#!/bin/bash # ╔══════════════════════════════════════════════════════════════════════════════╗ # ║ setup/modules/core.sh — Core system services enablement ║ # ║ ║ # ║ PURPOSE: ║ # ║ Enables the essential systemd services that every installation needs. ║ # ║ Also deploys the greetd login manager config from the dotfiles repo. ║ # ║ ║ # ║ WHEN TO RUN: ║ # ║ After core-packages.sh — the services must be installed before they can ║ # ║ be enabled. Called "svc" in the TUI installer's component checklist. ║ # ║ ║ # ║ SERVICES ENABLED: ║ # ║ - NetworkManager: manages wired/wireless network connections ║ # ║ - cronie: cron daemon for scheduled tasks ║ # ║ - greetd: minimal display/login manager (uses tuigreet TUI) ║ # ║ - fail2ban: bans IPs after repeated failed SSH/auth attempts ║ # ║ - udisks2: auto-mounts USB drives and other removable media ║ # ╚══════════════════════════════════════════════════════════════════════════════╝ set -euo pipefail # -e: exit immediately on any error (service enable failures abort the script) # -u: treat unset variables as errors # -o pipefail: fail if any pipe stage fails # Load shared logging helpers (log, skip, warn, err functions) source "$(dirname "${BASH_SOURCE[0]}")/lib/logging.sh" # ── NetworkManager ───────────────────────────────────────────────────────────── # WHY: Arch ships with no network daemon enabled by default. NetworkManager is # the most user-friendly option — handles DHCP, WiFi, VPN, and has applets. # NOTE: systemctl enable only marks it to start at boot; it doesn't start it now. log "Enabling NetworkManager..." enable_service NetworkManager.service # ── cronie ──────────────────────────────────────────────────────────────────── # WHY: Provides the system cron daemon. Some tools (backups, vnstat stats, # fail2ban cleanup) rely on cron jobs. Arch does not enable it by default. log "Enabling cronie..." enable_service cronie.service # ── greetd / tuigreet ───────────────────────────────────────────────────────── # WHY: greetd is a minimal, standards-compliant display manager (login screen). # We use the tuigreet greeter which is a TUI (text-mode, no GPU needed). # It's lighter than GDM/SDDM and works well on TTY in Wayland setups. # # HOW: Copy our pre-configured config.toml from the dotfiles repo into /etc/greetd/ # then enable the service. The config.toml specifies which greeter to run # and optionally auto-login settings. # -f flag forces overwrite of any existing config. log "Deploying greetd config..." # greetd may not be installed yet at this point (the DE module pulls in # greetd-tuigreet later), so /etc/greetd does not exist and the cp would fail — # aborting the module under `set -e` before fail2ban/udisks2 get enabled. Create # the directory first so the config is staged regardless; greetd reads it once # installed. enable_service is already non-fatal if the unit is absent. sudo mkdir -p /etc/greetd sudo cp -f ~/Dotfiles/desktopenvs/hyprland/greetd-tuigreet/config.toml /etc/greetd/config.toml enable_service greetd.service # ── fail2ban ────────────────────────────────────────────────────────────────── # WHY: Protects against brute-force attacks by monitoring log files and # temporarily banning IPs that show malicious signs (too many failed logins). # Important on any machine with SSH open to the network. log "Enabling fail2ban..." enable_service fail2ban.service # ── udisks2 ─────────────────────────────────────────────────────────────────── # WHY: udisks2 provides automatic mounting of USB drives and other removable # media via D-Bus. Required by file managers (Thunar, pcmanfm) and desktop # utilities that want to offer "Open when inserted" functionality. log "Enabling udisks2..." enable_service udisks2.service log "Core services enabled."