Tomster/Arch-Setup-Script
1
0
Fork 0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2025-02-20 18:01:33 -05:00
Code

Update install.sh

Browse Source 
Signed-off-by: khaleeldtxi <54496531+khaleeldtxi@users.noreply.github.com>
This commit is contained in:
khaleeldtxi 2022-11-28 00:54:16 -05:00 committed by GitHub
parent a9e28ec90f
commit 892450ad40
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 37 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
install.sh
View File

@ -368,73 +368,57 @@ arch-chroot /mnt /bin/bash -e <<EOF
groupadd -r audit groupadd -r audit
gpasswd -a $username audit gpasswd -a $username audit
fi fi
EOF
# Enable AppArmor notifications
# Must create ~/.config/autostart first
mkdir -p -m 700 /mnt/home/${username}/.config/autostart/
bash -c "cat > /mnt/home/${username}/.config/autostart/apparmor-notify.desktop" <<-'EOF'
[Desktop Entry]
Type=Application
Name=AppArmor Notify
Comment=Receive on screen notifications of AppArmor denials
TryExec=aa-notify
Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
StartupNotify=false
NoDisplay=true
EOF
chmod 700 /mnt/home/${username}/.config/autostart/apparmor-notify.desktop
arch-chroot /mnt chown -R $username:$username /home/${username}/.config
# Setting user password.
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
# Giving wheel user sudo access. # Giving wheel user sudo access.
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/g' /mnt/etc/sudoers sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/g' /etc/sudoers
# Change audit logging group # Change audit logging group
echo "log_group = audit" >> /mnt/etc/audit/auditd.conf echo "log_group = audit" >> /etc/audit/auditd.conf
# Enabling audit service. # Enabling audit service.
systemctl enable auditd --root=/mnt &>/dev/null systemctl enable auditd --root=/ &>/dev/null
# Enabling auto-trimming service. # Enabling auto-trimming service.
systemctl enable fstrim.timer --root=/mnt &>/dev/null systemctl enable fstrim.timer --root=/ &>/dev/null
# Enabling NetworkManager. # Enabling NetworkManager.
systemctl enable NetworkManager --root=/mnt &>/dev/null systemctl enable NetworkManager --root=/ &>/dev/null
# Enabling GDM. # Enabling GDM.
systemctl enable gdm --root=/mnt &>/dev/null systemctl enable gdm --root=/ &>/dev/null
# Enabling AppArmor. # Enabling AppArmor.
echo "Enabling AppArmor." echo "Enabling AppArmor."
systemctl enable apparmor --root=/mnt &>/dev/null systemctl enable apparmor --root=/ &>/dev/null
# Enabling Firewalld. # Enabling Firewalld.
echo "Enabling Firewalld." echo "Enabling Firewalld."
systemctl enable firewalld --root=/mnt &>/dev/null systemctl enable firewalld --root=/ &>/dev/null
# Enabling Bluetooth Service (This is only to fix the visual glitch with gnome where it gets stuck in the menu at the top right). # Enabling Bluetooth Service (This is only to fix the visual glitch with gnome where it gets stuck in the menu at the top right).
# IF YOU WANT TO USE BLUETOOTH, YOU MUST REMOVE IT FROM THE LIST OF BLACKLISTED KERNEL MODULES IN /mnt/etc/modprobe.d/30_security-misc.conf # IF YOU WANT TO USE BLUETOOTH, YOU MUST REMOVE IT FROM THE LIST OF BLACKLISTED KERNEL MODULES IN /mnt/etc/modprobe.d/30_security-misc.conf
systemctl enable bluetooth --root=/mnt &>/dev/null systemctl enable bluetooth --root=/ &>/dev/null
# Enabling Reflector timer. # Enabling Reflector timer.
echo "Enabling Reflector." echo "Enabling Reflector."
systemctl enable reflector.timer --root=/mnt &>/dev/null systemctl enable reflector.timer --root=/ &>/dev/null
# Enabling systemd-oomd. # Enabling systemd-oomd.
echo "Enabling systemd-oomd." echo "Enabling systemd-oomd."
systemctl enable systemd-oomd --root=/mnt &>/dev/null systemctl enable systemd-oomd --root=/ &>/dev/null
# Disabling systemd-timesyncd # Disabling systemd-timesyncd
systemctl disable systemd-timesyncd --root=/mnt &>/dev/null systemctl disable systemd-timesyncd --root=/ &>/dev/null
# Enabling chronyd # Enabling chronyd
systemctl enable chronyd --root=/mnt &>/dev/null systemctl enable chronyd --root=/ &>/dev/null
EOF
# Setting user password.
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
# Enabling Snapper automatic snapshots. # Enabling Snapper automatic snapshots.
echo "Enabling Snapper and automatic snapshots entries." echo "Enabling Snapper and automatic snapshots entries."
@ -447,6 +431,23 @@ sed -i 's/022/077/g' /mnt/etc/profile
echo "" >> /mnt/etc/bash.bashrc echo "" >> /mnt/etc/bash.bashrc
echo "umask 077" >> /mnt/etc/bash.bashrc echo "umask 077" >> /mnt/etc/bash.bashrc
# Enable AppArmor notifications
# Must create ~/.config/autostart first
mkdir -p -m 700 /home/${username}/.config/autostart/
bash -c "cat > /home/${username}/.config/autostart/apparmor-notify.desktop" <<-'EOF'
[Desktop Entry]
Type=Application
Name=AppArmor Notify
Comment=Receive on screen notifications of AppArmor denials
TryExec=aa-notify
Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
StartupNotify=false
NoDisplay=true
EOF
chmod 700 /home/${username}/.config/autostart/apparmor-notify.desktop
arch-chroot /mnt chown -R $username:$username /home/${username}/.config
# Finishing up # Finishing up
echo "Done, you may now wish to reboot (further changes can be done by chrooting into /mnt)." echo "Done, you may now wish to reboot (further changes can be done by chrooting into /mnt)."
exit exit