Adds greggh/claude-code.nvim with plenary.nvim as a required dependency.
Provides :ClaudeCode toggle, continue/resume/verbose commands, and
<C-,> / <leader>cC keybinds out of the box.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
airline#themes#cyberqueer#palette was undefined because the theme file was
being copied under the wrong name (cyberqueer-airline.vim instead of
cyberqueer.vim). Fixed by adding the file at the proper rtp-relative path
nvim/autoload/airline/themes/cyberqueer.vim — picked up automatically via
the ~/.config/nvim symlink, no extra copy step needed. Removed the now-
redundant manual cp from shell-setup.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Renames nvim/ → nvim.old/ (preserving init.vim + incomplete prior attempts)
and creates a fresh nvim/ with init.lua. All settings, keymaps, and plugin
declarations are converted from VimScript to Lua idioms. Plugin manager
migrated from vim-plug to lazy.nvim, which self-bootstraps on first launch.
shell-setup.sh updated to drop the vim-plug curl install; the symlink and
airline theme copy are retained (path updated for lazy's data directory).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Duplicates desktopenvs/hyprland/ as desktopenvs/hyprlua/ and converts all
Hyprland-specific configs (.conf) to Lua (.lua) using the 0.55+ hl.* API:
hyprland.lua, envvars.lua, monitors.lua, input.lua, autostart.lua,
windowrules.lua, binds.lua. Non-Hyprland tool configs (hyprpaper, hyprlock,
hypridle, hyprtoolkit) remain as .conf. Adds hyprlua.sh installer (user-side
.lua files install to ~/.config/hypr/ for require() resolution) and registers
HyprLua as the recommended DE option in tui-install.sh, marking the old
hyprlang-based Hyprland install as legacy.
Also consolidates hyprland (legacy) env vars into hypr-usr/envvars.conf,
removing duplicates from hyprland.conf and monitors.conf.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
9 Markdown pages covering installation, theming, Hyprland, editors,
modules, archiso, FreeIPA/Ansible, and utilities. md-to-html.sh
converts them to self-contained styled HTML using the live palette
from colors.conf with inline CyberQueer CSS.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New playbook collect-luks-keys.yml connects to all enrolled FreeIPA
clients, checks for /_LUKS_BACKUP_KEY (placed there by the installer
when encryption is enabled), and fetches each key to the Ansible
controller as luks-keys/<HOSTNAME>_LUKS_BACKUP_KEY (mode 0400).
Hosts without the file are reported but not treated as errors.
The luks-keys/ store directory is created with mode 0700.
Usage:
ansible-playbook -i inventory collect-luks-keys.yml
Can be scheduled via cron on the controller for automatic collection.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tui-install.sh:
- Reads /answerfile.json if present (ANSWERFILE_MODE)
- All dialog selections (components, DE, apps) sourced from file
- Hostname from answerfile gets MAC address suffix appended to
prevent conflicts when deploying one image to multiple machines
- Interactive hostname inputbox added to the normal TUI flow
- Colorway dialog added as final step; skipped if no colors differ
from defaults and no answerfile colors are set
- Answerfile mode: runs non-interactively, logs warnings on failure
generate-answerfile.sh (new):
- Dry-runs the full installer dialog flow (OS + dotfiles)
- Writes selections to ~/answerfile.json (or a given path)
- No software is installed; passwords are never written to the file
build.sh:
- New --preconf [FILE] flag embeds an answerfile into the ISO at
/answerfile.json; omitting the flag leaves the ISO clean
- Validates JSON with jq if available before embedding
- Reworked arg parsing to handle the new flag alongside OUT_DIR
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both arch-autoinstall.sh and archbaseos-guided-install.sh now ask
whether to enable disk encryption. If skipped, btrfs is formatted
directly on the root partition with an appropriate plain GRUB cmdline
(root=UUID=... rootflags=subvol=@).
When encryption is chosen, a 64-byte random key is generated, enrolled
as a second LUKS keyslot, and written to /_LUKS_BACKUP_KEY inside the
new system (mode 400, root-owned, inside the encrypted container).
Also fixes: duplicate 'encrypt' hook in original mkinitcpio HOOKS
strings, missing KERNEL export into arch-autoinstall chroot heredoc.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/tmp in WSL is a RAM-backed tmpfs that fills up during the build,
leaving xorriso with no room to write the ISO.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
New optional modules (browsers): chromium, firefox, zen-browser,
nyxt, librewolf, min-browser.
New optional modules (editors/IDEs): vscodium, zed, geany,
codeblocks, kate.
Add lynx to default core packages.
All 11 modules wired into both install-modules.sh and tui-install.sh
(the archiso-embedded installer) with consistent count_steps,
checklist, summary, and dispatch entries. Every module path verified
to exist; all scripts pass bash -n syntax check.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
/tmp fills up during large builds; allow redirecting both dirs without
editing the script (WORK_DIR=~/iso-work ./build.sh ~/iso-out).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace five deprecated boot mode names with the canonical 'bios.syslinux'
and 'uefi.systemd-boot', removing the ia32 grub mode that required grub
installed and conflicted with systemd-boot.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add bc, dmidecode, dosfstools, e2fsprogs, fzf, git, hdparm, lshw, lsof,
openbsd-netcat, parted, ripgrep, rsync, strace, sysstat, tmux, and whois —
utilities that ship by default on most distros or are now effectively standard.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove the 'de' checkbox from the component checklist and always show
the desktop environment menu as a dedicated step between component and
app selection. Choosing 'none' or pressing Esc skips DE installation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each script installs the DE meta-package, an appropriate display manager,
PipeWire audio, NetworkManager, Bluetooth, and Flatpak, then enables the
relevant services (sddm/gdm/lightdm/cosmic-greeter).
COSMIC falls back to sddm if cosmic-greeter is not installed.
tui-install.sh: DE menu expanded from 3 to 8 entries (height 20×70).
install-modules.sh: DEs added to checklist, summary, and dispatch so
they can be installed standalone on an existing system.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
IPA group naming: fp_install_org__mozilla__firefox (dots encoded as __)
Decoding: sed strips prefix, then s/__/./g restores the Flatpak app ID.
Single underscores in app IDs are preserved unambiguously.
ansipa-install-flatpaks.sh:
- kinit with host keytab, queries ipa group-find --pkey-only with awk $NF
- Validates decoded ID against reverse-domain regex before installing
- Ensures flathub system remote exists
- System-scope install (flatpak install --system) since service runs as root
- Timer offset to 4 min (after packages at 2 min) to avoid contention
deploy-ansipa-install.yml updated to deploy the Flatpak script, service,
and timer alongside the existing package installer.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Presents a Cyberqueer-themed menu after package install:
- Answerfile: prompts for path (defaults to FreeipaAnsible/freeipa-client-answerfile.json),
offers to create one with defaults if it doesn't exist
- Manual: dialog inputboxes for domain, realm, server, hostname, principal,
passwordbox for the admin password, yes/no for mkhomedir/sudo/dns/fido2
- Skip: prints post-install hints
Falls back to ipa-client-install directly if freeipa-client.sh is not
available (standalone install outside the dotfiles repo).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add freeipa-client module (sssd, cyrus-sasl-gssapi, freeipa-client AUR)
with post-install enrollment hints; wired into tui-install.sh and
install-modules.sh
- Add ansipa-install-modules.sh: reads IPA host groups named
ansipa-module-<name>, applies matching module scripts via a yay wrapper
that drops to ANSIPA_USER so AUR builds work from the root service
- Add ansipa-install-modules.service + .timer (boot + 30 min)
- Add deploy-ansipa-modules.yml Ansible playbook that deploys scripts,
writes /etc/ansipa-modules.conf, and enables the timer
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The previous proxmox-vm target (virt-customize + QCOW2) is replaced with
a proper Proxmox LXC CT template builder:
- Exports container rootfs as .tar.zst (same mechanism as the lxc target)
- Asks for CT ID, storage, bridge, memory, cores, disk size
- Generates pve-ct-<VMID>.conf with the required FreeIPA LXC options:
unprivileged: 0
lxc.apparmor.profile: unconfined
lxc.cap.drop:
lxc.mount.auto: proc:rw sys:rw cgroup:rw
lxc.cgroup2.devices.allow: a
- Generates proxmox-lxc-setup.txt with the full 6-step setup guide
(upload, pct create, apply LXC opts, set env vars, start, Keycloak)
- Optionally uploads template + conf to Proxmox host via SCP if a
host is provided
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
freeipa-image-builder.sh: TUI chooser that builds a FreeIPA server image
and exports it to four target formats:
docker — builds via podman/docker, optional registry push
lxc — exports container rootfs as .tar.zst Proxmox CT template,
generates pct import instructions
proxmox-vm — downloads Rocky/Fedora cloud image, customizes with
virt-customize, outputs QCOW2 + cloud-init user-data.yml
oci-archive — skopeo OCI tarball for air-gapped import
Keycloak TUI option generates the full constellation:
docker-compose.yml FreeIPA + Keycloak + PostgreSQL stack
.env pre-filled env template (passwords placeholder)
keycloak-configure.sh post-start Keycloak REST API config script
image/Dockerfile: Fedora 41 + freeipa-server-dns + ansible-core,
systemd-enabled container (CMD /sbin/init).
image/ipa-first-boot.{sh,service}: systemd oneshot that runs
ipa-server-install on first container/VM boot from env vars
(IPA_DOMAIN, IPA_ADMIN_PASSWORD, IPA_DM_PASSWORD, and optionals).
ConditionPathExists=!/etc/ipa/default.conf makes it idempotent.
image/keycloak-configure.sh: Keycloak REST API automation that:
- waits for Keycloak readiness
- creates a realm
- wires FreeIPA LDAP user federation (READ_ONLY, vendor=rhds)
- adds attribute mappers: email, firstName, lastName, uidNumber
- adds group mapper (IPA groups → Keycloak groups, cn=groups,cn=accounts)
- triggers an initial full user sync
image/docker-compose.yml: freeipa + postgres + keycloak services on
a private 172.30.0.0/24 bridge; FreeIPA has a fixed IP so Keycloak
can resolve it via extra_hosts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs open-webui from AUR and enables open-webui.service.
Serves the browser UI at http://localhost:8080; Ollama module
should be installed first for full LLM backend functionality.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
podman, podman-compose, cockpit, cockpit-files, cockpit-podman all have
dedicated optional modules — no reason to install them on every system.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ollama.sh: installs from official repos, enables ollama.service, notes
GPU sharing caveat with llama.cpp. For NVIDIA/AMD GPU variants use
ollama-cuda or ollama-rocm from AUR instead.
llama-cpp.sh: standalone inference CLI and server via yay (covers both
official repos and AUR). Both modules coexist at the package level;
docker/podman/cockpit modules confirmed conflict-free (all use --needed,
podman+cockpit base packages already in core-packages.sh).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Installs @anthropic-ai/claude-code via npm, sourcing nvm if npm is not
already in PATH. Wired into tui-install.sh and install-modules.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Why: yay -Syu rebuilds everything in one go, making a single failure
stall the whole batch. This script iterates per-package so failures
are isolated and reported at the end.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- New optional modules: ssh-server (openssh, key auth hardened), docker
(+ compose, docker group), podman (rootless, buildah, skopeo, lingering),
cockpit (+ cockpit-machines, cockpit-podman, cockpit-navigator via AUR)
- openssh added to archiso packages.extra for live-env SSH access
- less added to pacstrap base install
- tui-install.sh wired up for all four new modules (checklist, count,
summary, run); dialog dimensions bumped to fit 17 items
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Populate /etc/skel with the Dotfiles repo and standard XDG directories
(Desktop, Documents, Downloads, Music, Pictures, Public, Templates, Videos)
before useradd -m, so the new user's home is fully set up at creation time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace all /home/themiro/ path references with $HOME equivalents
across .zshrc, monitorhandler.sh (now derives path from script
location), gtk bookmarks, spicetify config, ulauncher generated CSS,
and nvim init.lua.old.
Delete commented-out AWS signed URL with embedded credentials from
setup/deprecated/hyprland.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add setup/archiso/ with build.sh, releng overlay, motd, and
install-arch launcher command for the live ISO
- Fix cryptroot mapper name in arch-autoinstall.sh (was 'root',
breaking all subsequent mounts)
- Add base-devel to pacstrap in both installers (required for yay/makepkg)
- Clone dotfiles inside chroot so tui-install.sh is available immediately
- After base install, offer to run tui-install.sh as the regular user
inside the chroot via runuser, with a temporary NOPASSWD sudoers rule;
skip option available for base-only installs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fix touchscreen detection (section renamed from Touchscreen to Touch Device)
and device keyword syntax (device:NAME -> device[NAME]:transform). Also swap
cw/ccw in acw/wcw wrapper scripts which were inverted.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
pamtester and pinta are AUR-only; kew is now in the extra repo.
Move them to the correct install commands across audit-packages.sh,
core-packages.sh, and hyprland.sh.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- amssh: use dedicated /etc/pam.d/amssh service instead of login (pam_u2f
was commented out in login); auto-create service and register key on
first-launch FIDO selection
- amssh: redirect pamtester stdout+stderr to /dev/tty so the tap prompt is
visible and the success message doesn't contaminate pass=$(_get_passphrase)
- amssh: split _fido_pam_available into _fido_hardware_available (for dialog
gating) and _fido_pam_available (runtime — requires keys file + PAM service)
- setup: add pamtester to core-packages.sh
- setup: add audit-packages.sh to verify installed packages come from the
expected source (pacman/AUR/flatpak)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Apps (new individual scripts):
wireshark, localsend, onlyoffice, vintagestory
core-packages.sh: add nmap mtr tcpdump net-tools iputils ipcalc
(bind + traceroute were already present; wireshark is now optional)
hyprland.sh:
- pinta moved from yay to pacman (available in extra)
- localsend removed from mandatory yay install (now an optional app)
Deprecate nettools.sh — all its packages are now in core or split out.
tui-install.sh: apps checklist gains wireshark, localsend, onlyoffice,
vintagestory; drops nettools; dialog sized for 12 items.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The_miro