diff --git a/.gitignore b/.gitignore index 2ea33b5..2c3f78d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .idea cosign.key +Containerfile diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 42d5135..4e02a1c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,6 +1,7 @@ include: - project: "wunker-bunker/ci-pipelines" file: "/ublue-build.yml" + ref: ublue-cli-pipeline .recipe-matrix: parallel: @@ -8,6 +9,4 @@ include: - RECIPE: - recipe-desktop.yml - recipe-framework-13.yml - USER_NAME: jp - - RECIPE: recipe-cp.yml - USER_NAME: cp + - recipe-cp.yml diff --git a/Containerfile.cp b/Containerfile.cp deleted file mode 100644 index fb2a667..0000000 --- a/Containerfile.cp +++ /dev/null @@ -1,55 +0,0 @@ -# This is the Containerfile for your custom image. - -# It takes in the recipe, version, and base image as arguments, -# all of which are provided by build.yml when doing builds -# in the cloud. The ARGs have default values, but changing those -# does nothing if the image is built in the cloud. - -ARG FEDORA_MAJOR_VERSION=38 -# Warning: changing this might not do anything for you. Read comment above. -ARG BASE_IMAGE_URL=ghcr.io/ublue-os/cinnamon-main - -FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION} - -ARG USER_NAME=cp -ARG USER_DIR=usr-${USER_NAME} - -# The default recipe set to the recipe's default filename -# so that `podman build` should just work for many people. -ARG RECIPE=recipe-c.yml - -# Copy static configurations and component files. -# Warning: If you want to place anything in "/etc" of the final image, you MUST -# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc" -# on the final system. That is the proper directory for "system" configuration -# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant -# for manual overrides and editing by the machine's admin AFTER installation! -# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28). -COPY usr/ /usr -COPY ${USER_DIR}/ /usr - -# Copy the recipe that we're building. -COPY ${RECIPE} /usr/share/ublue-os/recipe.yml - -# Copy nix install script and Universal Blue wallpapers RPM from Bling image -COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm - -# Integrate bling justfiles onto image -COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just - -# Add nix installer if you want to use it -COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin - -# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml. -# Copied from the official container image since it's not available as an RPM. -COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq - -# Copy the build script and all custom scripts. -COPY scripts /tmp/scripts - -# Run the build script, then clean up temp files and finalize container build. -RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \ - chmod +x /tmp/scripts/build.sh && \ - /tmp/scripts/build.sh && \ - rm -rf /tmp/* /var/* && \ - ostree container commit diff --git a/Containerfile.jp b/Containerfile.jp deleted file mode 100644 index 69d8d50..0000000 --- a/Containerfile.jp +++ /dev/null @@ -1,63 +0,0 @@ -# This is the Containerfile for your custom image. - -# It takes in the recipe, version, and base image as arguments, -# all of which are provided by build.yml when doing builds -# in the cloud. The ARGs have default values, but changing those -# does nothing if the image is built in the cloud. - -ARG FEDORA_MAJOR_VERSION=38 -# Warning: changing this might not do anything for you. Read comment above. -ARG BASE_IMAGE_URL=ghcr.io/ublue-os/kinoite-main - -FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION} - -ARG USER_NAME=jp -ARG USER_DIR=usr-${USER_NAME} - -# The default recipe set to the recipe's default filename -# so that `podman build` should just work for many people. -ARG RECIPE=recipe-framework-13.yml - -# Copy static configurations and component files. -# Warning: If you want to place anything in "/etc" of the final image, you MUST -# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc" -# on the final system. That is the proper directory for "system" configuration -# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant -# for manual overrides and editing by the machine's admin AFTER installation! -# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28). -COPY usr/ /usr -COPY ${USER_DIR}/ /usr - -# Copy the recipe that we're building. -COPY ${RECIPE} /usr/share/ublue-os/recipe.yml - -# Copy nix install script and Universal Blue wallpapers RPM from Bling image -COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm - -# Integrate bling justfiles onto image -COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just - -# Add nix installer if you want to use it -COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin - -# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml. -# Copied from the official container image since it's not available as an RPM. -COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq - -# Install cosign for verifying signatures for images. -COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /usr/bin/cosign - -# Install xboxdrv for the Xbox 360 controller. -COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrv /usr/bin/xboxdrv -COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrvctl /usr/bin/xboxdrvctl -COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/man/man1/xboxdrv.1 /usr/share/man/man1/xboxdrv.1 - -# Copy the build script and all custom scripts. -COPY scripts /tmp/scripts - -# Run the build script, then clean up temp files and finalize container build. -RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \ - chmod +x /tmp/scripts/build.sh && \ - /tmp/scripts/build.sh && \ - rm -rf /tmp/* /var/* && \ - ostree container commit diff --git a/containerfiles/xboxdrv b/containerfiles/xboxdrv new file mode 100644 index 0000000..15841b7 --- /dev/null +++ b/containerfiles/xboxdrv @@ -0,0 +1,3 @@ +COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrv /usr/bin/xboxdrv +COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrvctl /usr/bin/xboxdrvctl +COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/man/man1/xboxdrv.1 /usr/share/man/man1/xboxdrv.1 diff --git a/recipe-cp.yml b/recipe-cp.yml index 6577650..1ba0657 100644 --- a/recipe-cp.yml +++ b/recipe-cp.yml @@ -1,20 +1,19 @@ -name: laptop +name: cp-laptop base-image: ghcr.io/ublue-os/cinnamon-main fedora-version: 38 -description: The image of Wunker OS for a regular Cinnaomon user. -scripts: - pre: - - autorun.sh - post: - - autorun.sh - - setup-framework-13.sh +description: The image of Wunker OS for CP's laptop. +usr-dirs: + - usr-framework +# scripts: +# pre: [] +# post: [] rpm: # A list of urls of ".repo" files that should be added to your system. # This is the proper way to add custom COPR repos to your image. # Tip: Use `%FEDORA_VERSION%` instead of static Fedora version numbers, # so that your repos automatically use your image's actual Fedora version, # which greatly simplifies future maintenance of your custom recipe. - repos: [] + # repos: [] install: # Needed for yafti (the first boot installer). Remove if you're not using yafti. - python3-pip @@ -28,12 +27,10 @@ rpm: - fprintd-pam - tlp - powertop - remove: [] + # remove: [] firstboot: - yafti: false + yafti: true flatpaks: - - io.github.celluloid_player.Celluloid - - org.kde. - com.discordapp.Discord - com.nextcloud.desktopclient.nextcloud - com.google.Chrome diff --git a/recipe-desktop.yml b/recipe-desktop.yml index 9824462..aae7e94 100644 --- a/recipe-desktop.yml +++ b/recipe-desktop.yml @@ -1,17 +1,22 @@ -name: desktop +name: jp-desktop base-image: ghcr.io/ublue-os/kinoite-nvidia fedora-version: 38 -description: The image of Wunker OS for an Nvidia based desktop meant for gaming. +description: The image of Wunker OS for JP's desktop. +usr-dir-overlays: + - usr-distrobox + - usr-8bitdo-ultimate + - usr-steam-firewall + - usr-desktop-audio +containerfiles: + pre: + - xboxdrv scripts: pre: - - autorun.sh - install-syncthing.sh - setup-kubectl.sh - setup-vscode.sh post: - setup-selinux-dockersock.sh - - autorun.sh - - setup-desktop-audio.sh - install-codelldb.sh rpm: # A list of urls of ".repo" files that should be added to your system. @@ -47,7 +52,7 @@ rpm: - ripgrep - helix - tailscale - - alacritty + - strawberry remove: # Remove the native firefox (from Fedora) in favor of the Flatpak. - firefox diff --git a/recipe-framework-13.yml b/recipe-framework-13.yml index e3b4fc8..f300a89 100644 --- a/recipe-framework-13.yml +++ b/recipe-framework-13.yml @@ -1,17 +1,17 @@ -name: framework-13 +name: jp-laptop base-image: ghcr.io/ublue-os/kinoite-main fedora-version: 38 -description: The image of Wunker OS for a Framework laptop. +description: The image of Wunker OS for JP's Laptop. +usr-dir-overlays: + - usr-distrobox + - usr-framework scripts: pre: - - autorun.sh - install-syncthing.sh - setup-kubectl.sh - setup-vscode.sh post: - setup-selinux-dockersock.sh - - autorun.sh - - setup-framework-13.sh - install-codelldb.sh rpm: # A list of urls of ".repo" files that should be added to your system. @@ -50,6 +50,7 @@ rpm: - neovim - ripgrep - helix + - strawberry - tailscale - alacritty remove: diff --git a/scripts/autorun.sh b/scripts/autorun.sh deleted file mode 100644 index 3b9b1c2..0000000 --- a/scripts/autorun.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/env bash - -# Tell this script to exit if there are any errors. -set -oue pipefail - -# -# AUTORUN: -# -# This script simplifies your "recipe.yml" management whenever you simply want -# to "run everything automatically" based on whatever script files exist on disk. -# - -# Helper functions. -yell() { echo "${0}: ${*}"; } -abort() { yell "${*}"; exit 0; } -die() { yell "${*}"; exit 1; } - -# Determine which directory and script category we're executing under. -SCRIPT_DIR="$(dirname -- "${BASH_SOURCE[0]}")" -SCRIPT_MODE="${1:-}" -if [[ -z "${SCRIPT_MODE}" ]]; then - die "Missing script mode argument." -fi - -# Ensure that a "scripts/" sub-directory exists for the "script category". -# Note that symlinks to other directories will be accepted by the `-d` check. -RUN_DIR="${SCRIPT_DIR}/${SCRIPT_MODE}" -if [[ ! -d "${RUN_DIR}" ]]; then - abort "Nothing to do, since \"${RUN_DIR}\" doesn't exist." -fi - -# Generate a numerically sorted array of all scripts (or symlinks to scripts), -# without traversing into deeper subdirectories (to allow the user to store -# helper libraries in subfolders without accidental execution). Sorting is -# necessary for manually controlling the execution order via numeric prefixes. -mapfile -t buildscripts < <(find -L "${RUN_DIR}" -maxdepth 1 -type f -name "*.sh" | sort -n) - -# Exit if there aren't any scripts in the directory. -if [[ ${#buildscripts[@]} -eq 0 ]]; then - abort "Nothing to do, since \"${RUN_DIR}\" doesn't contain any scripts in its top-level directory." -fi - -# Now simply execute all of the discovered scripts, and provide the name of the -# current "script category" as an argument, to match the behavior of "build.sh". -for script in "${buildscripts[@]}"; do - echo "[autorun.sh] Running [${SCRIPT_MODE}]: ${script}" - "$script" "${SCRIPT_MODE}" -done diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100644 index e0d330a..0000000 --- a/scripts/build.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/env bash - -# Tell build process to exit if there are any errors. -set -oue pipefail - -# Helper functions. -RECIPE_FILE="/usr/share/ublue-os/recipe.yml" -get_yaml_array() { - mapfile -t "${1}" < <(yq -- "${2}" "${RECIPE_FILE}") -} -get_yaml_string() { - yq -- "${1}" "${RECIPE_FILE}" -} - -# Automatically determine which Fedora version we're building. -FEDORA_VERSION="$(cat /usr/lib/os-release | grep -Po '(?<=VERSION_ID=)\d+')" - -# Read configuration variables. -BASE_IMAGE="$(get_yaml_string '.base-image')" -YAFTI_ENABLED="$(get_yaml_string '.firstboot.yafti')" - -# Welcome. -echo "Building custom Fedora ${FEDORA_VERSION} from image: \"${BASE_IMAGE}\"." - -# Add custom repos. -get_yaml_array repos '.rpm.repos[]' -if [[ ${#repos[@]} -gt 0 ]]; then - echo "-- Adding repos defined in recipe.yml --" - for repo in "${repos[@]}"; do - repo="${repo//%FEDORA_VERSION%/${FEDORA_VERSION}}" - wget "${repo}" -P "/etc/yum.repos.d/" - done - echo "---" -fi - -# Ensure that all script files are executable. -find /tmp/scripts -type f -exec chmod +x {} \; - -# Run "pre" scripts. -run_scripts() { - script_mode="$1" - get_yaml_array buildscripts ".scripts.${script_mode}[]" - if [[ ${#buildscripts[@]} -gt 0 ]]; then - echo "-- Running [${script_mode}] scripts defined in recipe.yml --" - for script in "${buildscripts[@]}"; do - echo "Running [${script_mode}]: ${script}" - "/tmp/scripts/${script}" "${script_mode}" - done - echo "---" - fi -} -run_scripts "pre" - -# Install RPMs. -get_yaml_array install_rpms '.rpm.install[]' -if [[ ${#install_rpms[@]} -gt 0 ]]; then - echo "-- Installing RPMs defined in recipe.yml --" - echo "Installing: ${install_rpms[@]}" - rpm-ostree install "${install_rpms[@]}" - echo "---" -fi - -# Remove RPMs. -get_yaml_array remove_rpms '.rpm.remove[]' -if [[ ${#remove_rpms[@]} -gt 0 ]]; then - echo "-- Removing RPMs defined in recipe.yml --" - echo "Removing: ${remove_rpms[@]}" - rpm-ostree override remove "${remove_rpms[@]}" - echo "---" -fi - -# Toggle yafti, which provides the "first boot" experience, https://github.com/ublue-os/yafti. -FIRSTBOOT_DATA="/usr/share/ublue-os/firstboot" -FIRSTBOOT_LINK="/usr/etc/profile.d/ublue-firstboot.sh" -if [[ "${YAFTI_ENABLED}" == "true" ]]; then - echo "-- firstboot: Installing and enabling \"yafti\" --" - pip install --prefix=/usr yafti - # Create symlink to our profile script, which creates the per-user "autorun yafti" links. - mkdir -p "$(dirname "${FIRSTBOOT_LINK}")" - ln -s "${FIRSTBOOT_DATA}/launcher/login-profile.sh" "${FIRSTBOOT_LINK}" -else - echo "-- firstboot: Removing all \"firstboot\" components --" - # Removes the script symlink that creates the per-user autostart symlinks. - # We must forcibly remove this here, in case it was added by an upstream image. - rm -f "${FIRSTBOOT_LINK}" - # Remove all of the launcher-scripts and yafti config, to de-clutter image and - # ensure it can't run by accident due to lingering symlinks or upstream image. - rm -rf "${FIRSTBOOT_DATA}" -fi - -# Add a new yafti "package group" called Custom, for the packages defined in recipe.yml. -# Only adds the package group if yafti is enabled and Flatpaks are defined in the recipe. -if [[ "${YAFTI_ENABLED}" == "true" ]]; then - YAFTI_FILE="${FIRSTBOOT_DATA}/yafti.yml" - get_yaml_array flatpaks '.firstboot.flatpaks[]' - if [[ ${#flatpaks[@]} -gt 0 ]]; then - echo "-- yafti: Adding Flatpaks defined in recipe.yml --" - yq -i '.screens.applications.values.groups.Custom.description = "Flatpaks suggested by the image maintainer."' "${YAFTI_FILE}" - yq -i '.screens.applications.values.groups.Custom.default = true' "${YAFTI_FILE}" - for pkg in "${flatpaks[@]}"; do - echo "Adding to yafti: ${pkg}" - yq -i ".screens.applications.values.groups.Custom.packages += [{\"${pkg}\": \"${pkg}\"}]" "${YAFTI_FILE}" - done - echo "---" - fi -fi - -# Run "post" scripts. -run_scripts "post" diff --git a/scripts/setup-desktop-audio.sh b/scripts/setup-desktop-audio.sh deleted file mode 100644 index d983a84..0000000 --- a/scripts/setup-desktop-audio.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -echo "# This file was added by the program 'hda-jack-retask'. -# If you want to revert the changes made by this program, you can simply erase this file and reboot your computer. -options snd-hda-intel patch=hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw" > /etc/modprobe.d/hda-jack-retask.conf - -echo "[codec] -0x10ec0b00 0x10438797 0 - -[pincfg] -0x11 0x411111f0 -0x14 0x01014010 -0x15 0x01011012 -0x16 0x01016011 -0x17 0x40170000 -0x18 0x01a19050 -0x19 0x02a19060 -0x1a 0x0181305f -0x1b 0x01014010 -0x1e 0x01456140" > /lib/firmware/hda-jack-retask.fw \ No newline at end of file diff --git a/usr-jp/etc/udev/rules.d/99-8bitdo-ultimate-xinput.rules b/usr-8bitdo-ultimate/etc/udev/rules.d/99-8bitdo-ultimate-xinput.rules similarity index 100% rename from usr-jp/etc/udev/rules.d/99-8bitdo-ultimate-xinput.rules rename to usr-8bitdo-ultimate/etc/udev/rules.d/99-8bitdo-ultimate-xinput.rules diff --git a/usr-jp/lib/systemd/system/8bitdo-ultimate-xinput@.service b/usr-8bitdo-ultimate/lib/systemd/system/8bitdo-ultimate-xinput@.service similarity index 100% rename from usr-jp/lib/systemd/system/8bitdo-ultimate-xinput@.service rename to usr-8bitdo-ultimate/lib/systemd/system/8bitdo-ultimate-xinput@.service diff --git a/usr-cp/.gitkeep b/usr-cp/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/usr-desktop-audio/etc/modprobe.d/hda-jack-retaks.conf b/usr-desktop-audio/etc/modprobe.d/hda-jack-retaks.conf new file mode 100644 index 0000000..db62c83 --- /dev/null +++ b/usr-desktop-audio/etc/modprobe.d/hda-jack-retaks.conf @@ -0,0 +1,3 @@ +# This file was added by the program 'hda-jack-retask'. +# If you want to revert the changes made by this program, you can simply erase this file and reboot your computer. +options snd-hda-intel patch=hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw diff --git a/usr-desktop-audio/lib/firmware/hda-jack-retask.fw b/usr-desktop-audio/lib/firmware/hda-jack-retask.fw new file mode 100644 index 0000000..7244865 --- /dev/null +++ b/usr-desktop-audio/lib/firmware/hda-jack-retask.fw @@ -0,0 +1,14 @@ +[codec] +0x10ec0b00 0x10438797 0 + +[pincfg] +0x11 0x411111f0 +0x14 0x01014010 +0x15 0x01011012 +0x16 0x01016011 +0x17 0x40170000 +0x18 0x01a19050 +0x19 0x02a19060 +0x1a 0x0181305f +0x1b 0x01014010 +0x1e 0x01456140 diff --git a/usr-jp/etc/distrobox/distrobox.ini b/usr-distrobox/etc/distrobox/distrobox.ini similarity index 100% rename from usr-jp/etc/distrobox/distrobox.ini rename to usr-distrobox/etc/distrobox/distrobox.ini diff --git a/usr-framework/etc/systemd/system/frpintd.service b/usr-framework/etc/systemd/system/frpintd.service new file mode 100644 index 0000000..ebeff18 --- /dev/null +++ b/usr-framework/etc/systemd/system/frpintd.service @@ -0,0 +1,48 @@ +[Unit] +Description=Fingerprint Authentication Daemon +Documentation=man:fprintd(1) + +[Service] +Type=dbus +BusName=net.reactivated.Fprint +ExecStart=/usr/libexec/fprintd + +# Filesystem lockdown +ProtectSystem=strict +ProtectKernelTunables=true +ProtectKernelLogs=true +ProtectControlGroups=true +# This always corresponds to /var/lib/fprint +StateDirectory=fprint +StateDirectoryMode=0700 +ProtectHome=true +PrivateTmp=true + +SystemCallFilter=@system-service + +# Network +RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK + +# Execute Mappings +MemoryDenyWriteExecute=true + +# Modules +ProtectKernelModules=true + +# Real-time +RestrictRealtime=true + +# Privilege escalation +NoNewPrivileges=true + +# Protect clock, allow USB and SPI device access +ProtectClock=yes +DeviceAllow=char-usb_device rw +DeviceAllow=char-spi rw +DeviceAllow=char-hidraw rw + +# Allow tuning USB parameters (wakeup and persist) +ReadWritePaths=/sys/devices + +[Install] +WantedBy=multi-user.target diff --git a/scripts/setup-framework-13.sh b/usr-framework/etc/tlp.d/50-framework.conf old mode 100755 new mode 100644 similarity index 81% rename from scripts/setup-framework-13.sh rename to usr-framework/etc/tlp.d/50-framework.conf index f1145fa..5cf11c3 --- a/scripts/setup-framework-13.sh +++ b/usr-framework/etc/tlp.d/50-framework.conf @@ -1,67 +1,3 @@ -#!/usr/bin/env bash - -set -euo pipefail - -echo "Installing fprintd service" - -mkdir -p /usr/etc/systemd/system/ - -cat </usr/etc/systemd/system/fprintd.service -[Unit] -Description=Fingerprint Authentication Daemon -Documentation=man:fprintd(1) - -[Service] -Type=dbus -BusName=net.reactivated.Fprint -ExecStart=/usr/libexec/fprintd - -# Filesystem lockdown -ProtectSystem=strict -ProtectKernelTunables=true -ProtectKernelLogs=true -ProtectControlGroups=true -# This always corresponds to /var/lib/fprint -StateDirectory=fprint -StateDirectoryMode=0700 -ProtectHome=true -PrivateTmp=true - -SystemCallFilter=@system-service - -# Network -RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK - -# Execute Mappings -MemoryDenyWriteExecute=true - -# Modules -ProtectKernelModules=true - -# Real-time -RestrictRealtime=true - -# Privilege escalation -NoNewPrivileges=true - -# Protect clock, allow USB and SPI device access -ProtectClock=yes -DeviceAllow=char-usb_device rw -DeviceAllow=char-spi rw -DeviceAllow=char-hidraw rw - -# Allow tuning USB parameters (wakeup and persist) -ReadWritePaths=/sys/devices - -[Install] -WantedBy=multi-user.target -EOL - -echo "Installing tlp config" - -mkdir -p /usr/etc/tlp.d/ - -cat </usr/etc/tlp.d/50-framework.conf # ------------------------------------------------------------------------------ # /etc/tlp.conf - TLP user configuration (version 1.4) # See full explanation: https://linrunner.de/tlp/settings @@ -195,4 +131,4 @@ PCIE_ASPM_ON_BAT=powersupersave # Default: "mei_me nouveau radeon", use "" to disable completely. RUNTIME_PM_DRIVER_DENYLIST="" -EOL + diff --git a/usr-jp/etc/firewalld/services/steam-local-transfer.xml b/usr-steam-firewall/etc/firewalld/services/steam-local-transfer.xml similarity index 100% rename from usr-jp/etc/firewalld/services/steam-local-transfer.xml rename to usr-steam-firewall/etc/firewalld/services/steam-local-transfer.xml