diff options
| -rwxr-xr-x | archsetup | 23 | ||||
| -rw-r--r-- | dotfiles/system/.local/share/applications/lock-screen.desktop | 7 | ||||
| -rw-r--r-- | dotfiles/system/.local/share/applications/logout.desktop | 7 | ||||
| -rw-r--r-- | dotfiles/system/.local/share/applications/reboot.desktop | 7 | ||||
| -rw-r--r-- | dotfiles/system/.local/share/applications/shutdown.desktop | 7 | ||||
| -rw-r--r-- | dotfiles/system/.local/share/applications/suspend.desktop | 7 | ||||
| -rw-r--r-- | scripts/testing/lib/validation.sh | 39 |
7 files changed, 96 insertions, 1 deletions
@@ -535,6 +535,12 @@ prerequisites() { action="synchronizing system time" && display "task" "$action" (chronyd -q 'server 0.us.pool.ntp.org iburst' >> "$logfile" 2>&1) || error "error" "$action" "$?" + # enable chrony for ongoing time sync and create config to suppress warning + action="enabling chrony time sync service" && display "task" "$action" + mkdir -p /etc/sysconfig + echo 'OPTIONS=""' > /etc/sysconfig/chronyd + systemctl enable chronyd.service >> "$logfile" 2>&1 || error "error" "$action" "$?" + action="configuring compiler to use all processor cores" && display "task" "$action" sed -i "s/-j2/-j$(nproc)/;s/^#MAKEFLAGS/MAKEFLAGS/" /etc/makepkg.conf >> "$logfile" 2>&1 @@ -743,6 +749,10 @@ wifi.cloned-mac-address=random ethernet.cloned-mac-address=stable EOF + # Configure wireless regulatory domain (enables full WiFi capabilities for region) + action="configuring wireless regulatory domain (US)" && display "task" "$action" + sed -i 's/^#WIRELESS_REGDOM="US"/WIRELESS_REGDOM="US"/' /etc/conf.d/wireless-regdom + # Encrypted DNS (DNS over TLS) action="configuring encrypted DNS (DNS over TLS)" && display "task" "$action" @@ -895,6 +905,9 @@ EOF action="enabling the package cache cleanup timer" && display "task" "$action" systemctl enable --now paccache.timer >> "$logfile" 2>&1 || error "error" "$action" "$?" + action="configuring paccache to keep 3 versions" && display "task" "$action" + sed -i 's/^PACCACHE_ARGS=.*/PACCACHE_ARGS=-k3/' /etc/conf.d/pacman-contrib + # Snapshot Service - filesystem-aware display "subtitle" "Snapshot Service" @@ -1217,6 +1230,14 @@ desktop_environment() { find /home/"$username"/.gnupg -type f -exec chmod 600 {} \; find /home/"$username"/.gnupg -type d -exec chmod 700 {} \; + # pre-create gnome-keyring structure so it uses 'login' keyring + # (auto-unlocks at login) instead of creating 'Default_keyring' (prompts for password) + keyring_dir="/home/$username/.local/share/keyrings" + mkdir -p "$keyring_dir" + echo "login" > "$keyring_dir/default" + chown -R "$username": "/home/$username/.local/share/keyrings" + chmod 700 "$keyring_dir" + # Power Management action="Power Management" && display "subtitle" "$action" @@ -1227,7 +1248,7 @@ desktop_environment() { action="Audio System" && display "subtitle" "$action" for software in alsa-utils pipewire wireplumber pipewire-pulse \ - pipewire-docs pamixer pulsemixer ffmpeg; do + pipewire-docs pamixer pulsemixer ffmpeg rtkit; do pacman_install "$software" done; # disable the pc speaker beep diff --git a/dotfiles/system/.local/share/applications/lock-screen.desktop b/dotfiles/system/.local/share/applications/lock-screen.desktop new file mode 100644 index 0000000..2bd7afa --- /dev/null +++ b/dotfiles/system/.local/share/applications/lock-screen.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Lock Screen +Comment=Lock the screen +Exec=slock +Icon=system-lock-screen +Type=Application +Categories=System; diff --git a/dotfiles/system/.local/share/applications/logout.desktop b/dotfiles/system/.local/share/applications/logout.desktop new file mode 100644 index 0000000..8c3bc3a --- /dev/null +++ b/dotfiles/system/.local/share/applications/logout.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Logout +Comment=End the current session +Exec=sh -c 'loginctl terminate-session "$XDG_SESSION_ID"' +Icon=system-log-out +Type=Application +Categories=System; diff --git a/dotfiles/system/.local/share/applications/reboot.desktop b/dotfiles/system/.local/share/applications/reboot.desktop new file mode 100644 index 0000000..ae2c76e --- /dev/null +++ b/dotfiles/system/.local/share/applications/reboot.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Reboot +Comment=Restart the system +Exec=systemctl reboot +Icon=system-reboot +Type=Application +Categories=System; diff --git a/dotfiles/system/.local/share/applications/shutdown.desktop b/dotfiles/system/.local/share/applications/shutdown.desktop new file mode 100644 index 0000000..2d93aa0 --- /dev/null +++ b/dotfiles/system/.local/share/applications/shutdown.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Shutdown +Comment=Power off the system +Exec=systemctl poweroff +Icon=system-shutdown +Type=Application +Categories=System; diff --git a/dotfiles/system/.local/share/applications/suspend.desktop b/dotfiles/system/.local/share/applications/suspend.desktop new file mode 100644 index 0000000..ab8addf --- /dev/null +++ b/dotfiles/system/.local/share/applications/suspend.desktop @@ -0,0 +1,7 @@ +[Desktop Entry] +Name=Suspend +Comment=Suspend the system to RAM +Exec=systemctl suspend +Icon=system-suspend +Type=Application +Categories=System; diff --git a/scripts/testing/lib/validation.sh b/scripts/testing/lib/validation.sh index cdc33c5..48a0c11 100644 --- a/scripts/testing/lib/validation.sh +++ b/scripts/testing/lib/validation.sh @@ -293,6 +293,7 @@ run_all_validations() { validate_zfs_config validate_boot_config validate_autologin_config + validate_gnome_keyring_setup # Boot & Initramfs (critical for ZFS systems) validate_terminus_font @@ -849,6 +850,44 @@ validate_autologin_config() { fi } +validate_gnome_keyring_setup() { + step "Checking gnome-keyring pre-configuration" + local keyring_dir="/home/cjennings/.local/share/keyrings" + + # Check directory exists + if ! ssh_cmd "test -d $keyring_dir"; then + validation_fail "Keyring directory not created" + attribute_issue "gnome-keyring directory not pre-created" "archsetup" + return 1 + fi + + # Check directory permissions (should be 700) + local perms=$(ssh_cmd "stat -c '%a' $keyring_dir") + if [ "$perms" != "700" ]; then + validation_fail "Keyring directory has wrong permissions: $perms (expected 700)" + attribute_issue "gnome-keyring directory wrong permissions" "archsetup" + return 1 + fi + + # Check ownership + local owner=$(ssh_cmd "stat -c '%U' $keyring_dir") + if [ "$owner" != "cjennings" ]; then + validation_fail "Keyring directory owned by $owner (expected cjennings)" + attribute_issue "gnome-keyring directory wrong ownership" "archsetup" + return 1 + fi + + # Check default file exists and contains "login" + local default_keyring=$(ssh_cmd "cat $keyring_dir/default 2>/dev/null") + if [ "$default_keyring" != "login" ]; then + validation_fail "Default keyring not set to 'login' (got: '$default_keyring')" + attribute_issue "gnome-keyring default not set to login" "archsetup" + return 1 + fi + + validation_pass "gnome-keyring pre-configured (default=login, dir=700)" +} + #----------------------------------------------------------------------------- # Archsetup-Specific Validations #----------------------------------------------------------------------------- |