mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2025-02-20 18:01:33 -05:00
Update install.sh
Signed-off-by: khaleeldtxi <54496531+khaleeldtxi@users.noreply.github.com>
This commit is contained in:
khaleeldtxi
GitHub
parent
a9e28ec90f
commit
892450ad40
73
install.sh
73
install.sh
@ -368,73 +368,57 @@ arch-chroot /mnt /bin/bash -e <<EOF
|
||||
groupadd -r audit
|
||||
gpasswd -a $username audit
|
||||
fi
|
||||
EOF
|
||||
|
||||
# Enable AppArmor notifications
|
||||
# Must create ~/.config/autostart first
|
||||
mkdir -p -m 700 /mnt/home/${username}/.config/autostart/
|
||||
bash -c "cat > /mnt/home/${username}/.config/autostart/apparmor-notify.desktop" <<-'EOF'
|
||||
[Desktop Entry]
|
||||
Type=Application
|
||||
Name=AppArmor Notify
|
||||
Comment=Receive on screen notifications of AppArmor denials
|
||||
TryExec=aa-notify
|
||||
Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
|
||||
StartupNotify=false
|
||||
NoDisplay=true
|
||||
EOF
|
||||
chmod 700 /mnt/home/${username}/.config/autostart/apparmor-notify.desktop
|
||||
arch-chroot /mnt chown -R $username:$username /home/${username}/.config
|
||||
|
||||
|
||||
# Setting user password.
|
||||
|
||||
|
||||
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
|
||||
|
||||
|
||||
# Giving wheel user sudo access.
|
||||
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/g' /mnt/etc/sudoers
|
||||
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/g' /etc/sudoers
|
||||
|
||||
# Change audit logging group
|
||||
echo "log_group = audit" >> /mnt/etc/audit/auditd.conf
|
||||
echo "log_group = audit" >> /etc/audit/auditd.conf
|
||||
|
||||
# Enabling audit service.
|
||||
systemctl enable auditd --root=/mnt &>/dev/null
|
||||
systemctl enable auditd --root=/ &>/dev/null
|
||||
|
||||
# Enabling auto-trimming service.
|
||||
systemctl enable fstrim.timer --root=/mnt &>/dev/null
|
||||
systemctl enable fstrim.timer --root=/ &>/dev/null
|
||||
|
||||
# Enabling NetworkManager.
|
||||
systemctl enable NetworkManager --root=/mnt &>/dev/null
|
||||
systemctl enable NetworkManager --root=/ &>/dev/null
|
||||
|
||||
# Enabling GDM.
|
||||
systemctl enable gdm --root=/mnt &>/dev/null
|
||||
systemctl enable gdm --root=/ &>/dev/null
|
||||
|
||||
# Enabling AppArmor.
|
||||
echo "Enabling AppArmor."
|
||||
systemctl enable apparmor --root=/mnt &>/dev/null
|
||||
systemctl enable apparmor --root=/ &>/dev/null
|
||||
|
||||
# Enabling Firewalld.
|
||||
echo "Enabling Firewalld."
|
||||
systemctl enable firewalld --root=/mnt &>/dev/null
|
||||
systemctl enable firewalld --root=/ &>/dev/null
|
||||
|
||||
# Enabling Bluetooth Service (This is only to fix the visual glitch with gnome where it gets stuck in the menu at the top right).
|
||||
# IF YOU WANT TO USE BLUETOOTH, YOU MUST REMOVE IT FROM THE LIST OF BLACKLISTED KERNEL MODULES IN /mnt/etc/modprobe.d/30_security-misc.conf
|
||||
systemctl enable bluetooth --root=/mnt &>/dev/null
|
||||
systemctl enable bluetooth --root=/ &>/dev/null
|
||||
|
||||
# Enabling Reflector timer.
|
||||
echo "Enabling Reflector."
|
||||
systemctl enable reflector.timer --root=/mnt &>/dev/null
|
||||
systemctl enable reflector.timer --root=/ &>/dev/null
|
||||
|
||||
# Enabling systemd-oomd.
|
||||
echo "Enabling systemd-oomd."
|
||||
systemctl enable systemd-oomd --root=/mnt &>/dev/null
|
||||
systemctl enable systemd-oomd --root=/ &>/dev/null
|
||||
|
||||
# Disabling systemd-timesyncd
|
||||
systemctl disable systemd-timesyncd --root=/mnt &>/dev/null
|
||||
systemctl disable systemd-timesyncd --root=/ &>/dev/null
|
||||
|
||||
# Enabling chronyd
|
||||
systemctl enable chronyd --root=/mnt &>/dev/null
|
||||
systemctl enable chronyd --root=/ &>/dev/null
|
||||
|
||||
EOF
|
||||
|
||||
# Setting user password.
|
||||
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
|
||||
|
||||
|
||||
# Enabling Snapper automatic snapshots.
|
||||
echo "Enabling Snapper and automatic snapshots entries."
|
||||
@ -447,6 +431,23 @@ sed -i 's/022/077/g' /mnt/etc/profile
|
||||
echo "" >> /mnt/etc/bash.bashrc
|
||||
echo "umask 077" >> /mnt/etc/bash.bashrc
|
||||
|
||||
# Enable AppArmor notifications
|
||||
# Must create ~/.config/autostart first
|
||||
mkdir -p -m 700 /home/${username}/.config/autostart/
|
||||
bash -c "cat > /home/${username}/.config/autostart/apparmor-notify.desktop" <<-'EOF'
|
||||
[Desktop Entry]
|
||||
Type=Application
|
||||
Name=AppArmor Notify
|
||||
Comment=Receive on screen notifications of AppArmor denials
|
||||
TryExec=aa-notify
|
||||
Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
|
||||
StartupNotify=false
|
||||
NoDisplay=true
|
||||
EOF
|
||||
chmod 700 /home/${username}/.config/autostart/apparmor-notify.desktop
|
||||
arch-chroot /mnt chown -R $username:$username /home/${username}/.config
|
||||
|
||||
|
||||
# Finishing up
|
||||
echo "Done, you may now wish to reboot (further changes can be done by chrooting into /mnt)."
|
||||
exit
|
||||
|
||||
Loading…
Reference in New Issue
Block a user