setup: add ssh-server, docker, podman, cockpit optional modules; add less to pacstrap

- New optional modules: ssh-server (openssh, key auth hardened), docker (+ compose, docker group), podman (rootless, buildah, skopeo, lingering), cockpit (+ cockpit-machines, cockpit-podman, cockpit-navigator via AUR) - openssh added to archiso packages.extra for live-env SSH access - less added to pacstrap base install - tui-install.sh wired up for all four new modules (checklist, count, summary, run); dialog dimensions bumped to fit 17 items Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-12 15:54:13 +02:00 · 2026-05-12 15:54:13 +02:00 · 562704139b
parent ca792049f0
commit 562704139b
7 changed files with 64 additions and 2 deletions
--- a/setup/archbaseos-guided-install.sh
+++ b/setup/archbaseos-guided-install.sh
@ -131,7 +131,7 @@ read -rp "Enable FIDO2 for user login? (YES/NO): " ENABLE_FIDO_USER

 pacstrap /mnt \
    base base-devel "$KERNEL" linux-firmware vim zsh git networkmanager grub efibootmgr \
-    btrfs-progs cryptsetup libfido2 pam-u2f sudo "$GPU_PKGS"
+    btrfs-progs cryptsetup libfido2 pam-u2f sudo less "$GPU_PKGS"

 genfstab -U /mnt >> /mnt/etc/fstab

--- a/setup/archiso/overlay/packages.extra
+++ b/setup/archiso/overlay/packages.extra
@ -4,3 +4,4 @@ jq
 pam-u2f
 btop
 fastfetch
+openssh
--- a/setup/modules/optional-Modules/apps/cockpit.sh
+++ b/setup/modules/optional-Modules/apps/cockpit.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+set -euo pipefail
+
+# Core + official-repo plugins
+sudo pacman -S --noconfirm --needed \
+    cockpit \
+    cockpit-pcp \
+    pcp
+
+# AUR plugins: machines (VMs), podman containers, file navigator
+yay -S --answerdiff None --answerclean All --noconfirm \
+    cockpit-machines \
+    cockpit-podman \
+    cockpit-navigator
+
+sudo systemctl enable cockpit.socket
+echo "Cockpit enabled. Web UI available at https://localhost:9090"
--- a/setup/modules/optional-Modules/apps/docker.sh
+++ b/setup/modules/optional-Modules/apps/docker.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+
+sudo pacman -S --noconfirm --needed docker docker-compose
+sudo systemctl enable docker.service
+sudo usermod -aG docker "$USER"
+echo "Docker installed. Log out and back in for group membership to take effect."
--- a/setup/modules/optional-Modules/apps/podman.sh
+++ b/setup/modules/optional-Modules/apps/podman.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+
+sudo pacman -S --noconfirm --needed podman podman-compose buildah skopeo
+# Enable lingering so rootless containers survive logout
+loginctl enable-linger "$USER"
+echo "Podman installed (rootless, no daemon). User lingering enabled."
--- a/setup/modules/optional-Modules/apps/ssh-server.sh
+++ b/setup/modules/optional-Modules/apps/ssh-server.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+set -euo pipefail
+
+sudo pacman -S --noconfirm --needed openssh
+
+# Harden defaults: disable root login, enforce key auth only
+SSHD_CONF=/etc/ssh/sshd_config
+sudo sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/'        "$SSHD_CONF"
+sudo sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' "$SSHD_CONF"
+sudo sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/'    "$SSHD_CONF"
+
+sudo systemctl enable sshd.service
+echo "SSH server installed and enabled (key auth only, root login disabled)."
+echo "Add your public key to ~/.ssh/authorized_keys before first use."
--- a/setup/tui-install.sh
+++ b/setup/tui-install.sh
@ -103,6 +103,10 @@ count_steps() {
    [[ "$a" == *"onlyoffice"*   ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$a" == *"wireshark"*    ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$a" == *"k8s"*          ]] && TOTAL=$(( TOTAL + 1 ))
+    [[ "$a" == *"docker"*       ]] && TOTAL=$(( TOTAL + 1 ))
+    [[ "$a" == *"podman"*       ]] && TOTAL=$(( TOTAL + 1 ))
+    [[ "$a" == *"cockpit"*      ]] && TOTAL=$(( TOTAL + 1 ))
+    [[ "$a" == *"ssh-server"*   ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$a" == *"python"*       ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$a" == *"zfs"*          ]] && TOTAL=$(( TOTAL + 1 ))
    [[ "$a" == *"wprs"*         ]] && TOTAL=$(( TOTAL + 1 ))
@ -156,7 +160,7 @@ fi
 # ── Apps selection ────────────────────────────────────────────────────────────
 SELECTED_APPS=$(dialog --backtitle "$BACKTITLE" \
    --title " Applications " \
-    --checklist "Optional applications — installed after base components:" 28 72 14 \
+    --checklist "Optional applications — installed after base components:" 32 72 17 \
    "steam"        "Steam              gaming platform"                off \
    "vesktop"      "Vesktop            Discord + Vencord theme"        off \
    "spotify"      "Spotify            launcher + Spicetify theming"   off \
@ -166,6 +170,10 @@ SELECTED_APPS=$(dialog --backtitle "$BACKTITLE" \
    "onlyoffice"   "OnlyOffice         office suite (AUR)"             off \
    "wireshark"    "Wireshark          network packet analyser"        off \
    "k8s"          "Kubernetes tools   kubectl · podman-desktop"       off \
+    "docker"       "Docker             docker · docker-compose"        off \
+    "podman"       "Podman             rootless containers · buildah"  off \
+    "cockpit"      "Cockpit            web UI · machines · podman"     off \
+    "ssh-server"   "SSH server         openssh · key-auth · enabled"   off \
    "python"       "Python tools       pyright · pipx · pynvim"        off \
    "zfs"          "ZFS                zfs-dkms kernel module"         off \
    "wprs"         "WPRS               wprs-git (AUR)"                 off \
@ -190,6 +198,10 @@ if [[ -n "$SELECTED_APPS" ]]; then
    [[ "$SELECTED_APPS" == *"onlyoffice"*   ]] && SUMMARY+="  ✦ OnlyOffice\n"
    [[ "$SELECTED_APPS" == *"wireshark"*    ]] && SUMMARY+="  ✦ Wireshark\n"
    [[ "$SELECTED_APPS" == *"k8s"*          ]] && SUMMARY+="  ✦ Kubernetes tools\n"
+    [[ "$SELECTED_APPS" == *"docker"*       ]] && SUMMARY+="  ✦ Docker + Compose\n"
+    [[ "$SELECTED_APPS" == *"podman"*       ]] && SUMMARY+="  ✦ Podman (rootless) + Buildah\n"
+    [[ "$SELECTED_APPS" == *"cockpit"*      ]] && SUMMARY+="  ✦ Cockpit web UI\n"
+    [[ "$SELECTED_APPS" == *"ssh-server"*   ]] && SUMMARY+="  ✦ SSH server (openssh, key auth)\n"
    [[ "$SELECTED_APPS" == *"python"*       ]] && SUMMARY+="  ✦ Python tools\n"
    [[ "$SELECTED_APPS" == *"zfs"*          ]] && SUMMARY+="  ✦ ZFS\n"
    [[ "$SELECTED_APPS" == *"wprs"*         ]] && SUMMARY+="  ✦ WPRS\n"
@ -225,6 +237,10 @@ fi
 [[ "$SELECTED_APPS" == *"onlyoffice"*   ]] && run_module "OnlyOffice"       "$APPS/onlyoffice.sh"
 [[ "$SELECTED_APPS" == *"wireshark"*    ]] && run_module "Wireshark"        "$APPS/wireshark.sh"
 [[ "$SELECTED_APPS" == *"k8s"*          ]] && run_module "Kubernetes Tools" "$APPS/k8s.sh"
+[[ "$SELECTED_APPS" == *"docker"*       ]] && run_module "Docker"           "$APPS/docker.sh"
+[[ "$SELECTED_APPS" == *"podman"*       ]] && run_module "Podman"           "$APPS/podman.sh"
+[[ "$SELECTED_APPS" == *"cockpit"*      ]] && run_module "Cockpit"          "$APPS/cockpit.sh"
+[[ "$SELECTED_APPS" == *"ssh-server"*   ]] && run_module "SSH Server"       "$APPS/ssh-server.sh"
 [[ "$SELECTED_APPS" == *"python"*       ]] && run_module "Python Tools"     "$MODULES/optional-Modules/python.sh"
 [[ "$SELECTED_APPS" == *"zfs"*          ]] && run_module "ZFS"              "$MODULES/optional-Modules/zfs.sh"
 [[ "$SELECTED_APPS" == *"wprs"*         ]] && run_module "WPRS"             "$MODULES/optional-Modules/wprs.sh"