ai-conf

#!/usr/bin/env bash

source "${0%/*}/ai-funcs"

################################################################################
# Here are more global variables to share amongst functions
################################################################################
declare -r TITLEBAR="AI CONFIGURATION"

declare -ra PORTLIST=(
       21_ftp
       22_ssh
       23_telnet
       25_smtp
       53_dns
       69_tftp
       70_gopher
       80_http
       88_kerberos5
      110_pop3
      123_ntp
  137:139_netbios
      143_imap
  161:162_snmp
      194_irc
      389_ldap
      443_https
      445_smb
      465_smtps
      587_starttls
      636_ldaps
      749_kerberos-adm
      750_kerberos4
      873_rsync
      992_telnets
      993_imaps
      994_ircs
      995_pop3s
     1900_upnp
     2049_nfsd
     3478_stun
     8200_dlna-webgui
     8384_syncthing-webgui
    20048_nfs-acl
    21027_syncthing-discovery
    22000_syncthing-listen
    64738_murmur
  )

################################################################################
# Overly-cautious verification of required binaries
################################################################################

for CMD in arch-chroot cp curl date env genfstab head ip ln localedef pacman-key \
  passwd paste readlink rename stat systemctl tail tar useradd usermod; do
    BIN["${CMD}"]="$(GET_COMMAND "${CMD}")" || ERR_LIST+="CRIT: Couldn't find ${CMD}\n"
done

CHECK_FOR_FAILURE_POINTS

function CONVERT_NETMASK {
  case "${1}" in
                    0) echo '0.0.0.0';;
                    1) echo '128.0.0.0';;
                    2) echo '192.0.0.0';;
                    3) echo '244.0.0.0';;
                    4) echo '240.0.0.0';;
                    5) echo '248.0.0.0';;
                    6) echo '252.0.0.0';;
                    7) echo '254.0.0.0';;
                    8) echo '255.0.0.0';;
                    9) echo '255.128.0.0';;
                   10) echo '255.192.0.0';;
                   11) echo '255.244.0.0';;
                   12) echo '255.240.0.0';;
                   13) echo '255.248.0.0';;
                   14) echo '255.252.0.0';;
                   15) echo '255.254.0.0';;
                   16) echo '255.255.0.0';;
                   17) echo '255.255.128.0';;
                   18) echo '255.255.192.0';;
                   19) echo '255.255.244.0';;
                   20) echo '255.255.240.0';;
                   21) echo '255.255.248.0';;
                   22) echo '255.255.252.0';;
                   23) echo '255.255.254.0';;
                   24) echo '255.255.255.0';;
                   25) echo '255.255.255.128';;
                   26) echo '255.255.255.192';;
                   27) echo '255.255.255.244';;
                   28) echo '255.255.255.240';;
                   29) echo '255.255.255.248';;
                   30) echo '255.255.255.252';;
                   31) echo '255.255.255.254';;
                   32) echo '255.255.255.255';;
            '0.0.0.0') echo '0';;
          '128.0.0.0') echo '1';;
          '192.0.0.0') echo '2';;
          '244.0.0.0') echo '3';;
          '240.0.0.0') echo '4';;
          '248.0.0.0') echo '5';;
          '252.0.0.0') echo '6';;
          '254.0.0.0') echo '7';;
          '255.0.0.0') echo '8';;
        '255.128.0.0') echo '9';;
        '255.192.0.0') echo '10';;
        '255.244.0.0') echo '11';;
        '255.240.0.0') echo '12';;
        '255.248.0.0') echo '13';;
        '255.252.0.0') echo '14';;
        '255.254.0.0') echo '15';;
        '255.255.0.0') echo '16';;
      '255.255.128.0') echo '17';;
      '255.255.192.0') echo '18';;
      '255.255.244.0') echo '19';;
      '255.255.240.0') echo '20';;
      '255.255.248.0') echo '21';;
      '255.255.252.0') echo '22';;
      '255.255.254.0') echo '23';;
      '255.255.255.0') echo '24';;
    '255.255.255.128') echo '25';;
    '255.255.255.192') echo '26';;
    '255.255.255.244') echo '27';;
    '255.255.255.240') echo '28';;
    '255.255.255.248') echo '29';;
    '255.255.255.252') echo '30';;
    '255.255.255.254') echo '31';;
    '255.255.255.255') echo '32';;
  esac
}

function USE_PRIVILEGE {
  # This is just a wrapper so you don't have to type "${BIN[sudo]}" all the time
  GET_PRIVILEGE && "${BIN[sudo]}" "${@}" || return 1
}

function FIND_EDITOR {
  # Respect the user's preference, but if not specicified,
  # try to find one in order from 'easiest' to 'hardest'.
  if   [[ -n ${EDITOR}       ]]; then command -v "${EDITOR}"
  elif [[ -e /bin/nano       ]]; then echo '/bin/nano'
  elif [[ -e /usr/bin/mcedit ]]; then echo '/usr/bin/mcedit'
  elif [[ -e /usr/bin/dte    ]]; then echo '/usr/bin/dte'
  elif [[ -e /usr/bin/kak    ]]; then echo '/usr/bin/kak'
  elif [[ -e /usr/bin/helix  ]]; then echo '/usr/bin/helix'
  elif [[ -e /usr/bin/nvim   ]]; then echo '/usr/bin/nvim'
  elif [[ -e /usr/bin/vis    ]]; then echo '/usr/bin/vis'
  elif [[ -e /usr/bin/vim    ]]; then echo '/usr/bin/vim'
  elif [[ -e /usr/bin/vi     ]]; then echo '/usr/bin/vi'
  elif [[ -e /usr/bin/e3     ]]; then echo '/usr/bin/e3'
  fi
}

################################################################################
# Function that retrieve configuration settings
################################################################################

function GET_DEFAULT_EDITOR {
  # NOTE: This concerns the EDITOR environment variable in the chroot.
  RETVALUE="$("${BIN[grep]}" -hRs 'export\s*EDITOR=' "${OSCHROOT}/etc/profile.d" | \
    "${BIN[cut]}" -d= -f2)"
  [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[not set]'
}

function GET_FAIL2BAN_SSHD {
  local CFG_FILE="${OSCHROOT}/etc/fail2ban/jail.d/sshd.local"
  if [[ -e "${CFG_FILE}" ]]; then
    local MAXRETRY="$("${BIN[grep]}" 'maxretry' "${CFG_FILE}" | "${BIN[cut]}" -d= -f2 | "${BIN[tr]}" -d ' ')"
    local FINDTIME="$("${BIN[grep]}" 'findtime' "${CFG_FILE}" | "${BIN[cut]}" -d= -f2 | "${BIN[tr]}" -d ' ')"
    local BAN_TIME="$("${BIN[grep]}" 'bantime' "${CFG_FILE}" | "${BIN[cut]}" -d= -f2 | "${BIN[tr]}" -d ' ')"
    local IGNOREIP="$("${BIN[grep]}" 'ignoreip' "${CFG_FILE}" | "${BIN[cut]}" -d= -f2 | "${BIN[sed]}" 's/^\s\+//g')"
    printf 'Ban for %s after %s failures within %s, ignoring %s' "${BAN_TIME}" "${MAXRETRY}" "${FINDTIME}" "${IGNOREIP}"
  else
    echo '[no config]'
  fi
}

function GET_RESOLV_LINK {
  "${BIN[readlink]}" "${OSCHROOT}/etc/resolv.conf"
}

function GET_HOSTS {
  local RETVALUE
  RETVALUE="$("${BIN[grep]}" -v '^\s*#\|^\s*$' "${OSCHROOT}/etc/hosts" | \
    "${BIN[sed]}" 's/\s\+[0-9a-z-]*\.[0-9a-z-]*\.[0-9a-z-]*/ /g;s/\s\+$//g;s/\s\+/ = /g' | \
    "${BIN[tr]}" '\n' ',' | "${BIN[sed]}" 's/,$//g;s/,/, /g')"
  [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[not set]'
}

function GET_IPTABLES_PORTS_CLOSED_GLOBALLY {
  "${BIN[grep]}" 'OUTPUT.*DROP' "${OSCHROOT}/etc/iptables/iptables.rules" | \
  "${BIN[sed]}" 's/.*--dport \([0-9]\+\) .*/\1/g' | \
  "${BIN[sort]}" -un | "${BIN[paste]}" -d\  -s
}

function GET_IPTABLES_PORTS_OPEN_GLOBALLY {
  "${BIN[grep]}" -- '--dport\s\+[0-9]\+.*ACCEPT' "${OSCHROOT}/etc/iptables/iptables.rules" | \
  "${BIN[grep]}" -v -- '-s [a-z.]\+\|-d [0-9./]\{9,18\}' | \
  "${BIN[sed]}" 's/.*--dport \([0-9]\+\) .*/\1/g' | \
  "${BIN[sort]}" -un | "${BIN[paste]}" -d\  -s
}

function GET_LANGUAGES {
  "${BIN[grep]}" -v '^\s*#' "${OSCHROOT}/etc/locale.gen" | \
    "${BIN[sed]}" 's/^\s*\([a-z]\{2,3\}\)_.*\.UTF-8 UTF-8.*/\1/g;' | \
    "${BIN[sort]}" -u | "${BIN[paste]}" -d\  -s
}

function GET_LOCAL_DOMAIN {
  "${BIN[grep]}" 'Domains=' "${OSCHROOT}/etc/systemd/resolved.conf" | "${BIN[cut]}" -d= -f2
}

function GET_LOCALES {
  [[ -n ${1} ]] && LOCALES="$("${BIN[grep]}" -s "^\#*\(${1// /\\|}\).*\.UTF-8 UTF-8" "${OSCHROOT}/etc/locale.gen")"
  [[ -z ${1} ]] && LOCALES="$("${BIN[grep]}" -s "^[a-z].*\.UTF-8 UTF-8" "${OSCHROOT}/etc/locale.gen")"
  if [[ -z ${1} ]] && [[ -z ${LOCALES} ]]; then
    echo '[none selected]'
  else
    "${BIN[sed]}" 's/\.UTF-8 UTF-8.*//g;' <<< "${LOCALES}" | "${BIN[paste]}" -d\  -s
  fi
}

function GET_LOCALE_COLLATION {
  if [[ -e "${OSCHROOT}/etc/locale.conf" ]]; then
    "${BIN[grep]}" -s LC_COLLATE "${OSCHROOT}/etc/locale.conf" | "${BIN[cut]}" -d= -f2
  else
    echo '[no config]'
  fi
}

function GET_LOCALE_MESSAGES {
  if [[ -e "${OSCHROOT}/etc/locale.conf" ]]; then
    "${BIN[grep]}" -s LC_MESSAGES "${OSCHROOT}/etc/locale.conf" | "${BIN[cut]}" -d= -f2
  else
    echo '[no config]'
  fi
}

function GET_MKINITCPIO_COMPRESSION {
  local COMPTYPE
  COMPTYPE=$("${BIN[grep]}" '^\s*COMPRESSION=' "${OSCHROOT}/etc/mkinitcpio.conf" | "${BIN[cut]}" -d\" -f2)
  echo "${COMPTYPE:-zstd}"
}

function GET_MKINITCPIO_HOOKS {
  "${BIN[grep]}" '^\s*HOOKS=' "${OSCHROOT}/etc/mkinitcpio.conf" | "${BIN[sed]}" 's/.*(\(.*\)).*/\1/g'
}

function GET_MKINITCPIO_MODULES {
  local RETVALUE
  RETVALUE="$("${BIN[grep]}" '^\s*MODULES=' "${OSCHROOT}/etc/mkinitcpio.conf" | \
    "${BIN[sed]}" 's/.*(\(.*\)).*/\1/g')"
  [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[none]'
}

function GET_NANORC_COLORS {
  local WHOHASIT

  "${BIN[grep]}" -q '^\s*set [a-z]\+color [a-z,]\+' "${OSCHROOT}/etc/nanorc" && WHOHASIT+='Set globally '
  USE_PRIVILEGE "${BIN[grep]}" -qsR '^\s*set [a-z]\+color [a-z,]\+' "${OSCHROOT}/root/.nanorc" && WHOHASIT+='and by root '
  USE_PRIVILEGE "${BIN[grep]}" -qsR '^\s*set [a-z]\+color [a-z,]\+' "${OSCHROOT}/root/.config/nano/nanorc" && WHOHASIT+='and by root '
  for USERHOME in "${OSCHROOT}"/home/*; do
    USE_PRIVILEGE "${BIN[grep]}" -qsR '^\s*set [a-z]\+color [a-z,]\+' "${USERHOME}/.nanorc" && WHOHASIT+="and by ${USERHOME##*\/} "
    USE_PRIVILEGE "${BIN[grep]}" -qsR '^\s*set [a-z]\+color [a-z,]\+' "${USERHOME}/.config/nano/nanorc" && WHOHASIT+="and by ${USERHOME##*\/} "
  done
  [[ -n ${WHOHASIT} ]] && echo "${WHOHASIT% }" || echo '[not set]'
}

function GET_NANORC_INCLUDES {
  local RETVALUE="$("${BIN[grep]}" '^\s*include' "${OSCHROOT}/etc/nanorc" | \
    "${BIN[cut]}" -d\  -f2 | "${BIN[tr]}" -d '"' | "${BIN[paste]}" -d,  -s | \
    "${BIN[sed]}" 's/,/, /g')"
  [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[none]'
}

function GET_NANORC_OPTIONS {
  local NANOOPTS CFG_FILE="${OSCHROOT}/etc/nanorc"

  if [[ -e ${CFG_FILE} ]]; then
    NANOOPTS="$("${BIN[grep]}" 'set ' "${OSCHROOT}/etc/nanorc" | "${BIN[grep]}" -v '[.,:;\"0-9]\|color')"
    case "${1}" in
      all)
        NANOOPTS=$("${BIN[sed]}" 's/^\s*\#*\s*set //g' <<< "${NANOOPTS}");;
      enabled)
        NANOOPTS=$("${BIN[grep]}" -v '^\s*#' <<< "${NANOOPTS}" | "${BIN[sed]}" 's/^\s*set\s*//g');;
    esac
    NANOOPTS="$("${BIN[sort]}" -u <<< "${NANOOPTS}" | ${BIN[paste]} -d\  -s)"
    [[ -n ${NANOOPTS} ]] && echo "${NANOOPTS}" || { [[ ${1} == enabled ]] && echo '[none set]'; }
  else
    [[ ${1} == enabled ]] && echo '[no config]'
  fi
}

function GET_NTP {
  local CFG_FILE="${OSCHROOT}/etc/ntp.conf"
  local UPSTREAM UNBLOCKD BLOCKED SERVEDTO
  UPSTREAM="$("${BIN[grep]}" '^\s*server' "${CFG_FILE}" | "${BIN[wc]}" -l)"
  if "${BIN[grep]}" '^\s*restrict\s*default.*noserve' "${CFG_FILE}"; then
    UNBLOCKD="$("${BIN[grep]}" '^\s*restrict' "${CFG_FILE}" | \
      "${BIN[grep]}" -v 'default\|noserve' | "${BIN[cut]}" -d\  -f2 | paste -d\  -s)"
    [[ -z ${UNBLOCKD} ]] && unset UNBLOCKD
    SERVEDTO="everyone blocked${UNBLOCKD+ except }${UNBLOCKD}"
  else
    BLOCKED="$("${BIN[grep]}" '^\s*restrict.*noserve' "${CFG_FILE}" | \
      "${BIN[grep]}" -v 'default' | "${BIN[cut]}" -d\  -f2 | paste -d\  -s)"
    [[ -z ${BLOCKED} ]] && unset BLOCKED
    SERVEDTO="serve everyone${BLOCKED+ except }${BLOCKED}"
  fi
  echo "${UPSTREAM} upstream server(s), ${SERVEDTO}"
}

function GET_NSSWITCH_HOSTS {
  "${BIN[grep]}" '^\s*hosts' "${OSCHROOT}/etc/nsswitch.conf" | "${BIN[sed]}" 's/\s*hosts:\s*//g'
}

function GET_PACMAN_REPOS {
  "${BIN[grep]}" '^\[' "${OSCHROOT}/etc/pacman.conf" | \
    ${BIN[grep]} -v options | "${BIN[tr]}" -d '[]' | "${BIN[paste]}" -d\  -s
}

function GET_PACMAN_OPTIONS {
  "${BIN[grep]}" '^[A-Z]' "${OSCHROOT}/etc/pacman.conf" | \
  "${BIN[grep]}" -v 'Architecture\|Dir\|Hold\|Ignore\|Server\|Include\|SigLevel' | \
  "${BIN[tr]}" -d ' ' | "${BIN[paste]}" -d\  -s
}

function GET_PRIMARY_LANGUAGE {
  local RETVALUE CFG_FILE="${OSCHROOT}/etc/locale.conf"

  if [[ -e ${CFG_FILE} ]]; then
    RETVALUE="$("${BIN[grep]}" -s LANGUAGE "${CFG_FILE}" | "${BIN[cut]}" -d= -f2)"
    [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[not selected]'
  else
    echo '[no config]'
  fi
}

function GET_PLYMOUTH_THEME {
  "${BIN[grep]}" Theme "${OSCHROOT}/etc/plymouth/plymouthd.conf" | "${BIN[tr]}" 'T' 't'
}

function GET_SMARTD_DEVICESCAN {
  "${BIN[grep]}" '^\s*DEVICESCAN' "${OSCHROOT}/etc/smartd.conf" | "${BIN[sed]}" 's/^\s*DEVICESCAN\s*//g'
}

function GET_SSHD_LISTEN_INFO {
  local CFG_FILE="${OSCHROOT}/etc/ssh/sshd_config"
  local SVCSTATE OPENPRTS LSTNADRS

  IS_SSHD_ENABLED && SVCSTATE+="enabled" || SVCSTATE+="disabled"

  OPENPRTS="$("${BIN[grep]}" -s '^\s*Port' "${CFG_FILE}" | "${BIN[sed]}" 's/.*[ \t]//g' | "${BIN[sort]}" -n | "${BIN[paste]}" -d, -s)"
  LSTNADRS="$("${BIN[grep]}" -s '^\s*ListenAddress' "${CFG_FILE}" | "${BIN[sed]}" 's/.*[ \t]//g' | "${BIN[sort]}" -n | "${BIN[paste]}" -d, -s)"

  [[ -z ${OPENPRTS} ]] && OPENPRTS='22'

  for ADDRESS in ${LSTNADRS}; do
    if [[ ${ADDRESS} =~ [0-9af]:[0-9]{2,5}$ ]]; then
      LISTENS+="${ADDRESS} "
    else
      LISTENS+="${ADDRESS}:${OPENPRTS} "
    fi
  done

  if [[ -z ${LISTENS} ]] && [[ -s ${OSCHROOT}/etc/hosts ]]; then
    LISTENS="$("${BIN[grep]}" -s "\s$(<"${OSCHROOT}/etc/hostname")\." "${OSCHROOT}/etc/hosts" | "${BIN[sed]}" 's/\s.*//g'):${OPENPRTS}"
  fi

  [[ -z ${LISTENS} ]] && LISTENS="0.0.0.0:${OPENPRTS}"

  echo "Service ${SVCSTATE}, listening on ${LISTENS% }"
}

function GET_SYSTEMD_JOURNAL_SIZE {
  { "${BIN[grep]}" '^\s*SystemMaxUse' "${OSCHROOT}/etc/systemd/journald.conf" || echo default; } | "${BIN[cut]}" -d= -f2
}

function GET_SYSTEMD_RESOLVED {
  "${BIN[grep]}" '^\s*[A-Z]' "${OSCHROOT}/etc/systemd/resolved.conf" | "${BIN[paste]}" -d\  -s
}

function GET_SYSTEMD_LOGIND_HANDLELIDSWITCH {
  { "${BIN[grep]}" -s '^\s*HandleLidSwitch=' "${OSCHROOT}/etc/systemd/logind.conf" || echo '=default (suspend)'; } | "${BIN[cut]}" -d= -f2
}

function GET_SYSTEMD_SERVICE_START_TIMEOUT {
  { "${BIN[grep]}" '^\s*DefaultTimeoutStartSec' "${OSCHROOT}/etc/systemd/system.conf" || echo default; } | "${BIN[cut]}" -d= -f2
}

function GET_SYSTEMD_SERVICE_STOP_TIMEOUT {
  { "${BIN[grep]}" '^\s*DefaultTimeoutStopSec' "${OSCHROOT}/etc/systemd/system.conf" || echo default; } | "${BIN[cut]}" -d= -f2
}

function GET_SYSTEMD_TIMESYNCD_SERVERS {
  "${BIN[grep]}" -v '^\s*[#\[]\|^\s*$' "${OSCHROOT}/etc/systemd/timesyncd.conf" | \
    "${BIN[cut]}" -d= -f2 | "${BIN[paste]}" -d\  -s
}

function GET_SUDO_CONFIG {
  # This function gathers up all the uncommented options present between
  # /etc/sudoers and its @includedir directive
  local SUDO_CFG INCL_DIR

  # Parse the config file into a variable (ignore commented-out and blank lines)
  SUDO_CFG="$("${BIN[sudo]}" "${BIN[grep]}" -sv '^\s*#\|^$' "${OSCHROOT}/etc/sudoers")"

  if [[ ${SUDO_CFG} =~ @includedir ]]; then
    # If the config file specified an @includedir, get configs from those files as well
    INCL_DIR="$("${BIN[grep]}" 'includedir' <<< "${SUDO_CFG}" | "${BIN[cut]}" -d\  -f2)"
    SUDO_CFG+=$'\n' # The trailing newline got stripped out, so add it back in
    SUDO_CFG+="$("${BIN[sudo]}" sh -c "'${BIN[grep]}' -hsv '^\s*#' ${OSCHROOT}${INCL_DIR}/*" | "${BIN[grep]}" -v "^\s*$")"
  fi

  echo "${SUDO_CFG}"
}

function INTERPRET_SUDO_CONFIG {
  # This function differs from GET_SUDO_CONFIG in that it tries to present the
  # configuration in natural language rather than straight-up config file format
  local MEANING SUDO_CFG="$(GET_SUDO_CONFIG)"

  [[ ${SUDO_CFG} =~ %wheel ]] && MEANING+='wheel can use, '
  [[ ${SUDO_CFG} =~ rootpw ]] && MEANING+='require root password, '
  [[ ${SUDO_CFG} =~ passprompt ]] && MEANING+='custom prompt set, '

  if [[ ${SUDO_CFG} =~ passwd_timeout ]]; then
    TIMEOUT="$("${BIN[grep]}" passwd_timeout <<< "${SUDO_CFG}" | ${BIN[tail]} -1 | "${BIN[cut]}" -d= -f2)"
    if [[ ${TIMEOUT} == 0 ]]; then
      MEANING+='no password timeout, '
    else
      MEANING+="password timeout in ${TIMEOUT} minutes"
    fi
  fi

  [[ ${SUDO_CFG} =~ 'timestamp_type global' ]] && MEANING+='global authentication, '

  if [[ ${SUDO_CFG} =~ timestamp_timeout ]]; then
    TIMEOUT="$("${BIN[grep]}" timestamp_timeout <<< "${SUDO_CFG}" | "${BIN[cut]}" -d= -f2)"
    if [[ ${TIMEOUT} == 0 ]]; then
      MEANING+='always prompt for password, '
    elif [[ ${TIMEOUT} -lt 0 ]]; then
      MEANING+="credentials cached forever, "
    else
      MEANING+="credential timeout in ${TIMEOUT} minutes"
    fi
  fi

  [[ -n ${MEANING} ]] && "${BIN[sed]}" 's/, $//g' <<< "${MEANING}" || echo '[nothing set]'
}

function GET_TIMEZONE {
  local TIMEZONE
  if [[ -L "${OSCHROOT}/etc/localtime" ]]; then
    TIMEZONE="$("${BIN[readlink]}" "${OSCHROOT}/etc/localtime")"
    case "${1}" in
      short) "${BIN[sed]}" 's|.*zoneinfo/||g' <<< "${TIMEZONE}";;
       full) echo "${TIMEZONE}";;
    esac
  else
    [[ ${1} == short ]] && echo "[not set]"
  fi
}

function GET_USERNAMES {
  local USRWPGID THISUSER PGRPNAME RETVALUE
  USRWPGID=$("${BIN[grep]}" ':x:0:\|:x:[0-9]\{4\}:' "${OSCHROOT}/etc/passwd" | "${BIN[cut]}" -d: -f1,4 | "${BIN[tr]}" '\n' ' ')

  for THISUSER in ${USRWPGID}; do
    PGRPNAME=$("${BIN[grep]}" ":${THISUSER#*:}:" "${OSCHROOT}/etc/group" | "${BIN[cut]}" -d: -f1)
    RETVALUE+="${THISUSER%:*}:${PGRPNAME} "
  done

  "${BIN[paste]}" -d\  -s <<< "${RETVALUE}"
}

function GET_USERNAME_GROUP_MEMBERSHIP_COUNT {
  local LOGINAME GRPCOUNT RETVALUE
  for LOGINAME in $(GET_USERNAMES | "${BIN[sed]}" 's/:[a-z]\+ / /g'); do
    GRPCOUNT=$("${BIN[grep]}" "${LOGINAME}" "${OSCHROOT}/etc/group" | "${BIN[wc]}" -l)
    RETVALUE+="${LOGINAME} in ${GRPCOUNT}, "
  done

  "${BIN[sed]}" 's/, $//g' <<< "${RETVALUE}"
}

function GET_USERNAME_PASSWORD {
  local USERLIST LOGINAME PSWRDSTR SHRT_OUT LONG_OUT

  [[ -n "${1}" ]] && USERLIST="${1}" || USERLIST="$(GET_USERNAMES | "${BIN[sed]}" 's/:[a-z]\+ / /g')"

  for LOGINAME in ${USERLIST}; do
    PSWRDSTR="$("${BIN[sudo]}" "${BIN[grep]}" "${LOGINAME%:*}" "${OSCHROOT}/etc/shadow" | "${BIN[cut]}" -d: -f2)"
    case "${PSWRDSTR}" in
               *'!'*) SHRT_OUT+="${LOGINAME}:locked "; LONG_OUT='locked out';;
              '$1$'*) SHRT_OUT+="${LOGINAME}:MD5 "; LONG_OUT='password-protected (MD5)';;
      '$2'[abxy]'$'*) SHRT_OUT+="${LOGINAME}:Blowfish "; LONG_OUT='password-protected (Blowfish)';;
              '$5$'*) SHRT_OUT+="${LOGINAME}:SHA256 "; LONG_OUT='password-protected (SHA256)';;
              '$6$'*) SHRT_OUT+="${LOGINAME}:SHA512 "; LONG_OUT='password-protected (SHA512)';;
                   *) SHRT_OUT+="${LOGINAME}:open "; LONG_OUT='unprotected'
    esac
  done

  [[ -n "${1}" ]] && echo "${LONG_OUT}" || echo "${SHRT_OUT}" | "${BIN[paste]}" -d\  -s
}

function GET_USERNAME_SHELL {
  "${BIN[grep]}" ':x:0:\|:x:[0-9]\{4\}:' "${OSCHROOT}/etc/passwd" | "${BIN[cut]}" -d: -f1,7 | "${BIN[sed]}" 's|/.*/||g' | "${BIN[paste]}" -d\  -s
}

function GET_VCONSOLE_FONT {
  local RETVALUE CFG_FILE="${OSCHROOT}/etc/vconsole.conf"
  if [[ -e ${CFG_FILE} ]]; then
    RETVALUE="$("${BIN[grep]}" -s FONT "${OSCHROOT}/etc/vconsole.conf" | \
      "${BIN[cut]}" -d= -f2)"
    [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[not selected]'
  else
    echo '[no config]'
  fi
}

function GET_VCONSOLE_KEYMAP {
  local RETVALUE CFG_FILE="${OSCHROOT}/etc/vconsole.conf"
  if [[ -e ${CFG_FILE} ]]; then
    RETVALUE="$("${BIN[grep]}" -s KEYMAP "${OSCHROOT}/etc/vconsole.conf" | \
      "${BIN[cut]}" -d= -f2)"
    [[ -n ${RETVALUE} ]] && echo "${RETVALUE}" || echo '[not selected]'
  else
    echo '[no config]'
  fi
}

function GET_VIDEO_ACCELERATION_SCRIPT_RESULTS {
  local CFG_FILE="${OSCHROOT}/etc/profile.d/video-accel.sh"
  [[ -e "${CFG_FILE}" ]] && \
    "${BIN[env]}" -i sh -c "source ${CFG_FILE}; set" | \
      "${BIN[grep]}" DRIVER | "${BIN[paste]}" -d\  -s
}

function IS_FSTAB_SET {
  "${BIN[grep]}" -qv '^\s*#\|^\s*$' "${OSCHROOT}/etc/fstab"
}

function IS_PLYMOUTH_HOOK_PRESENT {
  "${BIN[grep]}" -q '^\s*HOOKS\s*=\s*(.*plymouth.*)\s*' "${OSCHROOT}/etc/mkinitcpio.conf"
}

function IS_POLICYKIT_ROOTPW_SET {
  USE_PRIVILEGE "${BIN[grep]}" -qsR 'return\s*\[\s*.\s*unix-user\s*:\s*root\s*.\s*\]\s*;' "${OSCHROOT}/etc/polkit-1/rules.d"
}

function IS_SSHD_ENABLED {
  set -- "${OSCHROOT}"/etc/systemd/system/*/sshd.service; test -f "${1}"
}

function IS_STICKYDIRS_FIXED {
  "${BIN[grep]}" -qsR '\s*fs\.protected_regular\s*=\s*0' "${OSCHROOT}/etc/sysctl.d"
}

function IS_SYSTEMD_RESOLVED_ENABLED {
  set -- "${OSCHROOT}"/etc/systemd/system/*/systemd-resolved.service; test -f "${1}"
}

function CONFIGURE_DEFAULT_EDITOR {
  local -r CFG_FILE="${OSCHROOT}/etc/profile.d/editor.sh"
  local -r CFG_ITEM="export EDITOR"
  ##############################################################################
  local -r BAKTITLE="Default Console Text Editor"
  local -r HELP_MSG="Select your default console text editor:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS
  local SELECTED KNOWN KNOWNS PREV_CFG="$(GET_DEFAULT_EDITOR)"

  KNOWNS=(dte:/usr/bin/dte   e3:/usr/bin/e3       helix:/usr/bin/helix)
  KNOWNS+=(helix:/usr/bin/hx  kakoune:/usr/bin/kak mcedit:/usr/bin/mcedit)
  KNOWNS+=(nano:/usr/bin/nano neovim:/usr/bin/nvim vi:/usr/bin/vi)
  KNOWNS+=(vim:/usr/bin/vim   vis:/usr/bin/vis)

  for KNOWN in "${KNOWNS[@]}"; do
    if [[ -e "${OSCHROOT}${KNOWN#*:}" ]]; then
      SUGGESTS+=("${KNOWN%:*}"); DESCRIPS+=("${KNOWN#*:}")
    fi
  done

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "${PREV_CFG}" \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' || return 1
  SELECTED="$(</tmp/selection)"

  USE_PRIVILEGE sh -c "echo '${CFG_ITEM}=${SELECTED}' > '${CFG_FILE}'"
}

function CONFIGURE_FAIL2BAN_SSHD {
  local -r CFG_FILE="${OSCHROOT}/etc/fail2ban/jail.d/sshd.local"
  [[ -d ${CFG_FILE%/*} ]] || return 0
  ##############################################################################
  local -r BAKTITLE="Fail2Ban SSHD"
  local -r HELP_MSG="Copy ${HOME}/fstab to ${CFG_FILE}?"
  ##############################################################################
  local LOCAL_HN IPFROMHF LOCAL_SN

  if [[ -e ${CFG_FILE} ]]; then
    DIALOG_YESNO "${TITLEBAR}" "Configuration Found" "Replace existing configuration?" || return 0
    USE_PRIVILEGE "${BIN[mv]}" "${CFG_FILE}" "${CFG_FILE}.$("${BIN[date]}" +%Y-%m-%d_%H:%M:%S)"
  fi

  LOCAL_HN="$(<"${OSCHROOT}/etc/hostname")"
  IPFROMHF="$("${BIN[grep]}" "[0-9.]\{7,15\}.*${LOCAL_HN}" "${OSCHROOT}" | "${BIN[sed]}" 's/\s.*//g')"
  if ! [[ ${IPFROMHF} =~ ^127 ]]; then
    case "${IPFROMHF}" in
           10.*) SNSUFFIX='/8';;
      169.254.*) SNSUFFIX='/16';;
      192.168.*) SNSUFFIX='/24';;
    esac
    LOCAL_SN="${IPFROMHF}${SNSUFFIX}"
  fi
  USE_PRIVILEGE sh -c "cat <<- ENDOFSCRIPT > '${CFG_FILE}'
	[sshd]
	enabled         = true
	filter          = sshd
	banaction       = iptables
	backend         = systemd
	maxretry        = 5
	findtime        = 24h
	bantime         = 2w
	ignoreip        = 127.0.0.1/8${LOCAL_SN+ }${LOCAL_SN}
	ENDOFSCRIPT"
}

function CONFIGURE_FSTAB {
  local -r CFG_FILE="${OSCHROOT}/etc/fstab"
  ##############################################################################
  local -r BAKTITLE="fstab"
  local -r HELP_MSG="Copy ${HOME}/fstab to ${CFG_FILE}?"
  ##############################################################################
  local USRFSTAB=false FSTABSET=false

  IS_FSTAB_SET && FSTABSET=true || FSTABSET=false
  [[ -e ${HOME}/fstab ]] && USRFSTAB=true || USRFSTAB=false

  if ${FSTABSET}; then
    if ${USRFSTAB}; then
      WARNING="Found ${HOME}/fstab but ${CFG_FILE} has already been written to.\n"
      WARNING+="Reset ${CFG_FILE} with ${HOME}/fstab?"
      if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${WARNING}"; then
        USE_PRIVILEGE sh -c "'${BIN[grep]}' '^\s*#' '${CFG_FILE}' > '${CFG_FILE}.tmp'"
        USE_PRIVILEGE sh -c "'${BIN[grep]}' 'file *systems*\|details' '${CFG_FILE}.tmp' > '${CFG_FILE}'"
        USE_PRIVILEGE "${BIN[rm]}" "${CFG_FILE}.tmp"
        USE_PRIVILEGE sh -c "'${BIN[cat]}' '${HOME}/fstab' >> '${CFG_FILE}'"
      else
        USE_PRIVILEGE "$(FIND_EDITOR)" "${CFG_FILE}"
      fi
    else
      USE_PRIVILEGE "$(FIND_EDITOR)" "${CFG_FILE}"
    fi
  elif ${USRFSTAB}; then
    if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
      USE_PRIVILEGE sh -c "'${BIN[cat]}' '${HOME}/fstab' >> '${CFG_FILE}'"
    elif DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "Use genfstab?"; then
      USE_PRIVILEGE sh -c "'${BIN[genfstab]}' -L '${OSCHROOT}' | \
        '${BIN[sed]}' 's/^#.*//g;s/\s\+/\t/g;s/\([0-9]\)\t\([0-9]\)$/\1 \2/g' | \
        '${BIN[sed]}' '/^$/d' >> '${OSCHROOT}/etc/fstab'"
    else
      USE_PRIVILEGE "$(FIND_EDITOR)" "${CFG_FILE}"
    fi
  fi

  return 0
}

function CONFIGURE_HOSTNAME {
  local -r CFG_FILE="${OSCHROOT}/etc/hostname"
  ##############################################################################
  local -r BAKTITLE="Hostname"
  local -r HELP_MSG="Set your hostname"
  ##############################################################################
  DIALOG_INPUT "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" "$(<"${CFG_FILE}")" || return 1
  SELECTED=$(</tmp/selection)
  USE_PRIVILEGE sh -c "echo '${SELECTED}' > '${CFG_FILE}'"
}

function CONFIGURE_HOSTS {
  local -r CFG_FILE="${OSCHROOT}/etc/hosts"
  local -r CFG_ITEM="$(<"${CFG_FILE/hosts/hostname}")"
  ##############################################################################
  local -r BAKTITLE="Hostname"
  local -r HELP_MSG="Set your hostname"
  ##############################################################################
  local -a SUGGESTS DESCRIPS
  local LOCAL_IP="$("${BIN[ip]}" route get 1 | "${BIN[head]}" -1 | "${BIN[sed]}" 's/.*src \([0-9.]\+\).*/\1/g')"
  local LOCAL_DN="$("${BIN[grep]}" 'Domains=' "${OSCHROOT}/etc/systemd/resolved.conf" | "${BIN[cut]}" -d= -f2)"
  local LOCAL_HN="${CFG_ITEM}" SELECTED

  SUGGESTS=('127.0.1.1' "${LOCAL_IP}")
  DESCRIPS=('This computer uses a dynamic IP address' 'This computer uses a static IP address')

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' '127.0.0.1' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' || return 1
  SELECTED="$(</tmp/selection)"

  USE_PRIVILEGE "${BIN[touch]}" "${CFG_FILE}"

  if ${BIN[grep]} -q '127.0.0.1\s\+localhost' "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" "s/.*127\.0\.0\.1.*/127.0.0.1\tlocalhost.${LOCAL_DN}\tlocalhost/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "'${BIN[printf]}' '%s\t%s\t%s\n' '127.0.0.1' 'localhost.${LOCAL_DN}' 'localhost' >> '${CFG_FILE}'"
  fi
  if ${BIN[grep]} -q '::1\s\+localhost' "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" "s/.*::1.*/::1\t\tlocalhost.${LOCAL_DN}\tlocalhost/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "'${BIN[printf]}' '%s\t\t%s\t%s\n' '::1' 'localhost.${LOCAL_DN}' 'localhost' >> '${CFG_FILE}'"
  fi
  if ${BIN[grep]} -q "${LOCAL_HN}" "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" "s/.*${LOCAL_HN}.*/${SELECTED}\t${LOCAL_HN}.${LOCAL_DN}\t${LOCAL_HN}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "'${BIN[printf]}' '%s\t%s\t%s\n' '${SELECTED}' '${LOCAL_HN}.${LOCAL_DN}' '${LOCAL_HN}' >> '${CFG_FILE}'"
  fi
}

function CONFIGURE_IPTABLES {
  local -r CFG_FILE="${OSCHROOT}/etc/iptables/iptables.rules"
  ##############################################################################
  local -r BAKTITLE='IPTables Configuration'
  ##############################################################################
  local -a DENYPRTS DENYDSCS DENYSELS ALOWPRTS ALOWDSCS ALOWSELS CMBNPRTS
  local -a XTRAPRTS
  local RAWSECTN FLTR_INT STATEFUL OBHOSTAD GLBLDROP GLBLACPT REMAINDR NEWIPTBL
  local GHGITIPR HELP_MSG PORTNMBR ALOWSLCT DENYSLCT EXISTING SYSSSHPN GH_RULES
  local ALOWSLCT DENYSLCT EXTRA_PN FTPROUTE FTPSTATE KNOWN_PN PRTDSCRP LC

  RAWSECTN="$("${BIN[grep]}" -Pzo '(?s)\*raw.*?COMMIT\n' "${CFG_FILE}" | "${BIN[tr]}" -d "$'\0'")"
  FLTR_INT="$("${BIN[grep]}" -Pzo '(?s)\*filter(\n:[0-9A-Z :\[\]-]*)*\n' "${CFG_FILE}" | "${BIN[tr]}" -d "$'\0'")"
  STATEFUL="$("${BIN[grep]}" -Pzo '(?s)(#.[^\n]*\s*)?-A[^\n]*INPUT[^\n]*?\n' "${CFG_FILE}" | "${BIN[tr]}" -d "$'\0'")"
  OBHOSTAD="$("${BIN[grep]}" -Pzo '(?s)(#.[^\n]*\s*)?-A\s*OUTPUT[^\n]*? -d [^\n]*?\n' "${CFG_FILE}" | "${BIN[tr]}" -d "$'\0'")"
  GLBLDROP="$("${BIN[grep]}" -Pzo '(?s)(#.[^\n]*\s*)?-A\s*OUTPUT[^\n]*?DROP[^\n]*?\n' "${CFG_FILE}" | "${BIN[tr]}" -d "$'\0'")"
  GLBLACPT="$("${BIN[grep]}" -v '^-A\s*\(TCP\|UDP\|OUTPUT\).*\s-[ds]\s' "${CFG_FILE}" | \
              "${BIN[grep]}" -Pzo '(?s)(\n#[^\n]+)*(\n-A\s*?(TC|UD)P[^\n]*)+\n' | "${BIN[tr]}" -d "$'\0'")"
  REMAINDR="$("${BIN[grep]}" -Pzo '(?s)(\n#.[^\n]*\s*)*?\n*#*\s*-A\s*(TC|UD)P[^\n]*? -[ds] [^\n]*?\n' "${CFG_FILE}" | "${BIN[tr]}" -d "$'\0'")"

  # Parse Gloabl Drops and Allows for unknown ports.

  SYSSSHPN="$(GET_SSHD_LISTEN_INFO | "${BIN[sed]}" 's/.*on //g;s/ /\n/g' | "${BIN[grep]}" -Po ':[0-9]{1,}$' | "${BIN[tr]}" -d ':')"

  EXISTING="$("${BIN[grep]}" -v '^\s*$\|^\s*#' <<< "${GLBLDROP}" | "${BIN[sed]}" 's/.*--dport\s*\([0-9]\+\).*/\1/g' | "${BIN[tr]}" '\n' ' ')"
  EXISTING+="$("${BIN[grep]}" -v '^\s*$\|^\s*#' <<< "${GLBLACPT}" | "${BIN[sed]}" 's/.*--dport\s*\([0-9]\+\).*/\1/g' | "${BIN[tr]}" '\n' ' ')"
  EXISTING+="${SYSSSHPN}"
  EXISTING="$("${BIN[tr]}" ' ' '\n' <<< "${EXISTING}" | "${BIN[sort]}" -nu | "${BIN[tr]}" '\n' ' ')"

  for PORTNMBR in ${EXISTING}; do
    [[ ${PORTLIST[*]} =~ ${PORTNMBR} ]] && continue
    PRTDSCRP=$("${BIN[grep]}" "${PORTNMBR}.*--comment" <<< "${GLBLDROP}${GLBLACPT}" | "${BIN[sed]}" 's/.*comment\s*//g;s/"//g')
    [[ -z ${PRTDSCRP} ]] && PRTDSCRP='unknown'
    [[ ${PORTNMBR} -eq ${SYSSSHPN} ]] && PRTDSCRP='system-ssh'
    XTRAPRTS+=("${PORTNMBR}_${PRTDSCRP}")
  done

  # Combine the known port list with the unknown
  # ports found in the existing iptables.rules

  LC=0; EXTRA_PN="${XTRAPRTS[${LC}]%_*}"
  for PORTINFO in "${PORTLIST[@]}"; do
    KNOWN_PN="${PORTINFO%_*}"
    if [[ ${LC} -ge ${#XTRAPRTS[@]} ]] || [[ ${KNOWN_PN%:*} -lt ${EXTRA_PN%:*} ]]; then
      CMBNPRTS+=("${PORTINFO}")
    else
      while [[ ${EXTRA_PN%:*} -lt ${KNOWN_PN%:*} ]] && [[ ${LC} -lt ${#XTRAPRTS[@]} ]]; do
        CMBNPRTS+=("${XTRAPRTS[${LC}]}")
        ((LC++))
        EXTRA_PN="${XTRAPRTS[${LC}]%_*}"
      done
    fi
  done

  # In order to enable FTP, two things need to exist.  So test if those two
  # things exist before saying the user already has FTP enabled.

  { "${BIN[grep]}" -- '^\s&-A\s*PREROUTING' <<< "${RAWSECTN}" | \
    "${BIN[grep]}" -- '\s*-p\s*tcp\s*' | "${BIN[grep]}" -- '\s*--dport\s*21\s*' | \
    "${BIN[grep]}" -- '\s*-j\s*CT\s*' | "${BIN[grep]}" -- '\s*--helper\s*'; } \
    && FTPROUTE=true || FTPROUTE=false

  { "${BIN[grep]}" -- '^\s&-A\s*INPUT' <<< "${STATEFUL}" | \
    "${BIN[grep]}" -- '\s*-p\s*tcp\s*' | "${BIN[grep]}" -- '\s*--dport\s*21\s*' | \
    "${BIN[grep]}" -- '\s*-j\s*ACCEPT\s*' | "${BIN[grep]}" -- '\s*-m\s*tcp\s*'; } \
    && FTPSTATE=true || FTPSTATE=false

  ##############################################################################
  HELP_MSG='Choose which ports to close universally\n'
  HELP_MSG+='(no source/destination restrictions):'
  ##############################################################################
  for PORTINFO in "${CMBNPRTS[@]}"; do
    DENYPRTS+=("${PORTINFO%_*}")
    DENYDSCS+=("${PORTINFO#*_}")
    [[ ${GLBLDROP} =~ --dport[[:blank:]]+${DENYPRTS[-1]}[[:blank:]]+ ]] \
      && DENYSELS+=(on) || DENYSELS+=(off)
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
    "${HELP_MSG}" 'DENYPRTS' 'DENYDSCS' 'DENYSELS' || return 1
  DENYSLCT="$(</tmp/selection)"

  ##############################################################################
  HELP_MSG='Choose which ports to open universally\n'
  HELP_MSG+='(no source/destination restrictions):'
  ##############################################################################
  for PORTINFO in "${CMBNPRTS[@]}"; do
    [[ ${DENYSLCT} =~ ${PORTINFO%_*} ]] && continue
    ALOWPRTS+=("${PORTINFO%_*}")
    ALOWDSCS+=("${PORTINFO#*_}")
    if [[ ${ALOWPRTS[-1]} -eq 21 ]]; then
      { ${FTPROUTE} && ${FTPSTATE}; } && ALOWSELS+=(on) || ALOWSELS+=(off)
    else
      [[ ${GLBLACPT} =~ --dport[[:blank:]]+${ALOWPRTS[-1]}[[:blank:]]+ ]] \
        && ALOWSELS+=(on) || ALOWSELS+=(off)
    fi
  done

  if [[ ${#ALOWPRTS[@]} -gt 0 ]]; then
    DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
      "${HELP_MSG}" 'ALOWPRTS' 'ALOWDSCS' 'ALOWSELS' || return 1
    ALOWSLCT="$(</tmp/selection)"
  fi

  ##############################################################################
  HELP_MSG='Allow communication with GitHub git IP addresses?\n'
  MELP_MSG+='(Used when using SSH access to GitHub git repositories.)'
  ##############################################################################

  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    LC=0
    while read -r GHGITIPR; do
      ((LC++))
      GH_RULES+="-A OUTPUT -d ${GHGITIPR} -p tcp -m tcp --dport 22 -j ACCEPT -m comment --comment \"GitHub IP range ${LC}\""$'\n'
    done < <("${BIN[curl]}" -s https://api.github.com/meta | "${BIN[sed]}" ':a;N;$!ba;s/.*git[^\n]\+\[//g;s/].*//g;s/\s\s\+//g;s/"//g;s/,/\n/g' | "${BIN[grep]}" -v ':')
  fi

  if [[ ${ALOWSLCT} =~ [[:blank:]]21[[:blank:]] ]]; then
    NEWIPTBL+='*raw'$'\n'
    NEWIPTBL+=':PREROUTING ACCEPT [0.0]'$'\n'
    NEWIPTBL+='-A PREROUTING -p tcp --dport 21 -j CT --helper ftp'$'\n'
    NEWIPTBL+='COMMIT'$'\n\n'
  fi

  NEWIPTBL+='*filter'$'\n'
  NEWIPTBL+=':INPUT DROP [0:0]'$'\n'
  NEWIPTBL+=':FORWARD DROP [0:0]'$'\n'
  NEWIPTBL+=':OUTPUT ACCEPT [0:0]'$'\n'
  NEWIPTBL+=':TCP - [0:0]'$'\n'
  NEWIPTBL+=':UDP - [0:0]'$'\n\n'

  NEWIPTBL+='# Allow traffic that belongs to established connections or new valid related traffic'$'\n'
  NEWIPTBL+='-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT'$'\n'
  if [[ ${ALOWSLCT} =~ [[:blank:]]21[[:blank:]] ]]; then
    NEWIPTBL+='# Accept FTP connections'$'\n'
    NEWIPTBL+='-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT'$'\n'
  fi
  NEWIPTBL+='# Accept all traffic from the "loopback" (lo) interface'$'\n'
  NEWIPTBL+='-A INPUT -i lo -j ACCEPT'$'\n'
  NEWIPTBL+='# Accept all new incoming ICMP echo (ping) requests'$'\n'
  NEWIPTBL+='-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT'$'\n'
  NEWIPTBL+='# Drop all traffic with an "INVALID" state match'$'\n'
  NEWIPTBL+='-A INPUT -m conntrack --ctstate INVALID -j DROP'$'\n'
  NEWIPTBL+='# Attach the UDP chains to the INPUT chain to handle all new incoming connections'$'\n'
  NEWIPTBL+='-A INPUT -p udp -m conntrack --ctstate NEW -j UDP'$'\n'
  NEWIPTBL+='# Attach the TCP chains to the INPUT chain to handle all new incoming connections'$'\n'
  NEWIPTBL+='-A INPUT -p tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP'$'\n'
  NEWIPTBL+='# Reject UDP streams with ICMP port unreachable if port is not open'$'\n'
  NEWIPTBL+='-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable'$'\n'
  NEWIPTBL+='# Reject TCP connections with TCP RESET packets if port is not open'$'\n'
  NEWIPTBL+='-A INPUT -p tcp -j REJECT --reject-with tcp-reset'$'\n'
  NEWIPTBL+='# Reject all remaining incoming traffic with icmp protocol unreachable message'$'\n'
  NEWIPTBL+='-A INPUT -j REJECT --reject-with icmp-proto-unreachable'$'\n\n'

  [[ -n ${GH_RULES} ]] && NEWIPTBL+='####################### GITHUB GIT IP ADDRESSES #######################'$'\n\n'
  [[ -n ${GH_RULES} ]] && NEWIPTBL+="${GH_RULES}"$'\n'

  [[ -n ${DENYSLCT} ]] && NEWIPTBL+='###################### UNIVERSALLY CLOSED PORTS #######################'$'\n\n'

  for PORTNMBR in ${DENYSLCT}; do
    PRTDSCRP=$("${BIN[sed]}" "s/.* ${PORTNMBR}_\([a-z-]*\).*/\1/g" <<< "${CMBNPRTS[@]}")
    NEWIPTBL+="-A TCP -p tcp -m tcp --dport ${PORTNMBR} -j DROP -m comment --comment \"${PRTDSCRP}:tcp\""$'\n'
    NEWIPTBL+="-A UDP -p udp -m udp --dport ${PORTNMBR} -j DROP -m comment --comment \"${PRTDSCRP}:udp\""$'\n'
  done

  [[ -n ${DENYSLCT} ]] && NEWIPTBL+=$'\n'

  [[ -n ${ALOWSLCT} ]] && NEWIPTBL+='###################### UNIVERSALLY OPENED PORTS #######################'$'\n\n'

  for PORTNMBR in ${ALOWSLCT}; do
    [[ ${PORTNMBR} -eq 21 ]] && continue
    PRTDSCRP=$("${BIN[sed]}" "s/.* ${PORTNMBR}_\([a-z-]*\).*/\1/g" <<< "${CMBNPRTS[@]}")
    NEWIPTBL+="-A TCP -p tcp -m tcp --dport ${PORTNMBR} -j ACCEPT -m comment --comment \"${PRTDSCRP}:tcp\""$'\n'
    NEWIPTBL+="-A UDP -p udp -m udp --dport ${PORTNMBR} -j ACCEPT -m comment --comment \"${PRTDSCRP}:udp\""$'\n'
  done

  [[ -n ${ALOWSLCT} ]] && NEWIPTBL+=$'\n'
  [[ -n ${REMAINDR} ]] && NEWIPTBL+="${REMAINDR}"
  NEWIPTBL+='COMMIT'

  if [[ -e "${CFG_FILE}" ]]; then
    BACKUPDT="$("${BIN[date]}" +%Y-%m-%d_%H:%M:%S)"
    USE_PRIVILEGE "${BIN[mv]}" "${CFG_FILE}" "${CFG_FILE}.${BACKUPDT}"
  fi
  USE_PRIVILEGE sh -c "echo '${NEWIPTBL}' > '${CFG_FILE}'"
  if [[ -n ${BACKUPDT} ]]; then
    DIALOG_MSGBOX "${TITLEBAR}" "Configuration Backup" "Existing configuration was saved to iptables.rules.${BACKUPDT}"
  fi
}

function CONFIGURE_MKINITCPIO_COMPRESSION {
  local -r CFG_FILE="${OSCHROOT}/etc/mkinitcpio.conf"
  [[ -e "${CFG_FILE}" ]] || return 0
  local -r CFG_ITEM="COMPRESSION"
  ##############################################################################
  local -r BAKTITLE="MkInitCPIO Compression"
  local -r HELP_MSG="Choose how MkInitCPIO compresses the InitRAMFS:"
  ##############################################################################
  local -a SUGGESTS
  local SELECTED PREV_CFG="$(GET_MKINITCPIO_COMPRESSION)"

  SUGGESTS=(cat bzip2 gzip lz4 lzma lzop xz zstd)

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "${PREV_CFG}" \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' || return 1
  SELECTED="$(</tmp/selection)"

  # Set all COMPRESSION options to be commented out
  USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*${CFG_ITEM}=\"\([a-z0-9]\+\)\"/#${CFG_ITEM}=\"\1\"/g" "${CFG_FILE}"

  if "${BIN[grep]}" -q "${CFG_ITEM}=\"${SELECTED}\"" "${CFG_FILE}"; then
    # If a COMPRESSION option is found commented out, un-comment it
    USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*#\s*${CFG_ITEM}=\"${SELECTED}\"/${CFG_ITEM}=\"${SELECTED}\"/g" "${CFG_FILE}"
  else
    # Find the First Commented-Out Compression OPTion
    FCOCOPT="$("${BIN[grep]}" "^\s*#\s*${CFG_ITEM}=" "${CFG_FILE}" | "${BIN[head]}" -1)"
    # Inset a new compression option above that one
    USE_PRIVILEGE "${BIN[sed]}" -i "s/${FCOCOPT}/${CFG_ITEM}=\"${SELECTED}\"\n${FCOCOPT}/g" "${CFG_FILE}"
  fi
}

function CONFIGURE_MKINITCPIO_HOOKS {
  local -r CFG_FILE="${OSCHROOT}/etc/mkinitcpio.conf"
  [[ -e "${CFG_FILE}" ]] || return 0
  local -r CFG_ITEM="HOOKS"
  ##############################################################################
  local -r BAKTITLE='MkInitCPIO Hooks'
  local -r HELP_MSG='NOTE: Do NOT wantonly disable base or udev unless you know what you are doing!!!'
  ##############################################################################
  local -a VALHOOKS SUGGESTS DESCRIPS SELSTATE
  local THISHOOK HELPTEXT SELECTED PREV_CFG="$(GET_MKINITCPIO_HOOKS)"

  # These are the hooks we are willing to deal with.  As the systemd stuff isn't
  # well documented, we won't deal with it and will stick with the busybox stuff.

  # Also, not sure why Arch packages a plymouth-encrypt initcpio hook with plymouth
  # when it's virtually the same as the regular encrypt hook sans a missing
  # dm-integrity module that the regular encrypt hook adds.

  VALHOOKS=(base udev usr resume shutdown btrfs memdisk plymouth hostdata
            autodetect modconf block zfs net dmraid mdadm filesystems keyboard
            keymap consolefont encrypt lvm2 fsck strip)

  for THISHOOK in "${VALHOOKS[@]}"; do
    [[ -e "${OSCHROOT}/usr/lib/initcpio/install/${THISHOOK}" ]] && SUGGESTS+=("${THISHOOK}")
  done

  for THISHOOK in "${SUGGESTS[@]}"; do
    HELPTEXT="$("${BIN[sed]}" ':a;N;$!ba;
                s/.*HELPEOF\n\(.*\)\nHELPEOF.*/\1/g;
                s/\n\n.*//g;
                s/\. .*/./g;
                s/,.*/./g;
                s/\n(.*/./g;
                s/\n/ /g;
                s/ using pata\././g;
                s/ a support/ support/g;
                s/Disk/disk/g;
                s/This //g;
                s/^hook //g;
                s/^will //g' "${OSCHROOT}/usr/lib/initcpio/install/${THISHOOK}")"
    DESCRIPS+=("${HELPTEXT^}")
    [[ ${PREV_CFG} =~ ${THISHOOK} ]] && SELSTATE+=(on) || SELSTATE+=(off)
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"
  USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*${CFG_ITEM}=.*/${CFG_ITEM}=(${SELECTED})/g" "${CFG_FILE}"
}

function CONFIGURE_MKINITCPIO_MODULES {
  local -r CFG_FILE="${OSCHROOT}/etc/mkinitcpio.conf"
  [[ -e "${CFG_FILE}" ]] || return 0
  local -r CFG_ITEM="MODULES"
  ##############################################################################
  local -r BAKTITLE='MkInitCPIO Modules'
  local HELP_MSG='You normally do not need to add modules to the InitRAMFS.\n'
  HELP_MSG+='However you might want to do so under special circumstances.\n\n'
  HELP_MSG+='NVIDIA Early KMS: nvidia + nvidia_drm + nvidia_modeset + nvidia_uvm\n'
  HELP_MSG+='Other Early KMS: amdgpu or radeon or i915 or nouveau\n'
  HELP_MSG+='QEMU Early KMS: bochs_drm or cirrus or qxl or virtio-gpu\n'
  HELP_MSG+='Logitech Wireless: hid_logitech_dj + uhci_hcd + usbhid\n'
  HELP_MSG+='Other USB Keyboards: hid_generic + ohci_pci + usbhid\n'
  HELP_MSG+='AT & PS/2 Keyboards: atkbd\n'
  HELP_MSG+='Filesystems: btrfs ext[2,4] f2fs fat ntfs jfs xfs\n'
  HELP_MSG+='USB Storage: usb_storage\n\n'
  HELP_MSG+='Enter space-delimited list of modules to include in the InitRAMFS:'
  ##############################################################################
  local -a SUGGESTS
  local SELECTED PREV_CFG="$(GET_MKINITCPIO_MODULES)"
  [[ ${PREV_CFG} == '[none]' ]] && unset PREV_CFG

  SELECTED='-'
  until [[ ${SELECTED} =~ ^[a-zA-Z0-9_' ']+$ ]] || [[ -z ${SELECTED} ]]; do
    if [[ ${SELECTED} != '-' ]]; then
      DIALOG_MSGBOX "${TITLEBAR}" "${BAKTITLE}" "Invalid characters in module list."
    fi
    DIALOG_INPUT "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" "${PREV_CFG}" || return 1
    SELECTED="$(</tmp/selection)"
    PREV_CFG="${SELECTED}"
  done
  USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*${CFG_ITEM}=.*/${CFG_ITEM}=(${SELECTED})/g" "${CFG_FILE}"
}

function CONFIGURE_LOCAL_DOMAIN {
  local -r CFG_FILE="${OSCHROOT}/etc/systemd/resolved.conf"
  local -r CFG_ITEM="Domains"
  ##############################################################################
  local -r BAKTITLE="Local Domain Name"
  local -r HELP_MSG="Enter this computer'\\''s local domain:"
  ##############################################################################
  local SELECTED PREV_CFG="$(GET_LOCAL_DOMAIN)"

  DIALOG_INPUT "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" "${PREV_CFG}" || return 1
  SELECTED=$(</tmp/selection)
  USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}/g" "${CFG_FILE}"
}

function CONFIGURE_LOCALE_AVAILABILITY {
  local -r CFG_FILE="${OSCHROOT}/etc/locale.gen"
  ##############################################################################
  local BAKTITLE="Language Availability"
  local HELP_MSG="Select the languages you would like to use:"
  ##############################################################################
  local -a SUGGESTS SELSTATE
  local LANGUAGE LOCALE SELECTED SEL_LANG="$(GET_LANGUAGES)"

  while read -r LANGUAGE; do
    SUGGESTS+=("${LANGUAGE}")
    [[ ${SEL_LANG} =~ ${LANGUAGE} ]] && SELSTATE+=(on) || SELSTATE+=(off)
  done <<< "$("${BIN[grep]}" '\.UTF-8 UTF-8' "${CFG_FILE}" | "${BIN[sed]}" 's/^\s*#*\s*\([a-z]\{2,3\}\)_.*\.UTF-8 UTF-8.*/\1/g;' | ${BIN[sort]} -u )"

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"
  SELECTED="${SELECTED# }"
  SELECTED="${SELECTED% }"

  ##############################################################################
  local BAKTITLE="Locale Availability"
  local HELP_MSG="Select the locales you would like to use:"
  ##############################################################################
  unset SUGGESTS SELSTATE

  for LOCALE in $(GET_LOCALES "${SELECTED}"); do
    [[ ${LOCALE:0:1} == '#' ]] && SELSTATE+=(off) || SELSTATE+=(on)
    SUGGESTS+=("${LOCALE#'#'}")
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  for LOCALE in "${SUGGESTS[@]}"; do
    if [[ ${SELECTED} =~ ${LOCALE} ]]; then
      USE_PRIVILEGE "${BIN[sed]}" -i "s/^#${LOCALE}.UTF-8 UTF-8/${LOCALE}.UTF-8 UTF-8/g" "${CFG_FILE}"
    else
      USE_PRIVILEGE "${BIN[sed]}" -i "s/^${LOCALE}.UTF-8 UTF-8/#${LOCALE}.UTF-8 UTF-8/g" "${CFG_FILE}"
    fi
  done
  GENERATE_LOCALES
}

function CONFIGURE_LOCALE_COLLATION {
  local -r CFG_FILE="${OSCHROOT}/etc/locale.conf"
  local -r CFG_ITEM="LC_COLLATE"
  ##############################################################################
  local -r BAKTITLE="Locale Collation"
  local -r HELP_MSG="Select your sorting style:"
  ##############################################################################
  local -a SUGGESTS SELSTATE
  local SELECTED PREV_CFG="$(GET_LOCALE_COLLATION)"

  [[ -z ${PREV_CFG} ]] && PREV_CFG='POSIX'
  SUGGESTS=(POSIX C "$("${BIN[grep]}" 'LANG=' "${CFG_FILE}" | "${BIN[cut]}" -d= -f2)")
  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "${PREV_CFG}" \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' || return 1
  SELECTED=$(</tmp/selection)

  USE_PRIVILEGE "${BIN[touch]}" "${CFG_FILE}"

  if "${BIN[grep]}" -q "${CFG_ITEM}=" "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "echo '${CFG_ITEM}=${SELECTED}' >> '${CFG_FILE}'"
  fi

  USE_PRIVILEGE "${BIN[sort]}" -o "${CFG_FILE}" "${CFG_FILE}"
}

function CONFIGURE_LOCALE_LANGUAGE {
  local -r CFG_FILE="${OSCHROOT}/etc/locale.conf"
  ##############################################################################
  local -r BAKTITLE="Primary Locale"
  local -r HELP_MSG="Select your primary locale:"
  ##############################################################################
  local -a SUGGESTS SELSTATE
  local CFG_ITEM LOCALE SELECTED

  while read -r LOCALE; do
    SUGGESTS+=("${LOCALE}")
  done <<< "$("${BIN[grep]}" -v '\s*#' "${CFG_FILE/conf/gen}" | "${BIN[sed]}" 's/\.UTF-8 UTF-8.*//g;')"

  if [[ ${#SUGGESTS[@]} -gt 1 ]]; then
    DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "$(GET_PRIMARY_LANGUAGE)" \
      "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' || return 1
    SELECTED="$(</tmp/selection)"
  else
    SELECTED="${SUGGESTS[0]}"
  fi

  USE_PRIVILEGE "${BIN[touch]}" "${CFG_FILE}"

  for CFG_ITEM in LANG LC_ADDRESS LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME; do
    if "${BIN[grep]}" -q "${CFG_ITEM}" "${CFG_FILE}"; then
      USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}.UTF-8/g" "${CFG_FILE}"
    else
      USE_PRIVILEGE sh -c "echo '${CFG_ITEM}=${SELECTED}.UTF-8' >> '${CFG_FILE}'"
    fi
  done
  if "${BIN[grep]}" -q 'LANGUAGE=' "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*LANGUAGE=.*/LANGUAGE=${SELECTED}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "echo 'LANGUAGE=${SELECTED}' >> '${CFG_FILE}'"
  fi

  USE_PRIVILEGE "${BIN[sort]}" -o "${CFG_FILE}" "${CFG_FILE}"
}

function CONFIGURE_LOCALE_MESSAGES {
  local -r CFG_FILE="${OSCHROOT}/etc/locale.conf"
  local -r CFG_ITEM="LC_MESSAGES"
  ##############################################################################
  local -r BAKTITLE="Locale Messages"
  local -r HELP_MSG="Select your message style:"
  ##############################################################################
  local -a SUGGESTS SELSTATE
  local SELECTED PREV_CFG="$(GET_LOCALE_MESSAGES)"

  [[ -z ${PREV_CFG} ]] && PREV_CFG='C'
  SUGGESTS=(POSIX C "$("${BIN[grep]}" 'LANG=' "${CFG_FILE}" | "${BIN[cut]}" -d= -f2)")
  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "${PREV_CFG}" \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' || return 1
  SELECTED=$(</tmp/selection)

  USE_PRIVILEGE "${BIN[touch]}" "${CFG_FILE}"

  if "${BIN[grep]}" -q "${CFG_ITEM}=" "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "echo '${CFG_ITEM}=${SELECTED}' >> '${CFG_FILE}'"
  fi

  USE_PRIVILEGE "${BIN[sort]}" -o "${CFG_FILE}" "${CFG_FILE}"
}

function CONFIGURE_NANORC_COLORS {
  local -r CFG_FILE="${OSCHROOT}/etc/nanorc"
  [[ -e "${CFG_FILE}" ]] || return 0
  ##############################################################################
  local -r BAKTITLE="NanoRC Colors"
  local HELP_MSG="Enable Nano'\\''s example system-wide color scheme?"
  ##############################################################################
  local CLRLINES="$("${BIN[grep]}" '^\s*#*\s*set [a-z]\+color [a-z,]\+' "${CFG_FILE}" | "${BIN[wc]}" -l)"
  local SWCOLORS="$("${BIN[grep]}" '^\s*#*\s*set [a-z]\+color [a-z,]\+' "${CFG_FILE}" | "${BIN[head]}" -$((CLRLINES/2)))"
  local RTCOLORS="$("${BIN[grep]}" '^\s*#*\s*set [a-z]\+color [a-z,]\+' "${CFG_FILE}" | "${BIN[tail]}" -$((CLRLINES/2)))"
  local ESCOLORS

  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    if [[ ${SWCOLORS} =~ '#' ]]; then
      ESCOLORS="$("${BIN[sed]}" 's/^\s*#*\s*set/set/g' <<< "${SWCOLORS}")"
      ESCOLORS="${ESCOLORS//$'\n'/\\n}"
      SWCOLORS="${SWCOLORS//$'\n'/\\n}"
      USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/${SWCOLORS}/${ESCOLORS}/g" "${CFG_FILE}"
    fi
  else
    if ! [[ ${SWCOLORS} =~ '#' ]]; then
      USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;s/^\s*set \([a-z]\+color [a-z,]\+\)/set \1/g' "${CFG_FILE}"
    fi
  fi

  ##############################################################################
  local HELP_MSG="Enable Nano'\\''s example color scheme for root?"
  ##############################################################################

  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    USE_PRIVILEGE sh -c "echo '${RTCOLORS//# /}' > '${OSCHROOT}/root/.nanorc'"
  else
    USE_PRIVILEGE "${BIN[rm]}" "${OSCHROOT}/root/.nanorc"
  fi
}

function CONFIGURE_NANORC_INCLUDES {
  local -r CFG_FILE="${OSCHROOT}/etc/nanorc"
  local CFG_ITEM='/usr/share/nano/\*.nanorc'
  ##############################################################################
  local -r BAKTITLE="NanoRC Options"
  local HELP_MSG="Include ${CFG_ITEM/\\/}?"
  ##############################################################################
  local REPLACES

  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    REPLACES="include \"${CFG_ITEM}\""
  else
    [[ ${?} -eq 255 ]] && return 1
    REPLACES="# include \"${CFG_ITEM}\""
  fi

  CFG_ITEM='/usr/share/nano-syntax-highlighting/\*.nanorc'

  if [[ -d "${CFG_ITEM%\/*}" ]]; then
    ############################################################################
    local HELP_MSG="Include ${CFG_ITEM/\\/}?"
    ############################################################################
    if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
      [[ -n ${REPLACES} ]] && REPLACES+="\n"
      REPLACES+="include \"${CFG_ITEM}\""
    else
      [[ ${?} -eq 255 ]] && return 1
    fi
    if "${BIN[grep]}" -q '^\s*icolor\s*brightnormal' "${CFG_ITEM/\\\*/nanorc}"; then
      USE_PRIVILEGE "${BIN[sed]}" -i 's/\(.*brightnormal.*\)/# \1/g' "${CFG_ITEM/\\\*/nanorc}"
    fi
  fi

  [[ -n ${REPLACES} ]] && \
    USE_PRIVILEGE "${BIN[sed]}" -i ":a;N;\$!ba;s|\#*[ \t]*include\s*\".*\*\.nanorc\"|${REPLACES}|g" "${CFG_FILE}"
}

function CONFIGURE_NANORC_OPTIONS {
  local -r CFG_FILE="${OSCHROOT}/etc/nanorc"
  ##############################################################################
  local -r BAKTITLE="NanoRC Options"
  local -r HELP_MSG="Select the options to enable:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS SELSTATE
  local OPTION SELECTED LC

  for OPTION in $(GET_NANORC_OPTIONS all); do
    SUGGESTS+=("${OPTION}")
    DESCRIPS+=("$("${BIN[grep]}" -B5 "set ${OPTION}" "${CFG_FILE}" | \
                  "${BIN[grep]}" -v '^#bind' | "${BIN[grep]}" -v '^\s*#*\s*set ' | \
                  "${BIN[grep]}" -v -- '--' | "${BIN[sed]}" ':a;N;$!ba;s/.*\n\n//g' | \
                  "${BIN[sed]}" 's/^## //g' | "${BIN[paste]}" -d\  -s | \
                  "${BIN[sed]}" "s/'/'\\\''/g")")
    "${BIN[grep]}" -q "^\s*#\s*set ${OPTION}" "${CFG_FILE}" && SELSTATE+=(off) || SELSTATE+=(on)
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    if [[ ${SELECTED} =~ ${SUGGESTS[${LC}]} ]]; then
      if [[ ${SELSTATE[${LC}]} == off ]]; then
        USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*#\s*set ${SUGGESTS[${LC}]}/set ${SUGGESTS[${LC}]}/g" "${CFG_FILE}"
      fi
    else
      if [[ ${SELSTATE[${LC}]} == on ]]; then
        USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*set ${SUGGESTS[${LC}]}/# set ${SUGGESTS[${LC}]}/g" "${CFG_FILE}"
      fi
    fi
  done
}

function CONFIGURE_NTP {
  local -r CFG_FILE="${OSCHROOT}/etc/ntp.conf"
  #######################################################################
  local -r BAKTITLE="NTP"
  local -r HELP_MSG="Configure NTP:"
  #######################################################################
  local -a LBL_STRS DEFAULTS
  local IPAWMASK IADDRESS NET_MASK NTPSRVRS REGION RSTRICTS SRVRSPEC

  LBL_STRS=('NTP Servers' 'Net Mask To Serve')
  DEFAULTS+=( "$("${BIN[grep]}" '^server' "${CFG_FILE}" | "${BIN[cut]}" -d\  -f2 | "${BIN[paste]}" -d\  -s)" )
  DEFAULTS+=( "$("${BIN[grep]}" '^restrict.*mask' "${CFG_FILE}" | "${BIN[cut]}" -d\  -f2-4 | "${BIN[paste]}" -d\  -s | "${BIN[sed]}" 's| mask |/|g')" )

  if [[ -z ${DEFAULTS[0]} ]]; then
    DEFAULTS[0]='0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org'
    REGION="$("${BIN[grep]}" -s 'LANGUAGE' "${OSCHROOT}/etc/locale.conf" | "${BIN[cut]}" -d_ -f2)"
    [[ -n ${REGION} ]] && DEFAULTS[0]="${DEFAULTS[0]//arch/${REGION,,}}"
  fi

  if [[ -z ${DEFAULTS[1]} ]]; then
    DEFAULTS[1]="$("${BIN[ip]}" -o -f inet a | "${BIN[grep]}" 'brd.*global' | "${BIN[grep]}" -zo '[0-9.]\{7,15\}/[0-9]\+')"
  fi

  DIALOG_FORM "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 'LBL_STRS' 'DEFAULTS' || return 1
  SELECTED="$(</tmp/selection)"

  IPAWMASK="${SELECTED##*$'\n'}"
  if [[ -n ${IPAWMASK} ]]; then
    IADDRESS="${IPAWMASK%%\/*}"
    NET_MASK="${IPAWMASK##*\/}"
    [[ ${NET_MASK} =~ ^[0-9]{1,2}$ ]] && NET_MASK="$(CONVERT_NETMASK "${NET_MASK}")"
    SRVRSPEC="${IADDRESS} mask ${NET_MASK}"
  fi

  for NTP_SRVR in ${SELECTED%%$'\n'*}; do
    NTPSRVRS+="server ${NTP_SRVR}\n"
  done

  [[ -n ${SRVRSPEC} ]] && NTPSRVRS+="tos orphan 15\n"

  RSTRICTS="restrict default kod limited nomodify nopeer noquery noserve notrap\n"
  [[ -n ${SRVRSPEC} ]] && RSTRICTS+="restrict ${SRVRSPEC} limited nomodify notrap\n"
  RSTRICTS+="restrict 127.0.0.1\n"
  RSTRICTS+="restrict ::1\n"


  USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/\(#[[:alpha:][:punct:] ]\+\n\)*\(\(server\|tos\) [[:lower:][:digit:]. ]\+\n\)\+/${NTPSRVRS}/g" "${CFG_FILE}"
  USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/\(restrict [[:lower:][:digit:]:. ]\+\n\)\+/${RSTRICTS}/g" "${CFG_FILE}"
}

function CONFIGURE_OPENSSH_LISTEN {
  local -r CFG_FILE="${OSCHROOT}/etc/ssh/sshd_config"
  [[ -e ${CFG_FILE} ]] || return 0
  #######################################################################
  local -r BAKTITLE="OpenSSH Listening"
  local -r HELP_MSG="Configure the addresses and ports SSH will listen on:"
  #######################################################################
  local -a LBL_STRS DEFAULTS
  local SELECTED SSHPORTS SSHADDRS OPENPORT OPRT_TXT ADDRESS LIPA_TXT
  local IP4_ADDR=false IP6_ADDR=false

  LBL_STRS=('Addresses' 'Ports')
  IFS=':' read -ra DEFAULTS <<< "$(GET_SSHD_LISTEN_INFO | "${BIN[sed]}" 's/.* //g')"

  DIALOG_FORM "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 'LBL_STRS' 'DEFAULTS' || return 1
  SELECTED="$(</tmp/selection)"
  SSHADDRS="${SELECTED%%$'\n'*}"
  SSHPORTS="${SELECTED##*$'\n'}"

  if [[ -n ${SSHPORTS} ]]; then
    for OPENPORT in ${SSHPORTS}; do
      OPRT_TXT+="Port ${OPENPORT}"
    done
    USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/\(#*[ \t]*Port[ \t]\+[0-9]\+\n*\)\+/${OPRT_TXT}\n/g" "${OSCHROOT}/etc/ssh/sshd_config"
  fi
  if [[ -n ${SSHADDRS} ]]; then
    for ADDRESS in ${SSHADDRS}; do
      LIPA_TXT+="ListenAddress ${ADDRESS}"
    done
    USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/\(#*[ \t]*ListenAddress[ \t]\+[0-9.:]\+\n*\)\+/${LIPA_TXT}\n/g" "${OSCHROOT}/etc/ssh/sshd_config"
  fi
  [[ ${SSHADDRS} =~ ([0-9]{1,3}.?){4} ]] && IP4_ADDR=true
  [[ ${SSHADDRS} =~ :[0-9a-f]{0,4}: ]] && IP6_ADDR=true
  if ${IP4_ADDR}; then
    ${IP6_ADDR} && FMLY_TXT='AddressFamily any' || FMLY_TXT='AddressFamily inet'
  elif ${IP6_ADDR}; then
    FMLY_TXT='AddressFamily inet6'
  fi
  USE_PRIVILEGE "${BIN[sed]}" -i "s/\s*#*[ \t]*AddressFamily.*/${FMLY_TXT}/g" "${CFG_FILE}"
}

function CONFIGURE_OPENSSH_OPTIONS {
  local -r CFG_FILE="${OSCHROOT}/etc/ssh/sshd_config"
  [[ -e ${CFG_FILE} ]] || return 0
  #######################################################################
  local -r BAKTITLE="OpenSSH Options"
  local -r HELP_MSG="Configure OpenSSH options:"
  #######################################################################
  local -a SUGGESTS DESCRIPS SELSTATE NEWSTATE
  local EXISTING SELECTED WRTSTATE

  SUGGESTS=(PermitRootLogin              PubkeyAuthentication
            PasswordAuthentication       KbdInteractiveAuthentication
            AllowAgentForwarding         AllowTcpForwarding
            X11Forwarding                X11UseLocalhost
            PermitTunnel)

  # KbdInteractiveAuthentication is the new setting
  # The legacy setting is ChallengeResponseAuthentication

  if "${BIN[grep]}" -q 'ChallengeResponseAuthentication' "${CFG_FILE}"; then
    SUGGESTS[3]='ChallengeResponseAuthentication'
  fi

  DESCRIPS=('Allow root login (prohibit-password)'
            'Allow public key authentication'
            'Allow tunnelled cleartext passwords (echo passwd | ssh)'
            'Allow keyboard-interactive authentication (login on tty)'
            'Allow ssh-agent forwarding'
            'Allow TCP forwarding'
            'Allow X11 forwarding'
            'Bind X11 forwarding server to the loopback address'
            'Allow tunnelling')

  SELSTATE=(on on on off on on off on off)

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    EXISTING="$("${BIN[grep]}" "^\s*${SUGGESTS[${LC}]}" "${CFG_FILE}" | "${BIN[sed]}" 's/.*[ \t]//g')"
    [[ ${EXISTING} == prohibit-password ]] || [[ ${EXISTING} == yes ]] && SELSTATE[${LC}]=on
    [[ ${EXISTING} == no ]] && SELSTATE[${LC}]=off
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  for OPTION in "${SUGGESTS[@]}"; do
    [[ ${SELECTED} =~ ${OPTION} ]] && NEWSTATE+=(on) || NEWSTATE+=(off)
  done

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    if [[ ${SELSTATE[${LC}]} != "${NEWSTATE[${LC}]}" ]]; then
      [[ ${NEWSTATE[${LC}]} == on ]] && WRTSTATE='yes' || WRTSTATE='no'
      [[ ${SUGGESTS[${LC}]} == PermitRootLogin ]] \
        && [[ ${WRTSTATE} == yes ]] && WRTSTATE='prohibit-password'
      USE_PRIVILEGE "${BIN[sed]}" -i "s/^ *#* *${SUGGESTS[${LC}]} \+[a-z-]\+.*/${SUGGESTS[${LC}]} ${WRTSTATE}/g" "${CFG_FILE}"
    fi
  done
}

function CONFIGURE_PACMAN_KEYS {
  ##############################################################################
  local -r BAKTITLE="Pacman Keys"
  local -r HELP_MSG="Select the keys to add:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS SELSTATE
  local GNUPGKEY PMOPTION SELECTED

  SUGGESTS=(DDF7DB817396A49B2A2723F7403BD972F75D9D76 B545E9B7CD906FE3)
  DESCRIPS=('Repo signing key for archzfs' 'Repo signing key for andontie-aur')

  if ! compgen -G "${OSCHROOT}/var/lib/pacman/local/chaotic-mirrorlist*"; then
    SUGGESTS+=(3056513887B78AEB)
    DESCRIPS+=('Repo signing key for chaotic-aur')
  fi

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  USE_PRIVILEGE "${BIN[pacman-key]}" --config "${OSCHROOT}/etc/pacman.conf" --gpgdir "${OSCHROOT}/etc/pacman.d/gnupg" --init

  for GNUPGKEY in ${SELECTED}; do
    USE_PRIVILEGE "${BIN[pacman-key]}" --config "${OSCHROOT}/etc/pacman.conf" --gpgdir "${OSCHROOT}/etc/pacman.d/gnupg" --recv-key "${GNUPGKEY}"
    USE_PRIVILEGE "${BIN[pacman-key]}" --config "${OSCHROOT}/etc/pacman.conf" --gpgdir "${OSCHROOT}/etc/pacman.d/gnupg" --lsign-key "${GNUPGKEY}"
  done
}

function CONFIGURE_PACMAN_OPTIONS {
  local -r CFG_FILE="${OSCHROOT}/etc/pacman.conf"
  ##############################################################################
  local -r BAKTITLE="Pacman Options"
  local -r HELP_MSG="Select the options to enable:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS SELSTATE
  local PMOPTION SELECTED LC

  SUGGESTS+=(ILoveCandy UseSyslog Color NoProgressBar CheckSpace VerbosePkgLists ParallelDownloads)
  DESCRIPS+=('Turn progress bars into pacman eating pellets'
             'Log action messages through syslog (/var/log/messages)'
             'Automatically enable colors when output is on tty'
             'Disable progress bars (for ttys not supporting escape codes)'
             'Verify adequate available space before installation'
             'Display verbose package target information in table format'
             'Enable Concurrent download streams')

  for PMOPTION in "${SUGGESTS[@]}"; do
    "${BIN[grep]}" -q "^\s*${PMOPTION}" "${CFG_FILE}" && SELSTATE+=(on) || SELSTATE+=(off)
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    if [[ ${SELECTED} =~ ${SUGGESTS[${LC}]} ]]; then
      if [[ ${SELSTATE[${LC}]} == off ]]; then
        if "${BIN[grep]}" -q "^\s*#*\s*${SUGGESTS[${LC}]}" "${CFG_FILE}"; then
          USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*#\+\s*${SUGGESTS[${LC}]}/${SUGGESTS[${LC}]}/g" "${CFG_FILE}"
        else
          USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/Misc options\n/Misc options\n${SUGGESTS[${LC}]}\n/g" "${CFG_FILE}"
        fi
      fi
    else
      if [[ ${SELSTATE[${LC}]} == on ]]; then
        USE_PRIVILEGE "${BIN[sed]}" -i "s/^\s*${SUGGESTS[${LC}]}/#${SUGGESTS[${LC}]}/g" "${CFG_FILE}"
      fi
    fi
  done
}

function CONFIGURE_PACMAN_REPOS {
  local -r CFG_FILE="${OSCHROOT}/etc/pacman.conf"
  ##############################################################################
  local -r BAKTITLE="Pacman Repos"
  local -r HELP_MSG="Select the repos to enable:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS SELSTATE
  local DWNLDURI PMOPTION REPOLINE SELECTED LC

  SUGGESTS+=(core extra community multilib archzfs zfs-linux zfs-linux-lts zfs-linux-zen chaotic-aur andontie-aur)
  DESCRIPS+=('Packages for booting, networking, building, filesystems, and system setup.'
             'Packages that do not fit into the definition of core (Xorg, browsers, etc.).'
             'Packages that have been adopted by Trusted Users from the Arch User Repository.'
             '32-bit software and libraries for 64-bit systems.'
             'Packages for ZFS on Arch Linux (Standard Kernel).'
             'Packages for ZFS on Arch Linux (LTS Kernel).'
             'Packages for ZFS on Arch Linux (Zen Kernel).'
             'Kernel archive for for when the official repos pull ahead of archzfs.'
             'Automated builds of AUR packages submitted by the community'
             'Automated builds of AUR packages submitted by the community')

  for PMOPTION in "${SUGGESTS[@]}"; do
    "${BIN[grep]}" -qPzo "\n\[${PMOPTION}\]\n(Include|Server)\s*=\s*" "${CFG_FILE}" && SELSTATE+=(on) || SELSTATE+=(off)
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    if [[ ${SELECTED} =~ ${SUGGESTS[${LC}]} ]]; then
      if [[ ${SELSTATE[${LC}]} == off ]]; then
        if "${BIN[grep]}" -qPzo "\n\#\[${SUGGESTS[${LC}]}\]\n#(Include|Server)\s*=\s*" "${CFG_FILE}"; then
          USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/\n\#\[${SUGGESTS[${LC}]}\]\n#\(Include\|Server\)\s*=\s*/\n\[${SUGGESTS[${LC}]}\]\n\1 = /g" "${CFG_FILE}"
        else
          case "${SUGGESTS[${LC}]}" in
                 archzfs) REPOLINE='Include = /etc/pacman.d/archzfs-mirrorlist';;
              zfs-linux*) REPOLINE='Server = http://kernels.archzfs.com/$repo/';;
             chaotic-aur) REPOLINE='Include = /etc/pacman.d/chaotic-mirrorlist';;
            andontie-aur) REPOLINE='Server = https://aur.andontie.net/$arch';;
          esac
          USE_PRIVILEGE sh -c "'${BIN[printf]}' '[%s]\n%s\n\n' '${SUGGESTS[${LC}]}' '${REPOLINE}' >> '${OSCHROOT}/etc/pacman.conf'"
          if [[ ${REPOLINE} =~ Include ]]; then
            if ! [[ -e ${REPOLINE##*=} ]]; then
              case "${REPOLINE##*=}" in
                *chaotic*)
                  DWNLDURI='https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'
                  USE_PRIVILEGE sh -c "'${BIN[curl]}' -s -L '${DWNLDURI}' | '${BIN[tar]}' -I zstd -C '${OSCHROOT}' -xf - etc/pacman.d/chaotic-mirrorlist"
                  ;;
                *archzfs*)
                  DWNLDURI='https://github.com/archzfs/archzfs/wiki'
                  USE_PRIVILEGE sh -c "'${BIN[curl]}' -s -L  '${DWNLDURI}' | '${BIN[sed]}' ':a;N;\$!ba;s|.*<code>\(\[archzfs\]\n\(Server = [0-9a-z:/.$]*\n\)\{3,\}\)</code>.*|\1|g;' | '${BIN[grep]}' -v '\[archzfs\]' > '${OSCHROOT}/etc/pacman.d/archzfs-mirrorlist'"
                  ;;
              esac
            fi
          fi
        fi
      fi
    else
      if [[ ${SELSTATE[${LC}]} == on ]]; then
        USE_PRIVILEGE "${BIN[sed]}" -i ':a;N;$!ba;'"s/\n\[${SUGGESTS[${LC}]}\]\n\(Include\|Server\)\s*=\s*/\n\#[${SUGGESTS[${LC}]}\]\n#\1 = /g" "${CFG_FILE}"
      fi
    fi
  done
}

function CONFIGURE_POLICYKIT_ROOTPW {
  local -r CFG_FILE="${OSCHROOT}/etc/polkit-1/rules.d/49-rootpw_global.rules"
  [[ -e "${CFG_FILE%\/*}" ]] || return 0
  ##############################################################################
  local -r BAKTITLE="Root Password for PolicyKit like Sudo"
  local -r HELP_MSG="Authenticate Admins by prompting for the root password?"
  ##############################################################################
  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    USE_PRIVILEGE sh -c "cat <<- ENDOFSCRIPT > '${CFG_FILE}'
		// Always authenticate Admins by prompting for the root password
		// similar to the rootpw option in sudo
		
		polkit.addAdminRule(function(action, subject) {
		    return ['unix-user:root'];
		});
		ENDOFSCRIPT"
  else
    [[ -e ${CFG_FILE} ]] && USE_PRIVILEGE "${BIN[rm]}" "${CFG_FILE}"
  fi
  return 0
}

function CONFIGURE_PLYMOUTH {
  [[ ! -e ${OSCHROOT}/usr/share/plymouth ]] && return 0
  #######################################################################
  local -r BAKTITLE="Plymouth"
  local -r HELP_MSG="Select your desired theme:"
  #######################################################################
  local -a SUGGESTS DESCRIPS
  local CFG_FILE CFG_ITEM PM_THEME SELECTED
  local PREV_CFG="$( "${BIN[find]}" "${OSCHROOT}/usr/share/plymouth/themes" -maxdepth 1 -type d -wholename '*/themes/?*' | "${BIN[grep]}" 'custom' | "${BIN[sed]}" 's|.*/||g' )"

  IFS=$'\n' read -r -d '' -a SUGGESTS < <("${BIN[find]}" "${OSCHROOT}/usr/share/plymouth/themes" -maxdepth 1 -type d -wholename '*/themes/?*' | "${BIN[grep]}" -v 'custom' | "${BIN[sed]}" 's|.*/||g' | "${BIN[sort]}")
  for PM_THEME in "${SUGGESTS[@]}"; do
    DESCRIPS+=( "$("${BIN[grep]}" '^Description=' "${OSCHROOT}/usr/share/plymouth/themes/${PM_THEME}/${PM_THEME}.plymouth" | "${BIN[cut]}" -d= -f2 | "${BIN[sed]}" "s/'/'\\\''/g")" )
  done

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' "${PREV_CFG}" \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' || return 1
  SELECTED="$(</tmp/selection)"

  if ! "${BIN[grep]}" 'HOOKS' "${OSCHROOT}/etc/mkinitcpio.conf" | "${BIN[grep]}" -v '^\s*#' | "${BIN[grep]}" 'plymouth'; then
    USE_PRIVILEGE "${BIN[sed]}" -i 's/autodetect/plymouth autodetect/g' "${OSCHROOT}/etc/mkinitcpio.conf"
  fi

  if ! [[ -e "${OSCHROOT}/usr/share/plymouth/themes/spinner/watermark.png" ]]; then
    USE_PRIVILEGE "${BIN[cp]}" "${OSCHROOT}/usr/share/plymouth/arch-logo.png" \
       "${OSCHROOT}/usr/share/plymouth/themes/spinner/watermark.png"
  fi

  if ! [[ -e "${OSCHROOT}/usr/share/plymouth/themes/${SELECTED}-custom" ]]; then
    if [[ -e "${OSCHROOT}/usr/share/plymouth/themes/${PREV_CFG}-custom" ]]; then
      USE_PRIVILEGE "${BIN[rm]}" "${OSCHROOT}/usr/share/themes/${PREV_CFG}-custom"
    fi
    USE_PRIVILEGE "${BIN[cp]}" -r "${OSCHROOT}/usr/share/plymouth/themes/${SELECTED}" "${OSCHROOT}/usr/share/plymouth/themes/${SELECTED}-custom"
    USE_PRIVILEGE "${BIN[rename]}" "${SELECTED}.plymouth" "${SELECTED}-custom.plymouth" "${OSCHROOT}/usr/share/plymouth/themes/${SELECTED}-custom/${SELECTED}.plymouth"
  fi

  CFG_FILE="${OSCHROOT}/usr/share/plymouth/themes/${SELECTED}-custom/${SELECTED}-custom.plymouth"
  CFG_ITEM="WatermarkVerticalAlignment"
  USE_PRIVILEGE "${BIN[sed]}" -i "s/${CFG_ITEM}=.*/${CFG_ITEM}=.6/g" "${CFG_FILE}"
  USE_PRIVILEGE "${BIN[sed]}" -i 's/Animation=false/Animation=true/g' "${CFG_FILE}"

  if ! "${BIN[grep]}" -q 'kernel\.printk\s*=\s*3\s\+3\s\+3\s\+3' "${OSCHROOT}"/etc/sysctl.d/*; then
   USE_PRIVILEGE sh -c "echo 'kernel.printk = 3 3 3 3' > '${OSCHROOT}/etc/sysctl.d/20-quiet-printk.conf'"
  fi

  if ! "${BIN[grep]}" -q $'\x1b.\x3f\x32\x35\x68' "${OSCHROOT}/etc/issue"; then
    USE_PRIVILEGE sh -c "setterm -cursor on >> '${OSCHROOT}/etc/issue'"
  fi

  USE_PRIVILEGE "${BIN[sed]}" -i "s/Theme=.*/Theme=${SELECTED}-custom/" "${OSCHROOT}/etc/plymouth/plymouthd.conf"
}

function CONFIGURE_SMARTD_DEVICESCAN {
  local -r CFG_FILE="${OSCHROOT}/etc/smartd.conf"
  [[ -e "${CFG_FILE}" ]] || return 0
  local -r CFG_ITEM="DEVICESCAN"
  ##############################################################################
  local -r BAKTITLE="SMART Device Scan Settings"
  local HELP_MSG="Choose device scan settings:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS SELSTATE
  local SELECTED PREV_CFG="$(GET_SMARTD_DEVICESCAN)"

  SUGGESTS+=(a o S n s)
  DESCRIPS+=('Monitor all attributes'
             'Enable automatic offline data collection'
             'Enable automatic attribute autosave'
             'Do not poll disks in SLEEP or STANDBY mode'
             'Schedule tests')
  [[ ${PREV_CFG} =~ -a ]] && SELSTATE+=(on) || SELSTATE+=(off)
  [[ ${PREV_CFG} =~ '-o on' ]] && SELSTATE+=(on) || SELSTATE+=(off)
  [[ ${PREV_CFG} =~ '-S on' ]] && SELSTATE+=(on) || SELSTATE+=(off)
  [[ ${PREV_CFG} =~ '-n standby' ]] && SELSTATE+=(on) || SELSTATE+=(off)
  [[ ${PREV_CFG} =~ '-s' ]] && SELSTATE+=(on) || SELSTATE+=(off)

  DIALOG_MULTI_SELECT "${BAKTITLE}" "${MAIN_TTL}" 'hidetags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  SELECTED="${SELECTED/a/-a}"
  SELECTED="${SELECTED/s/-s}"
  SELECTED="${SELECTED/n/-n standby,q}"
  SELECTED="${SELECTED/o/-o on}"
  SELECTED="${SELECTED/S/-S on}"

  if [[ ${SELECTED} =~ -s ]]; then
    ############################################################################
    local HELP_MSG="Set hour of day for daily short self-tests:"
    ############################################################################
    DIALOG_RANGE "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 0 23 2 || return 1
    SELECTED="${SELECTED} (S/../.././$(</tmp/selection)"
    ############################################################################
    local HELP_MSG="Set hour of day for Sunday long self-tests:"
    ############################################################################
    DIALOG_RANGE "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 0 23 3 || return 1
    SELECTED="${SELECTED}|L/../../7/$(</tmp/selection))"
  fi

  USE_PRIVILEGE "${BIN[sed]}" -i "s:^${CFG_ITEM}.*:${CFG_ITEM} ${SELECTED}:g" "${CFG_FILE}"
}

function CONFIGURE_STICKY_BIT {
  local -r CFG_FILE="${OSCHROOT}/etc/sysctl.d/stickybit.conf"
  ##############################################################################
  local -r BAKTITLE="Sticky Bit Directories"
  local HELP_MSG="Allow the creation regular files in world-writable sticky\n"
  HELP_MSG+="directories when the file owner doesn'\\''t match that of the directory?"
  ##############################################################################
  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    USE_PRIVILEGE sh -c "'${BIN[cat]}' <<- ENDOFSCRIPT > '${CFG_FILE}'
		# Allow the creation regular files in world-writable sticky directories
		# when the file owner doesn't match that of the directory
		
		fs.protected_regular=0
		ENDOFSCRIPT"
  else
    USE_PRIVILEGE "${BIN[rm]}" "${CFG_FILE}"
  fi
}

function CONFIGURE_SUDO {
  local -r CFG_FILE="${OSCHROOT}/etc/sudoers"
  [[ -e "${CFG_FILE}" ]] || return 0
  ##############################################################################
  local -r BAKTITLE="Sudo Configuration"
  local -r HELP_MSG="Configure Sudo:"
  ##############################################################################
  local CFLOCATE EXISTCFG INCL_DIR SELECTED SWITCHED
  local PREGEX SERCHSTR STR4GREP STRING WRITESTR 
  local -a SUGGESTS DESCRIPS CONF_STR PREGEXES GREGEXES SELSTATE

  GET_PRIVILEGE # Working with sudo configs requires root access

  EXISTCFG="$(GET_SUDO_CONFIG)"

  SUGGESTS+=(wheel passprompt passwd_timeout rootpw timestamp_type timestamp_timeout)
  DESCRIPS+=('Enable members of the wheel group to use sudo'
             'Set passprompt to "[sudo] password for %p: "'
             'Set passwd_timeout to 0 (sudo will not time out waiting for a password)'
             "Require root'\\''s password"
             'Set timestamp_type to global (not limited to current terminal session)'
             'Set timestamp_timeout to 10')

  # CONF_STR is basically here to help with search string legibility
  # The short forms of character classes are vastly easier to read

  CONF_STR+=('%wheel\s*ALL\s*=\s*\(\s*ALL\s*\)\s*ALL'
             'Defaults\s*passprompt\s*=\s*"\[sudo\] password for %p: "'
             'Defaults\s*passwd_timeout\s*=\s*0'
             'Defaults\s*rootpw'
             'Defaults\s*timestamp_type\s*=\s*global'
             'Defaults\s*timestamp_timeout\s*=\s*10')

  # We need a special case to handle the ZFS sudo config
  # The package typically adds a commented-out config

  if "${BIN[sudo]}" sh -c "[ -e '${CFG_FILE}.d/zfs' ]"; then
    SUGGESTS+=(zfs)
    DESCRIPS+=('Relax perms for smartctl for `zpool iostat/status -c smart`')
    CONF_STR+=('ALL\s*ALL\s*=\s*(\s*root\s*)\s*NOPASSWD:\s*/usr/sbin/smartctl -a /dev/\[hsv\]d\[a-z0-9\]*')
  fi

  # Now we can build search strings for actual use

  for STRING in "${CONF_STR[@]}"; do
    # This is the big one since bash regex can't use short-form character classes
    PREGEXES+=("${STRING//\\s/[[:blank:]]}")
    # The meaning of escaped and unescaped parantheses
    # in regexes is inversed between bash and grep
    STR4GREP="${STRING//\\(/(}"
    GREGEXES+=("${STR4GREP//\\)/)}")
  done

  for PREGEX in "${PREGEXES[@]}"; do
    # Now we can set pre-selected states based on what we found in the configs
    [[ ${EXISTCFG} =~ [[:cntrl:]][[:blank:]]*${PREGEX} ]] && SELSTATE+=(on) || SELSTATE+=(off)
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  GET_PRIVILEGE # Call this again just in case the credentials timed out

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    # Walk through all off the present options
    SWITCHED=none
    [[ ${SELECTED} =~ ${SUGGESTS[${LC}]} ]] && [[ ${SELSTATE[${LC}]} == off ]] && SWITCHED=on
    [[ ! ${SELECTED} =~ ${SUGGESTS[${LC}]} ]] && [[ ${SELSTATE[${LC}]} == on ]] && SWITCHED=off

    if [[ ${SWITCHED} != none ]]; then
      WRITESTR="${CONF_STR[${LC}]}"   # Derive what to write out based search regex
      WRITESTR="${WRITESTR//\\s\*/ }" # Convert searches for whitespace to a single space
      WRITESTR="${WRITESTR// = /=}"   # Remove whitespace around equals sign
      WRITESTR="${WRITESTR//\\[/[}"   # Remove escaping from opening bracket
      WRITESTR="${WRITESTR//\\]/]}"   # Remove escaping from closing bracket
      WRITESTR="${WRITESTR//\\(/(}"   # Remove escaping from opening parenthesis
      WRITESTR="${WRITESTR//\\)/)}"   # Remove escaping from closing parenthesis
      WRITESTR="${WRITESTR//( /(}"    # Remove space after opening parenthesis
      WRITESTR="${WRITESTR// )/)}"    # Remove space before closing parenthesis

      # We need a more-generic search string for the replacement procedure
      SERCHSTR="${GREGEXES[${LC}]}"
      # Remove everything after an equals sign so we match
      # an option regardless of what it was set to previously
      [[ ${SERCHSTR} =~ Defaults.*= ]] && SERCHSTR="${SERCHSTR%%=*}"
      # Adjust rootpw to match {runas,root,target}pw
      [[ ${SERCHSTR} =~ rootpw ]] && SERCHSTR="${SERCHSTR//rootpw/\\(root\\|target\\|runas\\)pw}"

      # Find out if an option can already be found in a
      # config file regardless of being commented out
      if "${BIN[sudo]}" "${BIN[grep]}" -q "^\s*#*\s*${SERCHSTR}" "${CFG_FILE}"; then
        # If we found the option in the main config file, use that
        CFLOCATE="${CFG_FILE}"
      elif [[ -n ${INCL_DIR} ]]; then
        # If not and @includedir was set, search @includedir for the option
        CFLOCATE="$("${BIN[sudo]}" sh -c "'${BIN[grep]}' -l '\s*#*\s*${SERCHSTR}' ${CFG_FILE}.d/* ")"
        # If not found, create a new file
        [[ -n ${CFLOCATE} ]] && CFLOCATE="${OSCHROOT}${CFG_FILE}.d/${SELECTED}"
      fi

      if [[ ${SWITCHED} == on ]]; then
        if [[ -n ${CFLOCATE} ]]; then
          # If the option was found in an existing config file,
          # use sed magic to change the option where it was found.
          "${BIN[sudo]}" "${BIN[sed]}" -i "s&^\s*#*\s*${SERCHSTR}.*&${WRITESTR}&g" "${CFLOCATE}"
        elif [[ -n ${INCL_DIR} ]]; then
          # If the option wasn't found even in commented-out status, and @includedir
          # was set, go ahead and write a new config file under @includedir
          "${BIN[sudo]}" sh -c "echo '${WRITESTR}' > '${CFG_FILE}.d/${SUGGESTS[${LC}]}'"
        else
          # Otherise, append the option to the main config file
          "${BIN[sudo]}" sh -c "echo '${WRITESTR}' >> '${CFG_FILE}'"
        fi
      elif [[ ${SWITCHED} == off ]]; then
        # The only way and option can be switched off is if it was found to begin with
        "${BIN[sudo]}" "${BIN[sed]}" -i "s&^\s*#*\s*\(${SERCHSTR}.*\)&# \1&g" "${CFLOCATE}"
      fi
    fi
  done
}

function CONFIGURE_SYSTEMD_LOGIND_HANDLELIDSWITCH {
  local -r CFG_FILE="${OSCHROOT}/etc/systemd/logind.conf"
  local -r CFG_ITEM='HandleLidSwitch'
  local -r CFG_STNG='ignore'
  ##############################################################################
  local -r BAKTITLE="Lid Switch Fix"
  local HELP_MSG="Set ${CFG_ITEM} to ${CFG_STNG}?\n"
  HELP_MSG+="(Fixes system constantly going to sleep on some laptops.)"
  ##############################################################################
  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${CFG_STNG}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=/#${CFG_ITEM}=/g" "${CFG_FILE}"
  fi
}

function CONFIGURE_SYSTEMD_JOUNRAL_SIZE {
  local -r CFG_FILE="${OSCHROOT}/etc/systemd/journald.conf"
  local -r CFG_ITEM="SystemMaxUse"
  ##############################################################################
  local -r BAKTITLE="Jouurnal Size"
  local -r HELP_MSG="Max Journal Size:"
  ##############################################################################
  local SELECTED PREV_CFG="$(GET_SYSTEMD_JOURNAL_SIZE | ${BIN[tr]} -d 'BKMGTbi')"

  [[ ${PREV_CFG} -lt 16 ]] && PREV_CFG='64'
  DIALOG_RANGE "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 16 4096 "${PREV_CFG}" || return 1
  SELECTED="$(</tmp/selection)"
  USE_PRIVILEGE "${BIN[sed]}" -i "s/^.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}M/g" "${CFG_FILE}"
}

function CONFIGURE_SYSTEMD_RESOLVED {
  ##############################################################################
  local -r BAKTITLE="Resolver"
  local -r HELP_MSG="Use systemd-resolved?"
  ##############################################################################
  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    USE_PRIVILEGE "${BIN[ln]}" -fs '/run/systemd/resolve/resolv.conf' "${OSCHROOT}/etc/resolv.conf"
    USE_PRIVILEGE "${BIN[sed]}" -i 's/ \[\!UNAVAIL=return\] / /g' "${OSCHROOT}/etc/nsswitch.conf"
    USE_PRIVILEGE "${BIN[sed]}" -i 's/^#*MulticastDNS.*/MulticastDNS=no/g' "${OSCHROOT}/etc/systemd/resolved.conf"
  else
    USE_PRIVILEGE "${BIN[rm]}" "${OSCHROOT}/etc/resolv.conf" && touch "${OSCHROOT}/etc/resolv.conf"
    USE_PRIVILEGE "${BIN[sed]}" -i 's/resolve dns/resolve [!UNAVAIL=return] dns/ /g' "${OSCHROOT}/etc/nsswitch.conf"
    USE_PRIVILEGE "${BIN[sed]}" -i 's/^#*MulticastDNS.*/#MulticastDNS=/g' "${OSCHROOT}/etc/systemd/resolved.conf"
  fi
}

function CONFIGURE_SYSTEMD_SERVICE_START_TIMEOUT {
  local -r CFG_FILE="${OSCHROOT}/etc/systemd/system.conf"
  local -r CFG_ITEM="DefaultTimeoutStartSec"
  ##############################################################################
  local -r BAKTITLE="Default Service Startup Timeout"
  local -r HELP_MSG="Timeout (in seconds):"
  ##############################################################################
  local SELECTED PREV_CFG="$(GET_SYSTEMD_SERVICE_START_TIMEOUT | "${BIN[tr]}" -d 's')"

  [[ -z ${PREV_CFG} ]] && PREV_CFG='30'
  DIALOG_RANGE "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 30 90 "${PREV_CFG}" || return 1
  SELECTED="$(</tmp/selection)"
  USE_PRIVILEGE "${BIN[sed]}" -i "s/^.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}s/g" "${CFG_FILE}"
}

function CONFIGURE_SYSTEMD_SERVICE_STOP_TIMEOUT {
  local -r CFG_FILE="${OSCHROOT}/etc/systemd/system.conf"
  local -r CFG_ITEM="DefaultTimeoutStopSec"
  ##############################################################################
  local -r BAKTITLE="Default Service Stop Timeout"
  local -r HELP_MSG="Timeout (in seconds):"
  ##############################################################################
  local SELECTED PREV_CFG="$(GET_SYSTEMD_SERVICE_STOP_TIMEOUT | "${BIN[tr]}" -d 's')"

  [[ -z ${PREV_CFG} ]] && PREV_CFG='15'
  DIALOG_RANGE "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 15 45 "${PREV_CFG}" || return 1
  SELECTED="$(</tmp/selection)"
  USE_PRIVILEGE "${BIN[sed]}" -i "s/^.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}s/g" "${CFG_FILE}"
}

function CONFIGURE_SYSTEMD_TIMESYNCD {
  local -r CFG_FILE="${OSCHROOT}/etc/systemd/timesyncd.conf"
  ##############################################################################
  local -r BAKTITLE="systemd-timesyncd"
  local -r HELP_MSG="Configure NTP Servers:"
  ##############################################################################
  local -a DEFAULTS LBL_STRS=(NTP FallbackNTP)
  local REGION SELECTED

  DEFAULTS+=( "$("${BIN[grep]}" "^NTP=" "${CFG_FILE}" | "${BIN[cut]}" -d= -f2)" )
  DEFAULTS+=( "$("${BIN[grep]}" "^FallbackNTP=" "${CFG_FILE}" | "${BIN[cut]}" -d= -f2)" )

  if [[ -z ${DEFAULTS[0]} ]]; then
    DEFAULTS[0]='0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org'
    REGION="$("${BIN[grep]}" 'LANGUAGE' "${OSCHROOT}/etc/locale.conf" | "${BIN[cut]}" -d_ -f2)"
    [[ -n ${REGION} ]] && DEFAULTS[0]="${DEFAULTS[0]//arch/${REGION,,}}"
  fi

  [[ -z ${DEFAULTS[1]} ]] && DEFAULTS[1]='0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org'

  DIALOG_FORM "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" 'LBL_STRS' 'DEFAULTS' || return 1
  SELECTED="$(</tmp/selection)"

  USE_PRIVILEGE "${BIN[sed]}" -i "s/\s*#*\s*NTP=.*/NTP=${SELECTED%%$'\n'*}/g" "${CFG_FILE}"
  USE_PRIVILEGE "${BIN[sed]}" -i "s/\s*#*\s*FallbackNTP=.*/FallbackNTP=${SELECTED##*$'\n'}/g" "${CFG_FILE}"
}

function CONFIGURE_TIMEZONE {
  local -r CFG_FILE="${OSCHROOT}/etc/localtime"
  ##############################################################################
  local -r BAKTITLE="Time Zone Selection"
  ##############################################################################
  local SELECTED PREV_CFG="$(GET_TIMEZONE full)"

  [[ -z ${PREV_CFG} ]] && PREV_CFG="${OSCHROOT}/usr/share/zoneinfo/"

  DIALOG_FILE_SELECT "${TITLEBAR}" "${BAKTITLE}" "${PREV_CFG}" || return 1
  SELECTED="$(</tmp/selection)"
  SELECTED="${SELECTED#"${OSCHROOT}"}"
  USE_PRIVILEGE "${BIN[ln]}" -fsT "${SELECTED}" "${CFG_FILE}"
}

function CONFIGURE_VCONSOLE_FONT {
  local -r CFG_FILE="${OSCHROOT}/etc/vconsole.conf"
  local -r CFG_ITEM="FONT"
  ##############################################################################
  local -r BAKTITLE="Console Font"
  local -r HELP_MSG="Select your console font:"
  ##############################################################################
  local -a SUGGESTS SELSTATE
  local SELECTED PREV_CFG="$(GET_VCONSOLE_FONT)"

  [[ -z ${PREV_CFG} ]] && PREV_CFG='default8x16'
  IFS=$'\n' read -r -d '' -a SUGGESTS < <("${BIN[find]}" "${OSCHROOT}/usr/share/kbd/consolefonts" -name '*.psfu.gz' | "${BIN[sed]}" 's|.*/||g;s|\.psfu.gz||g' | "${BIN[sort]}")

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "${PREV_CFG}" \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  USE_PRIVILEGE "${BIN[touch]}" "${CFG_FILE}"

  if "${BIN[grep]}" -q "${CFG_ITEM}=" "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "echo '${CFG_ITEM}=${SELECTED}' >> '${CFG_FILE}'"
  fi
}

function CONFIGURE_VCONSOLE_KEYMAP {
  local -r CFG_FILE="${OSCHROOT}/etc/vconsole.conf"
  local -r CFG_ITEM="KEYMAP"
  ##############################################################################
  local -r BAKTITLE="Keymap"
  local -r HELP_MSG="Select your keymap:"
  ##############################################################################
  local -a SUGGESTS
  local SELECTED COUNTRY="$("${BIN[grep]}" 'LANGUAGE=' "${CFG_FILE/vconsole/locale}" | "${BIN[cut]}" -d_ -f2)"

  IFS=$'\n' read -r -d '' -a SUGGESTS < <("${BIN[find]}" "${OSCHROOT}/usr/share/kbd/keymaps" \( -name "${COUNTRY,,}-*" -o -name "${COUNTRY,,}_*" -o -name "${COUNTRY,,}.*" \) | "${BIN[sed]}" 's|.*/||g;s|\.map\.gz||g' | "${BIN[sort]}")

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'hidetags' "$(GET_VCONSOLE_KEYMAP)" \
    "${HELP_MSG}" 'SUGGESTS' 'SUGGESTS' || return 1
  SELECTED="$(</tmp/selection)"

  USE_PRIVILEGE "${BIN[touch]}" "${CFG_FILE}"

  if "${BIN[grep]}" -q "${CFG_ITEM}=" "${CFG_FILE}"; then
    USE_PRIVILEGE "${BIN[sed]}" -i "s/.*${CFG_ITEM}=.*/${CFG_ITEM}=${SELECTED}/g" "${CFG_FILE}"
  else
    USE_PRIVILEGE sh -c "echo '${CFG_ITEM}=${SELECTED}' >> '${CFG_FILE}'"
  fi
}

function CONFIGURE_VIDEO_ACCELERATION {
  local -r CFG_FILE="${OSCHROOT}/etc/profile.d/video-accel.sh"
  #######################################################################
  local -r BAKTITLE="Video Acceleration"
  local -r HELP_MSG="Install profile script to help with video acceleration?"
  #######################################################################
  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    USE_PRIVILEGE sh -c "'${BIN[cat]}' <<- ENDOFSCRIPT > '${CFG_FILE}'
		#!/usr/bin/env sh
		
		gmn() {
		  /usr/bin/lscpu | /bin/grep Model: | /bin/sed 's/\s\+//g' | /usr/bin/cut -d: -f2
		}
		
		case \"\\\$(lsmod)\" in
		   *amdgpu*) ldn=radeonsi; vdn=radeonsi;;
		    *i915*) [ \\\$(gmn) -gt 60 ] && ldn=iHD || ldn=i965; vdn=va_gl;;
		  *nouveau*) ldn=nouveau; vdn=nouveau;;
		   *nvidia*) ldn=vdpau; vdn=nvidia;;
		esac
		
		[ -n \\\$ldn ] && export LIBVA_DRIVER_NAME=\\\$ldn
		[ -n \\\$vdn ] && export VDPAU_DRIVER=\\\$vdn
		ENDOFSCRIPT"
  else
    [[ -e "${CFG_FILE}" ]] && USE_PRIVILEGE "${BIN[rm]}" "${CFG_FILE}"
  fi
  return 0
}

function CREATE_NEW_USERS {
  ##############################################################################
  local -r BAKTITLE="Create New User"
  ##############################################################################
  local HELP_MSG SELECTED

  while true; do
    ############################################################################
    HELP_MSG="Enter username:"
    ############################################################################
    while true; do
      DIALOG_INPUT "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}" "" || return 1
      SELECTED=$(</tmp/selection)
      if "${BIN[grep]}" -q "^${SELECTED}:" "${OSCHROOT}/etc/passwd"; then
        DIALOG_MSGBOX "${TITLEBAR}" "${BAKTITLE}" "User ${SELECTED} already exists."
      else
        break
      fi
    done
    ############################################################################
    HELP_MSG="Use private group?\n"
    HELP_MSG+="(Selecting no will make '\\''users'\\'' the primary group.)"
    ############################################################################

    if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
      USE_PRIVILEGE "${BIN[useradd]}" -R "${OSCHROOT}" -m -U "${SELECTED}"
    else
      USE_PRIVILEGE "${BIN[useradd]}" -R "${OSCHROOT}" -m -g users "${SELECTED}"
    fi
  done
}

function ENABLE_SYSTEMD_SERVICES {
  ##############################################################################
  local -r BAKTITLE="systemd Services"
  local -r HELP_MSG="Enable systemd services:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS SELSTATE VALUNITS
  local SDUFPATH=usr/lib/systemd/system
  local SDUFIPTH=etc/systemd/system
  local DSPLYMGR OVERRIDE UNITFILE UNITPATH LC PLYMOUTH=false

  [[ -e "${OSCHROOT}/usr/lib/systemd/system/plymouth-start.service" ]] && PLYMOUTH=true

  VALUNITS=(acpid.service connman.service connman-wait-online.service
            cpupower.service cronie.service cups.service dhcpcd.service
            docker.service dovecot.service fail2ban.service fstrim.timer
            gdm.service gitea.service haveged.service httpd.service
            iptables.service lightdm.service lm_sensors.service lxdm.service
            mariadb.service minidlna.service murmur.service
            NetworkManager.service NetworkManager-wait-online.service
            nfs-client.target nfs-server.service nginx.service nmb.service
            ntpd.service paccache.timer php-fpm.service pkgfile-update.timer
            postfix.service postgresql.service qemu-ga.service redis.service
            remote-fs.target rngd.service rpcbind.service rspamd.service
            sddm.service smartd.service smb.service sshd.service
            systemd-networkd.service systemd-networkd-wait-online.service
            systemd-resolved.service vsftpd.service xdm.service
            xdm-archlinux.service zfs-import-cache.service zfs-import.target
            zfs-mount.service zfs.target)

  for UNITFILE in "${VALUNITS[@]}"; do
    UNITPATH="${OSCHROOT}/${SDUFPATH}/${UNITFILE}"
    if [[ -e "${UNITPATH}" ]]; then
      DESCRIPS+=("$("${BIN[grep]}" Description= "${UNITPATH}" | "${BIN[cut]}" -d= -f2)")
      if [[ ${UNITFILE} =~ dm.service ]] && ${PLYMOUTH} && [[ ! ${UNITFILE} =~ ^xdm ]]; then
        UNITFILE="${UNITFILE/.service/-plymouth.service}"
        UNITPATH="${OSCHROOT}/${SDUFPATH}/${UNITFILE}"
      fi
      SUGGESTS+=("${UNITFILE}")
      if [[ ${UNITFILE} =~ dm(-plymouth)*.service ]]; then
        DSPLYMGR="$("${BIN[readlink]}" "${OSCHROOT}/${SDUFIPTH}/display-manager.service")"
        [[ ${UNITPATH} == "${DSPLYMGR}" ]] && SELSTATE+=(on) || SELSTATE+=(off)
      else
        compgen -G "${OSCHROOT}/${SDUFIPTH}/*/${UNITFILE}" > /dev/null && SELSTATE+=(on) || SELSTATE+=(off)
      fi
    fi
  done

  DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE' || return 1
  SELECTED="$(</tmp/selection)"

  [[ -z ${OSCHROOT} ]] && unset OSCHROOT

  for (( LC=0 ; LC<${#SUGGESTS[@]} ; LC++ )); do
    if [[ ${SELSTATE[${LC}]} == on ]] && [[ ! ${SELECTED} =~ ${SUGGESTS[${LC}]} ]]; then
      USE_PRIVILEGE "${BIN[systemctl]}" ${OSCHROOT+--root=}${OSCHROOT} disable "${SUGGESTS[${LC}]}"
    elif [[ ${SELSTATE[${LC}]} == off ]] && [[ ${SELECTED} =~ ${SUGGESTS[${LC}]} ]]; then
      if [[ ${SUGGESTS[${LC}]} == sshd.service ]]; then
        OVERRIDE="${OSCHROOT}/etc/systemd/system/sshd.service.d/override.conf"
        if [[ ! -e ${OVERRIDE} ]]; then
          USE_PRIVILEGE "${BIN[mkdir]}" -p "${OVERRIDE%override.conf}"
          USE_PRIVILEGE sh -c "'${BIN[printf]}' '[Unit]\nAfter=network-online.target' > '${OVERRIDE}'"
        fi
      fi
      USE_PRIVILEGE "${BIN[systemctl]}" ${OSCHROOT+--root=}${OSCHROOT} enable "${SUGGESTS[${LC}]}"
    fi
  done
}

function GENERATE_LOCALES {
  # This is pretty much GLibC's locale-gen slightly modified to work on chroots
  local CHARSET LOCALE LOCALEGEN LOCALES OUTPUT1 OUTPUT2
  set -e

  LOCALEGEN="${OSCHROOT}/etc/locale.gen"
  LOCALES="${OSCHROOT}/usr/share/i18n/locales"

  { [[ -f ${LOCALEGEN} ]] && [[ -s ${LOCALEGEN} ]]; } || return 0;

  USE_PRIVILEGE "${BIN[rm]}" -rf "${OSCHROOT}/usr/lib/locale/"*

  umask 022

  echo 'Generating locales...'
  while read -r LOCALE CHARSET; do \
    case "${LOCALE}" in
      \#*) continue;;
       "") continue;;
    esac
    if [[ -n "${LOCALE}" ]] && [[ -n "${CHARSET}" ]]; then
      OUTPUT1="$(echo "${LOCALE}" | "${BIN[sed]}" 's/\([^.\@]*\).*/\1/')"
      OUTPUT2="$(echo "${LOCALE}" | "${BIN[sed]}" 's/\([^\@]*\)\(\@.*\)*/\2/')"
      "${BIN[printf]}" '%s.%s%s...' "${OUTPUT1}" "${CHARSET}" "${OUTPUT2}"
      if [[ -f ${LOCALES}/${LOCALE} ]]; then
        INPUT="${LOCALE}"
      else
        INPUT="$(echo "${LOCALE}" | "${BIN[sed]}" 's/\([^.]*\)[^@]*\(.*\)/\1\2/')"
      fi
      USE_PRIVILEGE "${BIN[localedef]}" -i "${INPUT}" -c -f "${CHARSET}" -A "${OSCHROOT}/usr/share/locale/locale.alias" --prefix "${OSCHROOT}" "${LOCALE}"
      echo ' done'
    else
      echo "error: Bad entry '${LOCALE} ${CHARSET}'"
    fi
  done < "${LOCALEGEN}"
  set +e
}

function GENERATE_INITRAMFS {
  local -r CFG_FILE="${OSCHROOT}/etc/mkinitcpio.conf"
  [[ -e ${CFG_FILE} ]] || return 0
  ##############################################################################
  local -r BAKTITLE="Generate InitRAMFS"
  local -r HELP_MSG="Generate InitRAMFS?"
  ##############################################################################
  if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
    if [[ -n ${OSCHROOT} ]]; then
      USE_PRIVILEGE "${BIN[arch-chroot]}" "${OSCHROOT}" mkinitcpio -P
    else
      # Allow a naked call here since we've verified mkinitcpio.conf exists
      USE_PRIVILEGE mkinitcpio -P
    fi
  fi
}

function SELECT_USER {
  ##############################################################################
  local -r BAKTITLE="${1}"
  local -r HELP_MSG="Select user to modify:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS
  local -a LOGINAME USRIDNUM USRPSWRD USERPGRP USERGRPS USRLNGNM USRHMDIR USRSHELL
  local UNAME PASWD USRID PGIDN USRLN HMDIR SHELL LC RETVALUE

  GET_PRIVILEGE

  while IFS=':' read -r UNAME PASWD USRID PGIDN USRLN HMDIR SHELL; do
    [[ ${UNAME} == root ]] && [[ ${BAKTITLE} =~ Group ]] && continue
    LOGINAME+=("${UNAME}")
    USRIDNUM+=("${USRID}")
    [[ ${PASWD} == x ]] && USRPSWRD+=("$(GET_USERNAME_PASSWORD "${UNAME}")")
    USERPGRP+=("$("${BIN[grep]}" ":${PGIDN}:" "${OSCHROOT}/etc/group"  | "${BIN[cut]}" -d: -f1)")
    USERGRPS+=("$("${BIN[grep]}" "${UNAME}" "${OSCHROOT}/etc/group" | "${BIN[cut]}" -d: -f1 | "${BIN[paste]}" -d\  -s)")
    USRLNGNM+=("${USRLN}")
    USRHMDIR+=("${HMDIR}")
    USRSHELL+=("${SHELL}")
  done < <("${BIN[grep]}" '/home\|root' "${OSCHROOT}/etc/passwd")

  for (( LC=0 ; LC<${#LOGINAME[@]} ; LC++ )); do
    DESCRIPS+=("$(printf 'is %s to use %s in %s' \
      "${USRPSWRD[${LC}]}" "${USRSHELL[${LC}]}" "${USRHMDIR[${LC}]}")")
    SUGGESTS+=("${LOGINAME[${LC}]}:${USERPGRP[${LC}]}")
  done

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' '' \
    "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS' || return 1
  RETVALUE="${?}"
  "${BIN[sed]}" -i 's/:.*//g' /tmp/selection
  return "${RETVALUE}"
}

function SET_USER_GROUPS {
  ##############################################################################
  local -r BAKTITLE="Group Membership"
  local -r HELP_MSG="Select group membership:"
  ##############################################################################
  local -a ADDLGRPS SUGGESTS DESCRIPS VLD_GRPS VLD_DSCS
  local GRP_NAME LOGINAME LC

  VLD_GRPS=(audio disk floppy ftp http input libvirt lp kvm optical rfkill scanner storage sys uucp video wheel)
  VLD_DSCS=('Direct access to sound hardware, used by JACK to give realtime permissions'
            'Access to block devices not affected by optical, floppy, or storage'
            'Access to floppy drives'
            'Access to files served by an FTP server'
            'Access to files served by an HTTP server'
            'Access to input devices'
            'Access to libvirt virtual machines (GNOME boxes, etc.)'
            'Access to parallel ports'
            'Access to KVM virtual machines'
            'Access to optical drives'
            'Right to control power to wireless devices'
            'Access to scanner hardware'
            'Access to removable drives not affected by floppy or optical'
            'Right to administer CUPS printers'
            'Access to serial ports'
            'Access to video capture and acceleration hardware'
            'Administation group for sudo')

  for (( LC=0 ; LC<${#VLD_GRPS[@]} ; LC++ )); do
    if "${BIN[grep]}" -q "${VLD_GRPS[${LC}]}" "${OSCHROOT}/etc/group"; then
      SUGGESTS+=("${VLD_GRPS[${LC}]}")
      DESCRIPS+=("${VLD_DSCS[${LC}]}")
    fi
  done

  while true; do
    SELECT_USER "${BAKTITLE}" && LOGINAME="$(</tmp/selection)" || return 1
    unset SELSTATE
    for GRP_NAME in "${SUGGESTS[@]}"; do
      "${BIN[grep]}" -q "${GRP_NAME}.*${LOGINAME}" "${OSCHROOT}/etc/group" \
        && SELSTATE+=(on) || SELSTATE+=(off)
    done
    if DIALOG_MULTI_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
      "${HELP_MSG/:/ for ${LOGINAME}:}" 'SUGGESTS' 'DESCRIPS' 'SELSTATE'; then
      ADDLGRPS="$(</tmp/selection)"
      ADDLGRPS="${ADDLGRPS# }"
      ADDLGRPS="${ADDLGRPS% }"
      USE_PRIVILEGE "${BIN[usermod]}" -R "${OSCHROOT}" -G "${ADDLGRPS// /,}" "${LOGINAME}"
    fi
  done
}

function SET_USER_PASSWORD {
  ##############################################################################
  local -r BAKTITLE="Set User Password"
  local -r HELP_MSG="Enter new password:"
  ##############################################################################
  local LOGINAME PASSWORD
  while true; do
    SELECT_USER "${BAKTITLE}" && LOGINAME="$(</tmp/selection)" || return 1
    if DIALOG_PASSWORD "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG/:/ for ${LOGINAME}:}" ""; then
      PASSWORD=$(</tmp/selection)
      ${BIN[rm]} /tmp/selection
      USE_PRIVILEGE sh -c "'${BIN[printf]}' '%s\n%s\n' '${PASSWORD}' '${PASSWORD}' | '${BIN[passwd]}' -R '${OSCHROOT}' '${LOGINAME}'"
    fi
  done
}

function SET_USER_SHELL {
  ##############################################################################
  local -r BAKTITLE="Login Shell"
  local -r HELP_MSG="Select login shell:"
  ##############################################################################
  local -a SUGGESTS DESCRIPS
  local CURSHELL LOGINAME SHELLBIN

  if "${BIN[grep]}" -q '/bin/zsh' "${OSCHROOT}/etc/shells"; then
    IFS=$'\n' read -r -d '' -a SUGGESTS < <("${BIN[grep]}" -v '^\s*#\|^$\|git-shell\|/usr/bin/zsh' "${OSCHROOT}/etc/shells")
  else
    IFS=$'\n' read -r -d '' -a SUGGESTS < <("${BIN[grep]}" -v '^\s*#\|^$\|git-shell' "${OSCHROOT}/etc/shells")
  fi

  for SHELLBIN in "${SUGGESTS[@]}"; do
    case "${SHELLBIN}" in
      *bash) DESCRIPS+=('GNU Bourne Again Shell');;
      *dash) DESCRIPS+=('Descendant of Almquist Shell');;
      *fish) DESCRIPS+=('Friendly Interactive Shell');;
      *tcsh) DESCRIPS+=('Tenex C Shell');;
       *csh) DESCRIPS+=('Berkely C Shell');;
       *ksh) DESCRIPS+=('AT&T Korn Shell');;
       *osh) DESCRIPS+=('Oil Shell');;
       *zsh) DESCRIPS+=('Z Shell');;
       */nu) DESCRIPS+=('Nu Shell');;
       */sh) DESCRIPS+=('POSIX Bourne Shell');;
    esac
  done

  while true; do
    SELECT_USER "${BAKTITLE}" && LOGINAME="$(</tmp/selection)" || return 1
    CURSHELL="$("${BIN[grep]}" "${LOGINAME}" "${OSCHROOT}/etc/passwd" | "${BIN[cut]}" -d: -f7)"
    if DIALOG_SINGLE_SELECT "${TITLEBAR}" "${BAKTITLE}" 'showtags' \
      "${CURSHELL}" "${HELP_MSG}" 'SUGGESTS' 'DESCRIPS'; then
      SELECTED="$(</tmp/selection)"
      USE_PRIVILEGE "${BIN[sed]}" -i "s|\(${LOGINAME}:.*\):${CURSHELL}$|\1:${SELECTED}|g" "${OSCHROOT}/etc/passwd"
    fi
  done
}

function REVIEW_MODE {
  ##############################################################################
  local BAKTITLE="Review Configuration"
  local HELP_MSG=""
  ##############################################################################
  local -a MENU_TAG MENU_STR
  local CFG_LINE HOOK_MSG OPENPRTS SHUTPRTS RSLVLINK SCR_RSLT SVC_STAT SELECTED

  while true; do

  unset MENU_TAG MENU_STR
  unset CFG_LINE HOOK_MSG OPENPRTS SHUTPRTS RSLVLINK SCR_RSLT SVC_STAT SELECTED

  MENU_TAG+=(chroot)
  MENU_STR+=("OS Root Directory: ${OSCHROOT:-[current system]}")

  MENU_TAG+=(fstab)
  MENU_STR+=("Filesystem Table: $(IS_FSTAB_SET && echo '[present]' || echo '[not present]')")

  MENU_TAG+=(timezone)
  MENU_STR+=("Time Zone: $(GET_TIMEZONE short)")

  MENU_TAG+=(locales)
  MENU_STR+=("Locales Enabled: $(GET_LOCALES)")

  MENU_TAG+=(language)
  MENU_STR+=("Primary Language: $(GET_PRIMARY_LANGUAGE)")

  MENU_TAG+=(collate)
  MENU_STR+=("Locale Collation: $(GET_LOCALE_COLLATION)")

  MENU_TAG+=(message)
  MENU_STR+=("Locale Messages: $(GET_LOCALE_MESSAGES)")

  MENU_TAG+=(keymap)
  MENU_STR+=("Console Keymap: $(GET_VCONSOLE_KEYMAP)")

  MENU_TAG+=(font)
  MENU_STR+=("Console Font: $(GET_VCONSOLE_FONT)")

  MENU_TAG+=(hostname)
  if [[ -e "${OSCHROOT}/etc/hostname" ]]; then
    CFG_LINE="$(<"${OSCHROOT}/etc/hostname")"
  else
    CFG_LINE='[not set]'
  fi
  MENU_STR+=("Hostname: ${CFG_LINE}")

  MENU_TAG+=(domain)
  MENU_STR+=("Local Domain: $(GET_LOCAL_DOMAIN)")

  MENU_TAG+=(hosts)
  MENU_STR+=("Hosts File: $(GET_HOSTS)")

  MENU_TAG+=(nsswitch)
  MENU_STR+=("Name Service Switch Hosts: $(GET_NSSWITCH_HOSTS)")

  if [[ -e "${OSCHROOT}/etc/systemd/resolved.conf" ]]; then
    MENU_TAG+=(sdresolv)
    SVC_STAT="$(IS_SYSTEMD_RESOLVED_ENABLED && echo 'enabled' || echo 'disabled')"
    MENU_STR+=("Systemd Resolved: $(GET_SYSTEMD_RESOLVED) service=${SVC_STAT}")
  fi

  MENU_TAG+=(resolv)
  RSLVLINK="links to $(GET_RESOLV_LINK)"
  [[ ${RSLVLINK} =~ systemd ]] || RSLVLINK='normal file'
  MENU_STR+=("Resolv.conf: ${RSLVLINK}")

  if [[ -e "${OSCHROOT}/etc/ssh/sshd_config" ]]; then
    MENU_TAG+=(sshdlstn)
    MENU_STR+=("OpenSSH Listen Config: $(GET_SSHD_LISTEN_INFO)")

    MENU_TAG+=(sshdopts)
    MENU_STR+=("OpenSSH Options: [select to manage]")
  fi

  MENU_TAG+=(iptables)
  if [[ -e "${OSCHROOT}/etc/iptables/iptables.rules" ]]; then
    OPENPRTS="$(GET_IPTABLES_PORTS_OPEN_GLOBALLY)"
    SHUTPRTS="$(GET_IPTABLES_PORTS_CLOSED_GLOBALLY)"
    if [[ -z ${SHUTPRTS} ]] && [[ -z ${OPENPRTS} ]]; then
      CFG_LINE='no ports globally open or blocked'
    else
      CFG_LINE="globaly open ports: ${OPENPRTS:-none}, "
      CFG_LINE+="globaly closed ports: ${SHUTPRTS:-none}"
    fi
  else
    CFG_LINE='no configuration file'
  fi
  MENU_STR+=("IPTables: ${CFG_LINE}")

  if [[ -d "${OSCHROOT}/etc/fail2ban/jail.d" ]]; then
    MENU_TAG+=(fail2ban)
    MENU_STR+=("Fail2Ban SSHD: $(GET_FAIL2BAN_SSHD)")
  fi

  if [[ -e "${OSCHROOT}/etc/mkinitcpio.conf" ]]; then
    MENU_TAG+=(initmods)
    MENU_STR+=("MkInitCPIO Modules: $(GET_MKINITCPIO_MODULES)")

    MENU_TAG+=(inithooks)
    MENU_STR+=("MkInitCPIO Hooks: $(GET_MKINITCPIO_HOOKS)")

    MENU_TAG+=(initcomp)
    MENU_STR+=("MkInitCPIO Compression: $(GET_MKINITCPIO_COMPRESSION)")
  fi

  if [[ -e "${OSCHROOT}/etc/pacman.conf" ]]; then
    MENU_TAG+=(pacopts)
    MENU_STR+=("Pacman Options: $(GET_PACMAN_OPTIONS)")

    MENU_TAG+=(pacrepos)
    MENU_STR+=("Pacman Repos: $(GET_PACMAN_REPOS)")

    MENU_TAG+=(packeys)
    MENU_STR+=("Pacman Keys: [no known way to determine keys]")
  fi

  if [[ -e "${OSCHROOT}/etc/nanorc" ]]; then
    # Seeing if root has colors set requires root privilege
    GET_PRIVILEGE

    MENU_TAG+=(nanoopts)
    MENU_STR+=("NanoRC Options: $(GET_NANORC_OPTIONS enabled)")

    MENU_TAG+=(nanoclrs)
    MENU_STR+=("NanoRC Colors: $(GET_NANORC_COLORS)")

    MENU_TAG+=(nanoincs)
    MENU_STR+=("NanoRC Includes: $(GET_NANORC_INCLUDES)")
  fi

  if [[ -e "${OSCHROOT}/etc/sudoers" ]]; then
    GET_PRIVILEGE
    MENU_TAG+=(sudo)
    MENU_STR+=("Sudo Config: $(INTERPRET_SUDO_CONFIG)")
  fi

  if [[ -d "${OSCHROOT}/etc/polkit-1/rules.d" ]]; then
    MENU_TAG+=(pkrootpw)
    MENU_STR+=("PolicyKit Use Root Password: $(IS_POLICYKIT_ROOTPW_SET && echo 'yes' || echo 'no' )")
  fi

  MENU_TAG+=(sticky)
  MENU_STR+=("Sticky Bit Directories Fix: $(IS_STICKYDIRS_FIXED && echo 'yes' || echo 'no')")

  if [[ -e "${OSCHROOT}/etc/plymouth/plymouthd.conf" ]]; then
    MENU_TAG+=(plymouth)
    if [[ -e "${OSCHROOT}/etc/mkinitcpio.conf" ]]; then
      HOOK_MSG=', plymouth hook is '
      IS_PLYMOUTH_HOOK_PRESENT && HOOK_MSG+='present ' || HOOK_MSG+='not present '
      HOOK_MSG+='in mkinitcpio.conf'
    fi
    MENU_STR+=("Plymouth: $(GET_PLYMOUTH_THEME)${HOOK_MSG}")
  fi

  if [[ -e "${OSCHROOT}/etc/smartd.conf" ]]; then
    MENU_TAG+=(smart)
    CFG_LINE="$(GET_SMARTD_DEVICESCAN)"
    [[ -z ${CFG_LINE} ]] && CFG_LINE='[no options set (default)]'
    MENU_STR+=("SMARTd DEVICESCAN: ${CFG_LINE}")
  fi

  if [[ -e "${OSCHROOT}/etc/ntp.conf" ]]; then
    MENU_TAG+=(ntp)
    MENU_STR+=("NTP Daemon: $(GET_NTP)")
  elif [[ -e "${OSCHROOT}/etc/systemd/timesyncd.conf" ]]; then
    MENU_TAG+=(sdtime)
    MENU_STR+=("Systemd Timesyncd: $(GET_SYSTEMD_TIMESYNCD_SERVERS)")
  fi

  if [[ -e "${OSCHROOT}/etc/systemd/system.conf" ]]; then
    MENU_TAG+=(sdldhls)
    MENU_STR+=("Systemd Logind HandleLidSwitch: $(GET_SYSTEMD_LOGIND_HANDLELIDSWITCH)")

    MENU_TAG+=(sdjrnlsz)
    MENU_STR+=("Systemd Journal Size: $(GET_SYSTEMD_JOURNAL_SIZE)")

    MENU_TAG+=(sdstrtto)
    MENU_STR+=("Systemd Service Start Timeout: $(GET_SYSTEMD_SERVICE_START_TIMEOUT)")

    MENU_TAG+=(sdstopto)
    MENU_STR+=("Systemd Service Stop Timeout: $(GET_SYSTEMD_SERVICE_STOP_TIMEOUT)")

    MENU_TAG+=(sdsrvcs)
    MENU_STR+=("Systemd Services: [select to manage]")
  fi

  MENU_TAG+=(editor)
  MENU_STR+=("Default editor: $(GET_DEFAULT_EDITOR)")

  MENU_TAG+=(vdoaccel)
  SCR_RSLT="script present, sets $(GET_VIDEO_ACCELERATION_SCRIPT_RESULTS)"
  [[ ${SCR_RSLT} =~ DRIVER ]] || SCR_RSLT="script not present"
  SCR_RSLT="${SCR_RSLT/ VDPAU/ and VDPAU}"
  MENU_STR+=("Video Acceleration: ${SCR_RSLT}")

  MENU_TAG+=(users)
  MENU_STR+=("Users: $(GET_USERNAMES)")

  MENU_TAG+=(passwds)
  MENU_STR+=("Passwords: $(GET_USERNAME_PASSWORD)")

  MENU_TAG+=(shells)
  MENU_STR+=("Shells: $(GET_USERNAME_SHELL)")

  MENU_TAG+=(groups)
  MENU_STR+=("Groups: $(GET_USERNAME_GROUP_MEMBERSHIP_COUNT)")

  MENU_TAG+=(exit)
  MENU_STR+=("Exit")

  DIALOG_SINGLE_SELECT "${TITLEBAR}" "Configuration Review" 'hidetags' '' \
    "${HELP_MSG}" 'MENU_TAG' 'MENU_STR' || return 1
  SELECTED="$(</tmp/selection)"

  case "${SELECTED}" in
       chroot) SET_CHROOT_DIRECTORY || VERIFY_EXIT '(Selecting No will set the chroot to /)';;
        fstab) CONFIGURE_FSTAB;;
     timezone) CONFIGURE_TIMEZONE;;
      locales) CONFIGURE_LOCALE_AVAILABILITY;;
     language) CONFIGURE_LOCALE_LANGUAGE;;
      collate) CONFIGURE_LOCALE_COLLATION;;
      message) CONFIGURE_LOCALE_MESSAGES;;
       keymap) CONFIGURE_VCONSOLE_KEYMAP;;
         font) CONFIGURE_VCONSOLE_FONT;;
     hostname) CONFIGURE_HOSTNAME;;
       domain) CONFIGURE_LOCAL_DOMAIN;;
        hosts) CONFIGURE_HOSTS;;
     nsswitch)
          BAKTITLE="Name Service Switch Configuration"
          HELP_MSG="This option is configured via systemd-resolved "
          HELP_MSG+="configuration and is not handled directly.\n\n"
          HELP_MSG+="Start systemd-resolved configuation?"
          if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
            CONFIGURE_SYSTEMD_RESOLVED
          fi;;
     sdresolv) CONFIGURE_SYSTEMD_RESOLVED;;
       resolv)
          BAKTITLE="/etc/resolv configuration"
          HELP_MSG="This option is configured via systemd-resolved "
          HELP_MSG+="configuration and is not handled directly.\n\n"
          HELP_MSG+="Start systemd-resolved configuation?"
          if DIALOG_YESNO "${TITLEBAR}" "${BAKTITLE}" "${HELP_MSG}"; then
            CONFIGURE_SYSTEMD_RESOLVED
          fi;;
     sshdlstn) CONFIGURE_OPENSSH_LISTEN;;
     sshdopts) CONFIGURE_OPENSSH_OPTIONS;;
     iptables) CONFIGURE_IPTABLES;;
     fail2ban) CONFIGURE_FAIL2BAN_SSHD;;
     initmods) CONFIGURE_MKINITCPIO_MODULES;;
    inithooks) CONFIGURE_MKINITCPIO_HOOKS;;
     initcomp) CONFIGURE_MKINITCPIO_COMPRESSION;;
      pacopts) CONFIGURE_PACMAN_OPTIONS;;
     pacrepos) CONFIGURE_PACMAN_REPOS;;
      packeys) CONFIGURE_PACMAN_KEYS;;
     nanoopts) CONFIGURE_NANORC_OPTIONS;;
     nanoclrs) CONFIGURE_NANORC_COLORS;;
     nanoincs) CONFIGURE_NANORC_INCLUDES;;
         sudo) CONFIGURE_SUDO;;
     pkrootpw) CONFIGURE_POLICYKIT_ROOTPW;;
       sticky) CONFIGURE_STICKY_BIT;;
          ntp) CONFIGURE_NTP;;
       sdtime) CONFIGURE_SYSTEMD_TIMESYNCD;;
     plymouth) CONFIGURE_PLYMOUTH;;
        smart) CONFIGURE_SMARTD_DEVICESCAN;;
      sdldhls) CONFIGURE_SYSTEMD_LOGIND_HANDLELIDSWITCH;;
     sdjrnlsz) CONFIGURE_SYSTEMD_JOUNRAL_SIZE;;
     sdstrtto) CONFIGURE_SYSTEMD_SERVICE_START_TIMEOUT;;
     sdstopto) CONFIGURE_SYSTEMD_SERVICE_STOP_TIMEOUT;;
       editor) CONFIGURE_DEFAULT_EDITOR;;
     vdoaccel) CONFIGURE_VIDEO_ACCELERATION;;
        users) CREATE_NEW_USERS;;
      passwds) SET_USER_PASSWORD;;
       groups) SET_USER_GROUPS;;
       shells) SET_USER_SHELL;;
      sdsrvcs) ENABLE_SYSTEMD_SERVICES;;
         exit) GENERATE_INITRAMFS; exit 0;;
  esac

  done
}

function WIZARD_MODE {
  SET_CHROOT_DIRECTORY && \
  CONFIGURE_FSTAB && \
  CONFIGURE_TIMEZONE && \
  CONFIGURE_LOCALE_AVAILABILITY && \
  CONFIGURE_LOCALE_LANGUAGE && \
  CONFIGURE_LOCALE_COLLATION && \
  CONFIGURE_LOCALE_MESSAGES && \
  CONFIGURE_VCONSOLE_KEYMAP && \
  CONFIGURE_VCONSOLE_FONT && \
  CONFIGURE_HOSTNAME && \
  CONFIGURE_LOCAL_DOMAIN && \
  CONFIGURE_HOSTS && \
  CONFIGURE_OPENSSH_LISTEN && \
  CONFIGURE_OPENSSH_OPTIONS && \
  CONFIGURE_IPTABLES && \
  CONFIGURE_MKINITCPIO_MODULES && \
  CONFIGURE_MKINITCPIO_HOOKS && \
  CONFIGURE_MKINITCPIO_COMPRESSION && \
  CONFIGURE_PACMAN_OPTIONS && \
  CONFIGURE_PACMAN_REPOS && \
  CONFIGURE_PACMAN_KEYS && \
  CONFIGURE_NANORC_OPTIONS && \
  CONFIGURE_NANORC_COLORS && \
  CONFIGURE_NANORC_INCLUDES && \
  CONFIGURE_SUDO && \
  CONFIGURE_POLICYKIT_ROOTPW && \
  CONFIGURE_STICKY_BIT && \
  { [[ -e "${OSCHROOT}/etc/ntp.conf" ]] && CONFIGURE_NTP || CONFIGURE_SYSTEMD_TIMESYNCD; } && \
  CONFIGURE_PLYMOUTH && \
  CONFIGURE_SMARTD_DEVICESCAN && \
  CONFIGURE_SYSTEMD_LOGIND_HANDLELIDSWITCH && \
  CONFIGURE_SYSTEMD_JOUNRAL_SIZE && \
  CONFIGURE_SYSTEMD_SERVICE_START_TIMEOUT && \
  CONFIGURE_SYSTEMD_SERVICE_STOP_TIMEOUT && \
  CONFIGURE_SYSTEMD_RESOLVED && \
  ENABLE_SYSTEMD_SERVICES && \
  CONFIGURE_DEFAULT_EDITOR && \
  CONFIGURE_VIDEO_ACCELERATION && \
  CREATE_NEW_USERS && \
  SET_USER_PASSWORD && \
  SET_USER_GROUPS && \
  SET_USER_SHELL
}

while true; do
  WIZARD_MODE
  REVIEW_MODE
done

exit 0