2Shirt/WizardKit
2Shirt/WizardKit
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 26 Packages Wiki Activity Actions

2017-01: Retroactive Updates

Browse source 
* Disabled gputest
  * The package is failing to install.

* Now using Midori GTK3 build
  * GTK2 was pulled from main repos for security reasons

* Removed warnings about missing UFD
  * For use with live sessions

* Wallpaper updated for live sessions
  * Wallpaper is now set at startup
  * Checks for UFD source but defaults to included file
  * Bugfix: Wallpaper is now set for multiple monitor/workspace setups

* Disabled choose-mirror service

* Better permission handling
  * build-wk now checks if running as root
  * build-wk now sets permissions before calling build.sh
    * Should prevent build failues as build.sh expects files to be owned by root
    * build-wk sets ownership back to builduser.builduser during cleanup

* Better menu for HW-Diags
  * The script now returns to the menu after running a selection
    * Unless the mode was set directly by passing a valid argument
    * NOTE: This allows for easier use in CLI mode

* Add delay before removing /media/wktech

* Adjusted TMP_DIR in build-wk

* Fixed path to custom repo

* Trimming the fat
  * hostname / hosts now configured by customize_airootfs.sh
  * removed files from etc that were at default settings
  * removed grml zsh config since oh-my-zsh/lean is used

* Defined a LOG_DIR for build-wk

* Introducing libinput
  * Switched to libinput over synaptics as it has been deprecated.
    * Should restore touchpad functionality going forward.
* Full mount path SHOULD now be displayed for mount-all-volumes.

* Added CLI Screensavers

* diag-network works now
  * network connection tests now passes all ipv4 private ip ranges
    * 10.0.0.0/8, 172.16.0.0/12, & 192.168.0.0/24
    * need to add ipv6 at some point
  * hw-diag menu flow adjusted

* New hostname and more bugfixes
  * hostname switched to wk-arch
  * ufw package is now installed
  * adjusted upload section of hw-diags

* Added alias for start-wifi

* Booting to CLI mode will autologin wktech
  * When booting to the CLI the motd shows some avail commands
  * Adjusted HW-Diags menu for use in CLI mode
This commit is contained in:
Alan Mason 2017-12-06 17:56:10 -08:00
parent a83c28ca3b
commit d8952ed26f
62 changed files with 1417 additions and 245 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
LICENSE.txt
View file

@ -1,4 +1,4 @@
Copyright (c) 2016 Alan Mason Copyright (c) 2017 Alan Mason
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

45
archlive/airootfs/etc/default/ufw Normal file
View file

@ -0,0 +1,45 @@
# /etc/default/ufw
#
# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=yes
# Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY="DROP"
# Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_OUTPUT_POLICY="ACCEPT"
# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="DROP"
# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="SKIP"
# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
# non-ufw managed firewall rules
MANAGE_BUILTINS=no
#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf
# Extra connection tracking modules to load. Complete list can be found in
# net/netfilter/Kconfig of your kernel source. Some common modules:
# nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
# nf_conntrack_netbios_ns: NetBIOS (samba) client support
# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
# nf_conntrack_ftp, nf_nat_ftp: active FTP support
# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"

1
archlive/airootfs/etc/hostname
View file

@ -1 +0,0 @@
arch-wk

165
archlive/airootfs/etc/lightdm/lightdm.conf Normal file
View file

@ -0,0 +1,165 @@
#
# General configuration
#
# start-default-seat = True to always start one seat if none are defined in the configuration
# greeter-user = User to run greeter as
# minimum-display-number = Minimum display number to use for X servers
# minimum-vt = First VT to run displays on
# lock-memory = True to prevent memory from being paged to disk
# user-authority-in-system-dir = True if session authority should be in the system location
# guest-account-script = Script to be run to setup guest account
# logind-check-graphical = True to on start seats that are marked as graphical by logind
# log-directory = Directory to log information to
# run-directory = Directory to put running state in
# cache-directory = Directory to cache to
# sessions-directory = Directory to find sessions
# remote-sessions-directory = Directory to find remote sessions
# greeters-directory = Directory to find greeters
# backup-logs = True to move add a .old suffix to old log files when opening new ones
#
[LightDM]
#start-default-seat=true
#greeter-user=lightdm
#minimum-display-number=0
#minimum-vt=7 # Setting this to a value < 7 implies security issues, see FS#46799
#lock-memory=true
#user-authority-in-system-dir=false
#guest-account-script=guest-account
#logind-check-graphical=false
#log-directory=/var/log/lightdm
run-directory=/run/lightdm
#cache-directory=/var/cache/lightdm
#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
#remote-sessions-directory=/usr/share/lightdm/remote-sessions
#greeters-directory=/usr/share/lightdm/greeters:/usr/share/xgreeters
#backup-logs=true
#
# Seat configuration
#
# Seat configuration is matched against the seat name glob in the section, for example:
# [Seat:*] matches all seats and is applied first.
# [Seat:seat0] matches the seat named "seat0".
# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
#
# type = Seat type (xlocal, xremote, unity)
# pam-service = PAM service to use for login
# pam-autologin-service = PAM service to use for autologin
# pam-greeter-service = PAM service to use for greeters
# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
# xserver-config = Config file to pass to X server
# xserver-layout = Layout to pass to X server
# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
# xserver-share = True if the X server is shared for both greeter and session
# xserver-hostname = Hostname of X server (only for type=xremote)
# xserver-display-number = Display number of X server (only for type=xremote)
# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
# xdmcp-port = XDMCP UDP/IP port to communicate on
# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option)
# unity-compositor-timeout = Number of seconds to wait for compositor to start
# greeter-session = Session to load for greeter
# greeter-hide-users = True to hide the user list
# greeter-allow-guest = True if the greeter should show a guest login option
# greeter-show-manual-login = True if the greeter should offer a manual login option
# greeter-show-remote-login = True if the greeter should offer a remote login option
# user-session = Session to load for users
# allow-user-switching = True if allowed to switch users
# allow-guest = True if guest login is allowed
# guest-session = Session to load for guests (overrides user-session)
# session-wrapper = Wrapper script to run session with
# greeter-wrapper = Wrapper script to run greeter with
# guest-wrapper = Wrapper script to run guest sessions with
# display-setup-script = Script to run when starting a greeter session (runs as root)
# display-stopped-script = Script to run after stopping the display server (runs as root)
# greeter-setup-script = Script to run when starting a greeter (runs as root)
# session-setup-script = Script to run when starting a user session (runs as root)
# session-cleanup-script = Script to run when quitting a user session (runs as root)
# autologin-guest = True to log in as guest by default
# autologin-user = User to log in with by default (overrides autologin-guest)
# autologin-user-timeout = Number of seconds to wait before loading default user
# autologin-session = Session to load for automatic login (overrides user-session)
# autologin-in-background = True if autologin session should not be immediately activated
# exit-on-failure = True if the daemon should exit if this seat fails
#
[Seat:*]
#type=xlocal
pam-service=lightdm
pam-autologin-service=lightdm-autologin
#pam-greeter-service=lightdm-greeter
#xserver-command=X
#xmir-command=Xmir
#xserver-config=
#xserver-layout=
#xserver-allow-tcp=false
#xserver-share=true
#xserver-hostname=
#xserver-display-number=
#xdmcp-manager=
#xdmcp-port=177
#xdmcp-key=
#unity-compositor-command=unity-system-compositor
#unity-compositor-timeout=60
#greeter-session=example-gtk-gnome
#greeter-hide-users=false
#greeter-allow-guest=true
#greeter-show-manual-login=false
#greeter-show-remote-login=true
#user-session=default
#allow-user-switching=true
#allow-guest=true
#guest-session=
session-wrapper=/etc/lightdm/Xsession
#greeter-wrapper=
#guest-wrapper=
#display-setup-script=
#display-stopped-script=
#greeter-setup-script=
#session-setup-script=
#session-cleanup-script=
#autologin-guest=false
autologin-user=wktech
autologin-user-timeout=0
#autologin-in-background=false
#autologin-session=
#exit-on-failure=false
#
# XDMCP Server configuration
#
# enabled = True if XDMCP connections should be allowed
# port = UDP/IP port to listen for connections on
# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
#
# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
# it can be a word and the first 7 characters are used as the key.
#
[XDMCPServer]
#enabled=false
#port=177
#listen-address=
#key=
#hostname=
#
# VNC Server configuration
#
# enabled = True if VNC connections should be allowed
# command = Command to run Xvnc server with
# port = TCP/IP port to listen for connections on
# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
# width = Width of display to use
# height = Height of display to use
# depth = Color depth of display to use
#
[VNCServer]
#enabled=false
#command=Xvnc
#port=5900
#listen-address=
#width=1024
#height=768
#depth=8

1
archlive/airootfs/etc/locale.gen Normal file
View file

@ -0,0 +1 @@
en_US.UTF-8 UTF-8

9
archlive/airootfs/etc/motd Normal file
View file

@ -0,0 +1,9 @@
Welcome to the WK Linux Toolbox
Some common commands:
% hw-diags
% hw-info
% mount-all-volumes
% mount-backup-shares
% start-wifi

9
archlive/airootfs/etc/resolv.conf
View file

@ -1,8 +1 @@
nameserver 8.8.8.8 /run/systemd/resolve/resolv.conf
nameserver 8.8.4.4
#nameserver 2001:4860:4860::8888
#nameserver 2001:4860:4860::8844
nameserver 208.67.222.222
nameserver 208.67.220.220
#nameserver 2620:0:ccc::2
#nameserver 2620:0:ccd::2

25
archlive/airootfs/etc/skel/.zsh_aliases → archlive/airootfs/etc/skel/.aliases
View file

@ -1,4 +1,3 @@
#!/bin/zsh
alias 7z0='7z a -t7z -mx=0' alias 7z0='7z a -t7z -mx=0'
alias 7z1='7z a -t7z -mx=1' alias 7z1='7z a -t7z -mx=1'
alias 7z3='7z a -t7z -mx=3' alias 7z3='7z a -t7z -mx=3'
@ -8,26 +7,30 @@ alias 7z9='7z a -t7z -mx=9'
alias diff='colordiff' -ur alias diff='colordiff' -ur
alias du='du -sch --apparent-size' alias du='du -sch --apparent-size'
alias fix-perms='find -type d -exec chmod 755 "{}" \; && find -type f -exec chmod 644 "{}" \;' alias fix-perms='find -type d -exec chmod 755 "{}" \; && find -type f -exec chmod 644 "{}" \;'
alias hw-info='sudo inxi -ACDdGlMmNopRsxxc 25'
alias less='less -S' alias less='less -S'
alias ls='ls --color=auto'
alias mkdir='mkdir -p' alias mkdir='mkdir -p'
alias mount='sudo mount' alias mount='sudo mount'
alias mv='mv -nv' alias mv='mv -nv'
alias photorec="sudo photorec" alias photorec-sort='sudo photorec-sort'
alias photorec-sort="sudo photorec-sort" alias photorec='sudo photorec'
alias q1='clear && sudo ls -1' alias q1='clear && ls -1'
alias q1a='clear && sudo ls -1A' alias q1a='clear && ls -1A'
alias q='clear && sudo ls -lh' alias q='clear && ls -lh'
alias qa='clear && sudo ls -lAh' alias qa='clear && ls -lAh'
alias qs='clear && sudo ls' alias qs='clear && ls'
alias qsa='clear && sudo ls -A' alias qsa='clear && ls -A'
alias rm='rm -v' alias rm='rm -v'
alias rmdirs='find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;' alias rmdirs='find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;'
alias rs='rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias rs='rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias rsz='rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias rsz='rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias sdu='sudo du -sch --apparent-size' alias sdu='sudo du -sch --apparent-size'
alias srmdirs='find -depth -mindepth 1 -type d -exec sudo rmdir "{}" --ignore-fail-on-non-empty \;' alias srmdirs='sudo find -depth -mindepth 1 -type d -exec rmdir "{}" --ignore-fail-on-non-empty \;'
alias srs='sudo rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias srs='sudo rsync -avhPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias srsz='sudo rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"' alias srsz='sudo rsync -avhzPS --stats --exclude-from="$HOME/.rsync_exclusions"'
alias testdisk="sudo testdisk" alias start-wifi='sudo start-wifi'
alias td='tmux detach'
alias testdisk='sudo testdisk'
alias umount='sudo umount' alias umount='sudo umount'
alias unmount='sudo umount' alias unmount='sudo umount'

8
archlive/airootfs/etc/skel/.bashrc
View file

@ -5,5 +5,11 @@
# If not running interactively, don't do anything # If not running interactively, don't do anything
[[ $- != *i* ]] && return [[ $- != *i* ]] && return
alias ls='ls --color=auto'
PS1='[\u@\h \W]\$ ' PS1='[\u@\h \W]\$ '
## Load aliases
. $HOME/.aliases
## Start ssh agent
eval $(/usr/bin/ssh-agent)

0
archlive/airootfs/etc/skel/.config/autostart/NetworkManager.desktop → archlive/airootfs/etc/skel/.config/autostart/Network.desktop
View file

12
archlive/airootfs/etc/skel/.config/autostart/Wallpaper.desktop Normal file
View file

@ -0,0 +1,12 @@
[Desktop Entry]
Encoding=UTF-8
Version=0.0.1
Type=Application
Name=Update Wallpaper
Comment=Update Wallpaper
Exec=/home/wktech/.update_wallpaper
OnlyShowIn=XFCE;
StartupNotify=false
Terminal=false
Hidden=false

26
archlive/airootfs/etc/skel/.config/htop/htoprc Normal file
View file

@ -0,0 +1,26 @@
# Beware! This file is rewritten by htop when settings are changed in the interface.
# The parser is also very primitive, and not human-friendly.
fields=0 48 17 18 38 39 40 2 46 47 49 1
sort_key=46
sort_direction=1
hide_threads=0
hide_kernel_threads=1
hide_userland_threads=0
shadow_other_users=0
show_thread_names=0
show_program_path=1
highlight_base_name=0
highlight_megabytes=1
highlight_threads=1
tree_view=0
header_margin=1
detailed_cpu_time=0
cpu_count_from_zero=0
update_process_names=0
account_guest_in_cpu_meter=0
color_scheme=0
delay=15
left_meters=AllCPUs Memory Swap
left_meter_modes=1 1 1
right_meters=Tasks LoadAverage Uptime
right_meter_modes=2 2 2

2
archlive/airootfs/etc/skel/.config/xfce4/panel/whiskermenu-1.rc
View file

@ -1,4 +1,4 @@
favorites=Hardware Diagnostics.desktop,Hardware Information.desktop,exo-file-manager.desktop,gparted.desktop,gsmartcontrol.desktop,SpeedTest.desktop,exo-web-browser.desktop favorites=Hardware Diagnostics.desktop,Hardware Information.desktop,exo-file-manager.desktop,gparted.desktop,gsmartcontrol.desktop,NetworkTest.desktop,exo-web-browser.desktop
recent=xfce4-settings-editor.desktop,xfce-session-settings.desktop,xfce4-power-manager-settings.desktop,gsmartcontrol.desktop,gparted.desktop recent=xfce4-settings-editor.desktop,xfce-session-settings.desktop,xfce4-power-manager-settings.desktop,gsmartcontrol.desktop,gparted.desktop
button-title=Applications button-title=Applications
button-icon=distributor-logo-archlinux button-icon=distributor-logo-archlinux

23
archlive/airootfs/etc/skel/.update_wallpaper Normal file
View file

@ -0,0 +1,23 @@
#!/bin/bash
UFD_PATH="/run/archiso/bootmnt/config/"
WALLPAPER="/usr/share/wallpaper/current.png"
function link_wall() {
sudo rm "$WALLPAPER"
sudo ls -s "$UFD_PATH/Arch.png" "$WALLPAPER"
}
# Check for UFD source
if [[ -f "$UFD_PATH/Arch.png" ]]; then
link_wall "$UFD_PATH/Arch.png"
elif [[ -f "$UFD_PATH/Arch.jpg" ]]; then
link_wall "$UFD_PATH/Arch.jpg"
fi
# Update Xfce4 (mostly redundant, but will catch multi-display setups)
for monitor in monitor{0..2}; do
for workspace in workspace{0..3}; do
xfconf-query -c xfce4-desktop -p /backdrop/screen0/$monitor/$workspace/last-image -s "$WALLPAPER" 2>/dev/null
done
done

4
archlive/airootfs/etc/skel/.xinitrc
View file

@ -23,7 +23,3 @@ fi
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh) eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK export SSH_AUTH_SOCK
# Start Xfce4
if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then
exec startxfce4
fi

30
archlive/airootfs/etc/skel/.zlogin
View file

@ -1,29 +1,3 @@
#!/bin/sh if [ "$(fgconsole 2>/dev/null)" -eq "1" ]; then
hw-diags cli
userresources=$HOME/.Xresources
usermodmap=$HOME/.Xmodmap
sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap
# merge in defaults and keymaps
if [ -f $sysresources ]; then
xrdb -merge $sysresources
fi
if [ -f $sysmodmap ]; then
xmodmap $sysmodmap
fi
if [ -f "$userresources" ]; then
xrdb -merge "$userresources"
fi
if [ -f "$usermodmap" ]; then
xmodmap "$usermodmap"
fi
# Start GNOME-Keyring
eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh)
export SSH_AUTH_SOCK
# Start Xfce4
if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then
exec startxfce4
fi fi

27
archlive/airootfs/etc/skel/.zshrc
View file

@ -1,10 +1,12 @@
# If you come from bash you might have to change your $PATH.
# export PATH=$HOME/bin:/usr/local/bin:$PATH
# Path to your oh-my-zsh installation. # Path to your oh-my-zsh installation.
export ZSH=$HOME/.oh-my-zsh export ZSH=$HOME/.oh-my-zsh
# Set name of the theme to load. # Set name of the theme to load. Optionally, if you set this to "random"
# Look in ~/.oh-my-zsh/themes/ # it'll load a random theme each time that oh-my-zsh is loaded.
# Optionally, if you set this to "random", it'll load a random theme each # See https://github.com/robbyrussell/oh-my-zsh/wiki/Themes
# time that oh-my-zsh is loaded.
ZSH_THEME="lean" ZSH_THEME="lean"
# Uncomment the following line to use case-sensitive completion. # Uncomment the following line to use case-sensitive completion.
@ -40,7 +42,7 @@ DISABLE_AUTO_UPDATE="true"
# Uncomment the following line if you want to change the command execution time # Uncomment the following line if you want to change the command execution time
# stamp shown in the history command output. # stamp shown in the history command output.
# The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd" # The optional three formats: "mm/dd/yyyy"|"dd.mm.yyyy"|"yyyy-mm-dd"
# HIST_STAMPS="mm/dd/yyyy" HIST_STAMPS="yyyy-mm-dd"
# Would you like to use another custom folder than $ZSH/custom? # Would you like to use another custom folder than $ZSH/custom?
# ZSH_CUSTOM=/path/to/new-custom-folder # ZSH_CUSTOM=/path/to/new-custom-folder
@ -49,15 +51,13 @@ DISABLE_AUTO_UPDATE="true"
# Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/ # Custom plugins may be added to ~/.oh-my-zsh/custom/plugins/
# Example format: plugins=(rails git textmate ruby lighthouse) # Example format: plugins=(rails git textmate ruby lighthouse)
# Add wisely, as too many plugins slow down shell startup. # Add wisely, as too many plugins slow down shell startup.
plugins=(sudo) plugins=(archlinux git sudo systemd tmux)
source $ZSH/oh-my-zsh.sh
# User configuration # User configuration
export PATH="/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl"
# export MANPATH="/usr/local/man:$MANPATH" # export MANPATH="/usr/local/man:$MANPATH"
source $ZSH/oh-my-zsh.sh
# You may need to manually set your language environment # You may need to manually set your language environment
# export LANG=en_US.UTF-8 # export LANG=en_US.UTF-8
@ -72,7 +72,7 @@ source $ZSH/oh-my-zsh.sh
# export ARCHFLAGS="-arch x86_64" # export ARCHFLAGS="-arch x86_64"
# ssh # ssh
# export SSH_KEY_PATH="~/.ssh/dsa_id" # export SSH_KEY_PATH="~/.ssh/rsa_id"
# Set personal aliases, overriding those provided by oh-my-zsh libs, # Set personal aliases, overriding those provided by oh-my-zsh libs,
# plugins, and themes. Aliases can be placed here, though oh-my-zsh # plugins, and themes. Aliases can be placed here, though oh-my-zsh
@ -83,4 +83,9 @@ source $ZSH/oh-my-zsh.sh
# alias zshconfig="mate ~/.zshrc" # alias zshconfig="mate ~/.zshrc"
# alias ohmyzsh="mate ~/.oh-my-zsh" # alias ohmyzsh="mate ~/.oh-my-zsh"
. ~/.zsh_aliases ## Load aliases
. $HOME/.aliases
## Start ssh agent
eval $(/usr/bin/ssh-agent)>/dev/null

9
archlive/airootfs/etc/systemd/network/wired.network
View file

@ -2,8 +2,7 @@
Name=en* Name=en*
[Network] [Network]
DHCP=ipv4 DHCP=yes
DNS=8.8.8.8
DNS=8.8.4.4 [DHCP]
DNS=208.67.222.222 RouteMetric=10
DNS=208.67.220.220

8
archlive/airootfs/etc/systemd/network/wireless.network Normal file
View file

@ -0,0 +1,8 @@
[Match]
Name=wl*
[Network]
DHCP=yes
[DHCP]
RouteMetric=20

1
archlive/airootfs/etc/systemd/system/display-manager.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/lightdm.service

8
archlive/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Temporary /etc/pacman.d/gnupg directory
[Mount]
What=tmpfs
Where=/etc/pacman.d/gnupg
Type=tmpfs
Options=mode=0755

1
archlive/airootfs/etc/systemd/system/multi-user.target.wants/rngd.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/rngd.service

1
archlive/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/systemd-resolved.service

1
archlive/airootfs/etc/systemd/system/multi-user.target.wants/ufw.service Normal file
View file

@ -0,0 +1 @@
/usr/lib/systemd/system/ufw.service

15
archlive/airootfs/etc/systemd/system/pacman-init.service Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Initializes Pacman keyring
Wants=haveged.service
After=haveged.service
Requires=etc-pacman.d-gnupg.mount
After=etc-pacman.d-gnupg.mount
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/pacman-key --init
ExecStart=/usr/bin/pacman-key --populate archlinux
[Install]
WantedBy=multi-user.target

40
archlive/airootfs/etc/ufw/after.init Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
#
# after.init: if executable, called by ufw-init. See 'man ufw-framework' for
# details. Note that output from these scripts is not seen via the
# the ufw command, but instead via ufw-init.
#
# Copyright 2013 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
case "$1" in
start)
# typically required
;;
stop)
# typically required
;;
status)
# optional
;;
flush-all)
# optional
;;
*)
echo "'$1' not supported"
echo "Usage: after.init {start|stop|flush-all|status}"
;;
esac

30
archlive/airootfs/etc/ufw/after.rules Normal file
View file

@ -0,0 +1,30 @@
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-after-input
# ufw-after-output
# ufw-after-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-after-input - [0:0]
:ufw-after-output - [0:0]
:ufw-after-forward - [0:0]
# End required lines
# don't log noisy services by default
-A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input
# don't log noisy broadcast
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

27
archlive/airootfs/etc/ufw/after6.rules Normal file
View file

@ -0,0 +1,27 @@
#
# rules.input-after
#
# Rules that should be run after the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw6-after-input
# ufw6-after-output
# ufw6-after-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw6-after-input - [0:0]
:ufw6-after-output - [0:0]
:ufw6-after-forward - [0:0]
# End required lines
# don't log noisy services by default
-A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input
-A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

19
archlive/airootfs/etc/ufw/applications.d/ufw-bittorent Normal file
View file

@ -0,0 +1,19 @@
[Transmission]
title=Transmission
description=Transmission BitTorrent client
ports=51413/tcp
[Deluge]
title=Deluge
description=Deluge BitTorrent client
ports=6881:6891/tcp
[KTorrent]
title=KTorrent
description=KTorrent BitTorrent client
ports=6881/tcp|4444/udp
[qBittorrent]
title=qBittorrent
description=qBittorrent BitTorrent client
ports=6881/tcp

35
archlive/airootfs/etc/ufw/applications.d/ufw-chat Normal file
View file

@ -0,0 +1,35 @@
[PeopleNearby]
title=People Nearby
description=People Nearby (Bonjour/Salut) functionality in Empathy
ports=5353/udp|5298
[Bonjour]
title=Bonjour
description=Bonjour protocol
ports=5353/udp|5298
[MSN]
title=MSN Chat
description=MSN chat protocol (with file transfer and voice)
ports=1863|6891:6900/tcp|6901
[MSN SSL]
title=MSN Chat (SSL)
description=MSN chat protocol (SSL)
ports=443/tcp
[AIM]
title=AIM Talk
description=AIM talk protocol
ports=5190/tcp
[Yahoo]
title=Yahoo Chat
description=Yahoo chat protocol
ports=5050
[XMPP]
title=XMPP Chat
description=XMPP protocol (Jabber and Google Talk)
ports=5222/tcp|5269/tcp

29
archlive/airootfs/etc/ufw/applications.d/ufw-directoryserver Normal file
View file

@ -0,0 +1,29 @@
[Kerberos KDC]
title=Kerberos v5 KDC server
description=Kerberos v5 KDC server
ports=88
[Kerberos Admin]
title=Kerberos v5 admin
description=Kerberos v5 server
ports=749/tcp
[Kerberos Password]
title=Kerberos v5 password
description=Kerberos v5 password
ports=464/udp
[Kerberos Full]
title=Kerberos v5 server
description=Kerberos v5 server
ports=88,749/tcp|464/udp
[LDAP]
title=LDAP server
description=LDAP server
ports=389/tcp
[LDAPS]
title=LDAP server (LDAPS)
description=LDAP server (LDAPS)
ports=636/tcp

4
archlive/airootfs/etc/ufw/applications.d/ufw-dnsserver Normal file
View file

@ -0,0 +1,4 @@
[DNS]
title=Internet Domain Name Server
description=Internet Domain Name Server
ports=53

14
archlive/airootfs/etc/ufw/applications.d/ufw-fileserver Normal file
View file

@ -0,0 +1,14 @@
[CIFS]
title=SMB/CIFS server
description=SMB/CIFS server
ports=137,138/udp|139,445/tcp
[NFS]
title=NFS server
description=NFS and portmap server. Will also need access to mountd, statd and possibly others
ports=2049,111/tcp|2049,111/udp
[svnserve]
title=Subversion server
description=Subversion server for access to Subversion repositories.
ports=3690/tcp

14
archlive/airootfs/etc/ufw/applications.d/ufw-loginserver Normal file
View file

@ -0,0 +1,14 @@
[Telnet]
title=Telnet server (insecure)
description=Telnet server (insecure)
ports=23/tcp
[SSH]
title=SSH server
description=SSH server
ports=22/tcp
[VNC]
title=VNC server
description=VNC server
ports=5900/tcp

30
archlive/airootfs/etc/ufw/applications.d/ufw-mailserver Normal file
View file

@ -0,0 +1,30 @@
[POP3]
title=Mail server (POP3)
description=Mail server (POP3)
ports=110/tcp
[POP3S]
title=Secure mail server (POP3S)
description=Secure mail server (POP3S)
ports=995/tcp
[IMAP]
title=Mail server (IMAP)
description=Mail server (IMAP)
ports=143/tcp
[IMAPS]
title=Secure mail server (IMAPS)
description=Secure mail server (IMAPS)
ports=993/tcp
[SMTP]
title=Mail server (SMTP)
description=Mail server (SMTP)
ports=25/tcp
[Mail submission]
title=Mail server (Submission)
description=Mail server (Submission)
ports=587/tcp

9
archlive/airootfs/etc/ufw/applications.d/ufw-printserver Normal file
View file

@ -0,0 +1,9 @@
[IPP]
title=Cups server (IPP)
description=Cups server (IPP)
ports=631
[LPD]
title=LPD server
description=LPD server
ports=515/tcp

9
archlive/airootfs/etc/ufw/applications.d/ufw-proxyserver Normal file
View file

@ -0,0 +1,9 @@
[Socks]
title=Socks proxy
description=Socks proxy
ports=1080/tcp
[Transparent Proxy]
title=Transparent proxy
description=Transparent proxy
ports=8081/tcp

19
archlive/airootfs/etc/ufw/applications.d/ufw-webserver Normal file
View file

@ -0,0 +1,19 @@
[WWW]
title=Web Server
description=Web server
ports=80/tcp
[WWW Secure]
title=Web Server (HTTPS)
description=Web Server (HTTPS)
ports=443/tcp
[WWW Full]
title=Web Server (HTTP,HTTPS)
description=Web Server (HTTP,HTTPS)
ports=80,443/tcp
[WWW Cache]
title=Web Server (8080)
description=Web Server (8080)
ports=8080/tcp

40
archlive/airootfs/etc/ufw/before.init Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
#
# before.init: if executable, called by ufw-init. See 'man ufw-framework' for
# details. Note that output from these scripts is not seen via the
# the ufw command, but instead via ufw-init.
#
# Copyright 2013 Canonical Ltd.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 3,
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
set -e
case "$1" in
start)
# typically required
;;
stop)
# typically required
;;
status)
# optional
;;
flush-all)
# optional
;;
*)
echo "'$1' not supported"
echo "Usage: before.init {start|stop|flush-all|status}"
;;
esac

77
archlive/airootfs/etc/ufw/before.rules Normal file
View file

@ -0,0 +1,77 @@
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
# allow all on loopback
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-output -o lo -j ACCEPT
# quickly process packets for which we already have a connection
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT
-A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
# ok icmp code for FORWARD
-A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT
# allow dhcp client to work
-A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
#
# ufw-not-local
#
-A ufw-before-input -j ufw-not-local
# if LOCAL, RETURN
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
# if MULTICAST, RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
# if BROADCAST, RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
# all other non-local packets are dropped
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
# allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above
# is uncommented)
-A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

138
archlive/airootfs/etc/ufw/before6.rules Normal file
View file

@ -0,0 +1,138 @@
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw6-before-input
# ufw6-before-output
# ufw6-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw6-before-input - [0:0]
:ufw6-before-output - [0:0]
:ufw6-before-forward - [0:0]
# End required lines
# allow all on loopback
-A ufw6-before-input -i lo -j ACCEPT
-A ufw6-before-output -o lo -j ACCEPT
# drop packets with RH0 headers
-A ufw6-before-input -m rt --rt-type 0 -j DROP
-A ufw6-before-forward -m rt --rt-type 0 -j DROP
-A ufw6-before-output -m rt --rt-type 0 -j DROP
# quickly process packets for which we already have a connection
-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
# ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2)
-A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
# IND solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
# IND advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
# MLD query
-A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
# MLD report
-A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
# MLD done
-A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
# MLD report v2
-A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
# SEND certificate path solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
# SEND certificate path advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
# MR advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR termination
-A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2)
-A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
-A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
# IND solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT
# IND advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT
# MLD query
-A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT
# MLD report
-A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT
# MLD done
-A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT
# MLD report v2
-A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT
# SEND certificate path solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT
# SEND certificate path advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT
# MR advertisement
-A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR solicitation
-A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# MR termination
-A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT
# ok icmp codes for FORWARD (rfc4890, 4.3.1)
-A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
# codes 0 and 1
-A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
# codes 0-2
-A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT
-A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
# ok icmp codes for FORWARD (rfc4890, 4.3.2)
# Home Agent Address Discovery Reques
-A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT
# Home Agent Address Discovery Reply
-A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT
# Mobile Prefix Solicitation
-A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT
# Mobile Prefix Advertisement
-A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT
# allow dhcp client to work
-A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT
# allow MULTICAST mDNS for service discovery
-A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT
# allow MULTICAST UPnP for service discovery
-A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

57
archlive/airootfs/etc/ufw/sysctl.conf Normal file
View file

@ -0,0 +1,57 @@
#
# Configuration file for setting network variables. Please note these settings
# override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please
# adjust IPT_SYSCTL in /etc/default/ufw.
#
# Uncomment this to allow this host to route packets between interfaces
#net/ipv4/ip_forward=1
#net/ipv6/conf/default/forwarding=1
#net/ipv6/conf/all/forwarding=1
# Turn on Source Address Verification in all interfaces to prevent some
# spoofing attacks
net/ipv4/conf/default/rp_filter=1
net/ipv4/conf/all/rp_filter=1
# Do not accept IP source route packets (we are not a router)
net/ipv4/conf/default/accept_source_route=0
net/ipv4/conf/all/accept_source_route=0
net/ipv6/conf/default/accept_source_route=0
net/ipv6/conf/all/accept_source_route=0
# Disable ICMP redirects. ICMP redirects are rarely used but can be used in
# MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate
# traffic to those sites.
net/ipv4/conf/default/accept_redirects=0
net/ipv4/conf/all/accept_redirects=0
net/ipv6/conf/default/accept_redirects=0
net/ipv6/conf/all/accept_redirects=0
# Ignore bogus ICMP errors
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/icmp_ignore_bogus_error_responses=1
net/ipv4/icmp_echo_ignore_all=0
# Don't log Martian Packets (impossible packets)
net/ipv4/conf/default/log_martians=0
net/ipv4/conf/all/log_martians=0
# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
# (http://lkml.org/lkml/2008/2/5/167)
net/ipv4/tcp_syncookies=0
#net/ipv4/tcp_fin_timeout=30
#net/ipv4/tcp_keepalive_intvl=1800
# normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or
# earlier pf firewall, should set this to 0
net/ipv4/tcp_sack=1
# Uncomment this to turn off ipv6 autoconfiguration
#net/ipv6/conf/default/autoconf=0
#net/ipv6/conf/all/autoconf=0
# Uncomment this to enable ipv6 privacy addressing
#net/ipv6/conf/default/use_tempaddr=2
#net/ipv6/conf/all/use_tempaddr=2

10
archlive/airootfs/etc/ufw/ufw.conf Normal file
View file

@ -0,0 +1,10 @@
# /etc/ufw/ufw.conf
#
# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=yes
# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=low

39
archlive/airootfs/etc/ufw/user.rules Normal file
View file

@ -0,0 +1,39 @@
*filter
:ufw-user-input - [0:0]
:ufw-user-output - [0:0]
:ufw-user-forward - [0:0]
:ufw-before-logging-input - [0:0]
:ufw-before-logging-output - [0:0]
:ufw-before-logging-forward - [0:0]
:ufw-user-logging-input - [0:0]
:ufw-user-logging-output - [0:0]
:ufw-user-logging-forward - [0:0]
:ufw-after-logging-input - [0:0]
:ufw-after-logging-output - [0:0]
:ufw-after-logging-forward - [0:0]
:ufw-logging-deny - [0:0]
:ufw-logging-allow - [0:0]
:ufw-user-limit - [0:0]
:ufw-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp --dport 22 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT
-A ufw-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

39
archlive/airootfs/etc/ufw/user6.rules Normal file
View file

@ -0,0 +1,39 @@
*filter
:ufw6-user-input - [0:0]
:ufw6-user-output - [0:0]
:ufw6-user-forward - [0:0]
:ufw6-before-logging-input - [0:0]
:ufw6-before-logging-output - [0:0]
:ufw6-before-logging-forward - [0:0]
:ufw6-user-logging-input - [0:0]
:ufw6-user-logging-output - [0:0]
:ufw6-user-logging-forward - [0:0]
:ufw6-after-logging-input - [0:0]
:ufw6-after-logging-output - [0:0]
:ufw6-after-logging-forward - [0:0]
:ufw6-logging-deny - [0:0]
:ufw6-logging-allow - [0:0]
:ufw6-user-limit - [0:0]
:ufw6-user-limit-accept - [0:0]
### RULES ###
### tuple ### allow any 22 ::/0 any ::/0 in
-A ufw6-user-input -p tcp --dport 22 -j ACCEPT
-A ufw6-user-input -p udp --dport 22 -j ACCEPT
### END RULES ###
### LOGGING ###
-A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
-A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
### END LOGGING ###
### RATE LIMITING ###
-A ufw6-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw6-user-limit -j REJECT
-A ufw6-user-limit-accept -j ACCEPT
### END RATE LIMITING ###
COMMIT

48
archlive/airootfs/root/customize_airootfs.sh
View file

@ -2,18 +2,23 @@
set -e -u set -e -u
# Locale # Set hostname
echo "wk-arch" > /etc/hostname
echo "127.0.1.1 wk-arch.localdomain wk-arch" >> /etc/hosts
# Set locale
sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
locale-gen locale-gen
# Time Settings # Time Settings
ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
#sed -i 's/#FallbackNTP/NTP/' /etc/systemd/timesyncd.conf sed -i 's/#FallbackNTP/NTP/' /etc/systemd/timesyncd.conf
#timedatectl set-ntp true #timedatectl set-ntp true
# root user settings # root user settings
usermod -s /usr/bin/zsh root usermod -s /usr/bin/zsh root
cp -aT /etc/skel/ /root/ cp -aT /etc/skel/ /root/
rm /root/.zlogin
chmod 700 /root chmod 700 /root
echo "root:Abracadabra" | chpasswd echo "root:Abracadabra" | chpasswd
@ -27,12 +32,16 @@ echo "wktech:Abracadabra" | chpasswd
# Enable sudo for %wheel # Enable sudo for %wheel
echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
# Set pacman mirrorlist # Set mirrorlist. Process:
echo 'Server = http://arch.localmsp.org/arch/$repo/os/$arch' > /etc/pacman.d/mirrorlist ## Replace newlines with ~ to treat as single line
echo 'Server = http://arch.mirrors.ionfish.org/$repo/os/$arch' >> /etc/pacman.d/mirrorlist ## Uncomment all US mirrors
echo 'Server = http://lug.mtu.edu/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist ## Resetore newlines
echo 'Server = http://mirror.rit.edu/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist ## Rank mirrors to only use the top 10 mirrors
echo 'Server = http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist mv -b /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak
tmp_file="$(mktemp)"
tr '\n' '~' < /etc/pacman.d/mirrorlist.bak | sed -r 's/([0-1]\.[0-9], United States)~#/\1~/g' | tr '~' '\n' > "$tmp_file"
rankmirrors -n 10 "$tmp_file" | egrep '^S' > /etc/pacman.d/mirrorlist
rm -v "$tmp_file"
# journald settings (from archiso) # journald settings (from archiso)
sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
@ -42,24 +51,5 @@ sed -i 's/#\(HandleSuspendKey=\)suspend/\1ignore/' /etc/systemd/logind.conf
sed -i 's/#\(HandleHibernateKey=\)hibernate/\1ignore/' /etc/systemd/logind.conf sed -i 's/#\(HandleHibernateKey=\)hibernate/\1ignore/' /etc/systemd/logind.conf
sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf
# DNS Settings #systemctl enable pacman-init.service choose-mirror.service
#echo "nameserver 8.8.8.8" > /etc/resolv.conf systemctl set-default graphical.target
#echo "nameserver 8.8.4.4" >> /etc/resolv.conf
#echo "nameserver 2001:4860:4860::8888" >> /etc/resolv.conf
#echo "nameserver 2001:4860:4860::8844" >> /etc/resolv.conf
#echo "nameserver 208.67.222.222" >> /etc/resolv.conf
#echo "nameserver 208.67.220.220" >> /etc/resolv.conf
#echo "nameserver 2620:0:ccc::2" >> /etc/resolv.conf
#echo "nameserver 2620:0:ccd::2" >> /etc/resolv.conf
# Startup settings
systemctl set-default multi-user.target
#systemctl set-default graphical.target
# archiso cleanup
for file in /etc/systemd/system/{pacman-init.service,etc-pacman.d-gnupg.mount} /etc/systemd/scripts/choose-mirror /etc/udev/rules.d/81-dhcpcd.rules /etc/initcpio; do
if [ -e "$file" ]; then
rm "$file" -R
fi
done

10
archlive/airootfs/usr/local/bin/arch.conf
View file

@ -3,14 +3,14 @@
# Backup options # Backup options
declare -a BACKUP_1=( declare -a BACKUP_1=(
"ServerOne" # Server name "ServerOne" # Server name
"10.0.0.10" # IP "10.0.0.10" # IP
"Backups" # Share name "Backups" # Share name
"backup" # User name "backup" # User name
"Abracadabra" # Password "Abracadabra" # Password
) )
declare -a BACKUP_2=( declare -a BACKUP_2=(
"ServerTwo" # Server name "ServerTwo" # Server name
"10.0.0.11" # IP "10.0.0.11" # IP
"Backups" # Share name "Backups" # Share name
"backup" # User name "backup" # User name
"Abracadabra" # Password "Abracadabra" # Password
@ -31,7 +31,7 @@ declare -a BACKUP_4=(
) )
# Hardware testing options # Hardware testing options
TEST_CPU_LENGTH="7" # Time in minutes to run Prime95 TEST_CPU_LENGTH="7" # Time in minutes to run Prime95
# Network options # Network options
WIFI_SSID="SomeWiFi" # Use the 2.4Ghz network for better compatability WIFI_SSID="SomeWiFi" # Use the 2.4Ghz network for better compatability
@ -39,6 +39,6 @@ WIFI_PASS="Abracadabra"
# Results upload options # Results upload options
SKIP_UPLOAD="False" # Set to "True" to disable all uploads SKIP_UPLOAD="False" # Set to "True" to disable all uploads
DIAG_SERVER="10.0.0.10" # Use the IP and not the server name DIAG_SERVER="10.0.0.10" # Use the IP and not the server name
DIAG_SHARE="/srv/ClientInfo" # Full path to shared folder (relative to the server's root)
DIAG_USER="wkdiag" # User used to connect to the server via SSH DIAG_USER="wkdiag" # User used to connect to the server via SSH
DIAG_DEST="/srv/Diagnostics" # Full path to dest folder (on server)

32
archlive/airootfs/usr/local/bin/connect-to-network
View file

@ -11,20 +11,21 @@ die () {
exit 1 exit 1
} }
function test_connection() {
if ip a | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1]).[0-9]+|192.168).[0-9]+.[0-9]+'; then
return 0
else
return 1
fi
}
# Load settings # Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \ source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else else
source "/usr/local/bin/arch.conf" || \ source "/usr/local/bin/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now"
sleep 1s
echo -n "."
sleep 1s
echo -n "."
sleep 1s
echo "."
fi fi
# Init # Init
@ -32,7 +33,7 @@ WIFI_SSID="${WIFI_SSID}"
WIFI_PASS="${WIFI_PASS}" WIFI_PASS="${WIFI_PASS}"
# Connect to network # Connect to network
if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then if ! test_connection; then
# LAN # LAN
if ! ip l | grep -Eq '[0-9]+: +en'; then if ! ip l | grep -Eq '[0-9]+: +en'; then
## Reload the tg3/broadcom driver (known fix for some Dell systems) ## Reload the tg3/broadcom driver (known fix for some Dell systems)
@ -46,13 +47,18 @@ if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then
# WiFi # WiFi
if ip l | grep -Eq '[0-9]+: +wl'; then if ip l | grep -Eq '[0-9]+: +wl'; then
## Skip if we're already connected (i.e. the code above worked) ## Skip if we're already connected (i.e. the code above worked)
if ! ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+'; then if ! test_connection; then
echo "Attempting to connect to ${WIFI_SSID}..." echo "Attempting to connect to ${WIFI_SSID}..."
netctl start wireless sudo start-wifi
sleep 5s sleep 5s
fi fi
fi fi
fi fi
# Done # Done
exit 0 if test_connection; then
exit 0
else
exit 1
fi

194
archlive/airootfs/usr/local/bin/hw-diags
View file

@ -3,84 +3,128 @@
## WK HW diagnostics - Launcher ## WK HW diagnostics - Launcher
MODE="$1" MODE="$1"
SHOW_MENU="True"
if [[ "$MODE" =~ ^(all|cpu|drives|foh|smart|badblocks)$ ]]; then
SHOW_MENU="False"
fi
# Ensure a proper mode is selected function pause() {
# Pause to review output
echo ""
echo "$1"
read
}
function menu() {
while :; do
if [[ "$SHOW_MENU" == "False" ]]; then
break
else
clear
echo "Hardware Diagnostics"
echo "────────────────────"
echo "0: Quick drive test"
echo "1: All tests"
echo "2: Prime95"
echo "3: SMART & badblocks"
echo "4: SMART"
echo "5: badblocks"
echo "────────────────────"
#if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# echo "6: Graphics Test - FurMark"
# echo "7: Graphics Test - Piano"
# echo "8: Graphics Test - Volplosion"
#fi
echo "A: Speaker Test"
if [[ -n $DISPLAY ]]; then
echo "K: Keyboard Test"
fi
echo "N: Network Test"
echo "────────────────────"
echo "M: Screen Saver - Matrix"
echo "P: Screen Saver - Pipes"
echo "────────────────────"
echo "Q: Quit"
if [[ "$MODE" =~ ^cli$ ]]; then
echo "R: Reboot"
echo "S: Shutdown"
fi
echo ""
read -r -p "Please make a selection: " MODE
# Check input
case $MODE in
0)
MODE=foh
break;;
1)
MODE=all
break;;
2)
MODE=cpu
break;;
3)
MODE=drives
break;;
4)
MODE=smart
break;;
5)
MODE=badblocks
break;;
#6)
# if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# gputest /fullscreen /test=fur
# fi
# ;;
#7)
# if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# gputest /fullscreen /test=pixmark_piano
# fi
# ;;
#8)
# if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
# gputest /fullscreen /test=pixmark_volplosion
# fi
# ;;
a|A|audio|Audio)
clear
hw-diags-audio
pause "Press Enter to return to menu...";;
k|K|keyboard|Keyboard)
if [[ -n $DISPLAY ]]; then
xev
fi
;;
m|M)
cmatrix -abs
reset
clear;;
n|N)
clear
hw-diags-network
pause "Press Enter to return to menu...";;
p|P)
pipes -t 0 -t 1 -t 2 -t 3 -p 5 -R -r 4000
reset
clear;;
q|Q|quit|Quit)
exit 0;;
r|R)
sudo reboot;;
s|S)
sudo poweroff;;
esac
fi
done
}
# Main Loop
while :; do while :; do
if [[ "$MODE" =~ ^(all|cpu|drives|foh|smart|badblocks)$ ]]; then menu
tmux new-session -s 'hw-session' -n 'hw-window' "hw-diags-inner $MODE"
if [[ "$SHOW_MENU" == "False" ]]; then
break break
else
clear
echo "Hardware Diagnostics"
echo "────────────────────"
echo "0: Quick drive test"
echo "1: All tests"
echo "2: Prime95"
echo "3: SMART & badblocks"
echo "4: SMART"
echo "5: badblocks"
echo "────────────────────"
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
echo "6: Graphics Test - FurMark"
echo "7: Graphics Test - Piano"
echo "8: Graphics Test - Volplosion"
fi
echo "A: Speaker Test"
if [[ -n $DISPLAY ]]; then
echo "K: Keyboard Test"
fi
echo "────────────────────"
echo ""
echo "Q: Quit"
echo ""
read -r -p "Please make a selection: " MODE
# Check input
case $MODE in
0)
MODE=foh
break;;
1)
MODE=all
break;;
2)
MODE=cpu
break;;
3)
MODE=drives
break;;
4)
MODE=smart
break;;
5)
MODE=badblocks
break;;
6)
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
gputest /fullscreen /test=fur
fi
;;
7)
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
gputest /fullscreen /test=pixmark_piano
fi
;;
8)
if [[ -n $DISPLAY ]] && [[ $(getconf LONG_BIT) -eq "64" ]]; then
gputest /fullscreen /test=pixmark_volplosion
fi
;;
a|A|audio|Audio)
hw-diags-audio;;
k|K|keyboard|Keyboard)
if [[ -n $DISPLAY ]]; then
xev
fi
;;
q|Q|quit|Quit)
exit 1;;
esac
fi fi
done done
# Start tmux
tmux new-session -s 'hw-session' -n 'hw-window' "hw-diags-inner $MODE"

1
archlive/airootfs/usr/local/bin/hw-diags-audio
View file

@ -9,3 +9,4 @@ amixer -q set "PCM" 90% unmute
speaker-test -c 2 -l 1 -t pink speaker-test -c 2 -l 1 -t pink
# speaker-test -c 2 -l 1 -t sine # speaker-test -c 2 -l 1 -t sine
speaker-test -c 2 -l 1 -t wav speaker-test -c 2 -l 1 -t wav

25
archlive/airootfs/usr/local/bin/hw-diags-inner
View file

@ -10,17 +10,10 @@ die () {
# Load settings # Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \ source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else else
source "/usr/local/bin/arch.conf" || \ source "/usr/local/bin/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now"
sleep 1s
echo -n "."
sleep 1s
echo -n "."
sleep 1s
echo "."
fi fi
# Get TICKET # Get TICKET
@ -48,7 +41,9 @@ done
DIAG_DATE="$(date "+%F_%H%M")" DIAG_DATE="$(date "+%F_%H%M")"
DIAG_SERVER_AVAIL="False" DIAG_SERVER_AVAIL="False"
DIAG_SERVER="${DIAG_SERVER}" DIAG_SERVER="${DIAG_SERVER}"
DIAG_DEST="${DIAG_DEST}/${TICKET}/${DIAG_DATE}" DIAG_SHARE="${DIAG_SHARE}"
DIAG_DEST="${DIAG_SHARE}/${TICKET}"
DIAG_UPLOAD_NAME="HW-Diagnostics_${DIAG_DATE}"
DIAG_USER="${DIAG_USER}" DIAG_USER="${DIAG_USER}"
TMP_DIR="$(mktemp -d)" TMP_DIR="$(mktemp -d)"
ERRORS="False" ERRORS="False"
@ -76,9 +71,10 @@ if [[ "$SKIP_UPLOAD" != "True" ]]; then
connect-to-network connect-to-network
# Test connection to DIAG_SERVER # Test connection to DIAG_SERVER
if ip a | grep -Eq '(192.168|10.[0-9]+).[0-9]+.[0-9]+' && \ if ip a | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1])|192.168).[0-9]+.[0-9]+' && \
ping -c 1 -q $DIAG_SERVER >/dev/null 2>&1; then ping -c 1 -q $DIAG_SERVER >/dev/null 2>&1; then
DIAG_SERVER_AVAIL="True" DIAG_SERVER_AVAIL="True"
ssh-add
ssh $DIAG_USER@$DIAG_SERVER mkdir -p "$DIAG_DEST" ssh $DIAG_USER@$DIAG_SERVER mkdir -p "$DIAG_DEST"
ssh $DIAG_USER@$DIAG_SERVER chmod 755 "$DIAG_DEST" ssh $DIAG_USER@$DIAG_SERVER chmod 755 "$DIAG_DEST"
fi fi
@ -196,7 +192,7 @@ function update_progress {
# Update Server # Update Server
if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then
rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" --exclude '*.out' rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/${DIAG_UPLOAD_NAME}/" --exclude '*.out'
fi fi
} }
@ -497,6 +493,7 @@ if [[ "$TEST_SMART" == "True" ]] || \
echo "" echo ""
done done
fi fi
update_progress
# System info dump # System info dump
sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server|multisession)' > "system_info.txt" sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server|multisession)' > "system_info.txt"
@ -505,11 +502,11 @@ sudo inxi -CDdGlMmNopRsc 0 | grep -Ev '(/dev/ram|No RAID devices|Display Server|
mkdir "$HOME/Tickets/$TICKET" -p 2>/dev/null mkdir "$HOME/Tickets/$TICKET" -p 2>/dev/null
rsync -aS --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "$HOME/Tickets/$TICKET/" rsync -aS --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "$HOME/Tickets/$TICKET/"
popd >/dev/null popd >/dev/null
cd "$HOME/Tickets" && tar czf "${TICKET}.tgz" "$TICKET" cd "$HOME/Tickets" && tar czf "${DIAG_UPLOAD_NAME}.tgz" "$TICKET"
# Update Server # Update Server
if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then if [[ "$DIAG_SERVER_AVAIL" == "True" ]]; then
rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "$TMP_DIR/" "${TICKET}.tgz" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/" --exclude '*.out' rsync -aqz --chmod=Du=rwx,Dgo=rx,Fu=rw,Fgo=r "${DIAG_UPLOAD_NAME}.tgz" $DIAG_USER@$DIAG_SERVER:"$DIAG_DEST/"
fi fi
# End # End

73
archlive/airootfs/usr/local/bin/hw-diags-network Normal file
View file

@ -0,0 +1,73 @@
#!/bin/bash
#
## WK HW diagnostics - Network
function test_connection() {
cmd="a"
if [[ -e "/sys/class/net/$1" ]]; then
cmd="a show $1"
fi
if ip $cmd | grep -Eq '(10.[0-9]+|172.(1[6-9]|2[0-9]|3[0-1]).[0-9]+|192.168).[0-9]+.[0-9]+'; then
return 0
else
return 1
fi
}
CLEAR="\e[0m"
RED="\e[31m"
GREEN="\e[32m"
YELLOW="\e[33m"
BLUE="\e[34m"
# Header
echo "WK HW Diagnostics - Network"
echo ""
# Start Wifi if necessary
echo "Initializing..."
connect-to-network >/dev/null 2>&1
# Check network connection
echo -n "Network connection: "
if test_connection; then
echo -e "${GREEN}OK${CLEAR}"
else
echo -e "${RED}No access${CLEAR}"
exit 1
fi
# Check IP addresses
for d in /sys/class/net/*; do
device="$(basename $d)"
if [ "$device" != "lo" ]; then
if test_connection $device; then
ip="$(ip a show $device | egrep 'inet [0-9]' | sed -r 's#.*inet (.*?/[0-9]+).*#\1#')"
echo "$device: $ip" | awk '{printf " %-16s %s\n", $1, $2}'
fi
fi
done
# Check internet connection
echo -n "Internet connection: "
if ping -c 2 -q 8.8.8.8 >/dev/null 2>&1; then
echo -e "${GREEN}OK${CLEAR}"
else
echo -e "${RED}No access${CLEAR}"
exit 1
fi
# Check DNS
echo -n "DNS Resolution: "
if ping -c 2 -q google.com >/dev/null 2>&1; then
echo -e "${GREEN}OK${CLEAR}"
else
echo -e "${RED}Unable to resolve google.com${CLEAR}"
exit 1
fi
# Check speed
echo "Speedtest:"
speedtest-cli --simple | awk '{printf " %-16s %6.2f %s\n", $1, $2, $3}'

8
archlive/airootfs/usr/local/bin/mount-all-volumes
View file

@ -8,6 +8,8 @@ dd bs=1K count=64 if=/dev/zero of="$TMP_FILE" >/dev/null 2>&1
mkfs.msdos "$TMP_FILE" >/dev/null 2>&1 mkfs.msdos "$TMP_FILE" >/dev/null 2>&1
udevil mount -o ro "$TMP_FILE" >/dev/null 2>&1 udevil mount -o ro "$TMP_FILE" >/dev/null 2>&1
udevil umount "$TMP_FILE" >/dev/null 2>&1 udevil umount "$TMP_FILE" >/dev/null 2>&1
sleep 1s
rmdir /media/wktech >/dev/null 2>&1
# Mount all volumes # Mount all volumes
echo "Mounting all volumes" echo "Mounting all volumes"
@ -15,12 +17,12 @@ regex="/dev/((h|s)d[a-z]|md)[0-9]+"
for volume in $(inxi -Dopxx | grep -E "$regex" | sed -r "s#.*($regex).*#\1#" | sort); do for volume in $(inxi -Dopxx | grep -E "$regex" | sed -r "s#.*($regex).*#\1#" | sort); do
if grep -q "$volume" /proc/mounts; then if grep -q "$volume" /proc/mounts; then
if ! mount | grep "/run/archiso/bootmnt" | grep -q "$volume"; then if ! mount | grep "/run/archiso/bootmnt" | grep -q "$volume"; then
# Show what's already mounted except the ARCH_WK boot device # Show what's already mounted except the WK_ARCH boot device
echo "$volume: (Already) mounted at $(mount | grep "$volume" | awk '{print $3}') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))" echo "$volume: (Already) mounted $(mount | grep "$volume" | sed -r 's/^\S+ (on.*) type .*/\1/') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))"
fi fi
else else
if udevil mount -o ro $volume >/dev/null 2>&1; then if udevil mount -o ro $volume >/dev/null 2>&1; then
echo "$volume: Mounted at $(mount | grep "$volume" | awk '{print $3}') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))" echo "$volume: Mounted $(mount | grep "$volume" | sed -r 's/^\S+ (on.*) type .*/\1/') ($(df -h "$volume" | tail -1 | awk '{print $3, $4}' | sed -r 's/(K|M|G|T|) (.*[0-9])(K|M|G|T|)$/ \1b used, \2 \3b free/'))"
else else
echo "$volume: Failed to mount" echo "$volume: Failed to mount"
fi fi

11
archlive/airootfs/usr/local/bin/mount-backup-shares
View file

@ -10,17 +10,10 @@ die () {
# Load settings # Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \ source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else else
source "/usr/local/bin/arch.conf" || \ source "/usr/local/bin/arch.conf" || \
die "ERROR: ARCH_WK media may be damaged. Please reboot or try another UFD" die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
echo -n "ERROR: Settings file on ARCH_WK media missing. Using build version for now"
sleep 1s
echo -n "."
sleep 1s
echo -n "."
sleep 1s
echo "."
fi fi
# Connect to a network # Connect to a network

55
archlive/airootfs/usr/local/bin/start-wifi Normal file
View file

@ -0,0 +1,55 @@
#!/bin/bash
#
## Creates network configs for all WLAN adapters
die () {
echo "$0:" "$@" >&2
exit 1
}
# Load settings
if [[ -f "/run/archiso/bootmnt/config/arch.conf" ]]; then
source "/run/archiso/bootmnt/config/arch.conf" || \
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
else
source "/usr/local/bin/arch.conf" || \
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
# Init
WIFI_SSID="${WIFI_SSID}"
WIFI_PASS="${WIFI_PASS}"
metric_value=20
# Add WLAN cards to config
for d in /sys/class/net/wl*; do
device="$(basename $d)"
# Create networkd entry
echo "[Match]" > /etc/systemd/network/$device.network
echo "Name=$device" >> /etc/systemd/network/$device.network
echo "" >> /etc/systemd/network/$device.network
echo "[Network]" >> /etc/systemd/network/$device.network
echo "DHCP=yes" >> /etc/systemd/network/$device.network
echo "" >> /etc/systemd/network/$device.network
echo "[DHCP]" >> /etc/systemd/network/$device.network
echo "RouteMetric=$metric_value" >> /etc/systemd/network/$device.network
metric_value=$((metric_value+1))
# Create wpa_supplicant entry
if [[ -f "/run/archiso/bootmnt/config/wifi.conf" ]]; then
cp -f "/run/archiso/bootmnt/config/wifi.conf" "/etc/wpa_supplicant/wpa_supplicant-$device.conf"
elif [[ -f "/usr/local/bin/arch.conf" ]]; then
cp -f "/usr/local/bin/arch.conf" "/etc/wpa_supplicant/wpa_supplicant-$device.conf"
else
die "ERROR: WK_ARCH media may be damaged. Please reboot or try another UFD"
fi
done
# Enable WLAN devices
systemctl restart systemd-networkd.service
for d in /sys/class/net/wl*; do
device="$(basename $d)"
systemctl start wpa_supplicant@$device.service
done

4
archlive/airootfs/usr/share/applications/Hardware Diagnostics.desktop
View file

@ -2,8 +2,8 @@
Version=1.0 Version=1.0
Type=Application Type=Application
Name=Hardware Diagnostics Name=Hardware Diagnostics
Comment= Comment=Hardware Diagnostics
Exec=urxvt -title "Hardware Diagnostics" -hold -e hw-diags Exec=urxvt -title "Hardware Diagnostics" -e hw-diags
Icon=xcos Icon=xcos
Path= Path=
Terminal=false Terminal=false

2
archlive/airootfs/usr/share/applications/Hardware Information.desktop
View file

@ -2,7 +2,7 @@
Version=1.0 Version=1.0
Type=Application Type=Application
Name=Hardware Information Name=Hardware Information
Comment= Comment=Hardware Information
Exec=hardinfo Exec=hardinfo
Icon=hardinfo Icon=hardinfo
Path= Path=

10
archlive/airootfs/usr/share/applications/NetworkTest.desktop Normal file
View file

@ -0,0 +1,10 @@
[Desktop Entry]
Version=1.0
Type=Application
Name=NetworkTest
Comment=Diagnose network connectivity
Exec=urxvt -title "Network Diagnostics" -hold -e hw-diags-network
Icon=network-workgroup
Path=
Terminal=false
StartupNotify=false

40
archlive/packages.both
View file

@ -1,14 +1,17 @@
arch-install-scripts
aic94xx-firmware aic94xx-firmware
alsa-utils alsa-utils
antiword antiword
arc-icon-theme-git arc-icon-theme-git
b43-firmware arch-install-scripts
b43-fwcutter
bash-pipes
bc
btrfs-progs btrfs-progs
chntpw chntpw
clonezilla cmatrix
colordiff colordiff
conky conky
cower
crda crda
curl curl
darkhttpd darkhttpd
@ -21,35 +24,35 @@ dnsmasq
dnsutils dnsutils
dos2unix dos2unix
dosfstools dosfstools
e2fsprogs
elinks elinks
ethtool ethtool
exfat-utils exfat-utils
f2fs-tools f2fs-tools
ffmpeg ffmpeg
fsarchiver fsarchiver
gcc-libs
gnome-keyring gnome-keyring
gnu-netcat gnu-netcat
gparted gparted
gptfdisk gptfdisk
grub grub
gsmartcontrol gsmartcontrol
gtk-engine-murrine
gtk-theme-arc-git gtk-theme-arc-git
hardinfo hardinfo
hdparm hdparm
hexedit hexedit
hfsprogs hfsprogs
htop htop
ifplugd
inxi inxi
ipw2100-fw ipw2100-fw
ipw2200-fw ipw2200-fw
iw irssi
ldns ldns
lftp lftp
libewf libewf
librsvg libinput
lightdm
lightdm-gtk-greeter
linux-atm linux-atm
linux-firmware linux-firmware
lm_sensors lm_sensors
@ -57,9 +60,8 @@ lsscsi
mc mc
mdadm mdadm
mediainfo mediainfo
mesa
mesa-demos mesa-demos
midori-gtk2 midori
mkvtoolnix-cli mkvtoolnix-cli
mprime-bin mprime-bin
mpv mpv
@ -76,16 +78,17 @@ ntp
numix-circle-icon-theme-git numix-circle-icon-theme-git
openconnect openconnect
openssh openssh
openvpn
p7zip p7zip
partclone partclone
parted parted
partimage partimage
ppp ppp
pptpclient pptpclient
pygtk
python2
refind-efi refind-efi
reiserfsprogs
rfkill rfkill
rng-tools
rp-pppoe rp-pppoe
rsync rsync
rxvt-unicode rxvt-unicode
@ -100,23 +103,28 @@ terminus-font
testdisk-wip testdisk-wip
tk tk
tmux tmux
truecrypt tree
ttf-inconsolata ttf-inconsolata
udevil udevil
udisks2 udisks2
ufw
unzip unzip
usb_modeswitch usb_modeswitch
veracrypt
vim vim
virtualbox-guest-modules-arch
virtualbox-guest-utils-nox
vpnc vpnc
wd719x-firmware wd719x-firmware
wget wget
wimlib wimlib
wireless_tools wireless_tools
wpa_supplicant wpa_actiond
wvdial wvdial
xf86-input-synaptics xf86-input-libinput
xf86-video-amdgpu xf86-video-amdgpu
xf86-video-ati xf86-video-ati
xf86-video-fbdev
xf86-video-intel xf86-video-intel
xf86-video-nouveau xf86-video-nouveau
xf86-video-vesa xf86-video-vesa
@ -127,6 +135,6 @@ xorg-server
xorg-server-utils xorg-server-utils
xorg-xdpyinfo xorg-xdpyinfo
xorg-xev xorg-xev
xorg-xinit xorg-xinput
zd1211-firmware zd1211-firmware
zsh zsh

1
archlive/packages.x86_64
View file

@ -1,2 +1 @@
broadcom-wl broadcom-wl
gputest

8
archlive/pacman.conf
View file

@ -71,7 +71,7 @@ LocalFileSigLevel = Optional
[customrepo] [customrepo]
SigLevel = Optional TrustAll SigLevel = Optional TrustAll
Server = file:///root/WK-Arch/custom-repo/$arch Server = file:///root/wk-arch/custom-repo/$arch
#[testing] #[testing]
#Include = /etc/pacman.d/mirrorlist #Include = /etc/pacman.d/mirrorlist
@ -88,3 +88,9 @@ Include = /etc/pacman.d/mirrorlist
[community] [community]
Include = /etc/pacman.d/mirrorlist Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

28
build-wk
View file

@ -1,13 +1,31 @@
#!/bin/bash #!/bin/bash
# Set Vars # Set Vars
TMP_DIR="$(pwd)/wk_tmp" LOG_DIR="/$HOME/ArchBuilds/BuildLogs"
OUT_DIR="$TMP_DIR/out" OUT_DIR="/$HOME/ArchBuilds"
TMP_DIR="/$HOME/TMP_WK_ARCH"
DATE="$(date +%F)"
DATETIME="$(date +%F_%H%M)"
# Ensure that we're running with root privileges
if [[ "$EUID" -ne 0 ]]; then
echo "Please run with root permissions (i.e. sudo $0)"
exit
fi
# Set permissions
echo "Setting permissions..."
chown root.root archlive -R
# Build ISO # Build ISO
mkdir $TMP_DIR mkdir $LOG_DIR
mkdir $OUT_DIR mkdir $OUT_DIR
./archlive/build.sh -N "arch-wk" -V "$(date +%F)" -L "ARCH_WK" -w "$TMP_DIR" -o "$OUT_DIR" -v mkdir $TMP_DIR
./archlive/build.sh -N "wk-arch" -V "$DATE" -L "WK_ARCH" -w "$TMP_DIR" -o "$OUT_DIR" -v | tee -a "$LOG_DIR/$DATETIME.log"
# Cleanup # Cleanup
mv --backup=t -v "$OUT_DIR"/*iso "$HOME/" && rm "$TMP_DIR" -Rf echo "Removing temp files..."
rm "$TMP_DIR" -Rf | tee -a "$LOG_DIR/$DATETIME.log"
echo "Reverting permissions..."
chown builduser.builduser archlive -R