diff --git a/installers/arch/scripts/harden.sh b/installers/arch/scripts/harden.sh index 8ae287b..c14a87e 100755 --- a/installers/arch/scripts/harden.sh +++ b/installers/arch/scripts/harden.sh @@ -1,20 +1,12 @@ #!/bin/sh # #install required programs -sudo pacman -S apparmor firejail +sudo pacman -S apparmor #enable apparmor service sudo systemctl enable apparmor.service sudo systemctl start apparmor.service -#configure apparmor to use firejail and configure firejail to automatically run for supported programs -sudo apparmor_parser -r /etc/apparmor.d/firejail-default -sudo firecfg - -add user to /etc/firejail/firejail.users if it is not already in the file -if [ -z "$(grep "$USER" /etc/firejail/firejail.users)" ]; then - sudo sh -c "echo '$USER' >> /etc/firejail/firejail.users" -fi echo "============================================" echo " Applying Hardening Configuration" @@ -28,7 +20,3 @@ echo "" echo " run this script again after rebooting to ensure all settings are applied correctly." echo " press enter to continue." read input - -#add any firejail configuration here - #fix mpv not being able to open some files, allows mmpv to play videos in the ~/media dir -sudo sh -c 'echo "whitelist $HOME/media" >> /etc/firejail/whitelist-player-common.local' diff --git a/installers/arch/scripts/opendoas.sh b/installers/arch/scripts/opendoas.sh index d40e510..9d0c1ce 100755 --- a/installers/arch/scripts/opendoas.sh +++ b/installers/arch/scripts/opendoas.sh @@ -2,8 +2,8 @@ sudo pacman -S opendoas echo "permit persist $USER as root" > ~/.cache/doas.conf -echo "permit nopass :wheel as root cmd /sbin/poweroff" >> ~/.cache/doas.conf -echo "permit nopass :wheel as root cmd /sbin/reboot" >> ~/.cache/doas.conf +#echo "permit nopass :wheel as root cmd /sbin/poweroff" >> ~/.cache/doas.conf +#echo "permit nopass :wheel as root cmd /sbin/reboot" >> ~/.cache/doas.conf sudo cp ~/.cache/doas.conf /etc/doas.conf yay -S doas-sudo-shim diff --git a/installers/arch/scripts/setup-dirs.sh b/installers/arch/scripts/setup-dirs.sh index 0ce11e5..00d3580 100755 --- a/installers/arch/scripts/setup-dirs.sh +++ b/installers/arch/scripts/setup-dirs.sh @@ -1,12 +1,16 @@ #!/bin/sh -FILES_DIR="$HOME/.files/" +FILES_DIR="$HOME/.files" -ln -s "$HOME"/.files/dl "$HOME"/dl -ln -s "$HOME"/.files/docs "$HOME"/docs -ln -s "$HOME"/.files/media "$HOME"/media -ln -s "$HOME"/.files/.ssh "$HOME"/.ssh +#directories +ln -s "$FILES_DIR"/dl "$HOME"/dl +ln -s "$FILES_DIR"/docs "$HOME"/docs +ln -s "$FILES_DIR"/media "$HOME"/media +ln -s "$FILES_DIR"/.ssh "$HOME"/.ssh +ln -s "$FILES_DIR"/.local/share/password-store "$HOME"/.local/share/ +ln -s "$FILES_DIR"/.local/share/gnupg "$HOME"/.local/share/ -ln -s "$HOME"/.files/.gitconfig "$HOME"/.gitconfig +#files +ln -s "$FILES_DIR"/.gitconfig "$HOME"/.gitconfig mkdir -p ~/.var/app/ ln -s "$HOME"/.files/.var/app/io.gitlab.librewolf-community ~/.var/app/io.gitlab.librewolf-community