Move the splash logo into resources/bg-skull.svg so it's tracked in git
and always available alongside the dotfiles. build.sh now copies
resources/ into /root/installer/resources/ on the ISO. The Plymouth
module resolves the SVG from the repo copy first, ISO copy second —
no user intervention or ~/Pictures setup required.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01SyBNiWy3wpawrWb9ryVk7p
Installs a custom Plymouth theme (m-archy) with bg-skull.svg converted
to PNG (Plymouth is PNG-only via libpng — no SVG support) and a 12-dot
magenta spinner animation. Enabled by default in tui-install.sh; also
available as an optional module in install-modules.sh. Archiso image
remains Plymouth-free.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01SyBNiWy3wpawrWb9ryVk7p
Policy change: graphical apps now prefer Flatpak > pacman > AUR. Non-graphical
tools keep pacman > AUR > source. This makes installed apps sandboxed, keeps
system packages clean, and gives us a single hook point (apply_flatpak_theme)
to theme every GUI app consistently.
lib/logging.sh — two new helper functions sourced by every module:
ensure_flatpak()
Checks if flatpak is installed (pacman installs it if not) and ensures the
Flathub remote is registered. Called at the top of every Flatpak script so
the module is self-contained and safe to run in any order.
apply_flatpak_theme(app_id)
Copies gtk-themes/cyberqueer/ from the Dotfiles repo into ~/.themes/, then
calls `flatpak override --user --filesystem=~/.themes:ro <id>` so the
sandbox can read it, and `flatpak override --user --env=GTK_THEME=cyberqueer
<id>` to activate it. Gracefully skips with a warning if the theme source
directory is absent.
App scripts converted (pacman/AUR → Flatpak + theme):
ardour org.ardour.Ardour
audacity org.audacityteam.Audacity
chromium org.chromium.Chromium
firefox org.mozilla.firefox
geany org.geany.Geany
gimp org.gimp.GIMP
inkscape org.inkscape.Inkscape
kate org.kde.kate
kdenlive org.kde.kdenlive
krita org.kde.krita
librewolf io.gitlab.librewolf-community.librewolf
lmms io.lmms.LMMS
localsend org.localsend.localsend
min-browser com.github.minbrowser.min
mixxx org.mixxx.Mixxx
onlyoffice org.onlyoffice.desktopeditors
openshot org.openshot.OpenShot
rdp-client org.remmina.Remmina (was pacman remmina + freerdp + libvncserver;
Flatpak bundles all protocols, including VNC and SSH tunnels)
shotcut org.shotcut.Shotcut
steam com.valvesoftware.Steam
vscodium com.vscodium.codium
wireshark org.wireshark.Wireshark
xournal com.github.xournalpp.xournalpp
zed dev.zed.Zed
zen-browser io.github.zen_browser.zen
Special cases:
blender-povray: Blender → Flatpak (org.blender.Blender) + theme; POV-Ray
stays pacman because it has no Flatpak and is a CLI renderer, not a GUI app.
prismlauncher / stuntrally: were already Flatpak installs; added
apply_flatpak_theme so they pick up the cyberqueer theme like everything else.
vesktop: switched from AUR vesktop to Flatpak dev.vencord.Vesktop. The AUR
build requires cargo and takes several minutes; the Flatpak is pre-built.
Vencord config is now deployed to ~/.var/app/dev.vencord.Vesktop/config/
(both Vencord/ and vesktop/ sub-dirs) instead of ~/.config/, which is where
the Flatpak sandbox exposes its config directory.
k8s: kubectl stays pacman (it is a CLI tool with no GUI, no Flatpak needed);
podman-desktop switches from pacman podman-desktop to Flatpak
io.podman_desktop.PodmanDesktop + theme, because it is a full GUI app.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds w3m to the install list and appends the text/html mailcap entry
so alot renders HTML emails as plain text via w3m -dump.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The glob path = .../calendars/* was not expanded by khal, so no events
were visible. Now caldav-sync.sh and ics-to-calendarim both generate
explicit [[name]]/path entries per calendar and regenerate the config
on every sync so newly discovered calendars are picked up automatically.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs vdirsyncer + khal, writes vdirsyncer/khal configs, creates
ics-to-calendarim converter to populate calendar.vim local JSON cache,
and sets up a systemd user timer for 15-minute periodic sync.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- x now opens a full-screen overlay: alot left (55%), abook top-right,
calendar bottom-right
- Add esc = exit bindings to alot config for search/thread/taglist/
bufferlist modes, applied to live ~/.config/alot/config and to the
mail-notmuch.sh setup script
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace tab/vsplit PIM approach with nvim_open_win floating windows:
r opens a tiled full-screen overlay (alot top, calendar+abook bottom)
n/g/f open individual centered floats with rounded border
- Add setup/modules/optional-Modules/apps/mail-notmuch.sh:
configures mbsync, msmtp, notmuch, alot from interactive prompts
installs a systemd user timer for 5-min periodic mail sync
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Pin pamu2fcfg enrollment to the target hostname (-o/-i pam://$HOSTNAME)
so the credential origin matches pam_u2f.so at runtime; enrolling outside
the chroot previously used the live ISO hostname, causing auth to fail
- Add `cue` to the pam_u2f.so PAM line so ly prompts the user to touch
the key after password entry
- Add --needed to hyprlua AUR yay call to survive re-runs
- Degrade gracefully in lamco-rdp-server when no user D-Bus session is
active (systemctl --user enable would abort the module under set -e)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add modules/lib/logging.sh with log(), skip(), warn(), err() helpers.
Source it in all 84 scripts (core, DEs, optional apps) and replace bare
echo calls with structured log messages. Add log file capture to install.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sauerbraten: open-source Cube 2 FPS (pacman)
stuntrally: rally racing game via Flatpak (io.github.stuntrally.StuntRally3)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
openarena: open-source Quake III Arena (pacman)
tetris: bastet + vitetris (pacman + AUR)
doom: Chocolate Doom + Freedoom game data (pacman)
Wired up in simple-install.sh, tui-install.sh, and install-modules.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs lamco-rdp-server from AUR (native Wayland RDP server, Rust,
H.264/VA-API). Enables lamco-rdp-server.service as a systemd user
service. Wired into tui-install.sh alongside the existing rdp-client
and qemu entries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rdp-client.sh: installs Remmina with the FreeRDP and libvncserver plugins
for RDP and VNC sessions.
qemu.sh: installs the full QEMU/KVM stack (qemu-full, libvirt, virt-manager,
virt-viewer, dnsmasq, bridge-utils, edk2-ovmf, swtpm, vde2), enables and
starts libvirtd, auto-starts the default NAT network, and adds the user to
the libvirt and kvm groups.
Both modules are wired into tui-install.sh: count_steps, checklist,
confirmation summary, and run_module dispatch.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New optional modules (browsers): chromium, firefox, zen-browser,
nyxt, librewolf, min-browser.
New optional modules (editors/IDEs): vscodium, zed, geany,
codeblocks, kate.
Add lynx to default core packages.
All 11 modules wired into both install-modules.sh and tui-install.sh
(the archiso-embedded installer) with consistent count_steps,
checklist, summary, and dispatch entries. Every module path verified
to exist; all scripts pass bash -n syntax check.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Presents a Cyberqueer-themed menu after package install:
- Answerfile: prompts for path (defaults to FreeipaAnsible/freeipa-client-answerfile.json),
offers to create one with defaults if it doesn't exist
- Manual: dialog inputboxes for domain, realm, server, hostname, principal,
passwordbox for the admin password, yes/no for mkhomedir/sudo/dns/fido2
- Skip: prints post-install hints
Falls back to ipa-client-install directly if freeipa-client.sh is not
available (standalone install outside the dotfiles repo).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add freeipa-client module (sssd, cyrus-sasl-gssapi, freeipa-client AUR)
with post-install enrollment hints; wired into tui-install.sh and
install-modules.sh
- Add ansipa-install-modules.sh: reads IPA host groups named
ansipa-module-<name>, applies matching module scripts via a yay wrapper
that drops to ANSIPA_USER so AUR builds work from the root service
- Add ansipa-install-modules.service + .timer (boot + 30 min)
- Add deploy-ansipa-modules.yml Ansible playbook that deploys scripts,
writes /etc/ansipa-modules.conf, and enables the timer
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous proxmox-vm target (virt-customize + QCOW2) is replaced with
a proper Proxmox LXC CT template builder:
- Exports container rootfs as .tar.zst (same mechanism as the lxc target)
- Asks for CT ID, storage, bridge, memory, cores, disk size
- Generates pve-ct-<VMID>.conf with the required FreeIPA LXC options:
unprivileged: 0
lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.mount.auto: proc:rw sys:rw cgroup:rw
lxc.cgroup2.devices.allow: a
- Generates proxmox-lxc-setup.txt with the full 6-step setup guide
(upload, pct create, apply LXC opts, set env vars, start, Keycloak)
- Optionally uploads template + conf to Proxmox host via SCP if a
host is provided
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
freeipa-image-builder.sh: TUI chooser that builds a FreeIPA server image
and exports it to four target formats:
docker — builds via podman/docker, optional registry push
lxc — exports container rootfs as .tar.zst Proxmox CT template,
generates pct import instructions
proxmox-vm — downloads Rocky/Fedora cloud image, customizes with
virt-customize, outputs QCOW2 + cloud-init user-data.yml
oci-archive — skopeo OCI tarball for air-gapped import
Keycloak TUI option generates the full constellation:
docker-compose.yml FreeIPA + Keycloak + PostgreSQL stack
.env pre-filled env template (passwords placeholder)
keycloak-configure.sh post-start Keycloak REST API config script
image/Dockerfile: Fedora 41 + freeipa-server-dns + ansible-core,
systemd-enabled container (CMD /sbin/init).
image/ipa-first-boot.{sh,service}: systemd oneshot that runs
ipa-server-install on first container/VM boot from env vars
(IPA_DOMAIN, IPA_ADMIN_PASSWORD, IPA_DM_PASSWORD, and optionals).
ConditionPathExists=!/etc/ipa/default.conf makes it idempotent.
image/keycloak-configure.sh: Keycloak REST API automation that:
- waits for Keycloak readiness
- creates a realm
- wires FreeIPA LDAP user federation (READ_ONLY, vendor=rhds)
- adds attribute mappers: email, firstName, lastName, uidNumber
- adds group mapper (IPA groups → Keycloak groups, cn=groups,cn=accounts)
- triggers an initial full user sync
image/docker-compose.yml: freeipa + postgres + keycloak services on
a private 172.30.0.0/24 bridge; FreeIPA has a fixed IP so Keycloak
can resolve it via extra_hosts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs open-webui from AUR and enables open-webui.service.
Serves the browser UI at http://localhost:8080; Ollama module
should be installed first for full LLM backend functionality.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ollama.sh: installs from official repos, enables ollama.service, notes
GPU sharing caveat with llama.cpp. For NVIDIA/AMD GPU variants use
ollama-cuda or ollama-rocm from AUR instead.
llama-cpp.sh: standalone inference CLI and server via yay (covers both
official repos and AUR). Both modules coexist at the package level;
docker/podman/cockpit modules confirmed conflict-free (all use --needed,
podman+cockpit base packages already in core-packages.sh).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs @anthropic-ai/claude-code via npm, sourcing nvm if npm is not
already in PATH. Wired into tui-install.sh and install-modules.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New optional modules: ssh-server (openssh, key auth hardened), docker
(+ compose, docker group), podman (rootless, buildah, skopeo, lingering),
cockpit (+ cockpit-machines, cockpit-podman, cockpit-navigator via AUR)
- openssh added to archiso packages.extra for live-env SSH access
- less added to pacstrap base install
- tui-install.sh wired up for all four new modules (checklist, count,
summary, run); dialog dimensions bumped to fit 17 items
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Apps (new individual scripts):
wireshark, localsend, onlyoffice, vintagestory
core-packages.sh: add nmap mtr tcpdump net-tools iputils ipcalc
(bind + traceroute were already present; wireshark is now optional)
hyprland.sh:
- pinta moved from yay to pacman (available in extra)
- localsend removed from mandatory yay install (now an optional app)
Deprecate nettools.sh — all its packages are now in core or split out.
tui-install.sh: apps checklist gains wireshark, localsend, onlyoffice,
vintagestory; drops nettools; dialog sized for 12 items.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Break up gaming-packages.sh and network-developer-packages.sh into
individual scripts under optional-Modules/apps/:
steam, vesktop (+ Vencord config), spotify (+ Spicetify config),
prismlauncher, nettools, k8s
tui-install.sh:
- Simplify component checklist to 5 items: pkg/core/svc/shell/de
- Add dedicated "Applications" checklist phase after DE selection,
covering all 9 optional apps independently
- count_steps accounts for each selected app as a separate step
- Confirmation summary shows components and apps in separate sections
install.sh: replace unconditional bundle calls with commented-out
individual app lines (opt-in)
Deprecate gaming-packages.sh and network-developer-packages.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Module fixes across the board:
- package-managers.sh: add sudo, --noconfirm, idempotency guards for
yay/rustup/nvm, mkdir -p, remove stale version comments
- core-packages.sh: add --noconfirm --needed, remove invalid 'nvim'
package name, deduplicate ~15 repeated entries
- shell-setup.sh: move color vars to top (were defined after use, RESET
never defined), RUNZSH=no CHSH=no for oh-my-zsh (was spawning new
shell and halting script), --yes for starship installer
- hyprland-new.sh: mkdir -p before cd, ln -sf for xdg-terminal-exec and
ssh-askpass, remove flatpak-system-helper enable, comment out hyprpm
and WallRizz -w (require live session), mkdir -p ~/Pictures, add
walker-bin/ulauncher to yay installs, --noconfirm on yay
- sway.sh: fix gitgreetd-tuigreet typo, --noconfirm --needed, yay
idempotency, rm -f for bashrc/zshrc, ln -sf everywhere, mkdir -p for
spotify-tui, remove hard reboot, RUNZSH=no/--yes for shell tools
- gaming-packages.sh: add missing shebang, --noconfirm, flatpak -y
- network-developer-packages.sh: --noconfirm --needed, fix inline comment
- zfs.sh / wprs.sh: add yay --noconfirm flags
- All scripts: set -euo pipefail
New: setup/tui-install.sh — dialog-based TUI installer with Cyberqueer
theme, component checklist, DE submenu, step counter, and per-module
error handling
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Your Name