From e7ff23425ddb2d9d9d452c2c1ca8255b006f323a Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 10 Jul 2022 23:13:24 -0500 Subject: [PATCH] add --varden flag to installer modified volchange.sh to use wireplumber to set volume renamed volchange.sh to vol.sh --- .config/aliasrc | 2 + .config/sway/config | 6 +-- .local/installers/arch/arch-install.sh | 52 ++++++++++++++++++++++++- .local/installers/arch/pkgs/base.list | 2 + .local/scripts/sway-bar.sh | 15 ++++--- .local/scripts/{volchange.sh => vol.sh} | 19 +++++++-- .profile | 2 +- 7 files changed, 81 insertions(+), 17 deletions(-) rename .local/scripts/{volchange.sh => vol.sh} (60%) diff --git a/.config/aliasrc b/.config/aliasrc index 87ee5b0..5e5f968 100644 --- a/.config/aliasrc +++ b/.config/aliasrc @@ -45,6 +45,8 @@ alias yd='youtube-dl' #dotfiles configuration alias alias config='git --git-dir=$HOME/.cfg/ --work-tree=$HOME' +alias chrome='firejail chromium --ozone-platform-hint=auto' + note() { NOTEFILE="$HOME/.cache/notes" if [ "$#" -lt 1 ]; then diff --git a/.config/sway/config b/.config/sway/config index 0800656..32df909 100644 --- a/.config/sway/config +++ b/.config/sway/config @@ -218,9 +218,9 @@ mode "resize" { bindsym $mod+r mode "resize" #custom keybinds -bindsym XF86AudioRaiseVolume exec volchange.sh -i 2 -bindsym XF86AudioLowerVolume exec volchange.sh -d 2 -bindsym XF86AudioMute exec volchange.sh --toggle-mute +bindsym XF86AudioRaiseVolume exec vol.sh -i 0.02 +bindsym XF86AudioLowerVolume exec vol.sh -d 0.02 +bindsym XF86AudioMute exec vol.sh --toggle-mute bindsym $mod+p exec fixscr.sh --menu bindsym $mod+o exec browser.sh bindsym $mod+shift+s exec ss.sh -s diff --git a/.local/installers/arch/arch-install.sh b/.local/installers/arch/arch-install.sh index 395ec13..9b59fc9 100755 --- a/.local/installers/arch/arch-install.sh +++ b/.local/installers/arch/arch-install.sh @@ -49,6 +49,7 @@ init_setup() { sudo systemctl enable ufw.service sudo systemctl enable cronie.service sudo systemctl enable systemd-timesyncd.service + sudo systemctl enable nix-daemon.service #user services @@ -59,7 +60,6 @@ init_setup() { systemctl --user enable wireplumber.service } -#TODO wireless() { sudo pacman -S tlp iwd bluez bluez-utils sudo pacman -S tp_smapi smartmontools ethtool #opts for tlp @@ -73,6 +73,38 @@ wireless() { sudo systemctl enable connman_iwd.service } +harden() { + #install required programs + sudo pacman -S firejail apparmor + + #enable apparmor service + sudo systemctl enable apparmor.service + sudo systemctl start apparmor.service + + #configure apparmor to use firejail and configure firejail to automatically run for supported programs + sudo apparmor_parser -r /etc/apparmor.d/firejail-default + sudo firecfg + + #add user to /etc/firejail/firejail.users if it is not already in the file + if [ -z "$(grep "$USER" /etc/firejail/firejail.users)" ]; then + sudo sh -c "echo '$USER' >> /etc/firejail/firejail.users" + fi + + echo "============================================" + echo " Applying Hardening Configuration" + echo "============================================" + echo "" + echo "append this to your kernel params:" + echo " lsm=landlock,lockdown,yama,integrity,apparmor,bpf" + echo " systemd-boot: /boot/loader/entries/*.conf, append to end of line beginning with \"options\"" + echo " grub: /etc/default/grub" + echo "" + echo " run this script with the --harden flag again after rebooting to ensure all settings are applied correctly." + echo " press enter to continue." + read input +} + + configure() { #setup home directories mkdir ~/docs/ @@ -149,6 +181,13 @@ configure() { sudo sed -i 's/#GRUB_COLOR_NORMAL/GRUB_COLOR_NORMAL/g' /etc/default/grub sudo sed -i 's/#GRUB_COLOR_HIGHLIGHT/GRUB_COLOR_HIGHLIGHT/g' /etc/default/grub + #nix configuration + #add user to nix-users group + sudo adduser -a -G nix-users "$USER" + #add nix unstable channel + nix-channel --add https://nixos.org/channels/nixpkgs-unstable + nix-channel --update + #download collapse OS mkdir -p "$HOME"/.local/src/ cd "$HOME"/.local/src/ @@ -213,11 +252,19 @@ base() { help() { echo " artix-install.sh" echo " --base perform basic install. Enable repos, install programs" + echo "" echo " --gaming install steam and lutris. Use flags --amd, --nvidia, --intel to install" echo " with corresponding graphics drivers. Otherwise you will be prompted" + echo "" echo " --virt-manager install virt-manager" + echo "" echo " --wireless install/setup programs for wifi/bluetooth" + echo "" echo " --ungoogled-chromium install ungoogled-chromium. also installs chrome-web-store and ublock origin" + echo "" + echo " --harden enable extra security settings (apparmor, firejail), THIS NEEDS TO BE RUN" + echo " AGAIN AFTER INSTALL AND REBOOT, to ensure settings are applied correctly." + echo " make sure to follow on screen instructions to set kernel params" } BASE="" @@ -225,6 +272,7 @@ GAMING="" WIRELESS="" UNGOOGLED_CHROMIUM="" VIRT_MANAGER="" +HARDEN="" for arg in "$@" do @@ -233,6 +281,7 @@ do [ "$arg" = "--virt-manager" ] && VIRTMGR="true" [ "$arg" = "--wireless" ] && WIRELESS="true" [ "$arg" = "--ungoogled-chromium" ] && UNGOOGLED_CHROMIUM="true" + [ "$arg" = "--harden" ] && HARDEN="true" [ "$arg" = "--help" ] && help && exit done @@ -244,4 +293,5 @@ done [ "$WIRELESS" ] && wireless [ "$UNGOOGLED_CHROMIUM" ] && ungoogled_chromium "$@" [ "$VIRT_MANAGER" ] && virt_manager +[ "$HARDEN" ] && harden diff --git a/.local/installers/arch/pkgs/base.list b/.local/installers/arch/pkgs/base.list index 5594eb7..2847172 100644 --- a/.local/installers/arch/pkgs/base.list +++ b/.local/installers/arch/pkgs/base.list @@ -80,3 +80,5 @@ libva-mesa-driver bc firefox chromium +flatpak +nix diff --git a/.local/scripts/sway-bar.sh b/.local/scripts/sway-bar.sh index 99432b1..c8b5cb2 100755 --- a/.local/scripts/sway-bar.sh +++ b/.local/scripts/sway-bar.sh @@ -4,16 +4,16 @@ # other wms that use xsetroot for a status bar. # # by default this script will only run once, to run in -# a loop give it the -l flag: ./dwm-bar.sh -l +# a loop give it the -l flag: ./sway-bar.sh -l # -# Requires: pulsemixer, xbps (for sys_updates) +# Requires: pamixer # # ddate -> creates a date string # audio -> creates a string representing the state of pulseaudio # netup -> creates a string for the current network interface and status # weather -> reads file written by ~/scripts/update-weather.sh to set the weather # -# update -> calls all the above functions into xsetroot to set status bar +# update -> calls all the above functions into swaybar to set status bar # # https://gitlab.com/ahub/dotfiles #======================================================================== @@ -35,7 +35,7 @@ audio () { # icon="$(echo "$volstat" | grep -o "\[[0-9]\+%\]" | sed 's/[^0-9]*//g' | sed -n 1p -) 🔊" # fi - icon="$(pamixer --get-volume) 🔊" + icon="$(vol.sh -g) 🔊" [ "$(pamixer --get-mute)" = "true" ] && icon="🔇" printf "%s\n" "$icon" @@ -58,8 +58,7 @@ mail() { COUNT=$((COUNT+$(ls "$TMP_DIR" | wc -l))) done - - + icon="$COUNT 📧" printf "%s\n" "$icon" @@ -133,8 +132,8 @@ update() { if [ "$1" ] && [ "$1" = "-l" ]; then echo "$$" > ~/.cache/statusbar_pid - #sh ~/.local/scripts/update-crypto.sh -i & - #sh ~/.local/scripts/update-weather.sh -i & + sh ~/.local/scripts/update-crypto.sh -i & + sh ~/.local/scripts/update-weather.sh -i & while true do diff --git a/.local/scripts/volchange.sh b/.local/scripts/vol.sh similarity index 60% rename from .local/scripts/volchange.sh rename to .local/scripts/vol.sh index 542ad1b..8c0a54c 100755 --- a/.local/scripts/volchange.sh +++ b/.local/scripts/vol.sh @@ -1,6 +1,9 @@ #!/bin/sh -PERC="5" +#PERC="5" +PERC="0.05" + +MUTEFN="~/.cache/volsh_mute" refbar() { pkill sleep -P "$(cat ~/.cache/statusbar_pid )" @@ -10,21 +13,27 @@ inc() { [ "$1" ] && PERC="$1" #pulsemixer --change-volume +"$1" && refbar #amixer sset Master 1%+ && refbar - pamixer -i "$PERC" && refbar + #pamixer -i "$PERC" && refbar + wpctl set-volume @DEFAULT_AUDIO_SINK@ "$(echo "$(get) + $PERC" | bc)" && refbar } dec() { [ "$1" ] && PERC="$1" #pulsemixer --change-volume -"$1" && refbar #amixer sset Master 1%- && refbar - pamixer -d "$PERC" && refbar + #pamixer -d "$PERC" && refbar + wpctl set-volume @DEFAULT_AUDIO_SINK@ "$(echo "$(get) - $PERC" | bc)" && refbar } mute() { #pulsemixer --toggle-mute && refbar #amixer sset Master toggle && refbar - pamixer -t && refbar + #pamixer -t && refbar + wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle && refbar +} +get() { + wpctl get-volume @DEFAULT_AUDIO_SINK@ | cut -d' ' -f 2 } help() { @@ -39,6 +48,8 @@ elif [ "$1" = "-d" ]; then dec "$2" elif [ "$1" = "--toggle-mute" ]; then mute +elif [ "$1" = "-g" ]; then + get else help fi diff --git a/.profile b/.profile index 09064a6..29fe564 100644 --- a/.profile +++ b/.profile @@ -56,7 +56,7 @@ export SFEED_URL_FILE="$HOME/.local/share/sfeed/read" # Add ~/.local/bin/ ~/.local/scripts/ and to PATH export PATH="$HOME/.local/bin:$PATH" export PATH="$HOME/.local/scripts:$PATH" - +export PATH="$HOME/.local/appimages:$PATH" export MANPATH="$MANPATH:/usr/local/man/"