Breadway/bos
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Complete the desktop: default apps, mDNS, firewall, zram, fonts

Browse source 
Wire up features that were half-shipped and add sensible resilience
defaults:

- mimeapps.list in skel: images->loupe, A/V->vlc, text->gnome-text-editor,
  pdf/html->zen, archives->file-roller, dirs->nautilus (so opening a file
  from nautilus actually does something)
- avahi + nss-mdns: CUPS network-printer discovery + .local resolution
  (enable avahi-daemon; insert mdns_minimal into nsswitch hosts:)
- ufw: deny-incoming firewall, mDNS (5353/udp) allowed so discovery still
  works; enabled in post-install
- zram-generator: compressed RAM swap (half RAM capped 4 GiB, zstd)
- fwupd + reflector.timer: firmware updates and periodic mirror refresh
- fonts: ttf-liberation (Office/web metric compat), ttf-dejavu, font-awesome
This commit is contained in:
Breadway 2026-06-16 14:47:06 +08:00
parent 04f31c409d
commit 0457bac59a
4 changed files with 98 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

24
iso/airootfs/etc/calamares/post-install.sh
View file

@ -100,11 +100,33 @@ fi
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
for unit in NetworkManager.service bluetooth.service systemd-timesyncd.service \ for unit in NetworkManager.service bluetooth.service systemd-timesyncd.service \
tlp.service greetd.service snapper-cleanup.timer grub-btrfsd.service \ tlp.service greetd.service snapper-cleanup.timer grub-btrfsd.service \
fstrim.timer cups.socket; do fstrim.timer cups.socket avahi-daemon.service ufw.service \
fwupd-refresh.timer reflector.timer; do
systemctl enable "$unit" || echo "WARN: failed to enable $unit" systemctl enable "$unit" || echo "WARN: failed to enable $unit"
done done
systemctl set-default graphical.target || echo "WARN: set-default graphical failed" systemctl set-default graphical.target || echo "WARN: set-default graphical failed"
# ---------------------------------------------------------------------------
# mDNS resolution (nss-mdns): insert mdns_minimal into the hosts: line so the
# resolver answers *.local (network printers, other hosts) via avahi. Idempotent.
# ---------------------------------------------------------------------------
if [[ -f /etc/nsswitch.conf ]] && ! grep -q 'mdns_minimal' /etc/nsswitch.conf; then
sed -i 's/^\(hosts:[[:space:]]*\)/\1mdns_minimal [NOTFOUND=return] /' \
/etc/nsswitch.conf || echo "WARN: wiring nss-mdns failed"
fi
# ---------------------------------------------------------------------------
# Firewall: deny inbound by default, allow outbound, and permit inbound mDNS so
# avahi printer/service discovery keeps working. Best-effort — rule application
# happens at boot; here we only persist the policy + enable the unit.
# ---------------------------------------------------------------------------
if command -v ufw &>/dev/null; then
ufw default deny incoming || echo "WARN: ufw default deny incoming failed"
ufw default allow outgoing || echo "WARN: ufw default allow outgoing failed"
ufw allow 5353/udp || echo "WARN: ufw allow mDNS failed"
ufw --force enable || echo "WARN: ufw enable failed"
fi
# The bread ecosystem (bakery + bread, breadbar, breadbox, breadcrumbs, breadpad) # The bread ecosystem (bakery + bread, breadbar, breadbox, breadcrumbs, breadpad)
# is bakery-managed, not pacman: the binaries and bakery manifest live in # is bakery-managed, not pacman: the binaries and bakery manifest live in
# /etc/skel/.local (baked in at ISO build time) and are copied into the user's # /etc/skel/.local (baked in at ISO build time) and are copied into the user's

51
iso/airootfs/etc/skel/.config/mimeapps.list Normal file
View file

@ -0,0 +1,51 @@
# Default applications for common file types. Without this, freshly installed
# BOS has no handler registered for images/video/text/etc., so opening a file
# from nautilus does nothing. Maps to the apps shipped in packages.x86_64.
[Default Applications]
# Images -> Loupe
image/png=org.gnome.Loupe.desktop
image/jpeg=org.gnome.Loupe.desktop
image/gif=org.gnome.Loupe.desktop
image/webp=org.gnome.Loupe.desktop
image/bmp=org.gnome.Loupe.desktop
image/tiff=org.gnome.Loupe.desktop
image/svg+xml=org.gnome.Loupe.desktop
# Audio/Video -> VLC
audio/mpeg=vlc.desktop
audio/flac=vlc.desktop
audio/ogg=vlc.desktop
audio/x-wav=vlc.desktop
audio/aac=vlc.desktop
video/mp4=vlc.desktop
video/x-matroska=vlc.desktop
video/webm=vlc.desktop
video/quicktime=vlc.desktop
video/x-msvideo=vlc.desktop
# Plain text / source -> GNOME Text Editor
text/plain=org.gnome.TextEditor.desktop
text/markdown=org.gnome.TextEditor.desktop
application/x-shellscript=org.gnome.TextEditor.desktop
application/json=org.gnome.TextEditor.desktop
application/toml=org.gnome.TextEditor.desktop
text/x-readme=org.gnome.TextEditor.desktop
# Documents / web -> Zen (PDF + HTML)
application/pdf=zen.desktop
text/html=zen.desktop
x-scheme-handler/http=zen.desktop
x-scheme-handler/https=zen.desktop
# Archives -> File Roller
application/zip=org.gnome.FileRoller.desktop
application/x-tar=org.gnome.FileRoller.desktop
application/gzip=org.gnome.FileRoller.desktop
application/x-7z-compressed=org.gnome.FileRoller.desktop
application/x-rar=org.gnome.FileRoller.desktop
application/vnd.rar=org.gnome.FileRoller.desktop
application/x-xz=org.gnome.FileRoller.desktop
application/x-bzip2=org.gnome.FileRoller.desktop
# Directories -> Nautilus
inode/directory=org.gnome.Nautilus.desktop

6
iso/airootfs/etc/systemd/zram-generator.conf Normal file
View file

@ -0,0 +1,6 @@
# Compressed RAM swap. systemd-zram-generator reads this and creates a zram
# device + swap at boot — no on-disk swap partition needed. Sized at half RAM
# capped to 4 GiB, zstd-compressed (typically ~3:1, so cheap headroom).
[zram0]
zram-size = min(ram / 2, 4096)
compression-algorithm = zstd

18
iso/packages.x86_64
View file

@ -75,6 +75,11 @@ pipewire-jack
networkmanager networkmanager
network-manager-applet network-manager-applet
iw iw
# mDNS service/name resolution — lets CUPS auto-discover network printers and
# resolves .local hostnames (avahi-daemon enabled + nss-mdns wired in
# post-install.sh).
avahi
nss-mdns
# Wi-Fi backend for NetworkManager (its default; no extra config needed). # Wi-Fi backend for NetworkManager (its default; no extra config needed).
wpa_supplicant wpa_supplicant
bluez bluez
@ -107,6 +112,11 @@ noto-fonts-emoji
ttf-jetbrains-mono ttf-jetbrains-mono
# Nerd font variant — icons in terminal tools (eza --icons, fastfetch, yazi) # Nerd font variant — icons in terminal tools (eza --icons, fastfetch, yazi)
ttf-jetbrains-mono-nerd ttf-jetbrains-mono-nerd
# Metric-compatible (Arial/Times/Courier) so Office/web docs lay out correctly,
# broad Unicode fallback, and the Font Awesome icon glyph set.
ttf-liberation
ttf-dejavu
ttf-font-awesome
# Terminal # Terminal
kitty kitty
@ -236,6 +246,14 @@ system-config-printer
# remote post-install (needs network); the runtime is shipped ready. # remote post-install (needs network); the runtime is shipped ready.
flatpak flatpak
# Firewall — ufw, enabled deny-incoming in post-install.sh (mDNS allowed so
# printer discovery still works).
ufw
# Firmware updates via LVFS (works with gnome-software / fwupdmgr).
fwupd
# Compressed RAM swap — see /etc/systemd/zram-generator.conf.
zram-generator
# Icon and cursor themes # Icon and cursor themes
# Papirus-Dark: cohesive icon set used as the BOS default (set via gsettings in # Papirus-Dark: cohesive icon set used as the BOS default (set via gsettings in
# hyprland.lua autostart and in skel gtk-3.0/settings.ini). # hyprland.lua autostart and in skel gtk-3.0/settings.ini).