The_miro
/
Dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: The_miro:cfe102b26fa532dd6dc3e0cdde0724e3aec73573
Branches Tags
The_miro:main
..
compare: The_miro:a0a2b66ccff6b1830c60dec9e5931668b142f8b8
Branches Tags
The_miro:main

No commits in common. "cfe102b26fa532dd6dc3e0cdde0724e3aec73573" and "a0a2b66ccff6b1830c60dec9e5931668b142f8b8" have entirely different histories.
cfe102b26f ... a0a2b66ccf

1 changed files with 5 additions and 17 deletions
Show Stats Expand all files Collapse all files

22
setup/archbaseos-guided-install.sh
View File

@ -354,9 +354,9 @@ echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers
# Initramfs # Initramfs
if [[ "$ENCRYPT_DISK" == "YES" && "$ENABLE_FIDO_ROOT" == "YES" ]]; then if [[ "$ENCRYPT_DISK" == "YES" && "$ENABLE_FIDO_ROOT" == "YES" ]]; then
sed -i 's/^HOOKS=.*/HOOKS=(base udev systemd autodetect microcode modconf kms consolefont block sd-encrypt btrfs filesystems keyboard keymap fsck)/' /etc/mkinitcpio.conf sed -i 's/^HOOKS=.*/HOOKS=(base udev systemd autodetect microcode modconf kms consolefont block sd-encrypt lvm2 btrfs filesystems keyboard keymap fsck)/' /etc/mkinitcpio.conf
elif [[ "$ENCRYPT_DISK" == "YES" ]]; then elif [[ "$ENCRYPT_DISK" == "YES" ]]; then
sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect microcode modconf kms consolefont block encrypt btrfs filesystems keyboard keymap fsck)/' /etc/mkinitcpio.conf sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect microcode modconf kms consolefont block encrypt lvm2 btrfs filesystems keyboard keymap fsck)/' /etc/mkinitcpio.conf
else else
sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect microcode modconf kms consolefont block btrfs filesystems keyboard fsck)/' /etc/mkinitcpio.conf sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect microcode modconf kms consolefont block btrfs filesystems keyboard fsck)/' /etc/mkinitcpio.conf
fi fi
@ -379,29 +379,17 @@ sed -i "s|^GRUB_CMDLINE_LINUX=.*|GRUB_CMDLINE_LINUX=\"$GRUB_CMDLINE\"|" /etc/def
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
grub-mkconfig -o /boot/grub/grub.cfg grub-mkconfig -o /boot/grub/grub.cfg
# User login FIDO2 — directory + PAM only; key enrollment happens outside chroot # User login FIDO2
if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
echo "Enrolling FIDO2 for user login"
mkdir -p "/home/$USERNAME/.config/Yubico" mkdir -p "/home/$USERNAME/.config/Yubico"
chown "$USERNAME:$USERNAME" "/home/$USERNAME/.config/Yubico" chown "$USERNAME:$USERNAME" "/home/$USERNAME/.config/Yubico"
sudo -u "$USERNAME" bash -c "pamu2fcfg >> /home/$USERNAME/.config/Yubico/u2f_keys"
echo "auth required pam_u2f.so" >> /etc/pam.d/system-auth echo "auth required pam_u2f.so" >> /etc/pam.d/system-auth
fi fi
CHROOT_EOF CHROOT_EOF
# pamu2fcfg must run outside arch-chroot: inside the chroot the host's udev manages
# /dev/hidraw* permissions and the new user has no access to the device.
if [[ "$ENABLE_FIDO_USER" == "YES" ]]; then
echo "Enrolling FIDO2 key for user login (outside chroot)..."
U2F_KEYFILE="/mnt/home/${USERNAME}/.config/Yubico/u2f_keys"
mkdir -p "/mnt/home/${USERNAME}/.config/Yubico"
pamu2fcfg -u "$USERNAME" > "$U2F_KEYFILE"
_NEWUID=$(arch-chroot /mnt id -u "$USERNAME" 2>/dev/null || echo "1000")
_NEWGID=$(arch-chroot /mnt id -g "$USERNAME" 2>/dev/null || echo "1000")
chown -R "$_NEWUID:$_NEWGID" "/mnt/home/${USERNAME}/.config/Yubico"
chmod 600 "$U2F_KEYFILE"
echo "FIDO2 key enrolled for $USERNAME."
fi
############################################ ############################################
# DOTFILES SETUP (in-chroot, optional) # DOTFILES SETUP (in-chroot, optional)
############################################ ############################################