Go to file

Amir Alexander Abdelbaki 6ad8d0d488 feat(ansipa): add no_local_users device policy to lock all local account passwords Adds a new host group policy `no_local_users` that locks the passwords of root and all local users (UID >= 1000) via `passwd -l`, ensuring only FreeIPA domain accounts with centrally-managed sudo rules can authenticate and gain elevated privileges. Leaving the group reverts by unlocking every account tracked in the state file. Updates docs with group reference entry and Local User Lockdown section. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-05-20 16:18:48 +02:00
clamav	initial stuff for autoinstall of clamav	2024-12-11 14:57:10 +01:00
desktopenvs	adjusted size of eww bar - i found the sweet spot	2026-05-19 18:31:18 +02:00
docs	feat(ansipa): add no_local_users device policy to lock all local account passwords	2026-05-20 16:18:48 +02:00
git	amssh now themed	2026-05-11 13:26:02 +02:00
gtk-themes/cyberqueer	feat(qt,gtk): overhaul theming — qt6ct style plugin, dark palette, GTK color-scheme	2026-05-19 13:43:13 +02:00
micro	cleanup: archive deprecated configs, remove logs and merge artifacts	2026-05-08 10:13:12 +02:00
notes	renamed old doc -> notes	2026-05-18 15:49:38 +02:00
nvim	fix(nvim): use coc#pum API for Enter confirmation	2026-05-19 18:25:30 +02:00
nvim.old	feat(nvim): convert config to Lua with lazy.nvim	2026-05-19 08:56:43 +02:00
qt-themes/deprecated/cyberqueer	fixed theming issues	2026-05-19 14:39:29 +02:00
resources	new fetch - 4	2025-12-21 17:11:44 +01:00
setup	feat(ansipa): add no_local_users device policy to lock all local account passwords	2026-05-20 16:18:48 +02:00
spotify-tui	added spotify tui	2024-11-20 01:12:57 +01:00
yazi	yazi: remove invalid \$schema key from keymap.toml	2026-05-12 12:48:38 +02:00
.bashrc	added windowswitcher	2025-03-29 15:31:09 +01:00
.gitignore	chore(nvim): untrack lazy-lock.json and add it to gitignore	2026-05-19 09:07:17 +02:00
.vimrc	added lush config temporarily	2025-03-20 07:56:21 +01:00
.zshrc	privacy: remove hardcoded username and AWS signed URL	2026-05-12 14:17:48 +02:00
apply-theme.sh	feat(qt,gtk): overhaul theming — qt6ct style plugin, dark palette, GTK color-scheme	2026-05-19 13:43:13 +02:00
colors.conf	add apply-theme.sh and colors.conf; copy both at install	2026-05-11 14:25:57 +02:00
decrypt.sh	fixed that warning en- and decrypt were throwing	2025-09-25 19:51:25 +02:00
encrypt.sh	fixed that warning en- and decrypt were throwing	2025-09-25 19:51:25 +02:00
etc-ly-config.ini	we switching to ly	2026-02-12 10:35:05 +01:00
readme.md	docs: update readme and docs for recent changes	2026-05-20 15:39:38 +02:00
readme.md.old	docs: replace readme with cliff notes and links to full docs	2026-05-18 16:00:30 +02:00
setup-creds-missing.sh	seahorse for key management	2026-01-15 10:47:14 +01:00
starship.toml	seahorse for key management	2026-01-15 10:47:14 +01:00
update-aur-onebyone.sh	add update-aur-onebyone.sh: update AUR packages sequentially	2026-05-15 15:27:07 +02:00
update.sh	aded noconfirm to update.sh	2025-09-26 14:44:19 +02:00
zshplugins.sh	added en- and decrypt scritps	2025-09-25 19:44:07 +02:00

readme.md

M-Archy Dotfiles

Arch Linux · Hyprland · Wayland · CyberQueer

Production-grade Arch Linux config for network administration, development, and gaming.

Quick Start

git clone https://git.abdelbaki.eu/The_miro/Dotfiles.git ~/Dotfiles
bash ~/Dotfiles/setup/tui-install.sh

The TUI installer covers: packages, desktop environment, optional apps, and colour palette. To add modules to an existing system: bash ~/Dotfiles/setup/install-modules.sh

Cliff Notes

Single source of truth for colours — edit colors.conf, run apply-theme.sh to propagate everywhere.
Answerfile — generate with setup/generate-answerfile.sh, place at /answerfile.json for a fully automated install. Passwords are never stored in it.
Hostname uniqueness — the MAC address of the primary NIC is appended automatically when an answerfile hostname is set (myhost → myhost-aabbccddee11).
LUKS encryption — backup key is auto-generated from /dev/urandom, enrolled in a second LUKS slot, written to /_LUKS_BACKUP_KEY (root-only, inside the encrypted container). Collected by Ansible and stored on the SMB ansipa-luks-keys share (KeyAdmin-only read access).
Custom ISO — setup/archiso/ builds a live USB that can embed a pre-baked answerfile for zero-touch deployment. The live environment also includes a System Reset mode that reinstalls the root subvolume while preserving home data and FIDO2 auth keys.
FreeIPA + Keycloak + Samba container — setup/modules/FreeipaAnsible/image/ ships a single docker compose up stack: FreeIPA for identity, Keycloak for OIDC, and Samba for scan-result and LUKS-key SMB shares. Host-group-driven policies (binary blocking, daemon enable/disable, daily scans, alert delivery) are enforced on enrolled clients every 30 minutes via Ansible-deployed timers.
Modular — core, shell, services, and desktop are independent components; pick only what you need.

Documentation

Full docs live in docs/md/ (Markdown) and docs/html/ (rendered).

Topic	Markdown	HTML
Overview & repo layout	index.md	index.html
Installation (TUI, answerfile, ISO)	installation.md	installation.html
Hyprland desktop	hyprland.md	hyprland.html
Theming & CyberQueer palette	theming.md	theming.html
Optional modules & app catalogue	modules.md	modules.html
Custom Archiso builder	archiso.md	archiso.html
FreeIPA, Ansible, Keycloak & SMB	freeipa-ansible.md	freeipa-ansible.html
Editors (Neovim, Micro, Yazi)	editors.md	editors.html
Utilities (encrypt, ClamAV, updates)	utilities.md	utilities.html

The old readme is preserved at readme.md.old.