generated from ublue-os/image-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuild.sh
executable file
·62 lines (50 loc) · 2.02 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash
set -ouex pipefail
RELEASE="$(rpm -E %fedora)"
### Copy pre-configured system files
rsync -rvK /tmp/system_files/ /
### Create system directory structues
mkdir -p /var/lib/alternatives
### Install repository package(s)
dnf install \
$(cat /tmp/packages/desktop) \
$(cat /tmp/packages/develop) \
$(cat /tmp/packages/fonts) \
$(cat /tmp/packages/multimedia) \
$(cat /tmp/packages/personal) \
$(cat /tmp/packages/security) \
$(cat /tmp/packages/temporary) \
$(cat /tmp/packages/virtual)
### Disabling System Unit File(s)
systemctl disable cosmic-greeter.service
### Enabling System Unit File(s)
systemctl enable rpm-ostreed-automatic.timer
systemctl enable tuned.service
systemctl enable docker.service
systemctl enable podman.socket
systemctl enable fstrim.timer
### Enable virtualization Unit File(s)
for drv in qemu interface network nodedev nwfilter secret storage; do
systemctl enable virt${drv}d.service;
systemctl enable virt${drv}d{,-ro,-admin}.socket;
done
### Enable nested virtualization
echo 'options kvm_intel nested=1' > /etc/modprobe.d/kvm_intel.conf
### Change default firewalld zone
cp /etc/firewalld/firewalld-workstation.conf /etc/firewalld/firewalld-workstation.conf.bak
sed -i 's/DefaultZone=FedoraWorkstation/DefaultZone=drop/g' /etc/firewalld/firewalld-workstation.conf
### Add yubico challange for sudo (DISABLED)
# cp /etc/pam.d/sudo /etc/pam.d/sudo.bak
# sed -i '/PAM-1.0/a\auth required pam_yubico.so mode=challenge-response' /etc/pam.d/sudo
### Clean Up
shopt -s extglob
rm -rf /tmp/* || true
rm -rf /var/!(cache)
rm -rf /var/cache/!(rpm-ostree)
rm -rf /etc/yum.repos.d/1password.repo
rm -rf /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:gmaglione:podman-bootc.repo
rm -rf /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:pennbauman:ports.repo
rm -rf /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:a-zhn:ghostty.repo
rm -rf /etc/yum.repos.d/_copr_ryanabx-cosmic.repo
rm -rf /etc/yum.repos.d/atim-starship-fedora-41.repo
rm -rf /etc/yum.repos.d/fedorapeople.org.groups.virt.virtio-win.virtio-win.repo