Tomster/QubesOS-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2025-01-04 13:11:58 -05:00
Code

Fix portals

Browse Source
This commit is contained in:
Tommy 2024-12-30 04:44:16 -07:00 committed by GitHub
parent c2e64a605a
commit 0a6a750646
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/xdg-desktop-portal/portals.conf Normal file
View File

@ -0,0 +1,2 @@
[preferred]
default=gtk;

17
fedora-gnome/fedora-gnome.sh
View File

@ -29,7 +29,6 @@ sudo systemctl mask debug-shell.service
sudo systemctl mask kdump.service sudo systemctl mask kdump.service
# Setting umask to 077 # Setting umask to 077
umask 077
sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs sudo sed -i 's/^UMASK.*/UMASK 077/g' /etc/login.defs
sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs sudo sed -i 's/^HOME_MODE/#HOME_MODE/g' /etc/login.defs
sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc sudo sed -i 's/umask 022/umask 077/g' /etc/bashrc
@ -39,28 +38,21 @@ sudo chmod 700 /home/*
# Harden SSH # Harden SSH
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf /etc/ssh/ssh_config.d/10-custom.conf download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf /etc/ssh/ssh_config.d/10-custom.conf
sudo chmod 644 /etc/ssh/ssh_config.d/10-custom.conf
# Security kernel settings # Security kernel settings
download https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/etc/modprobe.d/blacklist.conf /etc/modprobe.d/workstation-blacklist.conf download https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/etc/modprobe.d/blacklist.conf /etc/modprobe.d/workstation-blacklist.conf
sudo chmod 644 /etc/modprobe.d/workstation-blacklist.conf
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf /etc/sysctl.d/99-workstation.conf download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf /etc/sysctl.d/99-workstation.conf
sudo chmod 644 /etc/sysctl.d/99-workstation.conf
# Dracut doesn't seem to work - need to investigate # Dracut doesn't seem to work - need to investigate
# dracut -f # dracut -f
sudo sysctl -p sudo sysctl -p
# Disable coredump # Disable coredump
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf /etc/security/limits.d/30-disable-coredump.conf download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/security/limits.d/30-disable-coredump.conf /etc/security/limits.d/30-disable-coredump.conf
sudo chmod 644 /etc/security/limits.d/30-disable-coredump.conf
sudo mkdir -p /etc/systemd/coredump.conf.d sudo mkdir -p /etc/systemd/coredump.conf.d
sudo chmod 755 /etc/systemd/coredump.conf.d
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf /etc/systemd/coredump.conf.d/disable.conf download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/coredump.conf.d/disable.conf /etc/systemd/coredump.conf.d/disable.conf
sudo chmod 644 /etc/systemd/coredump.conf.d/disable.conf
# Setup dconf # Setup dconf
umask 022 sudo mkdir -p /etc/dconf/db/local.d/locks
mkdir -p /etc/dconf/db/local.d/locks
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/automount-disable /etc/dconf/db/local.d/locks/automount-disable download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/automount-disable /etc/dconf/db/local.d/locks/automount-disable
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/privacy /etc/dconf/db/local.d/locks/privacy download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/privacy /etc/dconf/db/local.d/locks/privacy
@ -71,7 +63,10 @@ download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/privacy /etc/dconf/db/local.d/privacy download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/privacy /etc/dconf/db/local.d/privacy
sudo dconf update sudo dconf update
umask 077
# Fix portals
sudo mkdir -p /etc/xdg-desktop-portals
download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/xdg-desktop-portals/portals.conf /etc/xdg-desktop-portals/portals.conf
# Setup ZRAM # Setup ZRAM
download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf
@ -142,7 +137,7 @@ sudo dnf config-manager --set-disabled fedora-cisco-openh264
# Install custom packages # Install custom packages
# gnome-shell is needed for theming to work # gnome-shell is needed for theming to work
sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses gnome-shell sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme flatpak ncurses
# Setup hardened_malloc # Setup hardened_malloc
sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y