Update .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_12-update-dom0, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_11-update-timezone, .local/share/chezmoi/system/etc/yum.repos.d/qubes-dom0.repo, .local/share/chezmoi/system/etc/qubes/repo-templates/qubes-templates.repo, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_13-install-official-templates, .local/share/chezmoi/home/.chezmoidata.yaml, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_14-ensure-minimal-vms-passwordless, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_15-install-unofficial-templates, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_16-update-template-vms, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_17-install-mirage-firewall, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_18-configure-sys-usb, .local/share/chezmoi/home/.chezmoiscripts/qubes/run_onchange_before_19-setup-sys-gui, .local/share/chezmoi/system/etc/grub.d/31-hold-shift, .local/share/chezmoi/system/etc/default/modify_grub, .local/share/chezmoi/system/.chezmoidata.yaml, .local/share/chezmoi/system/.chezmoiexternal.toml, .local/share/chezmoi/system/usr/share/run_onchange_after_setup-share-folder, .local/share/chezmoi/system/boot/efi/EFI/qubes/modify_grubenv, .local/share/chezmoi/system/etc/sddm.conf, .local/share/chezmoi/system/etc/modify_environment
This commit is contained in:
parent
55d460c491
commit
df13ca7758
20 changed files with 417 additions and 0 deletions
|
@ -846,3 +846,27 @@ softwarePlugins:
|
|||
- https://github.com/tpope/vim-sensible.git
|
||||
- https://github.com/tpope/vim-surround.git
|
||||
- https://github.com/nanotee/zoxide.vim.git
|
||||
qubes:
|
||||
mirageUrl: https://github.com/mirage/qubes-mirage-firewall/releases/latest/download/mirage-firewall.tar.bz2
|
||||
promptKeyboards: false
|
||||
provisionVM: provision
|
||||
templates:
|
||||
# - centos-8
|
||||
# - centos-8-minimal
|
||||
# - debian-10
|
||||
- debian-11
|
||||
- debian-11-minimal
|
||||
- fedora-32
|
||||
- fedora-36
|
||||
- fedora-36-minimal
|
||||
- fedora-36-xfce
|
||||
- fedora-37
|
||||
# - gentoo
|
||||
# - gentoo-minimal
|
||||
# - kali
|
||||
- whonix-gw-16
|
||||
- whonix-ws-16
|
||||
templatesUnofficial:
|
||||
- https://qubes.3isec.org/Templates_4.1/qubes-template-archlinux-4.0.6-202204171510.noarch.rpm
|
||||
- https://qubes.3isec.org/Templates_4.1/qubes-template-debian-12-4.0.6-202208292254.noarch.rpm
|
||||
- https://qubes.3isec.org/Templates_4.1/qubes-template-jammy-4.0.6-202205012228.noarch.rpm
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Update timezone
|
||||
logg info "Setting timezone to {{ .user.timezone }}"
|
||||
timedatectl set-timezone {{ .user.timezone }}
|
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Update dom0
|
||||
logg info 'Updating dom0 via `qubesctl`'
|
||||
sudo qubesctl --show-output state.sls update.qubes-dom0
|
||||
logg info 'Updating dom0 via `qubes-dom0-update`'
|
||||
sudo qubes-dom0-update --clean -y
|
||||
|
||||
### Ensure sys-whonix is running
|
||||
logg info 'Ensuring `sys-whonix` is running'
|
||||
qvm-start sys-whonix --skip-if-running
|
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Ensure Qubes templates exist and download if they are not present
|
||||
for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" }}; do
|
||||
if [ ! -f "/var/lib/qubes/vm-templates/$TEMPLATE" ]; then
|
||||
logg info "Installing $TEMPLATE"
|
||||
sudo qubes-dom0-update "qubes-template-$TEMPLATE"
|
||||
fi
|
||||
done
|
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Ensure Qubes minimal templates have passwordless sudo
|
||||
for TEMPLATE of {{ .qubes.templates | toString | replace "[" "" | replace "]" "" }}; do
|
||||
if [[ "$TEMPLATE" == *'-minimal' ]]; then
|
||||
if [[ "$TEMPLATE" == 'debian'* ]] || [[ "$TEMPLATE" == 'ubuntu'* ]]; then
|
||||
logg info "Installing qubes-core-agent-passwordless-root on $TEMPLATE"
|
||||
qvm-run -u root "$TEMPLATE" apt-get update
|
||||
qvm-run -u root "$TEMPLATE" apt-get install -y qubes-core-agent-passwordless-root
|
||||
elif [[ "$TEMPLATE" == 'fedora'* ]]; then
|
||||
logg info "Installing qubes-core-agent-passwordless-root on $TEMPLATE"
|
||||
qvm-run -u root "$TEMPLATE" dnf install -y qubes-core-agent-passwordless-root
|
||||
fi
|
||||
fi
|
||||
done
|
|
@ -0,0 +1,21 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Ensure unofficial templates are installed
|
||||
for TEMPLATE_URL of {{ .qubes.templatesUnofficial | toString | replace "[" "" | replace "]" "" }}; do
|
||||
logg info "Template URL: $TEMPLATE_URL"
|
||||
TEMPLATE="$(echo "$TEMPLATE_URL" | sed 's/^.*\/\(.*\)-\d+.\d+.\d+-\d+.noarch.rpm$/\1/')"
|
||||
logg info "Template: $TEMPLATE"
|
||||
FILE="$(echo "$TEMPLATE_URL" | sed 's/^.*\/\(.*-\d+.\d+.\d+-\d+.noarch.rpm\)$/\1/')"
|
||||
logg info "File: $FILE"
|
||||
if [ ! -f "/var/lib/qubes/vm-templates/$TEMPLATE" ]; then
|
||||
logg info "Downloading the unofficial $TEMPLATE TemplateVM via {{ .qubes.provisionVM }}"
|
||||
qvm-run --pass-io "{{ .qubes.provisionVM }}" "curl -sSL "$TEMPLATE_URL" -o "/home/Downloads/$FILE""
|
||||
logg info "Transferring the image to dom0"
|
||||
qvm-run --pass-io "{{ .qubes.provisionVM }}" "cat /home/Downloads/$FILE" > "/tmp/$FILE"
|
||||
logg info "Installing the TemplateVM via dnf"
|
||||
sudo dnf install --nogpgcheck "/tmp/$FILE"
|
||||
rm -f "/tmp/$FILE"
|
||||
else
|
||||
logg info "$TEMPLATE is already installed"
|
||||
fi
|
||||
done
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Update TemplateVMs
|
||||
logg info 'Updating TemplateVMs via `qubesctl`'
|
||||
timeout 900 qubesctl --show-output --skip-dom0 --templates state.sls update.qubes-vm
|
|
@ -0,0 +1,21 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Ensure mirage-firewall kernel folder setup
|
||||
if [ ! -d /var/lib/qubes/vm-kernels/mirage-firewall ]; then
|
||||
logg info 'Creating the /var/lib/qubes/vm-kernels/mirage-firewall directory'
|
||||
sudo mkdir -p /var/lib/qubes/vm-kernels/mirage-firewall
|
||||
fi
|
||||
|
||||
### Install the mirage-firewall kernel
|
||||
if [ ! -f /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz ]; then
|
||||
logg info 'Downloading the pre-compiled mirage firewall kernel in the {{ .qubes.provisionVM }} VM'
|
||||
qvm-run provision 'curl -sSL {{ .qubes.mirageUrl }} > ~/Downloads/mirage-firewall.tar.gz && tar xjf ~/Downloads/mirage-firewall.tar.gz -C ~/Downloads'
|
||||
logg info 'Transferring mirage-firewall kernel to dom0 from the {{ .qubes.provisionVM }} VM'
|
||||
qvm-run --pass-io {{ .qubes.provisionVM }} 'cat /home/user/Downloads/mirage-firewall/vmlinuz' > /var/lib/qubes/vm-kernels/mirage-firewall/vmlinuz
|
||||
fi
|
||||
|
||||
### Create dummy initrmfs for the mirage-firewall kernel
|
||||
if [ ! -f/var/lib/qubes/vm-kernels/mirage-firewall/initramfs ]; then
|
||||
logg info 'Adding dummy initrmfs file to the mirage-firewall kernel folder'
|
||||
gzip -n9 < /dev/null > /var/lib/qubes/vm-kernels/mirage-firewall/initramfs
|
||||
fi
|
|
@ -0,0 +1,24 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Enable sys-usb
|
||||
logg info 'Modifying Salt configuration to be able to enable sys-usb'
|
||||
qubesctl top.enabled pillar=True || EXIT_CODE=$?
|
||||
qubesctl state.highstate || EXIT_CODE=$?
|
||||
logg info 'Ensuring sys-net-as-usbvm is removed'
|
||||
qubesctl top.disable qvm.sys-net-as-usbvm pillar=True || EXIT_CODE=$?
|
||||
logg info 'Ensuring sys-usb is setup and that it is properly configured with the keyboard'
|
||||
qubesctl state.sls qvm.usb-keyboard
|
||||
|
||||
### Configure USB keyboard settings
|
||||
if [ "{{ .qubes.promptKeyboards }}" = 'true' ]; then
|
||||
logg info 'Ensure USB keyboards are only allows to connect after prompt is answered'
|
||||
logg warn 'This can potentially lock you out if all you have are USB keyboards'
|
||||
echo "sys-usb dom0 ask,user=root,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputKeyboard
|
||||
else
|
||||
logg info 'Ensuring USB keyboards can connect without a prompt'
|
||||
echo "sys-usb dom0 allow,user=root" | sudo tee /etc/qubes-rpc/policy/qubes.InputKeyboard
|
||||
fi
|
||||
|
||||
### Configure USB mouse settings
|
||||
logg info 'Ensuring newly connected USB mouse devices are only allowed to connect after a prompt is accepted'
|
||||
echo "sys-usb dom0 ask,default_target=dom0" | sudo tee /etc/qubes-rpc/policy/qubes.InputMouse
|
|
@ -0,0 +1,26 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Enables sys-gui-gpu
|
||||
enableSysGUIGPU() {
|
||||
logg info 'Enabling `sys-gui-gpu`'
|
||||
qubesctl top.enable qvm.sys-gui-gpu
|
||||
qubesctl top.enable qvm.sys-gui-gpu pillar=True
|
||||
qubesctl --all state.highstate
|
||||
qubesctl top.disable qvm.sys-gui-gpu
|
||||
}
|
||||
|
||||
### Enable appropriate sys-gui
|
||||
if qvm-pci list | grep 'VGA compatible controller' | grep 'Intel'; else
|
||||
logg info 'An Intel GPU was detected'
|
||||
enableSysGUIGPU
|
||||
logg info 'Attaching Intel GPU PCI devices to sys-gui-gpu'
|
||||
qubesctl state.sls qvm.sys-gui-gpu-attach-gpu
|
||||
elif qvm-pci list | grep 'VGA compatible controller' | grep 'NVIDIA'; then
|
||||
logg info 'An NVIDIA GPU was detected'
|
||||
enableSysGUIGPU
|
||||
logg info 'Attaching NVIDIA GPU PCI devices to sys-gui-gpu'
|
||||
for ID of "$(qvm-pci list | grep 'NVIDIA' | sed 's/^\([^ ]*\).*/\1/')"; do
|
||||
logg info "Attaching PCI device with ID of $ID"
|
||||
qvm-pci attach sys-gui-gpu "$ID" --persistent -o permissive=true
|
||||
done
|
||||
fi
|
4
.local/share/chezmoi/system/.chezmoidata.yaml
Normal file
4
.local/share/chezmoi/system/.chezmoidata.yaml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
grub:
|
||||
shiftToSeeMenu: false
|
||||
theme: Betelgeuse
|
|
@ -1,9 +1,98 @@
|
|||
{{- if not .host.headless }}
|
||||
## Betelgeuse Theme
|
||||
["/usr/local/src/betelgeuse"]
|
||||
type = "git-repo"
|
||||
url = "https://gitlab.com/megabyte-labs/misc/betelgeuse.git"
|
||||
clone.args = ["--depth", "1"]
|
||||
pull.args = ["--ff-only"]
|
||||
|
||||
### Hack Nerd Font Download
|
||||
{{- $refreshPeriod := "4800h" }}
|
||||
{{- $fontDir := "" }}
|
||||
{{- $fontUrlBase := "https://github.com/ryanoasis/nerd-fonts/raw/master/patched-fonts/Hack"}}
|
||||
{{- if eq .host.distro.family "darwin" }}
|
||||
{{- $fontDir = "/Library/Fonts" }}
|
||||
{{- else if eq .host.distro.family "linux" }}
|
||||
{{- $fontDir = "/usr/local/share/fonts" }}
|
||||
{{- else if eq .host.distro.family "windows" }}
|
||||
{{- $fontDir = "TODOWindows/Fonts" }}
|
||||
{{- end }}
|
||||
["{{ $fontDir }}/Hack-Regular-Nerd-Font.ttf"]
|
||||
type = "file"
|
||||
url = "{{ $fontUrlBase }}/Regular/complete/Hack%20Regular%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/Hack-Bold-Nerd-Font.ttf"]
|
||||
type = "file"
|
||||
url = "{{ $fontUrlBase }}/Bold/complete/Hack%20Bold%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/Hack-Italic-Nerd-Font.ttf"]
|
||||
type = "file"
|
||||
url = "{{ $fontUrlBase }}/Italic/complete/Hack%20Italic%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/Hack-Bold-Italic-Nerd-Font.ttf"]
|
||||
type = "file"
|
||||
url = "{{ $fontUrlBase }}/BoldItalic/complete/Hack%20Bold%20Italic%20Nerd%20Font%20Complete{{if eq .host.distro.family "windows"}}%20Windows%20Compatible{{end}}.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
|
||||
### Montserrat Font Download
|
||||
{{- $fontUrlBase := "https://github.com/JulietaUla/Montserrat/raw/master/fonts/ttf/Montserrat-"}}
|
||||
{{- $fonts := list "Black" "BlackItalic" "Bold" "BoldItalic" "ExtraBold" "ExtraBoldItalic" "ExtraLight" "ExtraLightItalic" "Italic" "Light" "LightItalic" "Medium" "MediumItalic" "Regular" "SemiBold" "SemiBoldItalic" "Thin" "ThinItalic" }}
|
||||
{{- range $font := $fonts }}
|
||||
["{{ $fontDir }}/Montserrat-{{ $font }}.ttf"]
|
||||
type = "file"
|
||||
url = "{{ $fontUrlBase }}{{ $font }}.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
{{- end }}
|
||||
|
||||
### ZillaSlab Font Download
|
||||
{{- $fontUrlBase := "https://github.com/typotheque/zilla-slab/raw/master/fonts_TTF/ZillaSlab"}}
|
||||
{{- $fonts := list "-Bold" "-BoldItalic" "-Italic" "-Light" "-LightItalic" "-Medium" "-MediumItalic" "-Regular" "-SemiBold" "-SemiBoldItalic" "Highlight-Bold" "Highlight-Regular" }}
|
||||
{{- range $font := $fonts }}
|
||||
["{{ $fontDir }}/ZillaSlab{{ $font }}.ttf"]
|
||||
type = "file"
|
||||
url = "{{ $fontUrlBase }}{{ $font }}.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
{{- end }}
|
||||
|
||||
### Rofi Fonts
|
||||
["{{ $fontDir }}/GrapeNuts-Regular.ttf"]
|
||||
type = "file"
|
||||
url = "https://github.com/adi1090x/rofi/raw/master/fonts/GrapeNuts-Regular.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/Icomoon-Feather.ttf"]
|
||||
type = "file"
|
||||
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Icomoon-Feather.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/Iosevka-Nerd-Font-Complete.ttf"]
|
||||
type = "file"
|
||||
url = "https://github.com/adi1090x/rofi/raw/master/fonts/Iosevka-Nerd-Font-Complete.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/JetBrains-Mono-Nerd-Font-Complete.ttf"]
|
||||
type = "file"
|
||||
url = "https://github.com/adi1090x/rofi/raw/master/fonts/JetBrains-Mono-Nerd-Font-Complete.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
|
||||
### Miscellaneous Fonts Download
|
||||
["{{ $fontDir }}/FontAwesome.ttf"]
|
||||
type = "file"
|
||||
# Source URL
|
||||
url = "https://github.com/VermiumSifell/dotfiles/raw/main/dot_local/share/fonts/fontawesome.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
["{{ $fontDir }}/Weather-Icons.ttf"]
|
||||
type = "file"
|
||||
# Source URL
|
||||
url = "https://github.com/VermiumSifell/dotfiles/raw/main/dot_local/share/fonts/weathericons.ttf"
|
||||
refreshPeriod = "{{ $refreshPeriod }}"
|
||||
{{- end }}
|
||||
|
||||
### NGINX
|
||||
["/etc/nginx"]
|
||||
type = "git-repo"
|
||||
url = "https://gitlab.com/megabyte-labs/cloud/nginx-configs.git"
|
||||
clone.args = ["--depth", "1"]
|
||||
pull.args = ["--ff-only"]
|
||||
|
||||
### Rundeck
|
||||
["/var/lib/rundeck/libext/ansible-plugin-3.2.2.jar"]
|
||||
type = "file"
|
||||
url = "https://github.com/rundeck-plugins/ansible-plugin/releases/download/v3.2.2/ansible-plugin-3.2.2.jar"
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
logg info 'Copying /boot/grub2/grubenv to /boot/efi/EFI/qubes/grubenv'
|
||||
sudo cp -f /boot/grub2/grubenv /boot/efi/EFI/qubes/grubenv
|
54
.local/share/chezmoi/system/etc/default/modify_grub
Normal file
54
.local/share/chezmoi/system/etc/default/modify_grub
Normal file
|
@ -0,0 +1,54 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
SCREEN_WIDTH="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f1)"
|
||||
SCREEN_HEIGHT="$(xrandr --current | grep '*' | uniq | awk '{print $1}' | cut -d 'x' -f2)"
|
||||
SCREEN_RATIO="$(awk -v height={{ screen_height.stdout }} -v width={{ screen_width.stdout }} 'BEGIN { print ((height / width) * 1000) }')"
|
||||
SCREEN_RATIO="${SCREEN_RATIO%.*}"
|
||||
SCREEN_RATIO_ULTRAWIDE="2100"
|
||||
GRUB_RESOLUTION_TYPE="1080p"
|
||||
|
||||
### Determine if screen is ultrawide
|
||||
if (( $(echo "$SCREEN_RATIO $SCREEN_RATIO_ULTRAWIDE" | awk '{print ($1 > $2)}') )); then
|
||||
GRUB_RESOLUTION_TYPE="ultrawide"
|
||||
fi
|
||||
|
||||
### Optimize the GRUB resolution
|
||||
logg info 'Optimizing the GRUB resolution'
|
||||
if cat /etc/default/grub | grep GRUB_GFX_MODE; then
|
||||
sudo sed -i '/.*GRUB_GFXMODE.*/GRUB_GFXMODE=auto/' /etc/default/grub
|
||||
else
|
||||
echo "GRUB_GFXMODE=auto" | sudo tee -a /etc/default/grub
|
||||
fi
|
||||
|
||||
### Add GRUB_GFXPAYLOAD_LINUX=keep
|
||||
logg info 'Ensuring GRUB_GFXPAYLOAD_LINUX is set to keep'
|
||||
if cat /etc/default/grub | grep GRUB_GFXPAYLOAD_LINUX; then
|
||||
sudo sed -i '/.*GRUB_GFXPAYLOAD_LINUX.*/GRUB_GFXPAYLOAD_LINUX="keep"/' /etc/default/grub
|
||||
else
|
||||
echo 'GRUB_GFXPAYLOAD_LINUX="keep"' | sudo tee -a /etc/default/grub
|
||||
fi
|
||||
|
||||
### Set GRUB theme
|
||||
logg info "Setting GRUB2 theme to {{ .theme }}-$GRUB_RESOLUTION_TYPE"
|
||||
if cat /etc/default/grub | grep GRUB_THEME; then
|
||||
sudo sed -i '/.*GRUB_THEME.*/GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"/' /etc/default/grub
|
||||
else
|
||||
echo 'GRUB_THEME="{{ .theme }}-'"$GRUB_RESOLUTION_TYPE"'"' | sudo tee -a /etc/default/grub
|
||||
fi
|
||||
|
||||
### Set GRUB background
|
||||
logg info 'Set GRUB background to prevent FOUC'
|
||||
if cat /etc/default/grub | grep GRUB_BACKGROUND; then
|
||||
sudo sed -i '/.*GRUB_BACKGROUND.*/GRUB_BACKGROUND="/usr/local/share/grub/{{ .theme }}-blue.png"/' /etc/default/grub
|
||||
else
|
||||
echo 'GRUB_BACKGROUND="/usr/local/share/grub/{{ .theme }}-blue.png"' | sudo tee -a /etc/default/grub
|
||||
fi
|
||||
|
||||
### Configure Shift to see menu feature
|
||||
logg info 'Configuring Shift to see GRUB2 menu feature'
|
||||
sed -i '/GRUB_FORCE_HIDDEN_MENU/d' /etc/default/grub
|
||||
echo "GRUB_FORCE_HIDDEN_MENU={{ .grub.shiftToSeeMenu }}" > /etc/default/grub
|
||||
|
||||
### Remove duplicate lines
|
||||
logg info 'Ensuring there are no duplicate entries in /etc/default/grub'
|
||||
cat /etc/default/grub | uniq -u | sudo tee /etc/default/grub
|
9
.local/share/chezmoi/system/etc/modify_environment
Normal file
9
.local/share/chezmoi/system/etc/modify_environment
Normal file
|
@ -0,0 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
### Ensure QT_STYLE_OVERRIDE is set in /etc/environment
|
||||
logg info 'Ensuring QT_STYLE_OVERRIDE is set in /etc/environment'
|
||||
if cat /etc/environment | grep QT_STYLE_OVERRIDE; then
|
||||
sudo sed -i '/.*QT_STYLE_OVERRIDE.*/export QT_STYLE_OVERRIDE=kvantum-dark/' /etc/environment
|
||||
else
|
||||
echo 'export QT_STYLE_OVERRIDE=kvantum-dark' | sudo tee -a /etc/environment
|
||||
fi
|
|
@ -0,0 +1,41 @@
|
|||
[qubes-templates-itl]
|
||||
name = Qubes Templates repository
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/templates-itl
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-itl
|
||||
metalink = https://yum.qubes-os.org/r$releasever/templates-itl/repodata/repomd.xml.metalink
|
||||
enabled = 1
|
||||
fastestmirror = 1
|
||||
metadata_expire = 7d
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-primary
|
||||
|
||||
[qubes-templates-itl-testing]
|
||||
name = Qubes Templates repository
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/templates-itl-testing
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-itl-testing
|
||||
metalink = https://yum.qubes-os.org/r$releasever/templates-itl-testing/repodata/repomd.xml.metalink
|
||||
enabled = 1
|
||||
fastestmirror = 1
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-primary
|
||||
|
||||
[qubes-templates-community]
|
||||
name = Qubes Community Templates repository
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/templates-community
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-community
|
||||
metalink = https://yum.qubes-os.org/r$releasever/templates-community/repodata/repomd.xml.metalink
|
||||
enabled = 1
|
||||
fastestmirror = 1
|
||||
metadata_expire = 7d
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-templates-community
|
||||
|
||||
[qubes-templates-community-testing]
|
||||
name = Qubes Community Templates repository
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/templates-community-testing
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/templates-community-testing
|
||||
metalink = https://yum.qubes-os.org/r$releasever/templates-community-testing/repodata/repomd.xml.metalink
|
||||
enabled = 1
|
||||
fastestmirror = 1
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/qubes/repo-templates/keys/RPM-GPG-KEY-qubes-$releasever-templates-community
|
0
.local/share/chezmoi/system/etc/sddm.conf
Normal file
0
.local/share/chezmoi/system/etc/sddm.conf
Normal file
42
.local/share/chezmoi/system/etc/yum.repos.d/qubes-dom0.repo
Normal file
42
.local/share/chezmoi/system/etc/yum.repos.d/qubes-dom0.repo
Normal file
|
@ -0,0 +1,42 @@
|
|||
[qubes-dom0-current]
|
||||
name = Qubes Dom0 Repository (updates)
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/fc32
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current/dom0/fc32
|
||||
metalink = https://yum.qubes-os.org/r$releasever/current/dom0/fc32/repodata/repomd.xml.metalink
|
||||
skip_if_unavailable=False
|
||||
enabled = 1
|
||||
metadata_expire = 6h
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
|
||||
|
||||
[qubes-dom0-current-testing]
|
||||
name = Qubes Dom0 Repository (updates-testing)
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/current-testing/dom0/fc32
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current-testing/dom0/fc32
|
||||
metalink = https://yum.qubes-os.org/r$releasever/current-testing/dom0/fc32/repodata/repomd.xml.metalink
|
||||
skip_if_unavailable=False
|
||||
enabled = 1
|
||||
metadata_expire = 6h
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
|
||||
|
||||
[qubes-dom0-security-testing]
|
||||
name = Qubes Dom0 Repository (security-testing)
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/security-testing/dom0/fc32
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/security-testing/dom0/fc32
|
||||
metalink = https://yum.qubes-os.org/r$releasever/security-testing/dom0/fc32/repodata/repomd.xml.metalink
|
||||
skip_if_unavailable=False
|
||||
enabled = 1
|
||||
metadata_expire = 6h
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-primary
|
||||
|
||||
[qubes-dom0-unstable]
|
||||
name = Qubes Dom0 Repository (unstable)
|
||||
#baseurl = https://yum.qubes-os.org/r$releasever/unstable/dom0/fc32
|
||||
#baseurl = http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/unstable/dom0/fc32
|
||||
metalink = https://yum.qubes-os.org/r$releasever/unstable/dom0/fc32/repodata/repomd.xml.metalink
|
||||
skip_if_unavailable=False
|
||||
enabled = 0
|
||||
gpgcheck = 1
|
||||
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-qubes-$releasever-unstable
|
|
@ -0,0 +1,13 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
logg info 'Ensure /usr/local/share/grub/themes is a directory'
|
||||
sudo mkdir -p /usr/local/share/grub/themes
|
||||
|
||||
logg info 'Copy GRUB theme to /usr/local/share/grub/themes'
|
||||
cp -rf /usr/local/src/{{ .theme }}/share/grub/themes/ /usr/local/share/grub/themes
|
||||
|
||||
logg info 'Ensure /boot/grub2/themes is a directory'
|
||||
sudo mkdir -p /boot/grub2/themes
|
||||
|
||||
logg info 'Copy GRUB themes to /boot/grub2/themes'
|
||||
sudo cp -rf /usr/local/share/grub/themes/ /boot/grub2/themes
|
Loading…
Reference in a new issue