- Flatpaks now install globally again: ensure_flatpak adds the Flathub remote at
--system and all 19 app modules use `sudo flatpak install --system`. Running
via sudo (root) performs the system op directly, avoiding the SystemHelper/
polkit D-Bus path that caused "The name is not activatable" for non-root users.
- tui-install.sh no longer prompts for or sets the hostname — the base installer
already configures it. Removed the Hostname section, the MAC-suffix helper, the
AF_HOSTNAME field and the summary line.
- archbaseos-guided-install.sh now gathers ALL input up front, including
passwords. New ask_password() prompts in clear text (by request) and requires a
confirmation entry, looping until the two match — so each password is typed
exactly twice and never again. The LUKS passphrase is captured once and fed to
luksFormat/open/luksAddKey (--key-file=-) and cryptenroll ($PASSWORD), instead
of cryptsetup prompting repeatedly. After all input, a single all-caps "type
YES" gate replaces the old per-step confirmations (answerfile mode keeps its
5-second abort window). The run-TUI choice is also asked up front.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Diagnosed from a full guided-install log plus a Hyprland startup log. Three
distinct remaining failures:
1. ~/.config left root-owned. The FIDO/Yubico setup runs `mkdir -p
~/.config/Yubico` as root (creating ~/.config itself), then chowned only
Yubico/. ~/.config stayed root-owned, so every later user step failed with
EACCES: shell-setup symlinks (starship.toml), the mail/caldav systemd --user
timers, and Hyprland creating ~/.config/hypr at startup. Chown the whole
~/.config in both Yubico spots, and defensively reclaim it in shell-setup.
2. python/wprs/plymouth/zfs sourced ../lib/logging.sh, but apps/ modules need
../../lib — so they aborted with "No such file or directory". Corrected.
3. Flatpak app modules ran `flatpak install -y` at system scope, which needs the
Flatpak SystemHelper D-Bus service + polkit (unavailable in a chroot/TTY
install) — the "The name is not activatable" failures (wireshark, xournal,
rnote, firefox-browser, …). Switch ensure_flatpak and all 19 main-flow
installs to --user scope, matching apply_flatpak_theme's --user overrides.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
#2 — Word-boundary match for all module patterns
Generator now pads SELECTED_APPS with spaces and uses *" id "* in
counters, summary, and dispatch, matching the conflict fix from #1.
plymouth-custom no longer false-triggers any plymouth check.
#3 — Guided installer now runs tui-install.sh
archbaseos-guided-install.sh was calling simple-install.sh; both
paths now use the full TUI (sentinel-managed, modules.conf-driven).
#4 — EFI/boot partition size unified at 10 GiB
arch-autoinstall.sh was 15 GiB, archbaseos-guided-install.sh was
5 GiB. Both now use 10 GiB.
#5 — Interactive retry for dotfiles clone (guided installer)
Clone moved outside the chroot heredoc so read() reaches the terminal.
Loops until success or the user skips; AF_MODE warns and continues.
#6 — PAM target unified on system-local-login
archbaseos-guided-install.sh was writing to system-auth (affects
sudo). Both installers now target system-local-login only.
#7 — Redundant second clone removed from autoinstaller
arch-autoinstall.sh had a second git clone inside the chroot as a
fallback that collided with the skel copy and printed a spurious
warning. Removed; skel-only approach matches the guided installer
(last updated). Also removed the individual .zshrc/.bashrc/.vimrc
cp block; aligned to the guided installer's cleaner skel structure.
#8 — Docs: remove stale plymouth core-module section
docs/md/modules.md still described plymouth under Core Modules.
Section removed; plymouth appears in Optional Applications (system
category) via the generated sentinel.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Problem: every module installs its config into the running user's ~/.config, but
/etc/skel was never updated afterwards. Any additional user created with
`useradd -m` later would get an empty home directory with no configs at all —
they would have to manually copy or re-run setup.
Solution: at the end of both TUI installer scripts (after every module and the
colorway step have finished), copy the fully-configured user's home into
/etc/skel so that it becomes the template for all future users.
How it works — tui-install.sh + simple-install.sh (identical block in both):
The block runs AFTER the last run_module call and AFTER apply-theme.sh, so
the snapshot is taken when the home directory is in its final state. It copies:
~/.config/ → /etc/skel/.config/ (all app configs, DE configs, etc.)
~/.themes/ → /etc/skel/.themes/ (GTK themes, including cyberqueer)
~/.zshrc → /etc/skel/.zshrc
~/.bashrc → /etc/skel/.bashrc
~/.vimrc → /etc/skel/.vimrc
Each copy is guarded ([[ -d ]] / [[ -f ]]) so missing files are silently
skipped rather than erroring. sudo is used because /etc/skel is root-owned
but the installer runs as the normal user.
arch-autoinstall.sh + archbaseos-guided-install.sh (chroot-phase changes):
The previous version tried to cherry-pick specific subdirectories from the
Dotfiles repo clone (hypr/, niri/, waybar/, etc.) using a long list of cp
commands. This was brittle — any new module that installs to ~/.config was
not automatically captured, and the list had to be manually maintained.
Replaced with a minimal block that only copies the three shell dotfiles
(.zshrc, .bashrc, .vimrc) from the repo clone into /etc/skel. This is
sufficient for the first user created during installation (useradd -m runs
immediately after, before any modules). The full ~/.config sync above then
takes over for all subsequent users after the modules have run.
arch-autoinstall.sh additionally had the skel setup moved to before the
useradd -m call (was missing entirely before) so even the first user gets
the shell dotfiles, with a fallback direct-clone path if the skel clone fails.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Pin pamu2fcfg enrollment to the target hostname (-o/-i pam://$HOSTNAME)
so the credential origin matches pam_u2f.so at runtime; enrolling outside
the chroot previously used the live ISO hostname, causing auth to fail
- Add `cue` to the pam_u2f.so PAM line so ly prompts the user to touch
the key after password entry
- Add --needed to hyprlua AUR yay call to survive re-runs
- Degrade gracefully in lamco-rdp-server when no user D-Bus session is
active (systemctl --user enable would abort the module under set -e)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
nmtui is not available on the archiso live environment; direct users to
iwctl (WiFi) or ethernet instead, and pause for input before re-checking.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Rewrites simple-install.sh to use ANSI/read-based TUI primitives
(tui_msg, tui_yesno, tui_input, tui_checklist, tui_menu) instead of
dialog, removing the dialog dependency entirely.
Updates archbaseos-guided-install.sh to invoke simple-install.sh and
drops dialog from the archiso package list; error_handler now uses the
plain read-based croc prompt unconditionally.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tui-install.sh: dialog height=40 apps checklist and height=24 confirm
dialog both exceeded the standard 24-row VT console, causing dialog to
exit with code 1 and silently skip all apps. Make both heights
terminal-adaptive via tput lines/cols. Also extend the EXIT trap to
reset the terminal so Ctrl-C during a dialog doesn't leave the console
in raw/no-echo mode.
arch-autoinstall.sh, archbaseos-guided-install.sh: add a ping 1.1.1.1
check early in both scripts. In interactive mode, launches nmtui if
offline, then re-checks; prompts to abort if still down. Answerfile
mode logs a warning and continues.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove -s flag from read so the password is visible while typing,
enabling piped input to work visibly on the ISO installer.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Inside the chroot the host's udev manages /dev/hidraw* with permissions
scoped to live-system groups; the new user has none of them, so pamu2fcfg
timed out with "No FIDO authenticator found". Move enrollment to after
CHROOT_EOF where it runs as root on the live system, then fix ownership
using the new system's UID/GID.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
On any ERR, both installers now trap the failure, log the line/exit
code, and pop a dialog yes/no asking whether to send the log to another
system via croc. Falls back to a plain read prompt if dialog is absent.
Added dialog and croc to packages.extra so they are present in the live ISO.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add full session logging (tee to logfile) to archbaseos-guided-install.sh,
matching the pattern already in arch-autoinstall.sh; copy log to /mnt/boot/
at the end so it survives into the new system
- Add part() helper to both installers so NVMe/eMMC drives use the correct
'p' separator (e.g. /dev/nvme0n1p1 instead of the broken /dev/nvme0n11)
- Add disk size guard to arch-autoinstall.sh: fail early with a clear message
if ROOT_GIB would be < 8GiB instead of passing a nonsense value to parted
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Keymap selection was unreachable because user input ran after pacman/partition
steps that could fail under set -e. Move the entire user input block (kernel,
hostname, username, encryption, keymap) to before lsblk and drive selection.
Also remove the redundant live-env keymap section (launch.sh handles that).
Drop exec from .zlogin so quitting the installer returns to a bash shell
instead of ending the session.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both the live-environment prompt and the installed-system prompt now
loop over a single KEYMAPS array, so adding a new layout is a
one-line change.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Prompts for us/de keymap interactively; reads .keymap from answerfile in unattended mode. Writes /etc/vconsole.conf in chroot.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Both arch-autoinstall.sh and archbaseos-guided-install.sh now ask
whether to enable disk encryption. If skipped, btrfs is formatted
directly on the root partition with an appropriate plain GRUB cmdline
(root=UUID=... rootflags=subvol=@).
When encryption is chosen, a 64-byte random key is generated, enrolled
as a second LUKS keyslot, and written to /_LUKS_BACKUP_KEY inside the
new system (mode 400, root-owned, inside the encrypted container).
Also fixes: duplicate 'encrypt' hook in original mkinitcpio HOOKS
strings, missing KERNEL export into arch-autoinstall chroot heredoc.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New optional modules: ssh-server (openssh, key auth hardened), docker
(+ compose, docker group), podman (rootless, buildah, skopeo, lingering),
cockpit (+ cockpit-machines, cockpit-podman, cockpit-navigator via AUR)
- openssh added to archiso packages.extra for live-env SSH access
- less added to pacstrap base install
- tui-install.sh wired up for all four new modules (checklist, count,
summary, run); dialog dimensions bumped to fit 17 items
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Populate /etc/skel with the Dotfiles repo and standard XDG directories
(Desktop, Documents, Downloads, Music, Pictures, Public, Templates, Videos)
before useradd -m, so the new user's home is fully set up at creation time.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add setup/archiso/ with build.sh, releng overlay, motd, and
install-arch launcher command for the live ISO
- Fix cryptroot mapper name in arch-autoinstall.sh (was 'root',
breaking all subsequent mounts)
- Add base-devel to pacstrap in both installers (required for yay/makepkg)
- Clone dotfiles inside chroot so tui-install.sh is available immediately
- After base install, offer to run tui-install.sh as the regular user
inside the chroot via runuser, with a temporary NOPASSWD sudoers rule;
skip option available for base-only installs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
