Amir Alexander Abdelbaki
e7f251dde3
Previously the user password (and the LUKS passphrase for encrypted installs) were always prompted interactively, so an answerfile install could never be fully hands-free. Add optional "password" and "luks_password" answerfile fields: - arch-autoinstall.sh: read both via af_get; when present use them (chpasswd / cryptsetup --key-file=- with --batch-mode and stdin-piped luksAddKey auth), otherwise fall back to the interactive prompt. Empty/null/absent => prompt. - generate-answerfile.sh: replace the "passwords are never stored" notice with an optional confirmed-entry password prompt (and a LUKS one when encryption is enabled); emit both as JSON (null when declined). Secrets stored this way are plain text in the file (and world-readable once embedded in an ISO) — documented in the header; decline to keep prompting. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01R5kHioUMK3mtf2eiLEozCM |
||
|---|---|---|
| alot | ||
| clamav | ||
| desktopenvs | ||
| docs | ||
| git | ||
| gtk-themes/cyberqueer | ||
| micro | ||
| notes | ||
| nvim | ||
| nvim.old | ||
| qt-themes/deprecated/cyberqueer | ||
| resources | ||
| setup | ||
| spotify-tui | ||
| yazi | ||
| .bashrc | ||
| .gitignore | ||
| .vimrc | ||
| .zshrc | ||
| apply-theme.sh | ||
| colors.conf | ||
| create-webapp.sh | ||
| decrypt.sh | ||
| encrypt.sh | ||
| etc-ly-config.ini | ||
| readme.md | ||
| readme.md.old | ||
| setup-creds-missing.sh | ||
| starship.toml | ||
| sysupdate.sh | ||
| update-aur-onebyone.sh | ||
| update.sh | ||
| wgq-projekt.sh | ||
| zshplugins.sh | ||
readme.md
M-Archy Dotfiles
Arch Linux · Hyprland · Wayland · CyberQueer
Production-grade Arch Linux config for network administration, development, and gaming.
Quick Start
git clone https://git.abdelbaki.eu/The_miro/Dotfiles.git ~/Dotfiles
bash ~/Dotfiles/setup/tui-install.sh
The TUI installer covers: packages, desktop environment, optional apps, and colour palette.
To add modules to an existing system: bash ~/Dotfiles/setup/install-modules.sh
Cliff Notes
- Single source of truth for colours — edit
colors.conf, runapply-theme.shto propagate everywhere. - Answerfile — generate with
setup/generate-answerfile.sh, place at/answerfile.jsonfor a fully automated install. Passwords are never stored in it. - Hostname uniqueness — the MAC address of the primary NIC is appended automatically when an answerfile hostname is set (
myhost→myhost-aabbccddee11). - LUKS encryption — backup key is auto-generated from
/dev/urandom, enrolled in a second LUKS slot, written to/_LUKS_BACKUP_KEY(root-only, inside the encrypted container). Collected by Ansible and stored on the SMBansipa-luks-keysshare (KeyAdmin-only read access). - Custom ISO —
setup/archiso/builds a live USB that can embed a pre-baked answerfile for zero-touch deployment. The live environment also includes a System Reset mode that reinstalls the root subvolume while preserving home data and FIDO2 auth keys. - FreeIPA + Keycloak + Samba container —
setup/modules/FreeipaAnsible/image/ships a singledocker compose upstack: FreeIPA for identity, Keycloak for OIDC, and Samba for scan-result and LUKS-key SMB shares. Host-group-driven policies (binary blocking, daemon enable/disable, daily scans, alert delivery) are enforced on enrolled clients every 30 minutes via Ansible-deployed timers. - Modular — core, shell, services, and desktop are independent components; pick only what you need.
Documentation
Full docs live in docs/md/ (Markdown) and docs/html/ (rendered).
| Topic | Markdown | HTML |
|---|---|---|
| Overview & repo layout | index.md | index.html |
| Installation (TUI, answerfile, ISO) | installation.md | installation.html |
| Hyprland desktop | hyprland.md | hyprland.html |
| Theming & CyberQueer palette | theming.md | theming.html |
| Optional modules & app catalogue | modules.md | modules.html |
| Custom Archiso builder | archiso.md | archiso.html |
| FreeIPA, Ansible, Keycloak & SMB | freeipa-ansible.md | freeipa-ansible.html |
| Editors (Neovim, Micro, Yazi) | editors.md | editors.html |
| Utilities (encrypt, ClamAV, updates) | utilities.md | utilities.html |
The old readme is preserved at
readme.md.old.