From 562704139b3ef81320b85eb0f376f93966dc6ce8 Mon Sep 17 00:00:00 2001 From: The_miro Date: Tue, 12 May 2026 15:54:13 +0200 Subject: [PATCH] setup: add ssh-server, docker, podman, cockpit optional modules; add less to pacstrap - New optional modules: ssh-server (openssh, key auth hardened), docker (+ compose, docker group), podman (rootless, buildah, skopeo, lingering), cockpit (+ cockpit-machines, cockpit-podman, cockpit-navigator via AUR) - openssh added to archiso packages.extra for live-env SSH access - less added to pacstrap base install - tui-install.sh wired up for all four new modules (checklist, count, summary, run); dialog dimensions bumped to fit 17 items Co-Authored-By: Claude Sonnet 4.6 --- setup/archbaseos-guided-install.sh | 2 +- setup/archiso/overlay/packages.extra | 1 + setup/modules/optional-Modules/apps/cockpit.sh | 17 +++++++++++++++++ setup/modules/optional-Modules/apps/docker.sh | 7 +++++++ setup/modules/optional-Modules/apps/podman.sh | 7 +++++++ .../optional-Modules/apps/ssh-server.sh | 14 ++++++++++++++ setup/tui-install.sh | 18 +++++++++++++++++- 7 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 setup/modules/optional-Modules/apps/cockpit.sh create mode 100644 setup/modules/optional-Modules/apps/docker.sh create mode 100644 setup/modules/optional-Modules/apps/podman.sh create mode 100644 setup/modules/optional-Modules/apps/ssh-server.sh diff --git a/setup/archbaseos-guided-install.sh b/setup/archbaseos-guided-install.sh index b12ea4f..e8cb1e8 100755 --- a/setup/archbaseos-guided-install.sh +++ b/setup/archbaseos-guided-install.sh @@ -131,7 +131,7 @@ read -rp "Enable FIDO2 for user login? (YES/NO): " ENABLE_FIDO_USER pacstrap /mnt \ base base-devel "$KERNEL" linux-firmware vim zsh git networkmanager grub efibootmgr \ - btrfs-progs cryptsetup libfido2 pam-u2f sudo "$GPU_PKGS" + btrfs-progs cryptsetup libfido2 pam-u2f sudo less "$GPU_PKGS" genfstab -U /mnt >> /mnt/etc/fstab diff --git a/setup/archiso/overlay/packages.extra b/setup/archiso/overlay/packages.extra index bad3ace..e803fa6 100644 --- a/setup/archiso/overlay/packages.extra +++ b/setup/archiso/overlay/packages.extra @@ -4,3 +4,4 @@ jq pam-u2f btop fastfetch +openssh diff --git a/setup/modules/optional-Modules/apps/cockpit.sh b/setup/modules/optional-Modules/apps/cockpit.sh new file mode 100644 index 0000000..cda70e5 --- /dev/null +++ b/setup/modules/optional-Modules/apps/cockpit.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -euo pipefail + +# Core + official-repo plugins +sudo pacman -S --noconfirm --needed \ + cockpit \ + cockpit-pcp \ + pcp + +# AUR plugins: machines (VMs), podman containers, file navigator +yay -S --answerdiff None --answerclean All --noconfirm \ + cockpit-machines \ + cockpit-podman \ + cockpit-navigator + +sudo systemctl enable cockpit.socket +echo "Cockpit enabled. Web UI available at https://localhost:9090" diff --git a/setup/modules/optional-Modules/apps/docker.sh b/setup/modules/optional-Modules/apps/docker.sh new file mode 100644 index 0000000..571c316 --- /dev/null +++ b/setup/modules/optional-Modules/apps/docker.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -euo pipefail + +sudo pacman -S --noconfirm --needed docker docker-compose +sudo systemctl enable docker.service +sudo usermod -aG docker "$USER" +echo "Docker installed. Log out and back in for group membership to take effect." diff --git a/setup/modules/optional-Modules/apps/podman.sh b/setup/modules/optional-Modules/apps/podman.sh new file mode 100644 index 0000000..418f76f --- /dev/null +++ b/setup/modules/optional-Modules/apps/podman.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -euo pipefail + +sudo pacman -S --noconfirm --needed podman podman-compose buildah skopeo +# Enable lingering so rootless containers survive logout +loginctl enable-linger "$USER" +echo "Podman installed (rootless, no daemon). User lingering enabled." diff --git a/setup/modules/optional-Modules/apps/ssh-server.sh b/setup/modules/optional-Modules/apps/ssh-server.sh new file mode 100644 index 0000000..45f6019 --- /dev/null +++ b/setup/modules/optional-Modules/apps/ssh-server.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -euo pipefail + +sudo pacman -S --noconfirm --needed openssh + +# Harden defaults: disable root login, enforce key auth only +SSHD_CONF=/etc/ssh/sshd_config +sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' "$SSHD_CONF" +sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONF" +sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' "$SSHD_CONF" + +sudo systemctl enable sshd.service +echo "SSH server installed and enabled (key auth only, root login disabled)." +echo "Add your public key to ~/.ssh/authorized_keys before first use." diff --git a/setup/tui-install.sh b/setup/tui-install.sh index 719952c..e2d32d5 100755 --- a/setup/tui-install.sh +++ b/setup/tui-install.sh @@ -103,6 +103,10 @@ count_steps() { [[ "$a" == *"onlyoffice"* ]] && TOTAL=$(( TOTAL + 1 )) [[ "$a" == *"wireshark"* ]] && TOTAL=$(( TOTAL + 1 )) [[ "$a" == *"k8s"* ]] && TOTAL=$(( TOTAL + 1 )) + [[ "$a" == *"docker"* ]] && TOTAL=$(( TOTAL + 1 )) + [[ "$a" == *"podman"* ]] && TOTAL=$(( TOTAL + 1 )) + [[ "$a" == *"cockpit"* ]] && TOTAL=$(( TOTAL + 1 )) + [[ "$a" == *"ssh-server"* ]] && TOTAL=$(( TOTAL + 1 )) [[ "$a" == *"python"* ]] && TOTAL=$(( TOTAL + 1 )) [[ "$a" == *"zfs"* ]] && TOTAL=$(( TOTAL + 1 )) [[ "$a" == *"wprs"* ]] && TOTAL=$(( TOTAL + 1 )) @@ -156,7 +160,7 @@ fi # ── Apps selection ──────────────────────────────────────────────────────────── SELECTED_APPS=$(dialog --backtitle "$BACKTITLE" \ --title " Applications " \ - --checklist "Optional applications — installed after base components:" 28 72 14 \ + --checklist "Optional applications — installed after base components:" 32 72 17 \ "steam" "Steam gaming platform" off \ "vesktop" "Vesktop Discord + Vencord theme" off \ "spotify" "Spotify launcher + Spicetify theming" off \ @@ -166,6 +170,10 @@ SELECTED_APPS=$(dialog --backtitle "$BACKTITLE" \ "onlyoffice" "OnlyOffice office suite (AUR)" off \ "wireshark" "Wireshark network packet analyser" off \ "k8s" "Kubernetes tools kubectl · podman-desktop" off \ + "docker" "Docker docker · docker-compose" off \ + "podman" "Podman rootless containers · buildah" off \ + "cockpit" "Cockpit web UI · machines · podman" off \ + "ssh-server" "SSH server openssh · key-auth · enabled" off \ "python" "Python tools pyright · pipx · pynvim" off \ "zfs" "ZFS zfs-dkms kernel module" off \ "wprs" "WPRS wprs-git (AUR)" off \ @@ -190,6 +198,10 @@ if [[ -n "$SELECTED_APPS" ]]; then [[ "$SELECTED_APPS" == *"onlyoffice"* ]] && SUMMARY+=" ✦ OnlyOffice\n" [[ "$SELECTED_APPS" == *"wireshark"* ]] && SUMMARY+=" ✦ Wireshark\n" [[ "$SELECTED_APPS" == *"k8s"* ]] && SUMMARY+=" ✦ Kubernetes tools\n" + [[ "$SELECTED_APPS" == *"docker"* ]] && SUMMARY+=" ✦ Docker + Compose\n" + [[ "$SELECTED_APPS" == *"podman"* ]] && SUMMARY+=" ✦ Podman (rootless) + Buildah\n" + [[ "$SELECTED_APPS" == *"cockpit"* ]] && SUMMARY+=" ✦ Cockpit web UI\n" + [[ "$SELECTED_APPS" == *"ssh-server"* ]] && SUMMARY+=" ✦ SSH server (openssh, key auth)\n" [[ "$SELECTED_APPS" == *"python"* ]] && SUMMARY+=" ✦ Python tools\n" [[ "$SELECTED_APPS" == *"zfs"* ]] && SUMMARY+=" ✦ ZFS\n" [[ "$SELECTED_APPS" == *"wprs"* ]] && SUMMARY+=" ✦ WPRS\n" @@ -225,6 +237,10 @@ fi [[ "$SELECTED_APPS" == *"onlyoffice"* ]] && run_module "OnlyOffice" "$APPS/onlyoffice.sh" [[ "$SELECTED_APPS" == *"wireshark"* ]] && run_module "Wireshark" "$APPS/wireshark.sh" [[ "$SELECTED_APPS" == *"k8s"* ]] && run_module "Kubernetes Tools" "$APPS/k8s.sh" +[[ "$SELECTED_APPS" == *"docker"* ]] && run_module "Docker" "$APPS/docker.sh" +[[ "$SELECTED_APPS" == *"podman"* ]] && run_module "Podman" "$APPS/podman.sh" +[[ "$SELECTED_APPS" == *"cockpit"* ]] && run_module "Cockpit" "$APPS/cockpit.sh" +[[ "$SELECTED_APPS" == *"ssh-server"* ]] && run_module "SSH Server" "$APPS/ssh-server.sh" [[ "$SELECTED_APPS" == *"python"* ]] && run_module "Python Tools" "$MODULES/optional-Modules/python.sh" [[ "$SELECTED_APPS" == *"zfs"* ]] && run_module "ZFS" "$MODULES/optional-Modules/zfs.sh" [[ "$SELECTED_APPS" == *"wprs"* ]] && run_module "WPRS" "$MODULES/optional-Modules/wprs.sh"