# Utilities Miscellaneous scripts and tools that live at the top level or in the `clamav/` directory. --- ## System Update ```bash bash ~/Dotfiles/update.sh ``` Runs a full system update: 1. `sudo pacman -Syu` — official repos 2. `yay -Syu --answerdiff None --answerclean All --removemake` — AUR packages (no prompts) For per-package AUR updates with confirmation: ```bash bash ~/Dotfiles/update-aur-onebyone.sh ``` --- ## Package Audit ```bash bash ~/Dotfiles/setup/audit-packages.sh ``` Audits installed packages — useful for finding orphans or unexpected installations. --- ## Encryption Utilities Simple OpenSSL wrappers for encrypting/decrypting arbitrary strings. Useful for storing secrets in scripts or config files without plaintext exposure. ### Encrypt ```bash bash ~/Dotfiles/encrypt.sh "my secret text" "my-passphrase" # Output: base64-encoded AES-256-CBC ciphertext ``` ### Decrypt ```bash bash ~/Dotfiles/decrypt.sh "" "my-passphrase" # Output: original plaintext ``` Both use AES-256-CBC with PBKDF2 key derivation via OpenSSL. --- ## Credential Storage ### Initial Setup ```bash bash ~/Dotfiles/setup-creds-missing.sh ``` Installs `gnome-keyring` and `seahorse` (GUI manager), then sets git's credential helper to `store`. ### Git Credentials `git/` contains `.gitconfig` with: ```ini [user] name = The_miro email = amir@abdelbaki.eu [credential] helper = store [init] defaultBranch = main [push] autoSetupRemote = true ``` The `store` helper writes credentials to `~/.git-credentials`. For higher security, `gnome-keyring` intercepts this and stores the credentials in the system keyring instead of plaintext. --- ## Zsh Plugins ```bash bash ~/Dotfiles/zshplugins.sh ``` Clones (or updates) the two Oh My Zsh community plugins: - `zsh-syntax-highlighting` — real-time syntax colouring in the prompt - `zsh-autosuggestions` — fish-style history-based suggestions These are referenced in `.zshrc` and active after the next shell start. --- ## ClamAV On-Access Scanning Full real-time antivirus scanning via ClamAV's `clamonacc` daemon. ### Installation ```bash bash ~/Dotfiles/clamav/install-clam-onaccess.sh ``` What it does: 1. Installs `clamav` 2. Copies `clamd.conf` to `/etc/clamav/` 3. Installs `clamav-clamonacc.service` to `/etc/systemd/system/` 4. Installs the sudoers entry from `clamav-sudoer` 5. Updates virus definitions (`freshclam`) 6. Enables and starts `clamd` + `clamav-clamonacc` ### Key Files | File | Purpose | |------|---------| | `clamav/clamd.conf` | Daemon configuration (30 KB, full options) | | `clamav/clamav-clamonacc.service` | systemd unit for on-access scanning | | `clamav/clamav-sudoer` | sudoers rule for ClamAV processes | | `clamav/virus-event.bash` | Handler executed when a virus is detected | ### Virus Event Handler `virus-event.bash` is called by clamonacc when a threat is found. Customise it to send notifications, quarantine files, or alert an admin. --- ## Shell Configuration ### `.zshrc` - **Framework**: Oh My Zsh - **Theme**: robbyrussell (overridden visually by Starship) - **Plugins**: syntax-highlighting, autosuggestions - **Walk integration**: `lk` function opens the `walk` file navigator - **`WALK_MAIN_COLOR`**: set to `#5018DD` (CyberQueer violet) - Sources Starship init at the end ### `.bashrc` Minimal bash config — sets `PS1`, loads `~/.bash_profile` if present. ### Starship Prompt `starship.toml` at the repo root is deployed to `~/.config/starship.toml`. Key customisations: - OS, username, directory, git, language, docker, and time segments - CyberQueer colours throughout (colour-substitution target) - Directory abbreviated to 3 levels with `…/` truncation - Common directory substitutions (`~/Documents` → `📄`, etc.) --- ## Login Manager (ly) `etc-ly-config.ini` is deployed to `/etc/ly/config.ini` during Hyprland install and kept as a colour-substitution target in `apply-theme.sh`. ly is a minimal TUI display manager that runs on `tty1`: ``` systemctl enable ly@tty1 ``` Session selection, auto-login, and timeout settings are all in the config.