/configure certain programs +# that are more complicated ( more than just pacman -S program ) to install/setup. +# +# These programs assume that yay, lib32, and arch's community repo has been enabled. +# If you get an error during installation try running ./artix-install.sh --base +############################################################################## + +repo_check() { + if [ -z "$(grep "^\[multilib" /etc/pacman.conf)" ] || + [ -z "$(grep "^\[community" /etc/pacman.conf)" ] || + echo "repo check" + [ ! -f "/usr/bin/yay" ]; then + echo "either yay, or the lib32 or community repos have not been setup correctly. Exiting" + exit + + fi +} + +ungoogled_chromium() { + repo_check + echo "after repo check" + + CMD=" -S " + + [ "$1" = "-R" ] && CMD=" -Rs " + + echo "ungoogled chromium install not working just installing chromium (press enter to continue)" + read input + + sudo pacman -S chromium + + #yay "$CMD" aur/ungoogled-chromium-binary + #yay "$CMD" aur/chromium-ublock-origin + + #yay "$CMD" aur/chromium-extension-web-store + #yay "$CMD" aur/chromium-widevine +} + +virt_manager() { + repo_check + + echo "install virt-manager?(y/N)" + read -r input + if [ "$input" = "y" ] || [ "$input" = "Y" ]; then + sudo pacman -S --noconfirm sudo pacman -S libvirt qemu virt-manager lxsession + sudo pacman -S --noconfirm gst-plugins-good libvirt-runit + + #TODO move this to runit_setup + sudo usermod -G libvirt -a "$USER" + fi + + runit_setup --virt-manager +} + +gaming() { + repo_check + + CMD=" -S --noconfirm " + + for arg in "$@" + do + if [ "$arg" = "--nvidia" ]; then + NVIDIA_GPU="TRUE" + elif [ "$arg" = "--amd" ]; then + AMD_GPU="TRUE" + elif [ "$arg" = "--intel" ]; then + INTEL_GPU="TRUE" + elif [ "$arg" = "-R" ]; then + CMD=" -Rs " + fi + done + + if [ -z "$NVIDIA_GPU" ] && [ -z "$AMD_GPU" ] && [ -z "$INTEL_GPU" ]; then + echo "Enter GPU type (amd nvidia intel):" + read input + + [ "$input" = "amd" ] && AMD_GPU="TRUE" + [ "$input" = "nvidia" ] && NVIDIA_GPU="TRUE" + [ "$input" = "intel" ] && INTEL_GPU="TRUE" + fi + + echo "Installing with:" + [ "$AMD_GPU" = "TRUE" ] && echo "AMD GPU" + [ "$NVIDIA_GPU" = "TRUE" ] && echo "NVIDIA GPU" + [ "$INTEL_GPU" = "TRUE" ] && echo "INTEL GPU" + echo "press enter to continue." + read input + + + [ -z "$(grep "^\[lib32" /etc/pacman.conf)" ] && [ -z "$NVIDIA_GPU" ] && [ -z "$AMD_GPU" ] && [ -z "$INTEL_GPU" ] && help && exit + + [ "$NVIDIA_GPU" = "TRUE" ] && sudo pacman $CMD nvidia-utils lib32-nvidia-utils + [ "$AMD_GPU" = "TRUE" ] && sudo pacman $CMD vulkan-radeon lib32-vulkan-radeon + [ "$INTEL_GPU" = "TRUE" ] && sudo pacman $CMD vulkan-intel lib32-vulkan-intel + + sudo pacman $CMD vulkan-mesa-layers lib32-vulkan-mesa-layers + + sudo pacman $CMD wine winetricks #wine-staging + sudo pacman $CMD giflib lib32-giflib libpng lib32-libpng libldap lib32-libldap gnutls lib32-gnutls mpg123 lib32-mpg123 openal lib32-openal v4l-utils lib32-v4l-utils libpulse lib32-libpulse alsa-plugins lib32-alsa-plugins alsa-lib lib32-alsa-lib libjpeg-turbo lib32-libjpeg-turbo libxcomposite lib32-libxcomposite libxinerama lib32-libxinerama ncurses lib32-ncurses opencl-icd-loader lib32-opencl-icd-loader libxslt lib32-libxslt libva lib32-libva gtk3 lib32-gtk3 gst-plugins-base-libs lib32-gst-plugins-base-libs vulkan-icd-loader lib32-vulkan-icd-loader cups samba dosbox + + sudo pacman $CMD gamemode lib32-gamemode + sudo pacman $CMD lutris steam +} + diff --git a/.local/installers/artix2/services/connman_iwd.service b/.local/installers/artix2/services/connman_iwd.service new file mode 100644 index 0000000..20e9cbc --- /dev/null +++ b/.local/installers/artix2/services/connman_iwd.service @@ -0,0 +1,22 @@ +[Unit] +Description=Connection service +DefaultDependencies=false +Conflicts=shutdown.target +RequiresMountsFor=/var/lib/connman +After=dbus.service network-pre.target systemd-sysusers.service iwd.service +Before=network.target multi-user.target shutdown.target +Wants=network.target +Requires=iwd.service + +[Service] +Type=dbus +BusName=net.connman +Restart=on-failure +ExecStart=/usr/bin/connmand --wifi=iwd_agent -n +StandardOutput=null +CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SYS_TIME CAP_SYS_MODULE +ProtectHome=true +ProtectSystem=true + +[Install] +WantedBy=multi-user.target diff --git a/.local/installers/artix2/services/iwd.service b/.local/installers/artix2/services/iwd.service new file mode 100644 index 0000000..1a029c2 --- /dev/null +++ b/.local/installers/artix2/services/iwd.service @@ -0,0 +1,10 @@ +[Unit] +Description=Internet Wireless Daemon (IWD) +Before=network.target +Wants=network.target + +[Service] +ExecStart=/usr/lib/iwd/iwd + +[Install] +Alias=multi-user.target.wants/iwd.service