#2 — Word-boundary match for all module patterns
Generator now pads SELECTED_APPS with spaces and uses *" id "* in
counters, summary, and dispatch, matching the conflict fix from #1.
plymouth-custom no longer false-triggers any plymouth check.
#3 — Guided installer now runs tui-install.sh
archbaseos-guided-install.sh was calling simple-install.sh; both
paths now use the full TUI (sentinel-managed, modules.conf-driven).
#4 — EFI/boot partition size unified at 10 GiB
arch-autoinstall.sh was 15 GiB, archbaseos-guided-install.sh was
5 GiB. Both now use 10 GiB.
#5 — Interactive retry for dotfiles clone (guided installer)
Clone moved outside the chroot heredoc so read() reaches the terminal.
Loops until success or the user skips; AF_MODE warns and continues.
#6 — PAM target unified on system-local-login
archbaseos-guided-install.sh was writing to system-auth (affects
sudo). Both installers now target system-local-login only.
#7 — Redundant second clone removed from autoinstaller
arch-autoinstall.sh had a second git clone inside the chroot as a
fallback that collided with the skel copy and printed a spurious
warning. Removed; skel-only approach matches the guided installer
(last updated). Also removed the individual .zshrc/.bashrc/.vimrc
cp block; aligned to the guided installer's cleaner skel structure.
#8 — Docs: remove stale plymouth core-module section
docs/md/modules.md still described plymouth under Core Modules.
Section removed; plymouth appears in Optional Applications (system
category) via the generated sentinel.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both plymouth and plymouth-custom are now optional — neither is strictly
required, so removing plymouth from the core COMPONENTS checklist and
treating it identically to plymouth-custom.
- Remove plymouth from COMPONENTS checklist, counter, summary, and dispatch
- Add plymouth back to modules.conf (default=on, excludes=plymouth-custom)
- Regenerate all sentinel regions; plymouth now appears in optional apps
checklist/summary/conflicts/dispatch alongside plymouth-custom
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
plymouth is a core component (COMPONENTS checklist), not an optional app.
Moving plymouth.sh to apps/ left the core dispatch pointing at the deleted
path; also incorrectly added it to modules.conf, duplicating it in the
optional apps checklist.
- Fix core dispatch: $MODULES/optional-Modules/plymouth.sh → $APPS/plymouth.sh
- Remove plymouth from modules.conf (plymouth-custom remains as optional app)
- Regenerate all sentinel regions; conflict block now only has plymouth-custom
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
apps/ is for modules that install software during setup. freeipa-image is
support tooling for the ansipa controller, run manually before installation,
so it has no place in the TUI module picker.
- git mv optional-Modules/plymouth.sh → apps/plymouth.sh
- git mv apps/freeipa-image.sh → setup/tools/freeipa-image.sh
- modules.conf: add plymouth (default=on, excludes=plymouth-custom); remove freeipa-image
- generate-modules.sh: regenerate all sentinel regions (81 → 81 active modules,
freeipa-image dropped from checklist/summary/dispatch, plymouth added with on default,
conflict block gains plymouth ↔ plymouth-custom pair)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs io.github.suchnsuch.Tangent via Flatpak with cyberqueer theme
applied. Registered in TUI installer, answerfile generator, and docs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs md.obsidian.Obsidian via Flatpak with cyberqueer theme applied.
Registered in TUI installer, answerfile generator, and docs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs com.github.flxzt.rnote via Flatpak with cyberqueer theme
applied. Registered in TUI installer, answerfile generator, and docs
alongside xournal++ in the Productivity section.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs ydotool via pacman and OpenDeck via Flatpak, wires ydotoold
and OpenDeck into the Hyprland autostart. Registers the module in the
TUI installer, answerfile generator, and docs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- plymouth.sh: accepts PLYMOUTH_LOGO_SRC env var; PNG used as-is, SVG
converted via rsvg-convert (librsvg only installed when needed)
- apps/plymouth-custom.sh: thin wrapper that validates the caller-supplied
path and delegates to plymouth.sh with PLYMOUTH_LOGO_SRC exported
- install-modules.sh: adds 'Plymouth (custom)' checklist entry; prompts
for image path via inputbox before the confirmation dialog; exports
PLYMOUTH_LOGO_SRC into the module run
- generate-answerfile.sh: adds 'plymouth' (on by default) to the
components checklist to match tui-install.sh
- docs: installation.md and modules.md updated with Plymouth component,
answerfile schema, mkinitcpio note, and custom-logo module entry
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01SyBNiWy3wpawrWb9ryVk7p
Enable the netboot buildmode in profiledef.sh so mkarchiso produces a
netboot tarball (kernel + initrd + squashfs) alongside the ISO. Add
--netboot-url flag to build.sh which generates a ready-to-chainload
m-archy-netboot.ipxe script. Document the full netboot.xyz deployment
workflow in docs/md/archiso.md.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- docs/md/niri.md: full reference for the Niri DE — overview table,
config file map, Niri vs Hyprland comparison, complete keybindings
reference, EWW bar, wallpaper/lock/idle, screen rotation, installer
instructions
- docs/md/index.md: updated tagline (Hyprland → Wayland), added Niri
to the doc index table, updated repo layout tree
- docs/md/installation.md: Niri added to DE list; answerfile example
updated to hyprlua
- docs/md/modules.md: hyprlua and niri added to DE table with links;
hyprlua marked as recommended
- docs/md/hyprland.md: cross-reference to Niri docs added
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
policy-scan-notify is now a FreeIPA *user* group instead of a host group,
so alert notifications follow the user to every enrolled machine. The
fetch-alerts timer is installed fleet-wide on any host where the group exists;
the profile.d snippet gates notification daemon start on runtime group
membership (id(1) / SSSD) so non-members log in unaffected.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
policy-block-binary-<name> is now a FreeIPA *user* group instead of a host group,
so restrictions follow the user to every enrolled machine. The PATH wrapper is
installed on all hosts and checks group membership at runtime via id(1)/SSSD,
passing non-members through transparently. __ in the group name decodes to .
so Flatpak app IDs are supported (flatpak run fallback included). AppArmor layer
removed since per-user confinement requires a different approach and the wrapper
alone is sufficient. Adds local_sudo_<username> host group policy which writes
a sudoers drop-in granting that user full sudo on the specific device, reverted
on group leave.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a new host group policy `no_local_users` that locks the passwords of root
and all local users (UID >= 1000) via `passwd -l`, ensuring only FreeIPA domain
accounts with centrally-managed sudo rules can authenticate and gain elevated
privileges. Leaving the group reverts by unlocking every account tracked in the
state file. Updates docs with group reference entry and Local User Lockdown section.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
9 Markdown pages covering installation, theming, Hyprland, editors,
modules, archiso, FreeIPA/Ansible, and utilities. md-to-html.sh
converts them to self-contained styled HTML using the live palette
from colors.conf with inline CyberQueer CSS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
