Complete the desktop: default apps, mDNS, firewall, zram, fonts
All checks were successful
Mirror to GitHub / mirror (push) Successful in 6s
All checks were successful
Mirror to GitHub / mirror (push) Successful in 6s
Wire up features that were half-shipped and add sensible resilience defaults: - mimeapps.list in skel: images->loupe, A/V->vlc, text->gnome-text-editor, pdf/html->zen, archives->file-roller, dirs->nautilus (so opening a file from nautilus actually does something) - avahi + nss-mdns: CUPS network-printer discovery + .local resolution (enable avahi-daemon; insert mdns_minimal into nsswitch hosts:) - ufw: deny-incoming firewall, mDNS (5353/udp) allowed so discovery still works; enabled in post-install - zram-generator: compressed RAM swap (half RAM capped 4 GiB, zstd) - fwupd + reflector.timer: firmware updates and periodic mirror refresh - fonts: ttf-liberation (Office/web metric compat), ttf-dejavu, font-awesome Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Breadway
parent
1f53377914
commit
7652d92b81
4 changed files with 98 additions and 1 deletions
|
|
@ -100,11 +100,33 @@ fi
|
|||
# ---------------------------------------------------------------------------
|
||||
for unit in NetworkManager.service bluetooth.service systemd-timesyncd.service \
|
||||
tlp.service greetd.service snapper-cleanup.timer grub-btrfsd.service \
|
||||
fstrim.timer cups.socket; do
|
||||
fstrim.timer cups.socket avahi-daemon.service ufw.service \
|
||||
fwupd-refresh.timer reflector.timer; do
|
||||
systemctl enable "$unit" || echo "WARN: failed to enable $unit"
|
||||
done
|
||||
systemctl set-default graphical.target || echo "WARN: set-default graphical failed"
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# mDNS resolution (nss-mdns): insert mdns_minimal into the hosts: line so the
|
||||
# resolver answers *.local (network printers, other hosts) via avahi. Idempotent.
|
||||
# ---------------------------------------------------------------------------
|
||||
if [[ -f /etc/nsswitch.conf ]] && ! grep -q 'mdns_minimal' /etc/nsswitch.conf; then
|
||||
sed -i 's/^\(hosts:[[:space:]]*\)/\1mdns_minimal [NOTFOUND=return] /' \
|
||||
/etc/nsswitch.conf || echo "WARN: wiring nss-mdns failed"
|
||||
fi
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Firewall: deny inbound by default, allow outbound, and permit inbound mDNS so
|
||||
# avahi printer/service discovery keeps working. Best-effort — rule application
|
||||
# happens at boot; here we only persist the policy + enable the unit.
|
||||
# ---------------------------------------------------------------------------
|
||||
if command -v ufw &>/dev/null; then
|
||||
ufw default deny incoming || echo "WARN: ufw default deny incoming failed"
|
||||
ufw default allow outgoing || echo "WARN: ufw default allow outgoing failed"
|
||||
ufw allow 5353/udp || echo "WARN: ufw allow mDNS failed"
|
||||
ufw --force enable || echo "WARN: ufw enable failed"
|
||||
fi
|
||||
|
||||
# The bread ecosystem (bakery + bread, breadbar, breadbox, breadcrumbs, breadpad)
|
||||
# is bakery-managed, not pacman: the binaries and bakery manifest live in
|
||||
# /etc/skel/.local (baked in at ISO build time) and are copied into the user's
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue