2Shirt/WizardKit
2Shirt/WizardKit
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 26 Packages Wiki Activity Actions

2017-01: Retroactive Updates

Browse source 
* Disabled gputest
  * The package is failing to install.

* Now using Midori GTK3 build
  * GTK2 was pulled from main repos for security reasons

* Removed warnings about missing UFD
  * For use with live sessions

* Wallpaper updated for live sessions
  * Wallpaper is now set at startup
  * Checks for UFD source but defaults to included file
  * Bugfix: Wallpaper is now set for multiple monitor/workspace setups

* Disabled choose-mirror service

* Better permission handling
  * build-wk now checks if running as root
  * build-wk now sets permissions before calling build.sh
    * Should prevent build failues as build.sh expects files to be owned by root
    * build-wk sets ownership back to builduser.builduser during cleanup

* Better menu for HW-Diags
  * The script now returns to the menu after running a selection
    * Unless the mode was set directly by passing a valid argument
    * NOTE: This allows for easier use in CLI mode

* Add delay before removing /media/wktech

* Adjusted TMP_DIR in build-wk

* Fixed path to custom repo

* Trimming the fat
  * hostname / hosts now configured by customize_airootfs.sh
  * removed files from etc that were at default settings
  * removed grml zsh config since oh-my-zsh/lean is used

* Defined a LOG_DIR for build-wk

* Introducing libinput
  * Switched to libinput over synaptics as it has been deprecated.
    * Should restore touchpad functionality going forward.
* Full mount path SHOULD now be displayed for mount-all-volumes.

* Added CLI Screensavers

* diag-network works now
  * network connection tests now passes all ipv4 private ip ranges
    * 10.0.0.0/8, 172.16.0.0/12, & 192.168.0.0/24
    * need to add ipv6 at some point
  * hw-diag menu flow adjusted

* New hostname and more bugfixes
  * hostname switched to wk-arch
  * ufw package is now installed
  * adjusted upload section of hw-diags

* Added alias for start-wifi

* Booting to CLI mode will autologin wktech
  * When booting to the CLI the motd shows some avail commands
  * Adjusted HW-Diags menu for use in CLI mode
This commit is contained in:
Alan Mason 2017-12-06 17:56:10 -08:00
parent a83c28ca3b
commit d8952ed26f
62 changed files with 1417 additions and 245 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSE.txt
View file

@ -1,4 +1,4 @@
Copyright (c) 2016 Alan Mason
Copyright (c) 2017 Alan Mason
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

45
archlive/airootfs/etc/default/ufw Normal file
View file

@ -0,0 +1,45 @@
# /etc/default/ufw
#
# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=yes
# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY="DROP"
# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_OUTPUT_POLICY="ACCEPT"
# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="DROP"
# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="SKIP"
# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
# non-ufw managed firewall rules
MANAGE_BUILTINS=no
#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf
# Extra connection tracking modules to load. Complete list can be found in
# net/netfilter/Kconfig of your kernel source. Some common modules:
# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
# nf_conntrack_netbios_ns: NetBIOS (samba) client support
# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
# nf_conntrack_ftp, nf_nat_ftp: active FTP support
# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

1
archlive/airootfs/etc/hostname
View file

@ -1 +0,0 @@
arch-wk

165
archlive/airootfs/etc/lightdm/lightdm.conf Normal file
View file

@ -0,0 +1,165 @@
#
# General configuration
#
# start-default-seat = True to always start one seat if none are defined in the configuration
# greeter-user = User to run greeter as
# minimum-display-number = Minimum display number to use for X servers
# minimum-vt = First VT to run displays on
# lock-memory = True to prevent memory from being paged to disk
# user-authority-in-system-dir = True if session authority should be in the system location
# guest-account-script = Script to be run to setup guest account
# logind-check-graphical = True to on start seats that are marked as graphical by logind
# log-directory = Directory to log information to
# run-directory = Directory to put running state in
# cache-directory = Directory to cache to
# sessions-directory = Directory to find sessions
# remote-sessions-directory = Directory to find remote sessions
# greeters-directory = Directory to find greeters
# backup-logs = True to move add a .old suffix to old log files when opening new ones
#
[LightDM]
#start-default-seat=true
#greeter-user=lightdm
#minimum-display-number=0
#minimum-vt=7 # Setting this to a value < 7 implies security issues, see FS#46799
#lock-memory=true
#user-authority-in-system-dir=false
#guest-account-script=guest-account
#logind-check-graphical=false
#log-directory=/var/log/lightdm
run-directory=/run/lightdm
#cache-directory=/var/cache/lightdm
#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
#remote-sessions-directory=/usr/share/lightdm/remote-sessions
#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters
#backup-logs=true
#
# Seat configuration
#
# Seat configuration is matched against the seat name glob in the section, for example:
# [Seat:*] matches all seats and is applied first.
# [Seat:seat0] matches the seat named "seat0".
# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
#
# type = Seat type (xlocal, xremote, unity)
# pam-service = PAM service to use for login
# pam-autologin-service = PAM service to use for autologin
# pam-greeter-service = PAM service to use for greeters
# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
# xserver-config = Config file to pass to X server
# xserver-layout = Layout to pass to X server
# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
# xserver-share = True if the X server is shared for both greeter and session
# xserver-hostname = Hostname of X server (only for type=xremote)
# xserver-display-number = Display number of X server (only for type=xremote)
# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
# xdmcp-port = XDMCP UDP/IP port to communicate on
# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option)
# unity-compositor-timeout = Number of seconds to wait for compositor to start
# greeter-session = Session to load for greeter
# greeter-hide-users = True to hide the user list
# greeter-allow-guest = True if the greeter should show a guest login option
# greeter-show-manual-login = True if the greeter should offer a manual login option
# greeter-show-remote-login = True if the greeter should offer a remote login option
# user-session = Session to load for users
# allow-user-switching = True if allowed to switch users
# allow-guest = True if guest login is allowed
# guest-session = Session to load for guests (overrides user-session)
# session-wrapper = Wrapper script to run session with
# greeter-wrapper = Wrapper script to run greeter with
# guest-wrapper = Wrapper script to run guest sessions with
# display-setup-script = Script to run when starting a greeter session (runs as root)
# display-stopped-script = Script to run after stopping the display server (runs as root)
# greeter-setup-script = Script to run when starting a greeter (runs as root)
# session-setup-script = Script to run when starting a user session (runs as root)
# session-cleanup-script = Script to run when quitting a user session (runs as root)
# autologin-guest = True to log in as guest by default
# autologin-user = User to log in with by default (overrides autologin-guest)
# autologin-user-timeout = Number of seconds to wait before loading default user
# autologin-session = Session to load for automatic login (overrides user-session)
# autologin-in-background = True if autologin session should not be immediately activated
# exit-on-failure = True if the daemon should exit if this seat fails
#
[Seat:*]
#type=xlocal
pam-service=lightdm
pam-autologin-service=lightdm-autologin
#pam-greeter-service=lightdm-greeter
#xserver-command=X
#xmir-command=Xmir
#xserver-config=
#xserver-layout=
#xserver-allow-tcp=false
#xserver-share=true
#xserver-hostname=
#xserver-display-number=
#xdmcp-manager=
#xdmcp-port=177
#xdmcp-key=
#unity-compositor-command=unity-system-compositor
#unity-compositor-timeout=60
#greeter-session=example-gtk-gnome
#greeter-hide-users=false
#greeter-allow-guest=true
#greeter-show-manual-login=false
#greeter-show-remote-login=true
#user-session=default
#allow-user-switching=true
#allow-guest=true
#guest-session=
session-wrapper=/etc/lightdm/Xsession
#greeter-wrapper=
#guest-wrapper=
#display-setup-script=
#display-stopped-script=
#greeter-setup-script=
#session-setup-script=
#session-cleanup-script=
#autologin-guest=false
autologin-user=wktech
autologin-user-timeout=0
#autologin-in-background=false
#autologin-session=
#exit-on-failure=false
#
# XDMCP Server configuration
#
# enabled = True if XDMCP connections should be allowed
# port = UDP/IP port to listen for connections on
# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
#
# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
# it can be a word and the first 7 characters are used as the key.
#
[XDMCPServer]
#enabled=false
#port=177
#listen-address=
#key=
#hostname=
#
# VNC Server configuration
#
# enabled = True if VNC connections should be allowed
# command = Command to run Xvnc server with
# port = TCP/IP port to listen for connections on
# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
# width = Width of display to use
# height = Height of display to use
# depth = Color depth of display to use
#
[VNCServer]
#enabled=false
#command=Xvnc
#port=5900
#listen-address=
#width=1024
#height=768
#depth=8

1
archlive/airootfs/etc/locale.gen Normal file
View file

@ -0,0 +1 @@
en_US.UTF-8 UTF-8

9
archlive/airootfs/etc/motd Normal file
View file

@ -0,0 +1,9 @@
Welcome to the WK Linux Toolbox
Some common commands:
% hw-diags
% hw-info
% mount-all-volumes
% mount-backup-shares
% start-wifi

9
archlive/airootfs/etc/resolv.conf
View file

@ -1,8 +1 @@
nameserver 8.8.8.8
nameserver 8.8.4.4
#nameserver 2001:4860:4860::8888
#nameserver 2001:4860:4860::8844
nameserver 208.67.222.222
nameserver 208.67.220.220
#nameserver 2620:0:ccc::2
#nameserver 2620:0:ccd::2
/run/systemd/resolve/resolv.conf

25
archlive/airootfs/etc/skel/.zsh_aliases → archlive/airootfs/etc/skel/.aliases
View file

@ -1,4 +1,3 @@
#!/bin/zsh
alias 7z0='7z a -t7z -mx=0'
alias 7z1='7z a -t7z -mx=1'
alias 7z3='7z a -t7z -mx=3'
@ -8,26 +7,30 @@ alias 7z9='7z a -t7z -mx=9'
alias diff='colordiff' -ur
alias du='du -sch --apparent-size'
alias fix-perms='find -type d -exec chmod 755 "{}" \; && find -type f -exec chmod 644 "{}" \;'
alias hw-info='sudo inxi -ACDdGlMmNopRsxxc 25'
alias less='less -S'
alias ls='ls --color=auto'
alias mkdir='mkdir -p'
alias mount='sudo mount'
alias mv='mv -nv'
alias photorec="sudo photorec"
alias photorec-sort="sudo photorec-sort"
alias q1='clear && sudo ls -1'
alias q1a='clear && sudo ls -1A'
alias q='clear && sudo ls -lh'
alias qa='clear && sudo ls -lAh'
alias qs='clear && sudo ls'
alias qsa='clear && sudo ls -A'
alias photorec-sort='sudo photorec-sort'
alias photorec='sudo photorec'
alias q1='clear && ls -1'
alias q1a='clear && ls -1A'
alias q='clear && ls -lh'
alias qa='clear && ls -lAh'
alias qs='clear && ls'
alias qsa='clear && ls -A'
alias rm='rm -v'
alias rmdirs='find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;'
alias rs='rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias rsz='rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias sdu='sudo du -sch --apparent-size'
alias srmdirs='find -depth -mindepth 1 -type d -exec sudo rmdir "{}" --ignore-fail-on-non-empty \;'
alias srmdirs='sudo find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;'
alias srs='sudo rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias srsz='sudo rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias testdisk="sudo testdisk"
alias start-wifi='sudo start-wifi'
alias td='tmux detach'
alias testdisk='sudo testdisk'
alias umount='sudo umount'
alias unmount='sudo umount'

8
archlive/airootfs/etc/skel/.bashrc
View file

@ -5,5 +5,11 @@
# If not running interactively, don't do anything
[[ $- != *i* ]] && return
alias ls='ls --color=auto'
PS1='[\u@\h \W]\$ '
## Load aliases
. $HOME/.aliases
## Start ssh agent
eval $(/usr/bin/ssh-agent)

0
archlive/airootfs/etc/skel/.config/autostart/NetworkManager.desktop → archlive/airootfs/etc/skel/.config/autostart/Network.desktop
View file

12
archlive/airootfs/etc/skel/.config/autostart/Wallpaper.desktop Normal file
View file

@ -0,0 +1,12 @@
[Desktop Entry]
Encoding=UTF-8
Version=0.0.1
Type=Application
Name=Update Wallpaper
Comment=Update Wallpaper
Exec=/home/wktech/.update_wallpaper
OnlyShowIn=XFCE;
StartupNotify=false
Terminal=false
Hidden=false

26
archlive/airootfs/etc/skel/.config/htop/htoprc Normal file
View file

@ -0,0 +1,26 @@
# Beware! This file is rewritten by htop when settings are changed in the interface.
# The parser is also very primitive, and not human-friendly.
fields=0 48 17 18 38 39 40 2 46 47 49 1
sort_key=46
sort_direction=1
hide_threads=0
hide_kernel_threads=1
hide_userland_threads=0
shadow_other_users=0
show_thread_names=0
show_program_path=1
highlight_base_name=0
highlight_megabytes=1
highlight_threads=1
tree_view=0
header_margin=1
detailed_cpu_time=0
cpu_count_from_zero=0
update_process_names=0
account_guest_in_cpu_meter=0
color_scheme=0
delay=15
left_meters=AllCPUs Memory Swap
left_meter_modes=1 1 1
right_meters=Tasks LoadAverage Uptime
right_meter_modes=2 2 2

2
archlive/airootfs/etc/skel/.config/xfce4/panel/whiskermenu-1.rc
View file

@ -1,4 +1,4 @@
favorites=Hardware Diagnostics.desktop,Hardware Information.desktop,exo-file-manager.desktop,gparted.desktop,gsmartcontrol.desktop,SpeedTest.desktop,exo-web-browser.desktop
favorites=Hardware Diagnostics.desktop,Hardware Information.desktop,exo-file-manager.desktop,gparted.desktop,gsmartcontrol.desktop,NetworkTest.desktop,exo-web-browser.desktop
recent=xfce4-settings-editor.desktop,xfce-session-settings.desktop,xfce4-power-manager-settings.desktop,gsmartcontrol.desktop,gparted.desktop
button-title=Applications
button-icon=distributor-logo-archlinux

23
archlive/airootfs/etc/skel/.update_wallpaper Normal file
View file

@ -0,0 +1,23 @@
#!/bin/bash
UFD_PATH="/run/archiso/bootmnt/config/"
WALLPAPER="/usr/share/wallpaper/current.png"
function link_wall() {
sudo rm "$WALLPAPER"
sudo ls -s "$UFD_PATH/Arch.png" "$WALLPAPER"
}
# Check for UFD source
if [[ -f "$UFD_PATH/Arch.png" ]]; then
link_wall "$UFD_PATH/Arch.png"
elif [[ -f "$UFD_PATH/Arch.jpg" ]]; then
link_wall "$UFD_PATH/Arch.jpg"
fi
# Update Xfce4 (mostly redundant, but will catch multi-display setups)
for monitor in monitor{0..2}; do
for workspace in workspace{0..3}; do
xfconf-query -c xfce4-desktop -p /backdrop/screen0/$monitor/$workspace/last-image -s "$WALLPAPER" 2>/dev/null
done
done

4
archlive/airootfs/etc/skel/.xinitrc
View file

@ -23,7 +23,3 @@ fi
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK
# Start Xfce4
if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then
exec startxfce4
fi

30
archlive/airootfs/etc/skel/.zlogin
View file

@ -1,29 +1,3 @@
#!/bin/sh
userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap
# merge in defaults and keymaps
if [ -f $sysresources ]; then
xrdb -merge $sysresources
fi
if [ -f $sysmodmap ]; then
xmodmap $sysmodmap
fi
if [ -f "$userresources" ]; then
xrdb -merge "$userresources"
fi
if [ -f "$usermodmap" ]; then
xmodmap "$usermodmap"
fi
# Start GNOME-Keyring
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK
# Start Xfce4
if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then
exec startxfce4
if [ "$(fgconsole 2>/dev/null)" -eq "1" ]; then
hw-diags cli
fi

27
archlive/airootfs/etc/skel/.zshrc
View file

@ -1,10 +1,12 @@
# If you come from bash you might have to change your $PATH.
# export PATH=$HOME/bin:/usr/local/bin:$PATH
# Path to your oh-my-zsh installation.
export ZSH=$HOME/.oh-my-zsh
# Set name of the theme to load.
# Look in ~/.oh-my-zsh/themes/
# Optionally, if you set this to "random", it'll load a random theme each
# time that oh-my-zsh is loaded.
# Set name of the theme to load. Optionally, if you set this to "random"
# it'll load a random theme each time that oh-my-zsh is loaded.
# See https://github.com/robbyrussell/oh-my-zsh/wiki/Themes
ZSH_THEME="lean"
# Uncomment the following line to use case-sensitive completion.
@ -40,7 +42,7 @@ DISABLE_AUTO_UPDATE="true"
# Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output.
# The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# HIST_STAMPS="mm/dd/yyyy"
HIST_STAMPS="yyyy-mm-dd"
# Would you like to use another custom folder than $ZSH/custom?
# ZSH_CUSTOM=/path/to/new-custom-folder
@ -49,15 +51,13 @@ DISABLE_AUTO_UPDATE="true"
# Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup.
plugins=(sudo)
plugins=(archlinux git sudo systemd tmux)
source $ZSH/oh-my-zsh.sh
# User configuration
export PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl"
# export MANPATH="/usr/local/man:$MANPATH"
source $ZSH/oh-my-zsh.sh
# You may need to manually set your language environment
# export LANG=en_US.UTF-8
@ -72,7 +72,7 @@ source $ZSH/oh-my-zsh.sh
# export ARCHFLAGS="-arch x86_64"
# ssh
# export SSH_KEY_PATH="~/.ssh/dsa_id"
# export SSH_KEY_PATH="~/.ssh/rsa_id"
# Set personal aliases, overriding those provided by oh-my-zsh libs,
# plugins, and themes. Aliases can be placed here, though oh-my-zsh
@ -83,4 +83,9 @@ source $ZSH/oh-my-zsh.sh
# alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh"
. ~/.zsh_aliases
## Load aliases
. $HOME/.aliases
## Start ssh agent
eval $(/usr/bin/ssh-agent)>/dev/null

9
archlive/airootfs/etc/systemd/network/wired.network
View file

@ -2,8 +2,7 @@
Name=en*
[Network]
DHCP=ipv4
DNS=8.8.8.8
DNS=8.8.4.4
DNS=208.67.222.222
DNS=208.67.220.220
DHCP=yes
[DHCP]
RouteMetric=10

8
archlive/airootfs/etc/systemd/network/wireless.network Normal file
View file

@ -0,0 +1,8 @@
[Match]
Name=wl*
[Network]
DHCP=yes
[DHCP]
RouteMetric=20

1
archlive/airootfs/etc/systemd/system/display-manager.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/lightdm.service

8
archlive/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Temporary /etc/pacman.d/gnupg directory
[Mount]
What=tmpfs
Where=/etc/pacman.d/gnupg
Type=tmpfs
Options=mode=0755

1
archlive/airootfs/etc/systemd/system/multi-user.target.wants/rngd.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/rngd.service

1
archlive/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/systemd-resolved.service

1
archlive/airootfs/etc/systemd/system/multi-user.target.wants/ufw.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/ufw.service

15
archlive/airootfs/etc/systemd/system/pacman-init.service Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Initializes Pacman keyring
Wants=haveged.service
After=haveged.service
Requires=etc-pacman.d-gnupg.mount
After=etc-pacman.d-gnupg.mount
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/pacman-key --init
ExecStart=/usr/bin/pacman-key --populate archlinux
[Install]
WantedBy=multi-user.target

40
archlive/airootfs/etc/ufw/after.init Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
#
# after.init: if executable, called by ufw-init. See 'man ufw-framework' for
# details. Note that output from these scripts is not seen via the
# the ufw command, but instead via ufw-init.
#
# Copyright 2013 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
case "$1" in
start)
# typically required
;;
stop)
# typically required
;;
status)
# optional
;;
flush-all)
# optional
;;
*)
echo "'$1' not supported"
echo "Usage: after.init {start|stop|flush-all|status}"
;;
esac

30
archlive/airootfs/etc/ufw/after.rules Normal file
View file

@ -0,0 +1,30 @@
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-after-input
# ufw-after-output
# ufw-after-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-after-input - [0:0]
:ufw-after-output - [0:0]
:ufw-after-forward - [0:0]
# End required lines
# don't log noisy services by default
-A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input
# don't log noisy broadcast
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

27
archlive/airootfs/etc/ufw/after6.rules Normal file
View file

@ -0,0 +1,27 @@
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw6-after-input
# ufw6-after-output
# ufw6-after-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw6-after-input - [0:0]
:ufw6-after-output - [0:0]
:ufw6-after-forward - [0:0]
# End required lines
# don't log noisy services by default
-A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

19
archlive/airootfs/etc/ufw/applications.d/ufw-bittorent Normal file
View file

@ -0,0 +1,19 @@
[Transmission]
title=Transmission
description=Transmission BitTorrent client
ports=51413/tcp
[Deluge]
title=Deluge
description=Deluge BitTorrent client
ports=6881:6891/tcp
[KTorrent]
title=KTorrent
description=KTorrent BitTorrent client
ports=6881/tcp|4444/udp
[qBittorrent]
title=qBittorrent
description=qBittorrent BitTorrent client
ports=6881/tcp

35
archlive/airootfs/etc/ufw/applications.d/ufw-chat Normal file
View file

@ -0,0 +1,35 @@
[PeopleNearby]
title=People Nearby
description=People Nearby (Bonjour/Salut) functionality in Empathy
ports=5353/udp|5298
[Bonjour]
title=Bonjour
description=Bonjour protocol
ports=5353/udp|5298
[MSN]
title=MSN Chat
description=MSN chat protocol (with file transfer and voice)
ports=1863|6891:6900/tcp|6901
[MSN SSL]
title=MSN Chat (SSL)
description=MSN chat protocol (SSL)
ports=443/tcp
[AIM]
title=AIM Talk
description=AIM talk protocol
ports=5190/tcp
[Yahoo]
title=Yahoo Chat
description=Yahoo chat protocol
ports=5050
[XMPP]
title=XMPP Chat
description=XMPP protocol (Jabber and Google Talk)
ports=5222/tcp|5269/tcp

29
archlive/airootfs/etc/ufw/applications.d/ufw-directoryserver Normal file
View file

@ -0,0 +1,29 @@
[Kerberos KDC]
title=Kerberos v5 KDC server
description=Kerberos v5 KDC server
ports=88
[Kerberos Admin]
title=Kerberos v5 admin
description=Kerberos v5 server
ports=749/tcp
[Kerberos Password]
title=Kerberos v5 password
description=Kerberos v5 password
ports=464/udp
[Kerberos Full]
title=Kerberos v5 server
description=Kerberos v5 server
ports=88,749/tcp|464/udp
[LDAP]
title=LDAP server
description=LDAP server
ports=389/tcp
[LDAPS]
title=LDAP server (LDAPS)
description=LDAP server (LDAPS)
ports=636/tcp

4
archlive/airootfs/etc/ufw/applications.d/ufw-dnsserver Normal file
View file

@ -0,0 +1,4 @@
[DNS]
title=Internet Domain Name Server
description=Internet Domain Name Server
ports=53

14
archlive/airootfs/etc/ufw/applications.d/ufw-fileserver Normal file
View file

@ -0,0 +1,14 @@
[CIFS]
title=SMB/CIFS server
description=SMB/CIFS server
ports=137,138/udp|139,445/tcp
[NFS]
title=NFS server
description=NFS and portmap server. Will also need access to mountd, statd and possibly others
ports=2049,111/tcp|2049,111/udp
[svnserve]
title=Subversion server
description=Subversion server for access to Subversion repositories.
ports=3690/tcp

14
archlive/airootfs/etc/ufw/applications.d/ufw-loginserver Normal file
View file

@ -0,0 +1,14 @@
[Telnet]
title=Telnet server (insecure)
description=Telnet server (insecure)
ports=23/tcp
[SSH]
title=SSH server
description=SSH server
ports=22/tcp
[VNC]
title=VNC server
description=VNC server
ports=5900/tcp

30
archlive/airootfs/etc/ufw/applications.d/ufw-mailserver Normal file
View file

@ -0,0 +1,30 @@
[POP3]
title=Mail server (POP3)
description=Mail server (POP3)
ports=110/tcp
[POP3S]
title=Secure mail server (POP3S)
description=Secure mail server (POP3S)
ports=995/tcp
[IMAP]
title=Mail server (IMAP)
description=Mail server (IMAP)
ports=143/tcp
[IMAPS]
title=Secure mail server (IMAPS)
description=Secure mail server (IMAPS)
ports=993/tcp
[SMTP]
title=Mail server (SMTP)
description=Mail server (SMTP)
ports=25/tcp
[Mail submission]
title=Mail server (Submission)
description=Mail server (Submission)
ports=587/tcp

9
archlive/airootfs/etc/ufw/applications.d/ufw-printserver Normal file
View file

@ -0,0 +1,9 @@
[IPP]
title=Cups server (IPP)
description=Cups server (IPP)
ports=631
[LPD]
title=LPD server
description=LPD server
ports=515/tcp

9
archlive/airootfs/etc/ufw/applications.d/ufw-proxyserver Normal file
View file

@ -0,0 +1,9 @@
[Socks]
title=Socks proxy
description=Socks proxy
ports=1080/tcp
[Transparent Proxy]
title=Transparent proxy
description=Transparent proxy
ports=8081/tcp

19
archlive/airootfs/etc/ufw/applications.d/ufw-webserver Normal file
View file

@ -0,0 +1,19 @@
[WWW]
title=Web Server
description=Web server
ports=80/tcp
[WWW Secure]
title=Web Server (HTTPS)
description=Web Server (HTTPS)
ports=443/tcp
[WWW Full]
title=Web Server (HTTP,HTTPS)
description=Web Server (HTTP,HTTPS)
ports=80,443/tcp
[WWW Cache]
title=Web Server (8080)
description=Web Server (8080)
ports=8080/tcp

40
archlive/airootfs/etc/ufw/before.init Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
#
# before.init: if executable, called by ufw-init. See 'man ufw-framework' for
# details. Note that output from these scripts is not seen via the
# the ufw command, but instead via ufw-init.
#
# Copyright 2013 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
case "$1" in
start)
# typically required
;;
stop)
# typically required
;;
status)
# optional
;;
flush-all)
# optional
;;
*)
echo "'$1' not supported"
echo "Usage: before.init {start|stop|flush-all|status}"
;;
esac

77
archlive/airootfs/etc/ufw/before.rules Normal file
View file

@ -0,0 +1,77 @@
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local
# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

138
archlive/airootfs/etc/ufw/before6.rules Normal file
View file

@ -0,0 +1,138 @@
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw6-before-input
# ufw6-before-output
# ufw6-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw6-before-input - [0:0]
:ufw6-before-output - [0:0]
:ufw6-before-forward - [0:0]
# End required lines
# allow all on loopback
-A ufw6-before-input -i lo -j ACCEPT
-A ufw6-before-output -o lo -j ACCEPT
# drop packets with RH0 headers
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
# quickly process packets for which we already have a connection
-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2)
-A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
# IND solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
# IND advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
# MLD query
-A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
# MLD report
-A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
# MLD done
-A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
# MLD report v2
-A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
# SEND certificate path solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
# SEND certificate path advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
# MR advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR termination
-A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2)
-A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
# IND solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
# IND advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
# MLD query
-A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
# MLD report
-A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
# MLD done
-A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
# MLD report v2
-A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
# SEND certificate path solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
# SEND certificate path advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
# MR advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR termination
-A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# ok icmp codes for FORWARD (rfc4890, 4.3.1)
-A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
# ok icmp codes for FORWARD (rfc4890, 4.3.2)
# Home Agent Address Discovery Reques
-A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT
# Home Agent Address Discovery Reply
-A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT
# Mobile Prefix Solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT
# Mobile Prefix Advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT
# allow dhcp client to work
-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT
# allow MULTICAST mDNS for service discovery
-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery
-A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

57
archlive/airootfs/etc/ufw/sysctl.conf Normal file
View file

@ -0,0 +1,57 @@
#
# Configuration file for setting network variables. Please note these settings
# override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please
# adjust IPT_SYSCTL in /etc/default/ufw.
#
# Uncomment this to allow this host to route packets between interfaces
#net/ipv4/ip_forward=1
#net/ipv6/conf/default/forwarding=1
#net/ipv6/conf/all/forwarding=1
# Turn on Source Address Verification in all interfaces to prevent some
# spoofing attacks
net/ipv4/conf/default/rp_filter=1
net/ipv4/conf/all/rp_filter=1
# Do not accept IP source route packets (we are not a router)
net/ipv4/conf/default/accept_source_route=0
net/ipv4/conf/all/accept_source_route=0
net/ipv6/conf/default/accept_source_route=0
net/ipv6/conf/all/accept_source_route=0
# Disable ICMP redirects. ICMP redirects are rarely used but can be used in
# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
# traffic to those sites.
net/ipv4/conf/default/accept_redirects=0
net/ipv4/conf/all/accept_redirects=0
net/ipv6/conf/default/accept_redirects=0
net/ipv6/conf/all/accept_redirects=0
# Ignore bogus ICMP errors
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/icmp_ignore_bogus_error_responses=1
net/ipv4/icmp_echo_ignore_all=0
# Don't log Martian Packets (impossible packets)
net/ipv4/conf/default/log_martians=0
net/ipv4/conf/all/log_martians=0
# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
# (http://lkml.org/lkml/2008/2/5/167)
net/ipv4/tcp_syncookies=0
#net/ipv4/tcp_fin_timeout=30
#net/ipv4/tcp_keepalive_intvl=1800
# normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or
# earlier pf firewall, should set this to 0
net/ipv4/tcp_sack=1
# Uncomment this to turn off ipv6 autoconfiguration
#net/ipv6/conf/default/autoconf=0
#net/ipv6/conf/all/autoconf=0
# Uncomment this to enable ipv6 privacy addressing
#net/ipv6/conf/default/use_tempaddr=2
#net/ipv6/conf/all/use_tempaddr=2

10
archlive/airootfs/etc/ufw/ufw.conf Normal file
View file

@ -0,0 +1,10 @@
# /etc/ufw/ufw.conf
#
# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=yes
# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=low

39
archlive/airootfs/etc/ufw/user.rules Normal file
View file

@ -0,0 +1,39 @@
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

39
archlive/airootfs/etc/ufw/user6.rules Normal file
View file

@ -0,0 +1,39 @@
*filter
:ufw6-user-input - [0:0]
:ufw6-user-output - [0:0]
:ufw6-user-forward - [0:0]
:ufw6-before-logging-input - [0:0]
:ufw6-before-logging-output - [0:0]
:ufw6-before-logging-forward - [0:0]
:ufw6-user-logging-input - [0:0]
:ufw6-user-logging-output - [0:0]
:ufw6-user-logging-forward - [0:0]
:ufw6-after-logging-input - [0:0]
:ufw6-after-logging-output - [0:0]
:ufw6-after-logging-forward - [0:0]
:ufw6-logging-deny - [0:0]
:ufw6-logging-allow - [0:0]
:ufw6-user-limit - [0:0]
:ufw6-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow any 22 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 22 -j ACCEPT
-A ufw6-user-input -p udp --dport 22 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw6-user-limit -j REJECT
-A ufw6-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

48
archlive/airootfs/root/customize_airootfs.sh
View file

@ -2,18 +2,23 @@
set -e -u
# Locale
# Set hostname
echo "wk-arch" > /etc/hostname
echo "127.0.1.1 wk-arch.localdomain wk-arch" >> /etc/hosts
# Set locale
sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
locale-gen
# Time Settings
ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
#sed -i 's/#FallbackNTP/NTP/' /etc/systemd/timesyncd.conf
sed -i 's/#FallbackNTP/NTP/' /etc/systemd/timesyncd.conf
#timedatectl set-ntp true
# root user settings
usermod -s /usr/bin/zsh root
cp -aT /etc/skel/ /root/
rm /root/.zlogin
chmod 700 /root
echo "root:Abracadabra" | chpasswd
@ -27,12 +32,16 @@ echo "wktech:Abracadabra" | chpasswd
# Enable sudo for %wheel
echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
# Set pacman mirrorlist
echo 'Server = http://arch.localmsp.org/arch/$repo/os/$arch' > /etc/pacman.d/mirrorlist
echo 'Server = http://arch.mirrors.ionfish.org/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
echo 'Server = http://lug.mtu.edu/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
echo 'Server = http://mirror.rit.edu/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
echo 'Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
# Set mirrorlist. Process:
## Replace newlines with ~ to treat as single line
## Uncomment all US mirrors
## Resetore newlines
## Rank mirrors to only use the top 10 mirrors
mv -b /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak
tmp_file="$(mktemp)"
tr '\n' '~' < /etc/pacman.d/mirrorlist.bak | sed -r 's/([0-1]\.[0-9], United States)~#/\1~/g' | tr '~' '\n' > "$tmp_file"
rankmirrors -n 10 "$tmp_file" | egrep '^S' > /etc/pacman.d/mirrorlist
rm -v "$tmp_file"
# journald settings (from archiso)
sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
@ -42,24 +51,5 @@ sed -i 's/#\(HandleSuspendKey=\)suspend/\1ignore/' /etc/systemd/logind.conf
sed -i 's/#\(HandleHibernateKey=\)hibernate/\1ignore/' /etc/systemd/logind.conf
sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf
# DNS Settings
#echo "nameserver 8.8.8.8" > /etc/resolv.conf
#echo "nameserver 8.8.4.4" >> /etc/resolv.conf
#echo "nameserver 2001:4860:4860::8888" >> /etc/resolv.conf
#echo "nameserver 2001:4860:4860::8844" >> /etc/resolv.conf
#echo "nameserver 208.67.222.222" >> /etc/resolv.conf
#echo "nameserver 208.67.220.220" >> /etc/resolv.conf
#echo "nameserver 2620:0:ccc::2" >> /etc/resolv.conf
#echo "nameserver 2620:0:ccd::2" >> /etc/resolv.conf
# Startup settings
systemctl set-default multi-user.target
#systemctl set-default graphical.target
# archiso cleanup
for file in /etc/systemd/system/{pacman-init.service,etc-pacman.d-gnupg.mount} /etc/systemd/scripts/choose-mirror /etc/udev/rules.d/81-dhcpcd.rules /etc/initcpio; do
if [ -e "$file" ]; then
rm "$file" -R
fi
done
#systemctl enable pacman-init.service choose-mirror.service
systemctl set-default graphical.target

10
archlive/airootfs/usr/local/bin/arch.conf
View file

@ -3,14 +3,14 @@
# Backup options
declare -a BACKUP_1=(
"ServerOne" # Server name
"10.0.0.10" # IP
"10.0.0.10" # IP
"Backups" # Share name
"backup" # User name
"Abracadabra" # Password
)
declare -a BACKUP_2=(
"ServerTwo" # Server name
"10.0.0.11" # IP
"10.0.0.11" # IP
"Backups" # Share name
"backup" # User name
"Abracadabra" # Password
@ -31,7 +31,7 @@ declare -a BACKUP_4=(
)
# Hardware testing options
TEST_CPU_LENGTH="7" # Time in minutes to run Prime95
TEST_CPU_LENGTH="7" # Time in minutes to run Prime95
# Network options
WIFI_SSID="SomeWiFi" # Use the 2.4Ghz network for better compatability
@ -39,6 +39,6 @@ WIFI_PASS="Abracadabra"
# Results upload options
SKIP_UPLOAD="False" # Set to "True" to disable all uploads
DIAG_SERVER="10.0.0.10" # Use the IP and not the server name
DIAG_SERVER="10.0.0.10" # Use the IP and not the server name
DIAG_SHARE="/srv/ClientInfo" # Full path to shared folder (relative to the server's root)
DIAG_USER="wkdiag" # User used to connect to the server via SSH
DIAG_DEST="/srv/Diagnostics" # Full path to dest folder (on server)

32
archlive/airootfs/usr/local/bin/connect-to-network
View file

@ -11,20 +11,21 @@ die () {
exit 1
}
function test_connection() {
if ip a | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1]).[0-9]+|192.168).[0-9]+.[0-9]+'; then
return 0
else
return 1
fi
}
# Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD"
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else
source "/usr/local/bin/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD"
echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now"
sleep 1s
echo -n "."
sleep 1s
echo -n "."
sleep 1s
echo "."
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
# Init
@ -32,7 +33,7 @@ WIFI_SSID="${WIFI_SSID}"
WIFI_PASS="${WIFI_PASS}"
# Connect to network
if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then
if ! test_connection; then
# LAN
if ! ip l | grep -Eq '[0-9]+: +en'; then
## Reload the tg3/broadcom driver (known fix for some Dell systems)
@ -46,13 +47,18 @@ if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then
# WiFi
if ip l | grep -Eq '[0-9]+: +wl'; then
## Skip if we're already connected (i.e. the code above worked)
if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then
if ! test_connection; then
echo "Attempting to connect to ${WIFI_SSID}..."
netctl start wireless
sudo start-wifi
sleep 5s
fi
fi
fi
# Done
exit 0
if test_connection; then
exit 0
else
exit 1
fi

194
archlive/airootfs/usr/local/bin/hw-diags
View file

@ -3,84 +3,128 @@
## WK HW diagnostics - Launcher
MODE="$1"
SHOW_MENU="True"
if [[ "$MODE" =~ ^(all|cpu|drives|foh|smart|badblocks)$ ]]; then
SHOW_MENU="False"
fi
# Ensure a proper mode is selected
function pause() {
# Pause to review output
echo ""
echo "$1"
read
}
function menu() {
while :; do
if [[ "$SHOW_MENU" == "False" ]]; then
break
else
clear
echo "Hardware Diagnostics"
echo "────────────────────"
echo "0: Quick drive test"
echo "1: All tests"
echo "2: Prime95"
echo "3: SMART & badblocks"
echo "4: SMART"
echo "5: badblocks"
echo "────────────────────"
#if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# echo "6: Graphics Test - FurMark"
# echo "7: Graphics Test - Piano"
# echo "8: Graphics Test - Volplosion"
#fi
echo "A: Speaker Test"
if [[ -n $DISPLAY ]]; then
echo "K: Keyboard Test"
fi
echo "N: Network Test"
echo "────────────────────"
echo "M: Screen Saver - Matrix"
echo "P: Screen Saver - Pipes"
echo "────────────────────"
echo "Q: Quit"
if [[ "$MODE" =~ ^cli$ ]]; then
echo "R: Reboot"
echo "S: Shutdown"
fi
echo ""
read -r -p "Please make a selection: " MODE
# Check input
case $MODE in
0)
MODE=foh
break;;
1)
MODE=all
break;;
2)
MODE=cpu
break;;
3)
MODE=drives
break;;
4)
MODE=smart
break;;
5)
MODE=badblocks
break;;
#6)
# if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# gputest /fullscreen /test=fur
# fi
# ;;
#7)
# if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# gputest /fullscreen /test=pixmark_piano
# fi
# ;;
#8)
# if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# gputest /fullscreen /test=pixmark_volplosion
# fi
# ;;
a|A|audio|Audio)
clear
hw-diags-audio
pause "Press Enter to return to menu...";;
k|K|keyboard|Keyboard)
if [[ -n $DISPLAY ]]; then
xev
fi
;;
m|M)
cmatrix -abs
reset
clear;;
n|N)
clear
hw-diags-network
pause "Press Enter to return to menu...";;
p|P)
pipes -t 0 -t 1 -t 2 -t 3 -p 5 -R -r 4000
reset
clear;;
q|Q|quit|Quit)
exit 0;;
r|R)
sudo reboot;;
s|S)
sudo poweroff;;
esac
fi
done
}
# Main Loop
while :; do
if [[ "$MODE" =~ ^(all|cpu|drives|foh|smart|badblocks)$ ]]; then
menu
tmux new-session -s 'hw-session' -n 'hw-window' "hw-diags-inner $MODE"
if [[ "$SHOW_MENU" == "False" ]]; then
break
else
clear
echo "Hardware Diagnostics"
echo "────────────────────"
echo "0: Quick drive test"
echo "1: All tests"
echo "2: Prime95"
echo "3: SMART & badblocks"
echo "4: SMART"
echo "5: badblocks"
echo "────────────────────"
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
echo "6: Graphics Test - FurMark"
echo "7: Graphics Test - Piano"
echo "8: Graphics Test - Volplosion"
fi
echo "A: Speaker Test"
if [[ -n $DISPLAY ]]; then
echo "K: Keyboard Test"
fi
echo "────────────────────"
echo ""
echo "Q: Quit"
echo ""
read -r -p "Please make a selection: " MODE
# Check input
case $MODE in
0)
MODE=foh
break;;
1)
MODE=all
break;;
2)
MODE=cpu
break;;
3)
MODE=drives
break;;
4)
MODE=smart
break;;
5)
MODE=badblocks
break;;
6)
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
gputest /fullscreen /test=fur
fi
;;
7)
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
gputest /fullscreen /test=pixmark_piano
fi
;;
8)
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
gputest /fullscreen /test=pixmark_volplosion
fi
;;
a|A|audio|Audio)
hw-diags-audio;;
k|K|keyboard|Keyboard)
if [[ -n $DISPLAY ]]; then
xev
fi
;;
q|Q|quit|Quit)
exit 1;;
esac
fi
done
# Start tmux
tmux new-session -s 'hw-session' -n 'hw-window' "hw-diags-inner $MODE"

1
archlive/airootfs/usr/local/bin/hw-diags-audio
View file

@ -9,3 +9,4 @@ amixer -q set "PCM" 90% unmute
speaker-test -c 2 -l 1 -t pink
# speaker-test -c 2 -l 1 -t sine
speaker-test -c 2 -l 1 -t wav

25
archlive/airootfs/usr/local/bin/hw-diags-inner
View file

@ -10,17 +10,10 @@ die () {
# Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD"
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else
source "/usr/local/bin/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD"
echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now"
sleep 1s
echo -n "."
sleep 1s
echo -n "."
sleep 1s
echo "."
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
# Get TICKET
@ -48,7 +41,9 @@ done
DIAG_DATE="$(date "+%F_%H%M")"
DIAG_SERVER_AVAIL="False"
DIAG_SERVER="${DIAG_SERVER}"
DIAG_DEST="${DIAG_DEST}/${TICKET}/${DIAG_DATE}"
DIAG_SHARE="${DIAG_SHARE}"
DIAG_DEST="${DIAG_SHARE}/${TICKET}"
DIAG_UPLOAD_NAME="HW-Diagnostics_${DIAG_DATE}"
DIAG_USER="${DIAG_USER}"
TMP_DIR="$(mktemp -d)"
ERRORS="False"
@ -76,9 +71,10 @@ if [[ "$SKIP_UPLOAD" != "True" ]]; then
connect-to-network
# Test connection to DIAG_SERVER
if ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+' && \
if ip a | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1])|192.168).[0-9]+.[0-9]+' && \
ping -c 1 -q $DIAG_SERVER >/dev/null 2>&1; then
DIAG_SERVER_AVAIL="True"
ssh-add
ssh $DIAG_USER@$DIAG_SERVER mkdir -p "$DIAG_DEST"
ssh $DIAG_USER@$DIAG_SERVER chmod 755 "$DIAG_DEST"
fi
@ -196,7 +192,7 @@ function update_progress {
# Update Server
if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then
rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" --exclude '*.out'
rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/${DIAG_UPLOAD_NAME}/" --exclude '*.out'
fi
}
@ -497,6 +493,7 @@ if [[ "$TEST_SMART" == "True" ]] || \
echo ""
done
fi
update_progress
# System info dump
sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server|multisession)' > "system_info.txt"
@ -505,11 +502,11 @@ sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server|
mkdir "$HOME/Tickets/$TICKET" -p 2>/dev/null
rsync -aS --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "$HOME/Tickets/$TICKET/"
popd >/dev/null
cd "$HOME/Tickets" && tar czf "${TICKET}.tgz" "$TICKET"
cd "$HOME/Tickets" && tar czf "${DIAG_UPLOAD_NAME}.tgz" "$TICKET"
# Update Server
if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then
rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "${TICKET}.tgz" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" --exclude '*.out'
rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "${DIAG_UPLOAD_NAME}.tgz" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/"
fi
# End

73
archlive/airootfs/usr/local/bin/hw-diags-network Normal file
View file

@ -0,0 +1,73 @@
#!/bin/bash
#
## WK HW diagnostics - Network
function test_connection() {
cmd="a"
if [[ -e "/sys/class/net/$1" ]]; then
cmd="a show $1"
fi
if ip $cmd | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1]).[0-9]+|192.168).[0-9]+.[0-9]+'; then
return 0
else
return 1
fi
}
CLEAR="\e[0m"
RED="\e[31m"
GREEN="\e[32m"
YELLOW="\e[33m"
BLUE="\e[34m"
# Header
echo "WK HW Diagnostics - Network"
echo ""
# Start Wifi if necessary
echo "Initializing..."
connect-to-network >/dev/null 2>&1
# Check network connection
echo -n "Network connection: "
if test_connection; then
echo -e "${GREEN}OK${CLEAR}"
else
echo -e "${RED}No access${CLEAR}"
exit 1
fi
# Check IP addresses
for d in /sys/class/net/*; do
device="$(basename $d)"
if [ "$device" != "lo" ]; then
if test_connection $device; then
ip="$(ip a show $device | egrep 'inet [0-9]' | sed -r 's#.*inet (.*?/[0-9]+).*#\1#')"
echo "$device: $ip" | awk '{printf " %-16s %s\n", $1, $2}'
fi
fi
done
# Check internet connection
echo -n "Internet connection: "
if ping -c 2 -q 8.8.8.8 >/dev/null 2>&1; then
echo -e "${GREEN}OK${CLEAR}"
else
echo -e "${RED}No access${CLEAR}"
exit 1
fi
# Check DNS
echo -n "DNS Resolution: "
if ping -c 2 -q google.com >/dev/null 2>&1; then
echo -e "${GREEN}OK${CLEAR}"
else
echo -e "${RED}Unable to resolve google.com${CLEAR}"
exit 1
fi
# Check speed
echo "Speedtest:"
speedtest-cli --simple | awk '{printf " %-16s %6.2f %s\n", $1, $2, $3}'

8
archlive/airootfs/usr/local/bin/mount-all-volumes
View file

@ -8,6 +8,8 @@ dd bs=1K count=64 if=/dev/zero of="$TMP_FILE" >/dev/null 2>&1
mkfs.msdos "$TMP_FILE" >/dev/null 2>&1
udevil mount -o ro "$TMP_FILE" >/dev/null 2>&1
udevil umount "$TMP_FILE" >/dev/null 2>&1
sleep 1s
rmdir /media/wktech >/dev/null 2>&1
# Mount all volumes
echo "Mounting all volumes"
@ -15,12 +17,12 @@ regex="/dev/((h|s)d[a-z]|md)[0-9]+"
for volume in $(inxi -Dopxx | grep -E "$regex" | sed -r "s#.*($regex).*#\1#" | sort); do
if grep -q "$volume" /proc/mounts; then
if ! mount | grep "/run/archiso/bootmnt" | grep -q "$volume"; then
# Show what's already mounted except the ARCH_WK boot device
echo "$volume: (Already) mounted at $(mount | grep "$volume" | awk '{print $3}') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))"
# Show what's already mounted except the WK_ARCH boot device
echo "$volume: (Already) mounted $(mount | grep "$volume" | sed -r 's/^\S+ (on.*) type .*/\1/') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))"
fi
else
if udevil mount -o ro $volume >/dev/null 2>&1; then
echo "$volume: Mounted at $(mount | grep "$volume" | awk '{print $3}') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))"
echo "$volume: Mounted $(mount | grep "$volume" | sed -r 's/^\S+ (on.*) type .*/\1/') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))"
else
echo "$volume: Failed to mount"
fi

11
archlive/airootfs/usr/local/bin/mount-backup-shares
View file

@ -10,17 +10,10 @@ die () {
# Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD"
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else
source "/usr/local/bin/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD"
echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now"
sleep 1s
echo -n "."
sleep 1s
echo -n "."
sleep 1s
echo "."
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
# Connect to a network

55
archlive/airootfs/usr/local/bin/start-wifi Normal file
View file

@ -0,0 +1,55 @@
#!/bin/bash
#
## Creates network configs for all WLAN adapters
die () {
echo "$0:" "$@" >&2
exit 1
}
# Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else
source "/usr/local/bin/arch.conf" || \
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
# Init
WIFI_SSID="${WIFI_SSID}"
WIFI_PASS="${WIFI_PASS}"
metric_value=20
# Add WLAN cards to config
for d in /sys/class/net/wl*; do
device="$(basename $d)"
# Create networkd entry
echo "[Match]" > /etc/systemd/network/$device.network
echo "Name=$device" >> /etc/systemd/network/$device.network
echo "" >> /etc/systemd/network/$device.network
echo "[Network]" >> /etc/systemd/network/$device.network
echo "DHCP=yes" >> /etc/systemd/network/$device.network
echo "" >> /etc/systemd/network/$device.network
echo "[DHCP]" >> /etc/systemd/network/$device.network
echo "RouteMetric=$metric_value" >> /etc/systemd/network/$device.network
metric_value=$((metric_value+1))
# Create wpa_supplicant entry
if [[ -f "/run/archiso/bootmnt/config/wifi.conf" ]]; then
cp -f "/run/archiso/bootmnt/config/wifi.conf" "/etc/wpa_supplicant/wpa_supplicant-$device.conf"
elif [[ -f "/usr/local/bin/arch.conf" ]]; then
cp -f "/usr/local/bin/arch.conf" "/etc/wpa_supplicant/wpa_supplicant-$device.conf"
else
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
done
# Enable WLAN devices
systemctl restart systemd-networkd.service
for d in /sys/class/net/wl*; do
device="$(basename $d)"
systemctl start wpa_supplicant@$device.service
done

4
archlive/airootfs/usr/share/applications/Hardware Diagnostics.desktop
View file

@ -2,8 +2,8 @@
Version=1.0
Type=Application
Name=Hardware Diagnostics
Comment=
Exec=urxvt -title "Hardware Diagnostics" -hold -e hw-diags
Comment=Hardware Diagnostics
Exec=urxvt -title "Hardware Diagnostics" -e hw-diags
Icon=xcos
Path=
Terminal=false

2
archlive/airootfs/usr/share/applications/Hardware Information.desktop
View file

@ -2,7 +2,7 @@
Version=1.0
Type=Application
Name=Hardware Information
Comment=
Comment=Hardware Information
Exec=hardinfo
Icon=hardinfo
Path=

10
archlive/airootfs/usr/share/applications/NetworkTest.desktop Normal file
View file

@ -0,0 +1,10 @@
[Desktop Entry]
Version=1.0
Type=Application
Name=NetworkTest
Comment=Diagnose network connectivity
Exec=urxvt -title "Network Diagnostics" -hold -e hw-diags-network
Icon=network-workgroup
Path=
Terminal=false
StartupNotify=false

40
archlive/packages.both
View file

@ -1,14 +1,17 @@
arch-install-scripts
aic94xx-firmware
alsa-utils
antiword
arc-icon-theme-git
b43-firmware
arch-install-scripts
b43-fwcutter
bash-pipes
bc
btrfs-progs
chntpw
clonezilla
cmatrix
colordiff
conky
cower
crda
curl
darkhttpd
@ -21,35 +24,35 @@ dnsmasq
dnsutils
dos2unix
dosfstools
e2fsprogs
elinks
ethtool
exfat-utils
f2fs-tools
ffmpeg
fsarchiver
gcc-libs
gnome-keyring
gnu-netcat
gparted
gptfdisk
grub
gsmartcontrol
gtk-engine-murrine
gtk-theme-arc-git
hardinfo
hdparm
hexedit
hfsprogs
htop
ifplugd
inxi
ipw2100-fw
ipw2200-fw
iw
irssi
ldns
lftp
libewf
librsvg
libinput
lightdm
lightdm-gtk-greeter
linux-atm
linux-firmware
lm_sensors
@ -57,9 +60,8 @@ lsscsi
mc
mdadm
mediainfo
mesa
mesa-demos
midori-gtk2
midori
mkvtoolnix-cli
mprime-bin
mpv
@ -76,16 +78,17 @@ ntp
numix-circle-icon-theme-git
openconnect
openssh
openvpn
p7zip
partclone
parted
partimage
ppp
pptpclient
pygtk
python2
refind-efi
reiserfsprogs
rfkill
rng-tools
rp-pppoe
rsync
rxvt-unicode
@ -100,23 +103,28 @@ terminus-font
testdisk-wip
tk
tmux
truecrypt
tree
ttf-inconsolata
udevil
udisks2
ufw
unzip
usb_modeswitch
veracrypt
vim
virtualbox-guest-modules-arch
virtualbox-guest-utils-nox
vpnc
wd719x-firmware
wget
wimlib
wireless_tools
wpa_supplicant
wpa_actiond
wvdial
xf86-input-synaptics
xf86-input-libinput
xf86-video-amdgpu
xf86-video-ati
xf86-video-fbdev
xf86-video-intel
xf86-video-nouveau
xf86-video-vesa
@ -127,6 +135,6 @@ xorg-server
xorg-server-utils
xorg-xdpyinfo
xorg-xev
xorg-xinit
xorg-xinput
zd1211-firmware
zsh

1
archlive/packages.x86_64
View file

@ -1,2 +1 @@
broadcom-wl
gputest

8
archlive/pacman.conf
View file

@ -71,7 +71,7 @@ LocalFileSigLevel = Optional
[customrepo]
SigLevel = Optional TrustAll
Server = file:///root/WK-Arch/custom-repo/$arch
Server = file:///root/wk-arch/custom-repo/$arch
#[testing]
#Include = /etc/pacman.d/mirrorlist
@ -88,3 +88,9 @@ Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

28
build-wk
View file

@ -1,13 +1,31 @@
#!/bin/bash
# Set Vars
TMP_DIR="$(pwd)/wk_tmp"
OUT_DIR="$TMP_DIR/out"
LOG_DIR="/$HOME/ArchBuilds/BuildLogs"
OUT_DIR="/$HOME/ArchBuilds"
TMP_DIR="/$HOME/TMP_WK_ARCH"
DATE="$(date +%F)"
DATETIME="$(date +%F_%H%M)"
# Ensure that we're running with root privileges
if [[ "$EUID" -ne 0 ]]; then
echo "Please run with root permissions (i.e. sudo $0)"
exit
fi
# Set permissions
echo "Setting permissions..."
chown root.root archlive -R
# Build ISO
mkdir $TMP_DIR
mkdir $LOG_DIR
mkdir $OUT_DIR
./archlive/build.sh -N "arch-wk" -V "$(date +%F)" -L "ARCH_WK" -w "$TMP_DIR" -o "$OUT_DIR" -v
mkdir $TMP_DIR
./archlive/build.sh -N "wk-arch" -V "$DATE" -L "WK_ARCH" -w "$TMP_DIR" -o "$OUT_DIR" -v | tee -a "$LOG_DIR/$DATETIME.log"
# Cleanup
mv --backup=t -v "$OUT_DIR"/*iso "$HOME/" && rm "$TMP_DIR" -Rf
echo "Removing temp files..."
rm "$TMP_DIR" -Rf | tee -a "$LOG_DIR/$DATETIME.log"
echo "Reverting permissions..."
chown builduser.builduser archlive -R