| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
- Verify ufw is active after setup completes
- Display critical security warning in outro if firewall not active
- Include manual fix commands in warning message
|
| |
|
|
|
|
| |
Configure en_US.UTF-8 locale early in Environment Configuration
section to prevent "cannot change locale" errors during package
installs.
|
| | |
|
| |
|
|
|
| |
- Set Xresources DPI to 109 for ultrawide monitor
- Remove deno environment setup (no longer using)
|
| |
|
|
|
|
|
|
|
| |
- Replace deprecated ntp with chrony for time sync
- Add opus codec (all music in opus format)
- Add iperf3 and net-tools for network diagnostics
- Add lexend-fonts-git font
- Fix rmmod pcspkr error when module not loaded
- Remove duplicate mediainfo entry (kept in Emacs section)
|
| |
|
|
| |
Native install to ~/.local/bin allows auto-updates without sudo.
|
| |
|
|
|
|
|
| |
- GRUB_TIMEOUT 0→2 seconds for menu access
- Syncthing: system service → user service with lingering to prevent lock conflicts
- Update airplanemodetoggle for user service
- Update validation to check lingering instead of system service
|
| |
|
|
|
|
|
| |
Document completed work from 2026-01-20/21 session:
- Method 1: ZFS boot fixes (udev hook, nvme MODULES, random.trust_cpu)
- Method 2: Boot configuration validation tests added to validation.sh
- Reorganize URGENT section tasks into appropriate V2MOM methods
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Skip udev→systemd hook change on ZFS systems (ZFS hook is busybox-based)
- Add nvme to MODULES for NVMe systems (ensures devices ready for ZFS import)
- Add random.trust_cpu=off to suppress AMD RDSEED warnings
- Add has_nvme_drives() detection function
New validation tests:
- validate_terminus_font: check package installed via pacman
- validate_mkinitcpio_hooks: verify ZFS uses udev not systemd
- validate_initramfs_consolefont: check font in initramfs
- validate_nvme_module: check nvme in MODULES for NVMe systems
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add run-test-baremetal.sh for testing on physical ZFS systems:
- SSH to target host and run archsetup
- Support for ZFS genesis snapshot rollback
- Validate-only mode for existing installs
- Same validation checks as VM tests
Fix grep -c multi-line output issue in ZFS scrub timer check.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
| |
Verify .emacs.d directory is readable by user cjennings,
not just that it exists.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
|
| |
- Add || true to arithmetic increments (set -e exits on ((0++)))
- Fix grep -c multi-file output parsing with tr and defaults
- Add fallback UFW check via systemctl when ufw status fails
- Add dbus-broker timing error to benign patterns (geoclue)
- Use grep -h | wc -l for error counting across multiple log files
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add validation.sh library with 25+ automated validation checks:
- User creation, shell, and group membership (15 groups)
- Dotfiles: symlink validity, target location, and readability
- Package managers: yay and pacman functional tests
- Suckless tools: dwm, st, dmenu, slock
- Services: firewall, DNS-over-TLS, avahi (with mDNS ping test),
fail2ban, NetworkManager
- Developer tools: emacs, git, python, node, npm, go, rustc
- Filesystem-specific: ZFS (sanoid, scrub) and btrfs (grub-btrfsd)
- Archsetup-specific: log errors, state markers
Also includes:
- Pre/post install log capture and diff analysis
- Error categorization (benign vs real)
- Issue attribution (archsetup vs base install)
- archzfs inbox integration for base install issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
|
| |
Remove ports for services not installed:
- 80,443,8080/tcp (no web server)
- 9040,9050,9051,9053,9119/tcp (Tor relay - only client installed)
- 443/tcp limit (no HTTPS service)
Add inline comments documenting each port's purpose.
|
| |
|
|
|
| |
Detect if avahi-daemon.service is active and skip install/config.
Supports archzfs installs that pre-configure avahi for mDNS on first boot.
|
| |
|
|
|
| |
Locking root prevents console access after reboot, making recovery
impossible without reinstalling.
|
| |
|
|
|
| |
Move redirect outside subshell so mkdir and git clone output
goes to logfile instead of stdout.
|
| |
|
|
|
| |
- Run npm install -g as root (global install requires root perms)
- Add wireless-regdb to prerequisites (prevents kernel regulatory warnings)
|
| |
|
|
| |
The stub-resolv.conf file only exists when systemd-resolved is running.
|
| |
|
|
|
|
|
|
| |
Creates /etc/docker/daemon.json with storage-driver: zfs when running
on a ZFS root filesystem. This provides better performance and enables
Docker to leverage ZFS snapshots.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
| |
Installs @anthropic-ai/claude-code via npm after npm is installed.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
|
|
|
| |
- tailscale-bin no longer exists in AUR; tailscale is now in official repos
- torbrowser-launcher (official repo) is more reliable than tor-browser-bin
(AUR) which has GPG key verification issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| |
|
|
|
| |
- ZFS scrub timer: use template unit with pool name (zfs-scrub-weekly@pool.timer)
- Emacs config: handle existing .emacs.d dir with git pull instead of failing
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
- Bootstrap DNS symlink in create_user() before AUR/git operations
- Add git safe.directory config before git restore (root on user repo)
|
| |
|
|
|
| |
When run via curl|bash, archsetup_dir resolves to /root with no files.
Now clones from git.cjennings.net instead of copying local files.
|
| |
|
|
|
| |
- Fixed permission bug where source_dir tmpfs was owned by root
- Remove zfssnapshot and zfsrollback (now in archzfs ISO)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
zfssnapshot:
- Change date format to YYYY-MM-DD_HH-MM-SS_description
(matches pre-pacman snapshot format for consistent sorting)
- Convert spaces to underscores instead of hyphens
- Add GRUB menu regeneration after snapshot creation
zfsrollback:
- Add special warning for genesis rollback
- Add GRUB menu regeneration after successful rollback
(removes destroyed snapshots from boot menu)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
| | |
|
| |
|
|
|
|
| |
- zfssnapshot: create dated snapshots across all pools with description
- zfsrollback: fzf-based snapshot selection with multi-dataset rollback
- Both require root and validate input/show appropriate warnings
|
| |
|
|
|
|
|
| |
- Add --autologin and --no-autologin CLI flags
- Add is_encrypted_root() to detect LUKS and ZFS encryption
- Prompt user on encrypted systems (default yes)
- Configure getty@tty1 drop-in for passwordless login after decryption
|
| |
|
|
|
|
| |
- wireguard-tools from pacman (dotfiles have helper functions ready)
- tailscale-bin from AUR (prebuilt, fast install)
- Enable tailscaled service (run 'tailscale up' to authenticate)
|
| | |
|
| |
|
|
|
|
|
| |
- Configure systemd-resolved with DoT using Cloudflare + Quad9
- Enable DNSSEC validation
- Integrate with NetworkManager
- Fix conflict: keep systemd-resolved for DNS, avahi for mDNS
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Root is locked last so it remains available for recovery if script fails earlier.
Users must use sudo for privileged operations after successful install.
|
| | |
|
| |
|
|
|
|
|
| |
- Install and configure fail2ban with ufw integration
- SSH jail: 3 attempts, 1 hour ban
- Default jail: 5 attempts, 10 minute ban
- Also file security recommendations to assets/
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
- Detect Intel, AMD, and NVIDIA GPUs via lspci
- Install appropriate drivers and hardware video acceleration
- Support multiple GPUs (e.g., hybrid Intel+NVIDIA laptops)
- Add --no-gpu-drivers flag to skip (useful for VMs)
- Use nvidia-dkms for better kernel compatibility
- Add fallback to mesa+vesa for unknown hardware
|
| |
|
|
|
|
|
|
|
| |
- Add missing error codes to error() calls
- Remove useless mkdir pipe to tee
- Remove duplicate 5353/udp firewall rule
- Replace deprecated exfat-utils with exfatprogs
- Quote all variable expansions for safety
- Use pipx instead of pip for isolated environments
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add ZFS detection with sanoid/syncoid for snapshot management
- Add gvfs-smb for Thunar SMB network browsing
- Fix shell quoting throughout script
- Fix stale $action variables in error handlers
- Fix display() return values (was returning 1)
- Fix mkinitcpio.conf sed pattern to be flexible
- Fix vconsole.conf duplicate entries on re-run
- Fix systemd unit overrides using drop-in files
- Fix ufw port typo (55353 -> 5353)
- Fix GRUB_RECORDFAIL_TIMEOUT undefined variable
- Enable NetworkManager service
- Move thunar, libvips, isync to pacman (now in official repos)
- Clean up reflector config with heredoc
- Remove unnecessary sudo when already root
- Convert shebang from sh to bash
|
| | |
|
| | |
|
