From ab3b37948731162269a8804d7464d9b783ae97fe Mon Sep 17 00:00:00 2001 From: Aleksey Samoilov Date: Sat, 21 Jun 2025 00:23:30 +0400 Subject: [PATCH] Bunch of fixes --- common/modules/fstab.conf | 13 +-- common/modules/machineid.conf | 2 +- common/modules/mount.conf | 20 +++- debian/control | 6 ++ debian/rules | 1 + miracle/branding/tileos-miracle/branding.desc | 2 +- miracle/modules/partition.conf | 15 +++ miracle/modules/users.conf | 91 ++++++++++++++++--- niri/branding/tileos-niri/branding.desc | 7 +- niri/modules/partition.conf | 15 +++ niri/modules/users.conf | 91 ++++++++++++++++--- qtile/branding/tileos-qtile/branding.desc | 2 +- qtile/modules/partition.conf | 15 ++- qtile/modules/users.conf | 91 ++++++++++++++++--- river/branding/tileos-river/branding.desc | 2 +- river/modules/partition.conf | 15 +++ river/modules/users.conf | 91 ++++++++++++++++--- sway/branding/tileos-sway/branding.desc | 2 +- sway/modules/partition.conf | 15 +++ sway/modules/users.conf | 91 ++++++++++++++++--- 20 files changed, 488 insertions(+), 99 deletions(-) diff --git a/common/modules/fstab.conf b/common/modules/fstab.conf index 5edd310..54b6d10 100644 --- a/common/modules/fstab.conf +++ b/common/modules/fstab.conf @@ -1,11 +1,2 @@ ---- -mountOptions: - default: defaults,noatime - btrfs: defaults,noatime -ssdExtraMountOptions: - ext4: discard - jfs: discard - xfs: discard - swap: discard - btrfs: discard,compress=lzo -crypttabOptions: luks,discard,keyscript=/bin/cat +crypttabOptions: luks,keyscript=/bin/cat +efiMountOptions: umask=0077 diff --git a/common/modules/machineid.conf b/common/modules/machineid.conf index fa3527f..b1ce6ea 100644 --- a/common/modules/machineid.conf +++ b/common/modules/machineid.conf @@ -5,7 +5,7 @@ systemd: true dbus: true # Whether /var/lib/dbus/machine-id should be a symlink to /etc/machine-id # (ignored if dbus is false, or if there is no /etc/machine-id to point to). -symlink: true +dbus-symlink: true # Whether to copy entropy from the host entropy-copy: true # Which files to write (paths in the target) diff --git a/common/modules/mount.conf b/common/modules/mount.conf index ae17dcf..f79a2b9 100644 --- a/common/modules/mount.conf +++ b/common/modules/mount.conf @@ -38,7 +38,21 @@ extraMounts: fs: efivarfs mountPoint: /sys/firmware/efi/efivars efi: true - - device: /dev/pts - mountPoint: /dev/pts + - device: /run/systemd/resolve + mountPoint: /run/systemd/resolve options: [ bind ] - # /dev/pts is required by apt for storing the logs + +mountOptions: + - filesystem: default + options: [ defaults ] + - filesystem: btrfs + options: [ defaults, noatime, autodefrag ] + ssdOptions: [ discard, compress=lzo ] + - filesystem: ext4 + ssdOptions: [ discard ] + - filesystem: jfs + ssdOptions: [ discard ] + - filesystem: xfs + ssdOptions: [ discard ] + - filesystem: swap + ssdOptions: [ discard ] diff --git a/debian/control b/debian/control index 2ce20e0..81257bd 100644 --- a/debian/control +++ b/debian/control @@ -78,8 +78,14 @@ Depends: calamares, rsync, cryptsetup, libglib2.0-bin, + kdialog, keyutils, + lvm2, pkexec, + python3-distro, + python3-toml, + qml6-module-qtquick-window, + qml6-module-qtquick, qml-module-qtquick-window2, qml-module-qtquick2, ${misc:Depends} diff --git a/debian/rules b/debian/rules index f4e05fd..60059fc 100755 --- a/debian/rules +++ b/debian/rules @@ -15,6 +15,7 @@ override_dh_missing: mkdir -pv debian/calamares-settings-tileos-common/etc/calamares/modules mkdir -pv debian/calamares-settings-tileos-common/usr/sbin cp -vr common/modules/*.conf debian/calamares-settings-tileos-common/etc/calamares/modules + cp -vr common/modules/*.yaml debian/calamares-settings-tileos-common/etc/calamares/modules mkdir -pv debian/calamares-settings-tileos-common/usr/share/calamares/helpers cp -vr helpers/* debian/calamares-settings-tileos-common/usr/share/calamares/helpers chmod -R 755 debian/calamares-settings-tileos-common/usr/lib/ diff --git a/miracle/branding/tileos-miracle/branding.desc b/miracle/branding/tileos-miracle/branding.desc index 4812903..b06c156 100644 --- a/miracle/branding/tileos-miracle/branding.desc +++ b/miracle/branding/tileos-miracle/branding.desc @@ -24,6 +24,6 @@ slideshow: "show.qml" style: SidebarBackground: "#1e2030" SidebarText: "#cad3f5" - SidebarTextSelect: "#24273a" + SidebarTextCurrent: "#24273a" slideshowAPI: 2 diff --git a/miracle/modules/partition.conf b/miracle/modules/partition.conf index 33a57ce..47aece0 100644 --- a/miracle/modules/partition.conf +++ b/miracle/modules/partition.conf @@ -1,6 +1,21 @@ efiSystemPartition: "/boot/efi" enableLuksAutomatedPartitioning: true +luksGeneration: luks2 userSwapChoices: - none + - file +initialSwapChoice: none drawNestedPartitions: true defaultFileSystemType: "ext4" +availableFileSystemTypes: ["ext4","btrfs","xfs"] +partitionLayout: + - name: "tileos_boot" + filesystem: ext4 + noEncrypt: true + onlyPresentWithEncryption: true + mountPoint: "/boot" + size: 4G + - name: "tileos_rootfs" + filesystem: unknown + mountPoint: "/" + size: 100% diff --git a/miracle/modules/users.conf b/miracle/modules/users.conf index 0f2082a..b7e94d3 100644 --- a/miracle/modules/users.conf +++ b/miracle/modules/users.conf @@ -1,17 +1,78 @@ --- -userGroup: users -defaultGroups: - - cdrom - - floppy - - sudo - - audio - - dip - - video - - plugdev - - netdev - - lpadmin - - scanner - - bluetooth -autologinGroup: autologin -sudoersGroup: sudo +doAutologin: false setRootPassword: false +sudoersGroup: sudo +defaultGroups: + - adm + - cdrom + - dip + - lpadmin + - plugdev + - name: sambashare + must_exist: false + system: true + - sudo + - video +passwordRequirements: + minLength: 8 + maxLength: -1 + libpwquality: + - minlen=8 + - maxrepeat=3 + - maxsequence=3 + - usersubstr=4 + - badwords=linux +allowWeakPasswords: false +allowWeakPasswordsDefault: false +# Explicitly set the shell instead of deferring to Calamares. We have a platform +# expectation derived from Ubuntu here. +user: + shell: /bin/bash + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer +allowActiveDirectory: true diff --git a/niri/branding/tileos-niri/branding.desc b/niri/branding/tileos-niri/branding.desc index 7d730a8..901752b 100644 --- a/niri/branding/tileos-niri/branding.desc +++ b/niri/branding/tileos-niri/branding.desc @@ -22,9 +22,8 @@ images: slideshow: "show.qml" style: - sidebarBackground: "#1e2030" - sidebarText: "#cad3f5" - sidebarTextSelect: "#24273a" - sidebarTextSelect: "#24273a" + SidebarBackground: "#1e2030" + SidebarText: "#cad3f5" + SidebarTextCurrent: "#24273a" slideshowAPI: 2 diff --git a/niri/modules/partition.conf b/niri/modules/partition.conf index 33a57ce..47aece0 100644 --- a/niri/modules/partition.conf +++ b/niri/modules/partition.conf @@ -1,6 +1,21 @@ efiSystemPartition: "/boot/efi" enableLuksAutomatedPartitioning: true +luksGeneration: luks2 userSwapChoices: - none + - file +initialSwapChoice: none drawNestedPartitions: true defaultFileSystemType: "ext4" +availableFileSystemTypes: ["ext4","btrfs","xfs"] +partitionLayout: + - name: "tileos_boot" + filesystem: ext4 + noEncrypt: true + onlyPresentWithEncryption: true + mountPoint: "/boot" + size: 4G + - name: "tileos_rootfs" + filesystem: unknown + mountPoint: "/" + size: 100% diff --git a/niri/modules/users.conf b/niri/modules/users.conf index 0f2082a..b7e94d3 100644 --- a/niri/modules/users.conf +++ b/niri/modules/users.conf @@ -1,17 +1,78 @@ --- -userGroup: users -defaultGroups: - - cdrom - - floppy - - sudo - - audio - - dip - - video - - plugdev - - netdev - - lpadmin - - scanner - - bluetooth -autologinGroup: autologin -sudoersGroup: sudo +doAutologin: false setRootPassword: false +sudoersGroup: sudo +defaultGroups: + - adm + - cdrom + - dip + - lpadmin + - plugdev + - name: sambashare + must_exist: false + system: true + - sudo + - video +passwordRequirements: + minLength: 8 + maxLength: -1 + libpwquality: + - minlen=8 + - maxrepeat=3 + - maxsequence=3 + - usersubstr=4 + - badwords=linux +allowWeakPasswords: false +allowWeakPasswordsDefault: false +# Explicitly set the shell instead of deferring to Calamares. We have a platform +# expectation derived from Ubuntu here. +user: + shell: /bin/bash + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer +allowActiveDirectory: true diff --git a/qtile/branding/tileos-qtile/branding.desc b/qtile/branding/tileos-qtile/branding.desc index 527d6aa..bb97063 100644 --- a/qtile/branding/tileos-qtile/branding.desc +++ b/qtile/branding/tileos-qtile/branding.desc @@ -24,6 +24,6 @@ slideshow: "show.qml" style: SidebarBackground: "#1e2030" SidebarText: "#cad3f5" - SidebarTextSelect: "#24273a" + SidebarTextCurrent: "#24273a" slideshowAPI: 2 diff --git a/qtile/modules/partition.conf b/qtile/modules/partition.conf index 38f3219..47aece0 100644 --- a/qtile/modules/partition.conf +++ b/qtile/modules/partition.conf @@ -1,8 +1,21 @@ efiSystemPartition: "/boot/efi" enableLuksAutomatedPartitioning: true +luksGeneration: luks2 userSwapChoices: - none - file -initialSwapChoice: file +initialSwapChoice: none drawNestedPartitions: true defaultFileSystemType: "ext4" +availableFileSystemTypes: ["ext4","btrfs","xfs"] +partitionLayout: + - name: "tileos_boot" + filesystem: ext4 + noEncrypt: true + onlyPresentWithEncryption: true + mountPoint: "/boot" + size: 4G + - name: "tileos_rootfs" + filesystem: unknown + mountPoint: "/" + size: 100% diff --git a/qtile/modules/users.conf b/qtile/modules/users.conf index 0f2082a..b7e94d3 100644 --- a/qtile/modules/users.conf +++ b/qtile/modules/users.conf @@ -1,17 +1,78 @@ --- -userGroup: users -defaultGroups: - - cdrom - - floppy - - sudo - - audio - - dip - - video - - plugdev - - netdev - - lpadmin - - scanner - - bluetooth -autologinGroup: autologin -sudoersGroup: sudo +doAutologin: false setRootPassword: false +sudoersGroup: sudo +defaultGroups: + - adm + - cdrom + - dip + - lpadmin + - plugdev + - name: sambashare + must_exist: false + system: true + - sudo + - video +passwordRequirements: + minLength: 8 + maxLength: -1 + libpwquality: + - minlen=8 + - maxrepeat=3 + - maxsequence=3 + - usersubstr=4 + - badwords=linux +allowWeakPasswords: false +allowWeakPasswordsDefault: false +# Explicitly set the shell instead of deferring to Calamares. We have a platform +# expectation derived from Ubuntu here. +user: + shell: /bin/bash + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer +allowActiveDirectory: true diff --git a/river/branding/tileos-river/branding.desc b/river/branding/tileos-river/branding.desc index 309c8ca..bc94450 100644 --- a/river/branding/tileos-river/branding.desc +++ b/river/branding/tileos-river/branding.desc @@ -24,6 +24,6 @@ slideshow: "show.qml" style: SidebarBackground: "#1e2030" SidebarText: "#cad3f5" - SidebarTextSelect: "#24273a" + SidebarTextCurrent: "#24273a" slideshowAPI: 2 diff --git a/river/modules/partition.conf b/river/modules/partition.conf index 33a57ce..47aece0 100644 --- a/river/modules/partition.conf +++ b/river/modules/partition.conf @@ -1,6 +1,21 @@ efiSystemPartition: "/boot/efi" enableLuksAutomatedPartitioning: true +luksGeneration: luks2 userSwapChoices: - none + - file +initialSwapChoice: none drawNestedPartitions: true defaultFileSystemType: "ext4" +availableFileSystemTypes: ["ext4","btrfs","xfs"] +partitionLayout: + - name: "tileos_boot" + filesystem: ext4 + noEncrypt: true + onlyPresentWithEncryption: true + mountPoint: "/boot" + size: 4G + - name: "tileos_rootfs" + filesystem: unknown + mountPoint: "/" + size: 100% diff --git a/river/modules/users.conf b/river/modules/users.conf index 0f2082a..b7e94d3 100644 --- a/river/modules/users.conf +++ b/river/modules/users.conf @@ -1,17 +1,78 @@ --- -userGroup: users -defaultGroups: - - cdrom - - floppy - - sudo - - audio - - dip - - video - - plugdev - - netdev - - lpadmin - - scanner - - bluetooth -autologinGroup: autologin -sudoersGroup: sudo +doAutologin: false setRootPassword: false +sudoersGroup: sudo +defaultGroups: + - adm + - cdrom + - dip + - lpadmin + - plugdev + - name: sambashare + must_exist: false + system: true + - sudo + - video +passwordRequirements: + minLength: 8 + maxLength: -1 + libpwquality: + - minlen=8 + - maxrepeat=3 + - maxsequence=3 + - usersubstr=4 + - badwords=linux +allowWeakPasswords: false +allowWeakPasswordsDefault: false +# Explicitly set the shell instead of deferring to Calamares. We have a platform +# expectation derived from Ubuntu here. +user: + shell: /bin/bash + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer +allowActiveDirectory: true diff --git a/sway/branding/tileos-sway/branding.desc b/sway/branding/tileos-sway/branding.desc index dde81af..3424abd 100644 --- a/sway/branding/tileos-sway/branding.desc +++ b/sway/branding/tileos-sway/branding.desc @@ -24,6 +24,6 @@ slideshow: "show.qml" style: SidebarBackground: "#1e2030" SidebarText: "#cad3f5" - SidebarTextSelect: "#24273a" + SidebarTextCurrent: "#24273a" slideshowAPI: 2 diff --git a/sway/modules/partition.conf b/sway/modules/partition.conf index 33a57ce..47aece0 100644 --- a/sway/modules/partition.conf +++ b/sway/modules/partition.conf @@ -1,6 +1,21 @@ efiSystemPartition: "/boot/efi" enableLuksAutomatedPartitioning: true +luksGeneration: luks2 userSwapChoices: - none + - file +initialSwapChoice: none drawNestedPartitions: true defaultFileSystemType: "ext4" +availableFileSystemTypes: ["ext4","btrfs","xfs"] +partitionLayout: + - name: "tileos_boot" + filesystem: ext4 + noEncrypt: true + onlyPresentWithEncryption: true + mountPoint: "/boot" + size: 4G + - name: "tileos_rootfs" + filesystem: unknown + mountPoint: "/" + size: 100% diff --git a/sway/modules/users.conf b/sway/modules/users.conf index 0f2082a..b7e94d3 100644 --- a/sway/modules/users.conf +++ b/sway/modules/users.conf @@ -1,17 +1,78 @@ --- -userGroup: users -defaultGroups: - - cdrom - - floppy - - sudo - - audio - - dip - - video - - plugdev - - netdev - - lpadmin - - scanner - - bluetooth -autologinGroup: autologin -sudoersGroup: sudo +doAutologin: false setRootPassword: false +sudoersGroup: sudo +defaultGroups: + - adm + - cdrom + - dip + - lpadmin + - plugdev + - name: sambashare + must_exist: false + system: true + - sudo + - video +passwordRequirements: + minLength: 8 + maxLength: -1 + libpwquality: + - minlen=8 + - maxrepeat=3 + - maxsequence=3 + - usersubstr=4 + - badwords=linux +allowWeakPasswords: false +allowWeakPasswordsDefault: false +# Explicitly set the shell instead of deferring to Calamares. We have a platform +# expectation derived from Ubuntu here. +user: + shell: /bin/bash + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer +allowActiveDirectory: true