#!/bin/bash # Create the unprivileged BOS live user and its Hyprland session. # # Hyprland refuses to run as root (superuser-privileges check), so the live # session must run as a normal user. Calamares — which does need root — is # launched onto the user's Wayland socket via passwordless sudo (see # bos-launch-calamares). Runs once at boot, before the tty1 autologin getty. set -e # useradd -m copies /etc/skel, so the live user gets the real BOS desktop # (breadd + breadbar + breadbox + keybinds) — proper live-media functionality, # not an installer kiosk. if ! id liveuser &>/dev/null; then useradd -m -s /bin/bash liveuser for g in wheel video input audio storage power; do getent group "$g" >/dev/null 2>&1 && gpasswd -a liveuser "$g" >/dev/null || true done passwd -d liveuser >/dev/null fi # Layer the installer onto the live desktop: auto-launch it, and bind Super+I to # relaunch it after it's been closed. Appended to (not replacing) the skel # Hyprland config so the full desktop stays intact. HYPR=/home/liveuser/.config/hypr/hyprland.conf install -d -m 0755 -o liveuser -g liveuser /home/liveuser/.config/hypr if ! grep -q bos-launch-calamares "$HYPR" 2>/dev/null; then cat >>"$HYPR" <<'EOF' # --- live-media installer (added by bos-live-setup; absent on installed system) --- exec-once = bos-launch-calamares bind = SUPER, I, exec, bos-launch-calamares exec-once = /usr/local/bin/bos-live-diag EOF fi # Start Hyprland on tty1 login; capture output and fall back to a shell so a # failed compositor start is visible rather than a blank looping cursor. cat >/home/liveuser/.bash_profile <<'EOF' if [[ "$(tty)" == /dev/tty1 ]] && [[ -z "$WAYLAND_DISPLAY" ]]; then export WLR_RENDERER_ALLOW_SOFTWARE=1 export WLR_NO_HARDWARE_CURSORS=1 # Log to a user-writable path (/var/log is root-only; redirecting there # would fail and silently keep the compositor from ever launching). Hyprland &>/tmp/hyprland-live.log echo "Hyprland exited (rc=$?). Log: /tmp/hyprland-live.log" exec bash -i fi EOF chown -R liveuser:liveuser /home/liveuser