diff --git a/LICENSE.txt b/LICENSE.txt index 7734ae70..7caf44d1 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,4 +1,4 @@ -Copyright (c) 2016 Alan Mason +Copyright (c) 2017 Alan Mason Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: diff --git a/archlive/airootfs/etc/default/ufw b/archlive/airootfs/etc/default/ufw new file mode 100644 index 00000000..665806f3 --- /dev/null +++ b/archlive/airootfs/etc/default/ufw @@ -0,0 +1,45 @@ +# /etc/default/ufw +# + +# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback +# accepted). You will need to 'disable' and then 'enable' the firewall for +# the changes to take affect. +IPV6=yes + +# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if +# you change this you will most likely want to adjust your rules. +DEFAULT_INPUT_POLICY="DROP" + +# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if +# you change this you will most likely want to adjust your rules. +DEFAULT_OUTPUT_POLICY="ACCEPT" + +# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that +# if you change this you will most likely want to adjust your rules +DEFAULT_FORWARD_POLICY="DROP" + +# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please +# note that setting this to ACCEPT may be a security risk. See 'man ufw' for +# details +DEFAULT_APPLICATION_POLICY="SKIP" + +# By default, ufw only touches its own chains. Set this to 'yes' to have ufw +# manage the built-in chains too. Warning: setting this to 'yes' will break +# non-ufw managed firewall rules +MANAGE_BUILTINS=no + +# +# IPT backend +# +# only enable if using iptables backend +IPT_SYSCTL=/etc/ufw/sysctl.conf + +# Extra connection tracking modules to load. Complete list can be found in +# net/netfilter/Kconfig of your kernel source. Some common modules: +# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support +# nf_conntrack_netbios_ns: NetBIOS (samba) client support +# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT +# nf_conntrack_ftp, nf_nat_ftp: active FTP support +# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) +IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns" + diff --git a/archlive/airootfs/etc/hostname b/archlive/airootfs/etc/hostname deleted file mode 100644 index 5e647960..00000000 --- a/archlive/airootfs/etc/hostname +++ /dev/null @@ -1 +0,0 @@ -arch-wk diff --git a/archlive/airootfs/etc/lightdm/lightdm.conf b/archlive/airootfs/etc/lightdm/lightdm.conf new file mode 100644 index 00000000..5aea533a --- /dev/null +++ b/archlive/airootfs/etc/lightdm/lightdm.conf @@ -0,0 +1,165 @@ +# +# General configuration +# +# start-default-seat = True to always start one seat if none are defined in the configuration +# greeter-user = User to run greeter as +# minimum-display-number = Minimum display number to use for X servers +# minimum-vt = First VT to run displays on +# lock-memory = True to prevent memory from being paged to disk +# user-authority-in-system-dir = True if session authority should be in the system location +# guest-account-script = Script to be run to setup guest account +# logind-check-graphical = True to on start seats that are marked as graphical by logind +# log-directory = Directory to log information to +# run-directory = Directory to put running state in +# cache-directory = Directory to cache to +# sessions-directory = Directory to find sessions +# remote-sessions-directory = Directory to find remote sessions +# greeters-directory = Directory to find greeters +# backup-logs = True to move add a .old suffix to old log files when opening new ones +# +[LightDM] +#start-default-seat=true +#greeter-user=lightdm +#minimum-display-number=0 +#minimum-vt=7 # Setting this to a value < 7 implies security issues, see FS#46799 +#lock-memory=true +#user-authority-in-system-dir=false +#guest-account-script=guest-account +#logind-check-graphical=false +#log-directory=/var/log/lightdm +run-directory=/run/lightdm +#cache-directory=/var/cache/lightdm +#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions +#remote-sessions-directory=/usr/share/lightdm/remote-sessions +#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters +#backup-logs=true + +# +# Seat configuration +# +# Seat configuration is matched against the seat name glob in the section, for example: +# [Seat:*] matches all seats and is applied first. +# [Seat:seat0] matches the seat named "seat0". +# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client". +# +# type = Seat type (xlocal, xremote, unity) +# pam-service = PAM service to use for login +# pam-autologin-service = PAM service to use for autologin +# pam-greeter-service = PAM service to use for greeters +# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) +# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option) +# xserver-config = Config file to pass to X server +# xserver-layout = Layout to pass to X server +# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server +# xserver-share = True if the X server is shared for both greeter and session +# xserver-hostname = Hostname of X server (only for type=xremote) +# xserver-display-number = Display number of X server (only for type=xremote) +# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) +# xdmcp-port = XDMCP UDP/IP port to communicate on +# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) +# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) +# unity-compositor-timeout = Number of seconds to wait for compositor to start +# greeter-session = Session to load for greeter +# greeter-hide-users = True to hide the user list +# greeter-allow-guest = True if the greeter should show a guest login option +# greeter-show-manual-login = True if the greeter should offer a manual login option +# greeter-show-remote-login = True if the greeter should offer a remote login option +# user-session = Session to load for users +# allow-user-switching = True if allowed to switch users +# allow-guest = True if guest login is allowed +# guest-session = Session to load for guests (overrides user-session) +# session-wrapper = Wrapper script to run session with +# greeter-wrapper = Wrapper script to run greeter with +# guest-wrapper = Wrapper script to run guest sessions with +# display-setup-script = Script to run when starting a greeter session (runs as root) +# display-stopped-script = Script to run after stopping the display server (runs as root) +# greeter-setup-script = Script to run when starting a greeter (runs as root) +# session-setup-script = Script to run when starting a user session (runs as root) +# session-cleanup-script = Script to run when quitting a user session (runs as root) +# autologin-guest = True to log in as guest by default +# autologin-user = User to log in with by default (overrides autologin-guest) +# autologin-user-timeout = Number of seconds to wait before loading default user +# autologin-session = Session to load for automatic login (overrides user-session) +# autologin-in-background = True if autologin session should not be immediately activated +# exit-on-failure = True if the daemon should exit if this seat fails +# +[Seat:*] +#type=xlocal +pam-service=lightdm +pam-autologin-service=lightdm-autologin +#pam-greeter-service=lightdm-greeter +#xserver-command=X +#xmir-command=Xmir +#xserver-config= +#xserver-layout= +#xserver-allow-tcp=false +#xserver-share=true +#xserver-hostname= +#xserver-display-number= +#xdmcp-manager= +#xdmcp-port=177 +#xdmcp-key= +#unity-compositor-command=unity-system-compositor +#unity-compositor-timeout=60 +#greeter-session=example-gtk-gnome +#greeter-hide-users=false +#greeter-allow-guest=true +#greeter-show-manual-login=false +#greeter-show-remote-login=true +#user-session=default +#allow-user-switching=true +#allow-guest=true +#guest-session= +session-wrapper=/etc/lightdm/Xsession +#greeter-wrapper= +#guest-wrapper= +#display-setup-script= +#display-stopped-script= +#greeter-setup-script= +#session-setup-script= +#session-cleanup-script= +#autologin-guest=false +autologin-user=wktech +autologin-user-timeout=0 +#autologin-in-background=false +#autologin-session= +#exit-on-failure=false + +# +# XDMCP Server configuration +# +# enabled = True if XDMCP connections should be allowed +# port = UDP/IP port to listen for connections on +# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present) +# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) +# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset) +# +# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively +# it can be a word and the first 7 characters are used as the key. +# +[XDMCPServer] +#enabled=false +#port=177 +#listen-address= +#key= +#hostname= + +# +# VNC Server configuration +# +# enabled = True if VNC connections should be allowed +# command = Command to run Xvnc server with +# port = TCP/IP port to listen for connections on +# listen-address = Host/address to listen for VNC connections (use all addresses if not present) +# width = Width of display to use +# height = Height of display to use +# depth = Color depth of display to use +# +[VNCServer] +#enabled=false +#command=Xvnc +#port=5900 +#listen-address= +#width=1024 +#height=768 +#depth=8 diff --git a/archlive/airootfs/etc/locale.gen b/archlive/airootfs/etc/locale.gen new file mode 100644 index 00000000..a1b8ba14 --- /dev/null +++ b/archlive/airootfs/etc/locale.gen @@ -0,0 +1 @@ +en_US.UTF-8 UTF-8 \ No newline at end of file diff --git a/archlive/airootfs/etc/motd b/archlive/airootfs/etc/motd new file mode 100644 index 00000000..649aa912 --- /dev/null +++ b/archlive/airootfs/etc/motd @@ -0,0 +1,9 @@ +Welcome to the WK Linux Toolbox + +Some common commands: +% hw-diags +% hw-info +% mount-all-volumes +% mount-backup-shares +% start-wifi + diff --git a/archlive/airootfs/etc/resolv.conf b/archlive/airootfs/etc/resolv.conf index db8b0a07..89efb950 100644 --- a/archlive/airootfs/etc/resolv.conf +++ b/archlive/airootfs/etc/resolv.conf @@ -1,8 +1 @@ -nameserver 8.8.8.8 -nameserver 8.8.4.4 -#nameserver 2001:4860:4860::8888 -#nameserver 2001:4860:4860::8844 -nameserver 208.67.222.222 -nameserver 208.67.220.220 -#nameserver 2620:0:ccc::2 -#nameserver 2620:0:ccd::2 +/run/systemd/resolve/resolv.conf \ No newline at end of file diff --git a/archlive/airootfs/etc/skel/.zsh_aliases b/archlive/airootfs/etc/skel/.aliases similarity index 67% rename from archlive/airootfs/etc/skel/.zsh_aliases rename to archlive/airootfs/etc/skel/.aliases index 7450b0c2..1dfb6fa2 100644 --- a/archlive/airootfs/etc/skel/.zsh_aliases +++ b/archlive/airootfs/etc/skel/.aliases @@ -1,4 +1,3 @@ -#!/bin/zsh alias 7z0='7z a -t7z -mx=0' alias 7z1='7z a -t7z -mx=1' alias 7z3='7z a -t7z -mx=3' @@ -8,26 +7,30 @@ alias 7z9='7z a -t7z -mx=9' alias diff='colordiff' -ur alias du='du -sch --apparent-size' alias fix-perms='find -type d -exec chmod 755 "{}" \; && find -type f -exec chmod 644 "{}" \;' +alias hw-info='sudo inxi -ACDdGlMmNopRsxxc 25' alias less='less -S' +alias ls='ls --color=auto' alias mkdir='mkdir -p' alias mount='sudo mount' alias mv='mv -nv' -alias photorec="sudo photorec" -alias photorec-sort="sudo photorec-sort" -alias q1='clear && sudo ls -1' -alias q1a='clear && sudo ls -1A' -alias q='clear && sudo ls -lh' -alias qa='clear && sudo ls -lAh' -alias qs='clear && sudo ls' -alias qsa='clear && sudo ls -A' +alias photorec-sort='sudo photorec-sort' +alias photorec='sudo photorec' +alias q1='clear && ls -1' +alias q1a='clear && ls -1A' +alias q='clear && ls -lh' +alias qa='clear && ls -lAh' +alias qs='clear && ls' +alias qsa='clear && ls -A' alias rm='rm -v' alias rmdirs='find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;' alias rs='rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias rsz='rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias sdu='sudo du -sch --apparent-size' -alias srmdirs='find -depth -mindepth 1 -type d -exec sudo rmdir "{}" --ignore-fail-on-non-empty \;' +alias srmdirs='sudo find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;' alias srs='sudo rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias srsz='sudo rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"' -alias testdisk="sudo testdisk" +alias start-wifi='sudo start-wifi' +alias td='tmux detach' +alias testdisk='sudo testdisk' alias umount='sudo umount' alias unmount='sudo umount' diff --git a/archlive/airootfs/etc/skel/.bashrc b/archlive/airootfs/etc/skel/.bashrc index a355b0cd..a76d83ac 100644 --- a/archlive/airootfs/etc/skel/.bashrc +++ b/archlive/airootfs/etc/skel/.bashrc @@ -5,5 +5,11 @@ # If not running interactively, don't do anything [[ $- != *i* ]] && return -alias ls='ls --color=auto' PS1='[\u@\h \W]\$ ' + +## Load aliases +. $HOME/.aliases + +## Start ssh agent +eval $(/usr/bin/ssh-agent) + diff --git a/archlive/airootfs/etc/skel/.config/autostart/NetworkManager.desktop b/archlive/airootfs/etc/skel/.config/autostart/Network.desktop similarity index 100% rename from archlive/airootfs/etc/skel/.config/autostart/NetworkManager.desktop rename to archlive/airootfs/etc/skel/.config/autostart/Network.desktop diff --git a/archlive/airootfs/etc/skel/.config/autostart/Wallpaper.desktop b/archlive/airootfs/etc/skel/.config/autostart/Wallpaper.desktop new file mode 100644 index 00000000..49037aa4 --- /dev/null +++ b/archlive/airootfs/etc/skel/.config/autostart/Wallpaper.desktop @@ -0,0 +1,12 @@ +[Desktop Entry] +Encoding=UTF-8 +Version=0.0.1 +Type=Application +Name=Update Wallpaper +Comment=Update Wallpaper +Exec=/home/wktech/.update_wallpaper +OnlyShowIn=XFCE; +StartupNotify=false +Terminal=false +Hidden=false + diff --git a/archlive/airootfs/etc/skel/.config/htop/htoprc b/archlive/airootfs/etc/skel/.config/htop/htoprc new file mode 100644 index 00000000..37f78cb4 --- /dev/null +++ b/archlive/airootfs/etc/skel/.config/htop/htoprc @@ -0,0 +1,26 @@ +# Beware! This file is rewritten by htop when settings are changed in the interface. +# The parser is also very primitive, and not human-friendly. +fields=0 48 17 18 38 39 40 2 46 47 49 1 +sort_key=46 +sort_direction=1 +hide_threads=0 +hide_kernel_threads=1 +hide_userland_threads=0 +shadow_other_users=0 +show_thread_names=0 +show_program_path=1 +highlight_base_name=0 +highlight_megabytes=1 +highlight_threads=1 +tree_view=0 +header_margin=1 +detailed_cpu_time=0 +cpu_count_from_zero=0 +update_process_names=0 +account_guest_in_cpu_meter=0 +color_scheme=0 +delay=15 +left_meters=AllCPUs Memory Swap +left_meter_modes=1 1 1 +right_meters=Tasks LoadAverage Uptime +right_meter_modes=2 2 2 diff --git a/archlive/airootfs/etc/skel/.config/xfce4/panel/whiskermenu-1.rc b/archlive/airootfs/etc/skel/.config/xfce4/panel/whiskermenu-1.rc index e0195106..78004419 100644 --- a/archlive/airootfs/etc/skel/.config/xfce4/panel/whiskermenu-1.rc +++ b/archlive/airootfs/etc/skel/.config/xfce4/panel/whiskermenu-1.rc @@ -1,4 +1,4 @@ -favorites=Hardware Diagnostics.desktop,Hardware Information.desktop,exo-file-manager.desktop,gparted.desktop,gsmartcontrol.desktop,SpeedTest.desktop,exo-web-browser.desktop +favorites=Hardware Diagnostics.desktop,Hardware Information.desktop,exo-file-manager.desktop,gparted.desktop,gsmartcontrol.desktop,NetworkTest.desktop,exo-web-browser.desktop recent=xfce4-settings-editor.desktop,xfce-session-settings.desktop,xfce4-power-manager-settings.desktop,gsmartcontrol.desktop,gparted.desktop button-title=Applications button-icon=distributor-logo-archlinux diff --git a/archlive/airootfs/etc/skel/.update_wallpaper b/archlive/airootfs/etc/skel/.update_wallpaper new file mode 100644 index 00000000..0e5d03dc --- /dev/null +++ b/archlive/airootfs/etc/skel/.update_wallpaper @@ -0,0 +1,23 @@ +#!/bin/bash + +UFD_PATH="/run/archiso/bootmnt/config/" +WALLPAPER="/usr/share/wallpaper/current.png" + +function link_wall() { + sudo rm "$WALLPAPER" + sudo ls -s "$UFD_PATH/Arch.png" "$WALLPAPER" +} + +# Check for UFD source +if [[ -f "$UFD_PATH/Arch.png" ]]; then + link_wall "$UFD_PATH/Arch.png" +elif [[ -f "$UFD_PATH/Arch.jpg" ]]; then + link_wall "$UFD_PATH/Arch.jpg" +fi + +# Update Xfce4 (mostly redundant, but will catch multi-display setups) +for monitor in monitor{0..2}; do + for workspace in workspace{0..3}; do + xfconf-query -c xfce4-desktop -p /backdrop/screen0/$monitor/$workspace/last-image -s "$WALLPAPER" 2>/dev/null + done +done diff --git a/archlive/airootfs/etc/skel/.xinitrc b/archlive/airootfs/etc/skel/.xinitrc index a949cf0b..bb0a24da 100644 --- a/archlive/airootfs/etc/skel/.xinitrc +++ b/archlive/airootfs/etc/skel/.xinitrc @@ -23,7 +23,3 @@ fi eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh) export SSH_AUTH_SOCK -# Start Xfce4 -if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then - exec startxfce4 -fi diff --git a/archlive/airootfs/etc/skel/.zlogin b/archlive/airootfs/etc/skel/.zlogin index a949cf0b..ae4dabb9 100644 --- a/archlive/airootfs/etc/skel/.zlogin +++ b/archlive/airootfs/etc/skel/.zlogin @@ -1,29 +1,3 @@ -#!/bin/sh - -userresources=$HOME/.Xresources -usermodmap=$HOME/.Xmodmap -sysresources=/etc/X11/xinit/.Xresources -sysmodmap=/etc/X11/xinit/.Xmodmap - -# merge in defaults and keymaps -if [ -f $sysresources ]; then - xrdb -merge $sysresources -fi -if [ -f $sysmodmap ]; then - xmodmap $sysmodmap -fi -if [ -f "$userresources" ]; then - xrdb -merge "$userresources" -fi -if [ -f "$usermodmap" ]; then - xmodmap "$usermodmap" -fi - -# Start GNOME-Keyring -eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh) -export SSH_AUTH_SOCK - -# Start Xfce4 -if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then - exec startxfce4 +if [ "$(fgconsole 2>/dev/null)" -eq "1" ]; then + hw-diags cli fi diff --git a/archlive/airootfs/etc/skel/.zshrc b/archlive/airootfs/etc/skel/.zshrc index d4a35296..6c8cde57 100644 --- a/archlive/airootfs/etc/skel/.zshrc +++ b/archlive/airootfs/etc/skel/.zshrc @@ -1,10 +1,12 @@ +# If you come from bash you might have to change your $PATH. +# export PATH=$HOME/bin:/usr/local/bin:$PATH + # Path to your oh-my-zsh installation. export ZSH=$HOME/.oh-my-zsh -# Set name of the theme to load. -# Look in ~/.oh-my-zsh/themes/ -# Optionally, if you set this to "random", it'll load a random theme each -# time that oh-my-zsh is loaded. +# Set name of the theme to load. Optionally, if you set this to "random" +# it'll load a random theme each time that oh-my-zsh is loaded. +# See https://github.com/robbyrussell/oh-my-zsh/wiki/Themes ZSH_THEME="lean" # Uncomment the following line to use case-sensitive completion. @@ -40,7 +42,7 @@ DISABLE_AUTO_UPDATE="true" # Uncomment the following line if you want to change the command execution time # stamp shown in the history command output. # The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd" -# HIST_STAMPS="mm/dd/yyyy" +HIST_STAMPS="yyyy-mm-dd" # Would you like to use another custom folder than $ZSH/custom? # ZSH_CUSTOM=/path/to/new-custom-folder @@ -49,15 +51,13 @@ DISABLE_AUTO_UPDATE="true" # Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/ # Example format: plugins=(rails git textmate ruby lighthouse) # Add wisely, as too many plugins slow down shell startup. -plugins=(sudo) +plugins=(archlinux git sudo systemd tmux) +source $ZSH/oh-my-zsh.sh # User configuration - export PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl" # export MANPATH="/usr/local/man:$MANPATH" -source $ZSH/oh-my-zsh.sh - # You may need to manually set your language environment # export LANG=en_US.UTF-8 @@ -72,7 +72,7 @@ source $ZSH/oh-my-zsh.sh # export ARCHFLAGS="-arch x86_64" # ssh -# export SSH_KEY_PATH="~/.ssh/dsa_id" +# export SSH_KEY_PATH="~/.ssh/rsa_id" # Set personal aliases, overriding those provided by oh-my-zsh libs, # plugins, and themes. Aliases can be placed here, though oh-my-zsh @@ -83,4 +83,9 @@ source $ZSH/oh-my-zsh.sh # alias zshconfig="mate ~/.zshrc" # alias ohmyzsh="mate ~/.oh-my-zsh" -. ~/.zsh_aliases +## Load aliases +. $HOME/.aliases + +## Start ssh agent +eval $(/usr/bin/ssh-agent)>/dev/null + diff --git a/archlive/airootfs/etc/systemd/network/wired.network b/archlive/airootfs/etc/systemd/network/wired.network index e11c5e7f..8a23b1c5 100644 --- a/archlive/airootfs/etc/systemd/network/wired.network +++ b/archlive/airootfs/etc/systemd/network/wired.network @@ -2,8 +2,7 @@ Name=en* [Network] -DHCP=ipv4 -DNS=8.8.8.8 -DNS=8.8.4.4 -DNS=208.67.222.222 -DNS=208.67.220.220 +DHCP=yes + +[DHCP] +RouteMetric=10 diff --git a/archlive/airootfs/etc/systemd/network/wireless.network b/archlive/airootfs/etc/systemd/network/wireless.network new file mode 100644 index 00000000..94a986b0 --- /dev/null +++ b/archlive/airootfs/etc/systemd/network/wireless.network @@ -0,0 +1,8 @@ +[Match] +Name=wl* + +[Network] +DHCP=yes + +[DHCP] +RouteMetric=20 diff --git a/archlive/airootfs/etc/systemd/system/display-manager.service b/archlive/airootfs/etc/systemd/system/display-manager.service new file mode 100644 index 00000000..5595cea3 --- /dev/null +++ b/archlive/airootfs/etc/systemd/system/display-manager.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/lightdm.service \ No newline at end of file diff --git a/archlive/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/archlive/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount new file mode 100644 index 00000000..4eab5513 --- /dev/null +++ b/archlive/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount @@ -0,0 +1,8 @@ +[Unit] +Description=Temporary /etc/pacman.d/gnupg directory + +[Mount] +What=tmpfs +Where=/etc/pacman.d/gnupg +Type=tmpfs +Options=mode=0755 diff --git a/archlive/airootfs/etc/systemd/system/multi-user.target.wants/rngd.service b/archlive/airootfs/etc/systemd/system/multi-user.target.wants/rngd.service new file mode 100644 index 00000000..5f6432cf --- /dev/null +++ b/archlive/airootfs/etc/systemd/system/multi-user.target.wants/rngd.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/rngd.service \ No newline at end of file diff --git a/archlive/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service b/archlive/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service new file mode 100644 index 00000000..4f6ae342 --- /dev/null +++ b/archlive/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/systemd-resolved.service \ No newline at end of file diff --git a/archlive/airootfs/etc/systemd/system/multi-user.target.wants/ufw.service b/archlive/airootfs/etc/systemd/system/multi-user.target.wants/ufw.service new file mode 100644 index 00000000..86a21504 --- /dev/null +++ b/archlive/airootfs/etc/systemd/system/multi-user.target.wants/ufw.service @@ -0,0 +1 @@ +/usr/lib/systemd/system/ufw.service \ No newline at end of file diff --git a/archlive/airootfs/etc/systemd/system/pacman-init.service b/archlive/airootfs/etc/systemd/system/pacman-init.service new file mode 100644 index 00000000..23b81445 --- /dev/null +++ b/archlive/airootfs/etc/systemd/system/pacman-init.service @@ -0,0 +1,15 @@ +[Unit] +Description=Initializes Pacman keyring +Wants=haveged.service +After=haveged.service +Requires=etc-pacman.d-gnupg.mount +After=etc-pacman.d-gnupg.mount + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/pacman-key --init +ExecStart=/usr/bin/pacman-key --populate archlinux + +[Install] +WantedBy=multi-user.target diff --git a/archlive/airootfs/etc/ufw/after.init b/archlive/airootfs/etc/ufw/after.init new file mode 100644 index 00000000..e89217d5 --- /dev/null +++ b/archlive/airootfs/etc/ufw/after.init @@ -0,0 +1,40 @@ +#!/bin/sh +# +# after.init: if executable, called by ufw-init. See 'man ufw-framework' for +# details. Note that output from these scripts is not seen via the +# the ufw command, but instead via ufw-init. +# +# Copyright 2013 Canonical Ltd. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +set -e + +case "$1" in +start) + # typically required + ;; +stop) + # typically required + ;; +status) + # optional + ;; +flush-all) + # optional + ;; +*) + echo "'$1' not supported" + echo "Usage: after.init {start|stop|flush-all|status}" + ;; +esac diff --git a/archlive/airootfs/etc/ufw/after.rules b/archlive/airootfs/etc/ufw/after.rules new file mode 100644 index 00000000..0d6c6461 --- /dev/null +++ b/archlive/airootfs/etc/ufw/after.rules @@ -0,0 +1,30 @@ +# +# rules.input-after +# +# Rules that should be run after the ufw command line added rules. Custom +# rules should be added to one of these chains: +# ufw-after-input +# ufw-after-output +# ufw-after-forward +# + +# Don't delete these required lines, otherwise there will be errors +*filter +:ufw-after-input - [0:0] +:ufw-after-output - [0:0] +:ufw-after-forward - [0:0] +# End required lines + +# don't log noisy services by default +-A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input +-A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input +-A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input +-A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input +-A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input +-A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input + +# don't log noisy broadcast +-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input + +# don't delete the 'COMMIT' line or these rules won't be processed +COMMIT diff --git a/archlive/airootfs/etc/ufw/after6.rules b/archlive/airootfs/etc/ufw/after6.rules new file mode 100644 index 00000000..0d996726 --- /dev/null +++ b/archlive/airootfs/etc/ufw/after6.rules @@ -0,0 +1,27 @@ +# +# rules.input-after +# +# Rules that should be run after the ufw command line added rules. Custom +# rules should be added to one of these chains: +# ufw6-after-input +# ufw6-after-output +# ufw6-after-forward +# + +# Don't delete these required lines, otherwise there will be errors +*filter +:ufw6-after-input - [0:0] +:ufw6-after-output - [0:0] +:ufw6-after-forward - [0:0] +# End required lines + +# don't log noisy services by default +-A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input +-A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input +-A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input +-A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input +-A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input +-A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input + +# don't delete the 'COMMIT' line or these rules won't be processed +COMMIT diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-bittorent b/archlive/airootfs/etc/ufw/applications.d/ufw-bittorent new file mode 100644 index 00000000..bdaa7431 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-bittorent @@ -0,0 +1,19 @@ +[Transmission] +title=Transmission +description=Transmission BitTorrent client +ports=51413/tcp + +[Deluge] +title=Deluge +description=Deluge BitTorrent client +ports=6881:6891/tcp + +[KTorrent] +title=KTorrent +description=KTorrent BitTorrent client +ports=6881/tcp|4444/udp + +[qBittorrent] +title=qBittorrent +description=qBittorrent BitTorrent client +ports=6881/tcp diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-chat b/archlive/airootfs/etc/ufw/applications.d/ufw-chat new file mode 100644 index 00000000..32b4fe70 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-chat @@ -0,0 +1,35 @@ +[PeopleNearby] +title=People Nearby +description=People Nearby (Bonjour/Salut) functionality in Empathy +ports=5353/udp|5298 + +[Bonjour] +title=Bonjour +description=Bonjour protocol +ports=5353/udp|5298 + +[MSN] +title=MSN Chat +description=MSN chat protocol (with file transfer and voice) +ports=1863|6891:6900/tcp|6901 + +[MSN SSL] +title=MSN Chat (SSL) +description=MSN chat protocol (SSL) +ports=443/tcp + +[AIM] +title=AIM Talk +description=AIM talk protocol +ports=5190/tcp + +[Yahoo] +title=Yahoo Chat +description=Yahoo chat protocol +ports=5050 + +[XMPP] +title=XMPP Chat +description=XMPP protocol (Jabber and Google Talk) +ports=5222/tcp|5269/tcp + diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-directoryserver b/archlive/airootfs/etc/ufw/applications.d/ufw-directoryserver new file mode 100644 index 00000000..90fa2f75 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-directoryserver @@ -0,0 +1,29 @@ +[Kerberos KDC] +title=Kerberos v5 KDC server +description=Kerberos v5 KDC server +ports=88 + +[Kerberos Admin] +title=Kerberos v5 admin +description=Kerberos v5 server +ports=749/tcp + +[Kerberos Password] +title=Kerberos v5 password +description=Kerberos v5 password +ports=464/udp + +[Kerberos Full] +title=Kerberos v5 server +description=Kerberos v5 server +ports=88,749/tcp|464/udp + +[LDAP] +title=LDAP server +description=LDAP server +ports=389/tcp + +[LDAPS] +title=LDAP server (LDAPS) +description=LDAP server (LDAPS) +ports=636/tcp diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-dnsserver b/archlive/airootfs/etc/ufw/applications.d/ufw-dnsserver new file mode 100644 index 00000000..7a617811 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-dnsserver @@ -0,0 +1,4 @@ +[DNS] +title=Internet Domain Name Server +description=Internet Domain Name Server +ports=53 diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-fileserver b/archlive/airootfs/etc/ufw/applications.d/ufw-fileserver new file mode 100644 index 00000000..6cb4c77b --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-fileserver @@ -0,0 +1,14 @@ +[CIFS] +title=SMB/CIFS server +description=SMB/CIFS server +ports=137,138/udp|139,445/tcp + +[NFS] +title=NFS server +description=NFS and portmap server. Will also need access to mountd, statd and possibly others +ports=2049,111/tcp|2049,111/udp + +[svnserve] +title=Subversion server +description=Subversion server for access to Subversion repositories. +ports=3690/tcp diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-loginserver b/archlive/airootfs/etc/ufw/applications.d/ufw-loginserver new file mode 100644 index 00000000..5f018530 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-loginserver @@ -0,0 +1,14 @@ +[Telnet] +title=Telnet server (insecure) +description=Telnet server (insecure) +ports=23/tcp + +[SSH] +title=SSH server +description=SSH server +ports=22/tcp + +[VNC] +title=VNC server +description=VNC server +ports=5900/tcp diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-mailserver b/archlive/airootfs/etc/ufw/applications.d/ufw-mailserver new file mode 100644 index 00000000..dd55cc07 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-mailserver @@ -0,0 +1,30 @@ +[POP3] +title=Mail server (POP3) +description=Mail server (POP3) +ports=110/tcp + +[POP3S] +title=Secure mail server (POP3S) +description=Secure mail server (POP3S) +ports=995/tcp + +[IMAP] +title=Mail server (IMAP) +description=Mail server (IMAP) +ports=143/tcp + +[IMAPS] +title=Secure mail server (IMAPS) +description=Secure mail server (IMAPS) +ports=993/tcp + +[SMTP] +title=Mail server (SMTP) +description=Mail server (SMTP) +ports=25/tcp + +[Mail submission] +title=Mail server (Submission) +description=Mail server (Submission) +ports=587/tcp + diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-printserver b/archlive/airootfs/etc/ufw/applications.d/ufw-printserver new file mode 100644 index 00000000..e634b612 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-printserver @@ -0,0 +1,9 @@ +[IPP] +title=Cups server (IPP) +description=Cups server (IPP) +ports=631 + +[LPD] +title=LPD server +description=LPD server +ports=515/tcp diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-proxyserver b/archlive/airootfs/etc/ufw/applications.d/ufw-proxyserver new file mode 100644 index 00000000..a598c980 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-proxyserver @@ -0,0 +1,9 @@ +[Socks] +title=Socks proxy +description=Socks proxy +ports=1080/tcp + +[Transparent Proxy] +title=Transparent proxy +description=Transparent proxy +ports=8081/tcp diff --git a/archlive/airootfs/etc/ufw/applications.d/ufw-webserver b/archlive/airootfs/etc/ufw/applications.d/ufw-webserver new file mode 100644 index 00000000..fab4b822 --- /dev/null +++ b/archlive/airootfs/etc/ufw/applications.d/ufw-webserver @@ -0,0 +1,19 @@ +[WWW] +title=Web Server +description=Web server +ports=80/tcp + +[WWW Secure] +title=Web Server (HTTPS) +description=Web Server (HTTPS) +ports=443/tcp + +[WWW Full] +title=Web Server (HTTP,HTTPS) +description=Web Server (HTTP,HTTPS) +ports=80,443/tcp + +[WWW Cache] +title=Web Server (8080) +description=Web Server (8080) +ports=8080/tcp diff --git a/archlive/airootfs/etc/ufw/before.init b/archlive/airootfs/etc/ufw/before.init new file mode 100644 index 00000000..1348cb12 --- /dev/null +++ b/archlive/airootfs/etc/ufw/before.init @@ -0,0 +1,40 @@ +#!/bin/sh +# +# before.init: if executable, called by ufw-init. See 'man ufw-framework' for +# details. Note that output from these scripts is not seen via the +# the ufw command, but instead via ufw-init. +# +# Copyright 2013 Canonical Ltd. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 3, +# as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +set -e + +case "$1" in +start) + # typically required + ;; +stop) + # typically required + ;; +status) + # optional + ;; +flush-all) + # optional + ;; +*) + echo "'$1' not supported" + echo "Usage: before.init {start|stop|flush-all|status}" + ;; +esac diff --git a/archlive/airootfs/etc/ufw/before.rules b/archlive/airootfs/etc/ufw/before.rules new file mode 100644 index 00000000..0addd54c --- /dev/null +++ b/archlive/airootfs/etc/ufw/before.rules @@ -0,0 +1,77 @@ +# +# rules.before +# +# Rules that should be run before the ufw command line added rules. Custom +# rules should be added to one of these chains: +# ufw-before-input +# ufw-before-output +# ufw-before-forward +# + +# Don't delete these required lines, otherwise there will be errors +*filter +:ufw-before-input - [0:0] +:ufw-before-output - [0:0] +:ufw-before-forward - [0:0] +:ufw-not-local - [0:0] +# End required lines + + +# allow all on loopback +-A ufw-before-input -i lo -j ACCEPT +-A ufw-before-output -o lo -j ACCEPT + +# quickly process packets for which we already have a connection +-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + +# drop INVALID packets (logs these in loglevel medium and higher) +-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny +-A ufw-before-input -m conntrack --ctstate INVALID -j DROP + +# ok icmp codes for INPUT +-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT +-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT +-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT +-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT +-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT + +# ok icmp code for FORWARD +-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT +-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT + +# allow dhcp client to work +-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT + +# +# ufw-not-local +# +-A ufw-before-input -j ufw-not-local + +# if LOCAL, RETURN +-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN + +# if MULTICAST, RETURN +-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN + +# if BROADCAST, RETURN +-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN + +# all other non-local packets are dropped +-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny +-A ufw-not-local -j DROP + +# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above +# is uncommented) +-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT + +# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above +# is uncommented) +-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT + +# don't delete the 'COMMIT' line or these rules won't be processed +COMMIT diff --git a/archlive/airootfs/etc/ufw/before6.rules b/archlive/airootfs/etc/ufw/before6.rules new file mode 100644 index 00000000..1102d3f7 --- /dev/null +++ b/archlive/airootfs/etc/ufw/before6.rules @@ -0,0 +1,138 @@ +# +# rules.before +# +# Rules that should be run before the ufw command line added rules. Custom +# rules should be added to one of these chains: +# ufw6-before-input +# ufw6-before-output +# ufw6-before-forward +# + +# Don't delete these required lines, otherwise there will be errors +*filter +:ufw6-before-input - [0:0] +:ufw6-before-output - [0:0] +:ufw6-before-forward - [0:0] +# End required lines + + +# allow all on loopback +-A ufw6-before-input -i lo -j ACCEPT +-A ufw6-before-output -o lo -j ACCEPT + +# drop packets with RH0 headers +-A ufw6-before-input -m rt --rt-type 0 -j DROP +-A ufw6-before-forward -m rt --rt-type 0 -j DROP +-A ufw6-before-output -m rt --rt-type 0 -j DROP + +# quickly process packets for which we already have a connection +-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + +# drop INVALID packets (logs these in loglevel medium and higher) +-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny +-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP + +# ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2) +-A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT +# codes 0 and 1 +-A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT +# codes 0-2 +-A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT +# IND solicitation +-A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT +# IND advertisement +-A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT +# MLD query +-A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT +# MLD report +-A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT +# MLD done +-A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT +# MLD report v2 +-A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT +# SEND certificate path solicitation +-A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT +# SEND certificate path advertisement +-A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT +# MR advertisement +-A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT +# MR solicitation +-A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT +# MR termination +-A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT + +# ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2) +-A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT +-A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT +# codes 0 and 1 +-A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT +# codes 0-2 +-A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT +-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT +-A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT +-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT +-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT +-A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT +# IND solicitation +-A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT +# IND advertisement +-A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT +# MLD query +-A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT +# MLD report +-A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT +# MLD done +-A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT +# MLD report v2 +-A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT +# SEND certificate path solicitation +-A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT +# SEND certificate path advertisement +-A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT +# MR advertisement +-A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT +# MR solicitation +-A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT +# MR termination +-A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT + +# ok icmp codes for FORWARD (rfc4890, 4.3.1) +-A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT +# codes 0 and 1 +-A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT +# codes 0-2 +-A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT +-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT +# ok icmp codes for FORWARD (rfc4890, 4.3.2) +# Home Agent Address Discovery Reques +-A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT +# Home Agent Address Discovery Reply +-A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT +# Mobile Prefix Solicitation +-A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT +# Mobile Prefix Advertisement +-A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT + +# allow dhcp client to work +-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT + +# allow MULTICAST mDNS for service discovery +-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT + +# allow MULTICAST UPnP for service discovery +-A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT + +# don't delete the 'COMMIT' line or these rules won't be processed +COMMIT diff --git a/archlive/airootfs/etc/ufw/sysctl.conf b/archlive/airootfs/etc/ufw/sysctl.conf new file mode 100644 index 00000000..87070322 --- /dev/null +++ b/archlive/airootfs/etc/ufw/sysctl.conf @@ -0,0 +1,57 @@ +# +# Configuration file for setting network variables. Please note these settings +# override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please +# adjust IPT_SYSCTL in /etc/default/ufw. +# + +# Uncomment this to allow this host to route packets between interfaces +#net/ipv4/ip_forward=1 +#net/ipv6/conf/default/forwarding=1 +#net/ipv6/conf/all/forwarding=1 + +# Turn on Source Address Verification in all interfaces to prevent some +# spoofing attacks +net/ipv4/conf/default/rp_filter=1 +net/ipv4/conf/all/rp_filter=1 + +# Do not accept IP source route packets (we are not a router) +net/ipv4/conf/default/accept_source_route=0 +net/ipv4/conf/all/accept_source_route=0 +net/ipv6/conf/default/accept_source_route=0 +net/ipv6/conf/all/accept_source_route=0 + +# Disable ICMP redirects. ICMP redirects are rarely used but can be used in +# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate +# traffic to those sites. +net/ipv4/conf/default/accept_redirects=0 +net/ipv4/conf/all/accept_redirects=0 +net/ipv6/conf/default/accept_redirects=0 +net/ipv6/conf/all/accept_redirects=0 + +# Ignore bogus ICMP errors +net/ipv4/icmp_echo_ignore_broadcasts=1 +net/ipv4/icmp_ignore_bogus_error_responses=1 +net/ipv4/icmp_echo_ignore_all=0 + +# Don't log Martian Packets (impossible packets) +net/ipv4/conf/default/log_martians=0 +net/ipv4/conf/all/log_martians=0 + +# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling +# (http://lkml.org/lkml/2008/2/5/167) +net/ipv4/tcp_syncookies=0 + +#net/ipv4/tcp_fin_timeout=30 +#net/ipv4/tcp_keepalive_intvl=1800 + +# normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or +# earlier pf firewall, should set this to 0 +net/ipv4/tcp_sack=1 + +# Uncomment this to turn off ipv6 autoconfiguration +#net/ipv6/conf/default/autoconf=0 +#net/ipv6/conf/all/autoconf=0 + +# Uncomment this to enable ipv6 privacy addressing +#net/ipv6/conf/default/use_tempaddr=2 +#net/ipv6/conf/all/use_tempaddr=2 diff --git a/archlive/airootfs/etc/ufw/ufw.conf b/archlive/airootfs/etc/ufw/ufw.conf new file mode 100644 index 00000000..28fe5341 --- /dev/null +++ b/archlive/airootfs/etc/ufw/ufw.conf @@ -0,0 +1,10 @@ +# /etc/ufw/ufw.conf +# + +# Set to yes to start on boot. If setting this remotely, be sure to add a rule +# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp' +ENABLED=yes + +# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'. +# See 'man ufw' for details. +LOGLEVEL=low diff --git a/archlive/airootfs/etc/ufw/user.rules b/archlive/airootfs/etc/ufw/user.rules new file mode 100644 index 00000000..aa30960c --- /dev/null +++ b/archlive/airootfs/etc/ufw/user.rules @@ -0,0 +1,39 @@ +*filter +:ufw-user-input - [0:0] +:ufw-user-output - [0:0] +:ufw-user-forward - [0:0] +:ufw-before-logging-input - [0:0] +:ufw-before-logging-output - [0:0] +:ufw-before-logging-forward - [0:0] +:ufw-user-logging-input - [0:0] +:ufw-user-logging-output - [0:0] +:ufw-user-logging-forward - [0:0] +:ufw-after-logging-input - [0:0] +:ufw-after-logging-output - [0:0] +:ufw-after-logging-forward - [0:0] +:ufw-logging-deny - [0:0] +:ufw-logging-allow - [0:0] +:ufw-user-limit - [0:0] +:ufw-user-limit-accept - [0:0] +### RULES ### + +### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in +-A ufw-user-input -p tcp --dport 22 -j ACCEPT +-A ufw-user-input -p udp --dport 22 -j ACCEPT + +### END RULES ### + +### LOGGING ### +-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 +-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 +### END LOGGING ### + +### RATE LIMITING ### +-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " +-A ufw-user-limit -j REJECT +-A ufw-user-limit-accept -j ACCEPT +### END RATE LIMITING ### +COMMIT diff --git a/archlive/airootfs/etc/ufw/user6.rules b/archlive/airootfs/etc/ufw/user6.rules new file mode 100644 index 00000000..47d96108 --- /dev/null +++ b/archlive/airootfs/etc/ufw/user6.rules @@ -0,0 +1,39 @@ +*filter +:ufw6-user-input - [0:0] +:ufw6-user-output - [0:0] +:ufw6-user-forward - [0:0] +:ufw6-before-logging-input - [0:0] +:ufw6-before-logging-output - [0:0] +:ufw6-before-logging-forward - [0:0] +:ufw6-user-logging-input - [0:0] +:ufw6-user-logging-output - [0:0] +:ufw6-user-logging-forward - [0:0] +:ufw6-after-logging-input - [0:0] +:ufw6-after-logging-output - [0:0] +:ufw6-after-logging-forward - [0:0] +:ufw6-logging-deny - [0:0] +:ufw6-logging-allow - [0:0] +:ufw6-user-limit - [0:0] +:ufw6-user-limit-accept - [0:0] +### RULES ### + +### tuple ### allow any 22 ::/0 any ::/0 in +-A ufw6-user-input -p tcp --dport 22 -j ACCEPT +-A ufw6-user-input -p udp --dport 22 -j ACCEPT + +### END RULES ### + +### LOGGING ### +-A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 +-A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 +-A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 +### END LOGGING ### + +### RATE LIMITING ### +-A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " +-A ufw6-user-limit -j REJECT +-A ufw6-user-limit-accept -j ACCEPT +### END RATE LIMITING ### +COMMIT diff --git a/archlive/airootfs/root/customize_airootfs.sh b/archlive/airootfs/root/customize_airootfs.sh index ba4b425c..7eba30ce 100644 --- a/archlive/airootfs/root/customize_airootfs.sh +++ b/archlive/airootfs/root/customize_airootfs.sh @@ -2,18 +2,23 @@ set -e -u -# Locale +# Set hostname +echo "wk-arch" > /etc/hostname +echo "127.0.1.1 wk-arch.localdomain wk-arch" >> /etc/hosts + +# Set locale sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen locale-gen # Time Settings ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime -#sed -i 's/#FallbackNTP/NTP/' /etc/systemd/timesyncd.conf +sed -i 's/#FallbackNTP/NTP/' /etc/systemd/timesyncd.conf #timedatectl set-ntp true # root user settings usermod -s /usr/bin/zsh root cp -aT /etc/skel/ /root/ +rm /root/.zlogin chmod 700 /root echo "root:Abracadabra" | chpasswd @@ -27,12 +32,16 @@ echo "wktech:Abracadabra" | chpasswd # Enable sudo for %wheel echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers -# Set pacman mirrorlist -echo 'Server = http://arch.localmsp.org/arch/$repo/os/$arch' > /etc/pacman.d/mirrorlist -echo 'Server = http://arch.mirrors.ionfish.org/$repo/os/$arch' >> /etc/pacman.d/mirrorlist -echo 'Server = http://lug.mtu.edu/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist -echo 'Server = http://mirror.rit.edu/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist -echo 'Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist +# Set mirrorlist. Process: +## Replace newlines with ~ to treat as single line +## Uncomment all US mirrors +## Resetore newlines +## Rank mirrors to only use the top 10 mirrors +mv -b /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak +tmp_file="$(mktemp)" +tr '\n' '~' < /etc/pacman.d/mirrorlist.bak | sed -r 's/([0-1]\.[0-9], United States)~#/\1~/g' | tr '~' '\n' > "$tmp_file" +rankmirrors -n 10 "$tmp_file" | egrep '^S' > /etc/pacman.d/mirrorlist +rm -v "$tmp_file" # journald settings (from archiso) sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf @@ -42,24 +51,5 @@ sed -i 's/#\(HandleSuspendKey=\)suspend/\1ignore/' /etc/systemd/logind.conf sed -i 's/#\(HandleHibernateKey=\)hibernate/\1ignore/' /etc/systemd/logind.conf sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf -# DNS Settings -#echo "nameserver 8.8.8.8" > /etc/resolv.conf -#echo "nameserver 8.8.4.4" >> /etc/resolv.conf -#echo "nameserver 2001:4860:4860::8888" >> /etc/resolv.conf -#echo "nameserver 2001:4860:4860::8844" >> /etc/resolv.conf -#echo "nameserver 208.67.222.222" >> /etc/resolv.conf -#echo "nameserver 208.67.220.220" >> /etc/resolv.conf -#echo "nameserver 2620:0:ccc::2" >> /etc/resolv.conf -#echo "nameserver 2620:0:ccd::2" >> /etc/resolv.conf - -# Startup settings -systemctl set-default multi-user.target -#systemctl set-default graphical.target - -# archiso cleanup -for file in /etc/systemd/system/{pacman-init.service,etc-pacman.d-gnupg.mount} /etc/systemd/scripts/choose-mirror /etc/udev/rules.d/81-dhcpcd.rules /etc/initcpio; do - if [ -e "$file" ]; then - rm "$file" -R - fi -done - +#systemctl enable pacman-init.service choose-mirror.service +systemctl set-default graphical.target diff --git a/archlive/airootfs/usr/local/bin/arch.conf b/archlive/airootfs/usr/local/bin/arch.conf index 1cda4d51..06d8c761 100644 --- a/archlive/airootfs/usr/local/bin/arch.conf +++ b/archlive/airootfs/usr/local/bin/arch.conf @@ -3,14 +3,14 @@ # Backup options declare -a BACKUP_1=( "ServerOne" # Server name - "10.0.0.10" # IP + "10.0.0.10" # IP "Backups" # Share name "backup" # User name "Abracadabra" # Password ) declare -a BACKUP_2=( "ServerTwo" # Server name - "10.0.0.11" # IP + "10.0.0.11" # IP "Backups" # Share name "backup" # User name "Abracadabra" # Password @@ -31,7 +31,7 @@ declare -a BACKUP_4=( ) # Hardware testing options -TEST_CPU_LENGTH="7" # Time in minutes to run Prime95 +TEST_CPU_LENGTH="7" # Time in minutes to run Prime95 # Network options WIFI_SSID="SomeWiFi" # Use the 2.4Ghz network for better compatability @@ -39,6 +39,6 @@ WIFI_PASS="Abracadabra" # Results upload options SKIP_UPLOAD="False" # Set to "True" to disable all uploads -DIAG_SERVER="10.0.0.10" # Use the IP and not the server name +DIAG_SERVER="10.0.0.10" # Use the IP and not the server name +DIAG_SHARE="/srv/ClientInfo" # Full path to shared folder (relative to the server's root) DIAG_USER="wkdiag" # User used to connect to the server via SSH -DIAG_DEST="/srv/Diagnostics" # Full path to dest folder (on server) diff --git a/archlive/airootfs/usr/local/bin/connect-to-network b/archlive/airootfs/usr/local/bin/connect-to-network index 95daacf4..487877bf 100644 --- a/archlive/airootfs/usr/local/bin/connect-to-network +++ b/archlive/airootfs/usr/local/bin/connect-to-network @@ -11,20 +11,21 @@ die () { exit 1 } +function test_connection() { + if ip a | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1]).[0-9]+|192.168).[0-9]+.[0-9]+'; then + return 0 + else + return 1 + fi +} + # Load settings if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then source "/run/archiso/bootmnt/config/arch.conf" || \ - die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" else source "/usr/local/bin/arch.conf" || \ - die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" - echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now" - sleep 1s - echo -n "." - sleep 1s - echo -n "." - sleep 1s - echo "." + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" fi # Init @@ -32,7 +33,7 @@ WIFI_SSID="${WIFI_SSID}" WIFI_PASS="${WIFI_PASS}" # Connect to network -if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then +if ! test_connection; then # LAN if ! ip l | grep -Eq '[0-9]+: +en'; then ## Reload the tg3/broadcom driver (known fix for some Dell systems) @@ -46,13 +47,18 @@ if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then # WiFi if ip l | grep -Eq '[0-9]+: +wl'; then ## Skip if we're already connected (i.e. the code above worked) - if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then + if ! test_connection; then echo "Attempting to connect to ${WIFI_SSID}..." - netctl start wireless + sudo start-wifi sleep 5s fi fi fi # Done -exit 0 +if test_connection; then + exit 0 +else + exit 1 +fi + diff --git a/archlive/airootfs/usr/local/bin/hw-diags b/archlive/airootfs/usr/local/bin/hw-diags index 311e8f8e..621ac0e8 100644 --- a/archlive/airootfs/usr/local/bin/hw-diags +++ b/archlive/airootfs/usr/local/bin/hw-diags @@ -3,84 +3,128 @@ ## WK HW diagnostics - Launcher MODE="$1" +SHOW_MENU="True" +if [[ "$MODE" =~ ^(all|cpu|drives|foh|smart|badblocks)$ ]]; then + SHOW_MENU="False" +fi -# Ensure a proper mode is selected +function pause() { + # Pause to review output + echo "" + echo "$1" + read +} + +function menu() { + while :; do + if [[ "$SHOW_MENU" == "False" ]]; then + break + else + clear + echo "Hardware Diagnostics" + echo "────────────────────" + echo "0: Quick drive test" + echo "1: All tests" + echo "2: Prime95" + echo "3: SMART & badblocks" + echo "4: SMART" + echo "5: badblocks" + echo "────────────────────" + #if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then + # echo "6: Graphics Test - FurMark" + # echo "7: Graphics Test - Piano" + # echo "8: Graphics Test - Volplosion" + #fi + echo "A: Speaker Test" + if [[ -n $DISPLAY ]]; then + echo "K: Keyboard Test" + fi + echo "N: Network Test" + echo "────────────────────" + echo "M: Screen Saver - Matrix" + echo "P: Screen Saver - Pipes" + echo "────────────────────" + echo "Q: Quit" + if [[ "$MODE" =~ ^cli$ ]]; then + echo "R: Reboot" + echo "S: Shutdown" + fi + echo "" + read -r -p "Please make a selection: " MODE + + # Check input + case $MODE in + 0) + MODE=foh + break;; + 1) + MODE=all + break;; + 2) + MODE=cpu + break;; + 3) + MODE=drives + break;; + 4) + MODE=smart + break;; + 5) + MODE=badblocks + break;; + #6) + # if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then + # gputest /fullscreen /test=fur + # fi + # ;; + #7) + # if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then + # gputest /fullscreen /test=pixmark_piano + # fi + # ;; + #8) + # if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then + # gputest /fullscreen /test=pixmark_volplosion + # fi + # ;; + a|A|audio|Audio) + clear + hw-diags-audio + pause "Press Enter to return to menu...";; + k|K|keyboard|Keyboard) + if [[ -n $DISPLAY ]]; then + xev + fi + ;; + m|M) + cmatrix -abs + reset + clear;; + n|N) + clear + hw-diags-network + pause "Press Enter to return to menu...";; + p|P) + pipes -t 0 -t 1 -t 2 -t 3 -p 5 -R -r 4000 + reset + clear;; + q|Q|quit|Quit) + exit 0;; + r|R) + sudo reboot;; + s|S) + sudo poweroff;; + esac + fi + done +} + +# Main Loop while :; do - if [[ "$MODE" =~ ^(all|cpu|drives|foh|smart|badblocks)$ ]]; then + menu + tmux new-session -s 'hw-session' -n 'hw-window' "hw-diags-inner $MODE" + if [[ "$SHOW_MENU" == "False" ]]; then break - else - clear - echo "Hardware Diagnostics" - echo "────────────────────" - echo "0: Quick drive test" - echo "1: All tests" - echo "2: Prime95" - echo "3: SMART & badblocks" - echo "4: SMART" - echo "5: badblocks" - echo "────────────────────" - if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then - echo "6: Graphics Test - FurMark" - echo "7: Graphics Test - Piano" - echo "8: Graphics Test - Volplosion" - fi - echo "A: Speaker Test" - if [[ -n $DISPLAY ]]; then - echo "K: Keyboard Test" - fi - echo "────────────────────" - echo "" - echo "Q: Quit" - echo "" - read -r -p "Please make a selection: " MODE - - # Check input - case $MODE in - 0) - MODE=foh - break;; - 1) - MODE=all - break;; - 2) - MODE=cpu - break;; - 3) - MODE=drives - break;; - 4) - MODE=smart - break;; - 5) - MODE=badblocks - break;; - 6) - if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then - gputest /fullscreen /test=fur - fi - ;; - 7) - if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then - gputest /fullscreen /test=pixmark_piano - fi - ;; - 8) - if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then - gputest /fullscreen /test=pixmark_volplosion - fi - ;; - a|A|audio|Audio) - hw-diags-audio;; - k|K|keyboard|Keyboard) - if [[ -n $DISPLAY ]]; then - xev - fi - ;; - q|Q|quit|Quit) - exit 1;; - esac fi done -# Start tmux -tmux new-session -s 'hw-session' -n 'hw-window' "hw-diags-inner $MODE" diff --git a/archlive/airootfs/usr/local/bin/hw-diags-audio b/archlive/airootfs/usr/local/bin/hw-diags-audio index eb6feef9..f46135fb 100644 --- a/archlive/airootfs/usr/local/bin/hw-diags-audio +++ b/archlive/airootfs/usr/local/bin/hw-diags-audio @@ -9,3 +9,4 @@ amixer -q set "PCM" 90% unmute speaker-test -c 2 -l 1 -t pink # speaker-test -c 2 -l 1 -t sine speaker-test -c 2 -l 1 -t wav + diff --git a/archlive/airootfs/usr/local/bin/hw-diags-inner b/archlive/airootfs/usr/local/bin/hw-diags-inner index 2381af57..a14dff14 100644 --- a/archlive/airootfs/usr/local/bin/hw-diags-inner +++ b/archlive/airootfs/usr/local/bin/hw-diags-inner @@ -10,17 +10,10 @@ die () { # Load settings if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then source "/run/archiso/bootmnt/config/arch.conf" || \ - die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" else source "/usr/local/bin/arch.conf" || \ - die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" - echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now" - sleep 1s - echo -n "." - sleep 1s - echo -n "." - sleep 1s - echo "." + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" fi # Get TICKET @@ -48,7 +41,9 @@ done DIAG_DATE="$(date "+%F_%H%M")" DIAG_SERVER_AVAIL="False" DIAG_SERVER="${DIAG_SERVER}" -DIAG_DEST="${DIAG_DEST}/${TICKET}/${DIAG_DATE}" +DIAG_SHARE="${DIAG_SHARE}" +DIAG_DEST="${DIAG_SHARE}/${TICKET}" +DIAG_UPLOAD_NAME="HW-Diagnostics_${DIAG_DATE}" DIAG_USER="${DIAG_USER}" TMP_DIR="$(mktemp -d)" ERRORS="False" @@ -76,9 +71,10 @@ if [[ "$SKIP_UPLOAD" != "True" ]]; then connect-to-network # Test connection to DIAG_SERVER - if ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+' && \ + if ip a | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1])|192.168).[0-9]+.[0-9]+' && \ ping -c 1 -q $DIAG_SERVER >/dev/null 2>&1; then DIAG_SERVER_AVAIL="True" + ssh-add ssh $DIAG_USER@$DIAG_SERVER mkdir -p "$DIAG_DEST" ssh $DIAG_USER@$DIAG_SERVER chmod 755 "$DIAG_DEST" fi @@ -196,7 +192,7 @@ function update_progress { # Update Server if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then - rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" --exclude '*.out' + rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/${DIAG_UPLOAD_NAME}/" --exclude '*.out' fi } @@ -497,6 +493,7 @@ if [[ "$TEST_SMART" == "True" ]] || \ echo "" done fi +update_progress # System info dump sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server|multisession)' > "system_info.txt" @@ -505,11 +502,11 @@ sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server| mkdir "$HOME/Tickets/$TICKET" -p 2>/dev/null rsync -aS --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "$HOME/Tickets/$TICKET/" popd >/dev/null -cd "$HOME/Tickets" && tar czf "${TICKET}.tgz" "$TICKET" +cd "$HOME/Tickets" && tar czf "${DIAG_UPLOAD_NAME}.tgz" "$TICKET" # Update Server if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then - rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "${TICKET}.tgz" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" --exclude '*.out' + rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "${DIAG_UPLOAD_NAME}.tgz" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" fi # End diff --git a/archlive/airootfs/usr/local/bin/hw-diags-network b/archlive/airootfs/usr/local/bin/hw-diags-network new file mode 100644 index 00000000..b1ba805d --- /dev/null +++ b/archlive/airootfs/usr/local/bin/hw-diags-network @@ -0,0 +1,73 @@ +#!/bin/bash +# +## WK HW diagnostics - Network + +function test_connection() { + cmd="a" + if [[ -e "/sys/class/net/$1" ]]; then + cmd="a show $1" + fi + if ip $cmd | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1]).[0-9]+|192.168).[0-9]+.[0-9]+'; then + return 0 + else + return 1 + fi +} + + +CLEAR="\e[0m" +RED="\e[31m" +GREEN="\e[32m" +YELLOW="\e[33m" +BLUE="\e[34m" + +# Header +echo "WK HW Diagnostics - Network" +echo "" + +# Start Wifi if necessary +echo "Initializing..." +connect-to-network >/dev/null 2>&1 + +# Check network connection +echo -n "Network connection: " +if test_connection; then + echo -e "${GREEN}OK${CLEAR}" +else + echo -e "${RED}No access${CLEAR}" + exit 1 +fi + +# Check IP addresses +for d in /sys/class/net/*; do + device="$(basename $d)" + if [ "$device" != "lo" ]; then + if test_connection $device; then + ip="$(ip a show $device | egrep 'inet [0-9]' | sed -r 's#.*inet (.*?/[0-9]+).*#\1#')" + echo "$device: $ip" | awk '{printf " %-16s %s\n", $1, $2}' + fi + fi +done + +# Check internet connection +echo -n "Internet connection: " +if ping -c 2 -q 8.8.8.8 >/dev/null 2>&1; then + echo -e "${GREEN}OK${CLEAR}" +else + echo -e "${RED}No access${CLEAR}" + exit 1 +fi + +# Check DNS +echo -n "DNS Resolution: " +if ping -c 2 -q google.com >/dev/null 2>&1; then + echo -e "${GREEN}OK${CLEAR}" +else + echo -e "${RED}Unable to resolve google.com${CLEAR}" + exit 1 +fi + +# Check speed +echo "Speedtest:" +speedtest-cli --simple | awk '{printf " %-16s %6.2f %s\n", $1, $2, $3}' + diff --git a/archlive/airootfs/usr/local/bin/mount-all-volumes b/archlive/airootfs/usr/local/bin/mount-all-volumes index 40ddb671..417fa27c 100644 --- a/archlive/airootfs/usr/local/bin/mount-all-volumes +++ b/archlive/airootfs/usr/local/bin/mount-all-volumes @@ -8,6 +8,8 @@ dd bs=1K count=64 if=/dev/zero of="$TMP_FILE" >/dev/null 2>&1 mkfs.msdos "$TMP_FILE" >/dev/null 2>&1 udevil mount -o ro "$TMP_FILE" >/dev/null 2>&1 udevil umount "$TMP_FILE" >/dev/null 2>&1 +sleep 1s +rmdir /media/wktech >/dev/null 2>&1 # Mount all volumes echo "Mounting all volumes" @@ -15,12 +17,12 @@ regex="/dev/((h|s)d[a-z]|md)[0-9]+" for volume in $(inxi -Dopxx | grep -E "$regex" | sed -r "s#.*($regex).*#\1#" | sort); do if grep -q "$volume" /proc/mounts; then if ! mount | grep "/run/archiso/bootmnt" | grep -q "$volume"; then - # Show what's already mounted except the ARCH_WK boot device - echo "$volume: (Already) mounted at $(mount | grep "$volume" | awk '{print $3}') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))" + # Show what's already mounted except the WK_ARCH boot device + echo "$volume: (Already) mounted $(mount | grep "$volume" | sed -r 's/^\S+ (on.*) type .*/\1/') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))" fi else if udevil mount -o ro $volume >/dev/null 2>&1; then - echo "$volume: Mounted at $(mount | grep "$volume" | awk '{print $3}') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))" + echo "$volume: Mounted $(mount | grep "$volume" | sed -r 's/^\S+ (on.*) type .*/\1/') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))" else echo "$volume: Failed to mount" fi diff --git a/archlive/airootfs/usr/local/bin/mount-backup-shares b/archlive/airootfs/usr/local/bin/mount-backup-shares index 79f51bad..f92675ec 100644 --- a/archlive/airootfs/usr/local/bin/mount-backup-shares +++ b/archlive/airootfs/usr/local/bin/mount-backup-shares @@ -10,17 +10,10 @@ die () { # Load settings if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then source "/run/archiso/bootmnt/config/arch.conf" || \ - die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" else source "/usr/local/bin/arch.conf" || \ - die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" - echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now" - sleep 1s - echo -n "." - sleep 1s - echo -n "." - sleep 1s - echo "." + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" fi # Connect to a network diff --git a/archlive/airootfs/usr/local/bin/start-wifi b/archlive/airootfs/usr/local/bin/start-wifi new file mode 100644 index 00000000..02a34e9d --- /dev/null +++ b/archlive/airootfs/usr/local/bin/start-wifi @@ -0,0 +1,55 @@ +#!/bin/bash +# +## Creates network configs for all WLAN adapters + + +die () { + echo "$0:" "$@" >&2 + exit 1 +} + +# Load settings +if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then + source "/run/archiso/bootmnt/config/arch.conf" || \ + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" +else + source "/usr/local/bin/arch.conf" || \ + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" +fi + +# Init +WIFI_SSID="${WIFI_SSID}" +WIFI_PASS="${WIFI_PASS}" +metric_value=20 + +# Add WLAN cards to config +for d in /sys/class/net/wl*; do + device="$(basename $d)" + # Create networkd entry + echo "[Match]" > /etc/systemd/network/$device.network + echo "Name=$device" >> /etc/systemd/network/$device.network + echo "" >> /etc/systemd/network/$device.network + echo "[Network]" >> /etc/systemd/network/$device.network + echo "DHCP=yes" >> /etc/systemd/network/$device.network + echo "" >> /etc/systemd/network/$device.network + echo "[DHCP]" >> /etc/systemd/network/$device.network + echo "RouteMetric=$metric_value" >> /etc/systemd/network/$device.network + metric_value=$((metric_value+1)) + + # Create wpa_supplicant entry + if [[ -f "/run/archiso/bootmnt/config/wifi.conf" ]]; then + cp -f "/run/archiso/bootmnt/config/wifi.conf" "/etc/wpa_supplicant/wpa_supplicant-$device.conf" + elif [[ -f "/usr/local/bin/arch.conf" ]]; then + cp -f "/usr/local/bin/arch.conf" "/etc/wpa_supplicant/wpa_supplicant-$device.conf" + else + die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD" + fi +done + +# Enable WLAN devices +systemctl restart systemd-networkd.service +for d in /sys/class/net/wl*; do + device="$(basename $d)" + systemctl start wpa_supplicant@$device.service +done + diff --git a/archlive/airootfs/usr/share/applications/Hardware Diagnostics.desktop b/archlive/airootfs/usr/share/applications/Hardware Diagnostics.desktop index 02995642..f502d1a2 100644 --- a/archlive/airootfs/usr/share/applications/Hardware Diagnostics.desktop +++ b/archlive/airootfs/usr/share/applications/Hardware Diagnostics.desktop @@ -2,8 +2,8 @@ Version=1.0 Type=Application Name=Hardware Diagnostics -Comment= -Exec=urxvt -title "Hardware Diagnostics" -hold -e hw-diags +Comment=Hardware Diagnostics +Exec=urxvt -title "Hardware Diagnostics" -e hw-diags Icon=xcos Path= Terminal=false diff --git a/archlive/airootfs/usr/share/applications/Hardware Information.desktop b/archlive/airootfs/usr/share/applications/Hardware Information.desktop index afe334bb..432cb2cb 100644 --- a/archlive/airootfs/usr/share/applications/Hardware Information.desktop +++ b/archlive/airootfs/usr/share/applications/Hardware Information.desktop @@ -2,7 +2,7 @@ Version=1.0 Type=Application Name=Hardware Information -Comment= +Comment=Hardware Information Exec=hardinfo Icon=hardinfo Path= diff --git a/archlive/airootfs/usr/share/applications/NetworkTest.desktop b/archlive/airootfs/usr/share/applications/NetworkTest.desktop new file mode 100644 index 00000000..c89e0ae1 --- /dev/null +++ b/archlive/airootfs/usr/share/applications/NetworkTest.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Version=1.0 +Type=Application +Name=NetworkTest +Comment=Diagnose network connectivity +Exec=urxvt -title "Network Diagnostics" -hold -e hw-diags-network +Icon=network-workgroup +Path= +Terminal=false +StartupNotify=false diff --git a/archlive/packages.both b/archlive/packages.both index a765d07a..7061a707 100644 --- a/archlive/packages.both +++ b/archlive/packages.both @@ -1,14 +1,17 @@ -arch-install-scripts aic94xx-firmware alsa-utils antiword arc-icon-theme-git -b43-firmware +arch-install-scripts +b43-fwcutter +bash-pipes +bc btrfs-progs chntpw -clonezilla +cmatrix colordiff conky +cower crda curl darkhttpd @@ -21,35 +24,35 @@ dnsmasq dnsutils dos2unix dosfstools +e2fsprogs elinks ethtool exfat-utils f2fs-tools ffmpeg fsarchiver -gcc-libs gnome-keyring gnu-netcat gparted gptfdisk grub gsmartcontrol -gtk-engine-murrine gtk-theme-arc-git hardinfo hdparm hexedit hfsprogs htop -ifplugd inxi ipw2100-fw ipw2200-fw -iw +irssi ldns lftp libewf -librsvg +libinput +lightdm +lightdm-gtk-greeter linux-atm linux-firmware lm_sensors @@ -57,9 +60,8 @@ lsscsi mc mdadm mediainfo -mesa mesa-demos -midori-gtk2 +midori mkvtoolnix-cli mprime-bin mpv @@ -76,16 +78,17 @@ ntp numix-circle-icon-theme-git openconnect openssh +openvpn p7zip partclone parted partimage ppp pptpclient -pygtk -python2 refind-efi +reiserfsprogs rfkill +rng-tools rp-pppoe rsync rxvt-unicode @@ -100,23 +103,28 @@ terminus-font testdisk-wip tk tmux -truecrypt +tree ttf-inconsolata udevil udisks2 +ufw unzip usb_modeswitch +veracrypt vim +virtualbox-guest-modules-arch +virtualbox-guest-utils-nox vpnc wd719x-firmware wget wimlib wireless_tools -wpa_supplicant +wpa_actiond wvdial -xf86-input-synaptics +xf86-input-libinput xf86-video-amdgpu xf86-video-ati +xf86-video-fbdev xf86-video-intel xf86-video-nouveau xf86-video-vesa @@ -127,6 +135,6 @@ xorg-server xorg-server-utils xorg-xdpyinfo xorg-xev -xorg-xinit +xorg-xinput zd1211-firmware zsh diff --git a/archlive/packages.x86_64 b/archlive/packages.x86_64 index aa6a8d31..93647f14 100644 --- a/archlive/packages.x86_64 +++ b/archlive/packages.x86_64 @@ -1,2 +1 @@ broadcom-wl -gputest diff --git a/archlive/pacman.conf b/archlive/pacman.conf index 858b7c1b..aed6a94d 100644 --- a/archlive/pacman.conf +++ b/archlive/pacman.conf @@ -71,7 +71,7 @@ LocalFileSigLevel = Optional [customrepo] SigLevel = Optional TrustAll -Server = file:///root/WK-Arch/custom-repo/$arch +Server = file:///root/wk-arch/custom-repo/$arch #[testing] #Include = /etc/pacman.d/mirrorlist @@ -88,3 +88,9 @@ Include = /etc/pacman.d/mirrorlist [community] Include = /etc/pacman.d/mirrorlist +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs + diff --git a/build-wk b/build-wk index 07294750..630692cc 100644 --- a/build-wk +++ b/build-wk @@ -1,13 +1,31 @@ #!/bin/bash # Set Vars -TMP_DIR="$(pwd)/wk_tmp" -OUT_DIR="$TMP_DIR/out" +LOG_DIR="/$HOME/ArchBuilds/BuildLogs" +OUT_DIR="/$HOME/ArchBuilds" +TMP_DIR="/$HOME/TMP_WK_ARCH" +DATE="$(date +%F)" +DATETIME="$(date +%F_%H%M)" + +# Ensure that we're running with root privileges +if [[ "$EUID" -ne 0 ]]; then + echo "Please run with root permissions (i.e. sudo $0)" + exit +fi + +# Set permissions +echo "Setting permissions..." +chown root.root archlive -R # Build ISO -mkdir $TMP_DIR +mkdir $LOG_DIR mkdir $OUT_DIR -./archlive/build.sh -N "arch-wk" -V "$(date +%F)" -L "ARCH_WK" -w "$TMP_DIR" -o "$OUT_DIR" -v +mkdir $TMP_DIR +./archlive/build.sh -N "wk-arch" -V "$DATE" -L "WK_ARCH" -w "$TMP_DIR" -o "$OUT_DIR" -v | tee -a "$LOG_DIR/$DATETIME.log" # Cleanup -mv --backup=t -v "$OUT_DIR"/*iso "$HOME/" && rm "$TMP_DIR" -Rf +echo "Removing temp files..." +rm "$TMP_DIR" -Rf | tee -a "$LOG_DIR/$DATETIME.log" + +echo "Reverting permissions..." +chown builduser.builduser archlive -R