50 lines
3.2 KiB
Markdown
50 lines
3.2 KiB
Markdown
# M-Archy Dotfiles
|
|
|
|
Arch Linux · Hyprland · Wayland · CyberQueer
|
|
|
|
Production-grade Arch Linux config for network administration, development, and gaming.
|
|
|
|
---
|
|
|
|
## Quick Start
|
|
|
|
```bash
|
|
git clone https://git.abdelbaki.eu/The_miro/Dotfiles.git ~/Dotfiles
|
|
bash ~/Dotfiles/setup/tui-install.sh
|
|
```
|
|
|
|
The TUI installer covers: packages, desktop environment, optional apps, and colour palette.
|
|
To add modules to an existing system: `bash ~/Dotfiles/setup/install-modules.sh`
|
|
|
|
---
|
|
|
|
## Cliff Notes
|
|
|
|
- **Single source of truth for colours** — edit `colors.conf`, run `apply-theme.sh` to propagate everywhere.
|
|
- **Answerfile** — generate with `setup/generate-answerfile.sh`, place at `/answerfile.json` for a fully automated install. Passwords are never stored in it.
|
|
- **Hostname uniqueness** — the MAC address of the primary NIC is appended automatically when an answerfile hostname is set (`myhost` → `myhost-aabbccddee11`).
|
|
- **LUKS encryption** — backup key is auto-generated from `/dev/urandom`, enrolled in a second LUKS slot, written to `/_LUKS_BACKUP_KEY` (root-only, inside the encrypted container). Collected by Ansible and stored on the SMB `ansipa-luks-keys` share (KeyAdmin-only read access).
|
|
- **Custom ISO** — `setup/archiso/` builds a live USB that can embed a pre-baked answerfile for zero-touch deployment. The live environment also includes a **System Reset** mode that reinstalls the root subvolume while preserving home data and FIDO2 auth keys.
|
|
- **FreeIPA + Keycloak + Samba container** — `setup/modules/FreeipaAnsible/image/` ships a single `docker compose up` stack: FreeIPA for identity, Keycloak for OIDC, and Samba for scan-result and LUKS-key SMB shares. Host-group-driven policies (binary blocking, daemon enable/disable, daily scans, alert delivery) are enforced on enrolled clients every 30 minutes via Ansible-deployed timers.
|
|
- **Modular** — core, shell, services, and desktop are independent components; pick only what you need.
|
|
|
|
---
|
|
|
|
## Documentation
|
|
|
|
Full docs live in [`docs/md/`](docs/md/) (Markdown) and [`docs/html/`](docs/html/) (rendered).
|
|
|
|
| Topic | Markdown | HTML |
|
|
|-------|----------|------|
|
|
| Overview & repo layout | [index.md](docs/md/index.md) | [index.html](docs/html/index.html) |
|
|
| Installation (TUI, answerfile, ISO) | [installation.md](docs/md/installation.md) | [installation.html](docs/html/installation.html) |
|
|
| Hyprland desktop | [hyprland.md](docs/md/hyprland.md) | [hyprland.html](docs/html/hyprland.html) |
|
|
| Theming & CyberQueer palette | [theming.md](docs/md/theming.md) | [theming.html](docs/html/theming.html) |
|
|
| Optional modules & app catalogue | [modules.md](docs/md/modules.md) | [modules.html](docs/html/modules.html) |
|
|
| Custom Archiso builder | [archiso.md](docs/md/archiso.md) | [archiso.html](docs/html/archiso.html) |
|
|
| FreeIPA, Ansible, Keycloak & SMB | [freeipa-ansible.md](docs/md/freeipa-ansible.md) | [freeipa-ansible.html](docs/html/freeipa-ansible.html) |
|
|
| Editors (Neovim, Micro, Yazi) | [editors.md](docs/md/editors.md) | [editors.html](docs/html/editors.html) |
|
|
| Utilities (encrypt, ClamAV, updates) | [utilities.md](docs/md/utilities.md) | [utilities.html](docs/html/utilities.html) |
|
|
|
|
> The old readme is preserved at [`readme.md.old`](readme.md.old).
|