From 12e151d3e12e6cba268e35ad030d08ab36b823d1 Mon Sep 17 00:00:00 2001 From: FollieHiyuki Date: Wed, 29 Sep 2021 00:47:35 +0700 Subject: [PATCH] Some system config changes - startwl: move `chmod` out of if statement (ensure $XDG_RUNTIME_DIR properly has 0700 permission) - doas: add Void specified config - nftables: add note for future changes to block rules - grub: disable submenu --- home/.local/bin/startwl | 11 ++++------- system/etc/default/grub | 1 + system/etc/doas.conf | 7 ++++++- system/etc/nftables.conf | 2 ++ 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/home/.local/bin/startwl b/home/.local/bin/startwl index 738046a..fca1291 100755 --- a/home/.local/bin/startwl +++ b/home/.local/bin/startwl @@ -6,13 +6,10 @@ # Flatpak apps will not work because of hardcoded /run/user/$UID if [ -z "${XDG_RUNTIME_DIR}" ] then - userid=$(id -u ${USER}) - export XDG_RUNTIME_DIR="$(mktemp -d /tmp/${userid}-runtime-XXXXXX)" - if [ ! -d "${XDG_RUNTIME_DIR}" ] - then - mkdir -p "${XDG_RUNTIME_DIR}" - chmod 0700 "${XDG_RUNTIME_DIR}" - fi + userid=$(id -u ${USER}) + export XDG_RUNTIME_DIR="$(mktemp -d /tmp/${userid}-runtime-XXXXXX)" + [ ! -d "${XDG_RUNTIME_DIR}" ] && mkdir -p "${XDG_RUNTIME_DIR}" + chmod 0700 "${XDG_RUNTIME_DIR}" fi # Valid values: seatd, logind diff --git a/system/etc/default/grub b/system/etc/default/grub index 0c15550..4cabd2b 100644 --- a/system/etc/default/grub +++ b/system/etc/default/grub @@ -23,6 +23,7 @@ GRUB_COLOR_NORMAL="white/black" GRUB_COLOR_HIGHLIGHT="black/white" #GRUB_DISABLE_OS_PROBER=true GRUB_ENABLE_CRYPTODISK=y +GRUB_DISABLE_SUBMENU=y # To generate new font: # grub-mkfont -s 24 -o /boot/grub/fonts/hack.pf2 ~/Hack-Regular.ttf diff --git a/system/etc/doas.conf b/system/etc/doas.conf index 83418b4..5cf0764 100644 --- a/system/etc/doas.conf +++ b/system/etc/doas.conf @@ -1 +1,6 @@ -permit persist :wheel as root +# Void specified +permit persist setenv { SVDIR=/var/service LANG=$LANG } :wheel as root +permit nopass :wheel cmd reboot +permit nopass :wheel cmd poweroff +permit nopass :wheel cmd zzz +permit nopass :wheel cmd vsv args diff --git a/system/etc/nftables.conf b/system/etc/nftables.conf index 82def02..30ab8c1 100644 --- a/system/etc/nftables.conf +++ b/system/etc/nftables.conf @@ -22,6 +22,8 @@ # --------------------------------------------------------------------------------- # +# TODO: move block rules to mangle for faster blocking time (perfomance) + flush ruleset # TCP ports to accept (both IPv4 and IPv6)