Add gnome-session

Signed-off-by: Tommy <contact@tommytran.io>
Remove ModemManager hardening
2024-11-22 09:51:32 -05:00 · 2024-05-10 06:31:45 -07:00 · 2024-05-10 05:57:46 -07:00 · 2024-05-10 05:40:06 -07:00 · 2024-05-10 05:26:11 -07:00 · 2024-05-10 05:10:45 -07:00
1 changed files with 23 additions and 32 deletions
--- a/fedora/fedora-gnome.sh
+++ b/fedora/fedora-gnome.sh
@ -61,18 +61,26 @@ unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/Tomm

 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/adw-gtk3-dark | sudo tee /etc/dconf/db/local.d/adw-gtk3-dark
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/automount-disable | sudo tee /etc/dconf/db/local.d/automount-disable
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/button-layout | sudo tee /etc/dconf/db/local.d/button-layout
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/prefer-dark | sudo tee /etc/dconf/db/local.d/prefer-dark
 unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/privacy | sudo tee /etc/dconf/db/local.d/privacy
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/touchpad | sudo tee /etc/dconf/db/local.d/touchpad

 sudo dconf update
 umask 077

-# Setup DNF
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
-sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
+# Flatpak update service
+unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service | sudo tee /etc/systemd/user/update-user-flatpaks.service
+unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.timer | sudo tee /etc/systemd/user/update-user-flatpaks.timer

+# Setup networking
+# We don't need the usual mac address randomization and stuff here, because this template is not used for sys-net
+
+sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
+unpriv curl --proxy http://127.0.0.1:8082 https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
+
+# Fix GNOME environment variable
+echo 'XDG_CURRENT_DESKTOP=GNOME' | sudo tee -a /etc/environment
+
+# We do the dnf tasks last, because dnf will break after we configure https repos and we need a reboot to fix it.
 # Remove unnecessary stuff from the Qubes template
 sudo dnf -y remove thunderbird httpd keepassxc rygel

@ -113,34 +121,17 @@ sudo dnf remove -y lvm2 rng-tools thermald '*perl*'
 # Disable openh264 repo
 sudo dnf config-manager --set-disabled fedora-cisco-openh264

-# Update packages
-sudo dnf -y upgrade
-
 # Install custom packages
-sudo dnf install qubes-ctap qubes-gpg-split adw-gtk3-theme gnome-console -y
-
-# Flatpak update service
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service | sudo tee /etc/systemd/user/update-user-flatpaks.service
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.timer | sudo tee /etc/systemd/user/update-user-flatpaks.timer
-
-# Systemd hardening
-sudo mkdir -p /etc/systemd/system/ModemManager.service.d
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/divestedcg/Brace/master/brace/usr/lib/systemd/system/ModemManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/ModemManager.service.d/99-brace.conf
+# gnome-session is needed for theming to work
+sudo dnf -y install qubes-ctap qubes-gpg-split adw-gtk3-theme gnome-console gnome-session

 # Setup hardened_malloc
-#sudo dnf install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm' -y
-#sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
-#sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
-#sudo dnf install hardened_malloc -y
-#echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload
+sudo dnf -y install 'https://divested.dev/rpm/fedora/divested-release-20231210-2.noarch.rpm'
+sudo sed -i 's/^metalink=.*/&?protocol=https/g' /etc/yum.repos.d/divested-release.repo
+sudo dnf config-manager --save --setopt=divested.includepkgs=divested-release,real-ucode,microcode_ctl,amd-ucode-firmware,hardened_malloc
+sudo dnf -y install hardened_malloc
+echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload

-# Setup networking
-# We don't need the usual mac address randomization and stuff here, because this template is not used for sys-net
-
-sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
-unpriv curl --proxy http://127.0.0.1:8082 https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | sudo tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf
-sudo systemctl daemon-reload
-
-# Fix desktop environmemt variable
-
-echo 'XDG_CURRENT_DESKTOP=GNOME' >> /etc/environment
+# Setup DNF
+unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dnf/dnf.conf | sudo tee /etc/dnf/dnf.conf
+sudo sed -i 's/^metalink=.*/&\&protocol=https/g' /etc/yum.repos.d/*
Author	SHA1	Message	Date
Tommy	2cb16bcf63	Add gnome-session Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 06:31:45 -07:00
Tommy	2adde31947	Remove ModemManager hardening Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 05:57:46 -07:00
Tommy	0407ac2603	Remove touchpad dconf Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 05:40:06 -07:00
Tommy	54a028899a	Setup dnf last Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 05:26:11 -07:00
Tommy	e8a39f987c	dnf upgrade should be done through qubes tool Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 05:10:45 -07:00
Tommy	00155aba9b	Fix permission issue Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 05:06:11 -07:00
Tommy	7757b279cc	Disable gnome 3 button layout Signed-off-by: Tommy <contact@tommytran.io>	2024-05-10 04:47:54 -07:00