diff --git a/README.md b/README.md index ea5b98d..9beefdb 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,83 @@ -# voidlinux_V2_2024.03_noatime_trim-SSD +# VOID INSTALL + cfdisk /dev/sda + mkfs -t ext2 /dev/sda1 + mkfs -t ext4 /dev/sda2 + mkfs -t ext4 /dev/sda3 + mkswap /dev/sda4 + swapon /dev/sda4 + + mount /dev/sda2 /mnt + mkdir /mnt/boot + mkdir /mnt/home + mount /dev/sda1 /mnt/boot + mount /dev/sda3 /mnt/home + + REPO=https://repo-default.voidlinux.org/current + ARCH=x86_64 + mkdir -p /mnt/var/db/xbps/keys + cp /var/db/xbps/keys/* /mnt/var/db/xbps/keys/ + + XBPS_ARCH=$ARCH xbps-install -S -r /mnt -R "$REPO" base-system + + mount --rbind /sys /mnt/sys && mount --make-rslave /mnt/sys + mount --rbind /dev /mnt/dev && mount --make-rslave /mnt/dev + mount --rbind /proc /mnt/proc && mount --make-rslave /mnt/proc + + cp /etc/resolv.conf /mnt/etc/ + + xchroot /mnt /bin/bash + + xbps-install nano + nano /etc/default/libc-locales + xbps-reconfigure -f glibc-locales + + ln -sf /usr/share/zoneinfo/Europa/Minsk /etc/localtime + + useradd -m -g users -G wheel -s /bin/bash admin + passwd admin + + useradd -m -g users -G audio -s /bin/bash user + passwd user + + gpasswd -a user disk + gpasswd -a user input + gpasswd -a user lp + gpasswd -a user optical + gpasswd -a user scanner + gpasswd -a user storage + gpasswd -a user kvm + gpasswd -a user video + + groups user + + EDITOR=nano visudo +-- + admin ALL=(ALL:ALL) ALL +-- + + cp /proc/mounts /etc/fstab + + xbps-install grub + grub-install /dev/sda + + xbps-install git opendoas + + + xbps-reconfigure -fa + exit + reboot + + sudo ln-s /etc/sv/dhcpcd /var/service + sudo sv up dhcpcd + + AUTOLOGIN & AUTOSTART + + sudo nano /etc/sv/agetty-tty1/conf + GETTY_ARGS="-a username --noclear" + + nano .bash_profile + [ -f $HOME/.bashrc ] && . $HOME/.bashrc + if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then + exec startx + fi diff --git a/doas b/doas new file mode 100644 index 0000000..37215cc --- /dev/null +++ b/doas @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +xbps-install opendoas \ +cp doas.conf /etc/ +chown -c root:root /etc/doas.conf +chmod -c 0400 /etc/doas.conf +cd .. +rm -Rfv voidlinux diff --git a/doas.conf b/doas.conf new file mode 100644 index 0000000..bf37a0c --- /dev/null +++ b/doas.conf @@ -0,0 +1,28 @@ +## doas configuration file. +## +## See the doas man page for the details on how to write a configuration file. +## + +## Allow members of group wheel to execute any command +permit persist :wheel + +## Same thing without a password +#permit nopass :wheel + +## Allow tedu to run procmap as root without a password +#permit nopass tedu as root cmd /usr/sbin/procmap + +## Allow members of group power to execute power commands +permit nopass :power cmd openrc-shutdown +permit nopass :power cmd runit-halt +permit nopass :power cmd runit-shutdown +permit nopass :power cmd halt +permit nopass :power cmd poweroff +permit nopass :power cmd reboot +permit nopass :power cmd shutdown + +permit nopass user as root cmd reboot +permit nopass user as root cmd poweroff + +## Allow root user to execute any command +permit nopass root diff --git a/nftables b/nftables new file mode 100644 index 0000000..e7cbf68 --- /dev/null +++ b/nftables @@ -0,0 +1,14 @@ +#!/bin/bash +nft flush ruleset +nft add table ip filter +nft add chain ip filter INPUT { type filter hook input priority 0 \; policy accept \; } +nft add chain ip filter FORWARD { type filter hook forward priority 0 \; policy accept \; } +nft add chain ip filter OUTPUT { type filter hook output priority 0 \; policy accept \; } +#---------------------Type filter INPUT Chain (for ipv4)----------------------------------------- +nft add rule ip filter INPUT iifname "lo" counter accept +nft add rule ip filter INPUT ct state invalid counter drop +nft add rule ip filter INPUT ct state {established, related} counter accept +nft add rule ip filter INPUT iifname "ens33" ip saddr 192.168.8.235/24 tcp dport { 80,443} counter accept +nft add rule ip filter INPUT iifname "ens33" ip saddr 192.168.8.235/24 udp dport 53 counter accept +nft add rule ip filter INPUT ip protocol icmp counter drop +nft add rule ip filter INPUT counter drop \ No newline at end of file