From 6452d80ad17abc24ddde7e97ea42fc8f78e9744e Mon Sep 17 00:00:00 2001 From: toothytoad Date: Mon, 6 Jan 2025 17:53:22 -0800 Subject: [PATCH] just utils --- files/justfiles/utilities.just | 213 +++++++++++++++++++++++++++++++++ 1 file changed, 213 insertions(+) create mode 100644 files/justfiles/utilities.just diff --git a/files/justfiles/utilities.just b/files/justfiles/utilities.just new file mode 100644 index 00000000..d166d445 --- /dev/null +++ b/files/justfiles/utilities.just @@ -0,0 +1,213 @@ +# vim: set ft=make : +# Copyright 2024 secureblue +# +# This file includes code from Universal Blue which is licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" +# BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language +# governing permissions and limitations under the License. + +uid := `id -u` +shell := `grep :$(id -u): /etc/passwd | cut -d: -f7` + +# Boot into this device's BIOS/UEFI screen +bios: + #!/usr/bin/bash + if [ -d /sys/firmware/efi ]; then + systemctl reboot --firmware-setup + else + echo "Rebooting to legacy BIOS from OS is not supported." + fi + +# Show all messages from this boot +logs-this-boot: + #! /bin/run0 /bin/bash + journalctl -b 0 + +# Show all messages from last boot +logs-last-boot: + #! /bin/run0 /bin/bash + journalctl -b -1 + +# Regenerate GRUB config, useful in dual-boot scenarios where a second operating system isn't listed +regenerate-grub: + #! /bin/run0 /bin/bash + if [ -d /sys/firmware/efi ]; then + grub2-mkconfig -o /etc/grub2-efi.cfg + else + grub2-mkconfig -o /etc/grub2.cfg + fi + +# Toggle display of the user-motd in terminal +toggle-user-motd: + #!/usr/bin/bash + if test -e "${HOME}/.config/no-show-user-motd"; then + rm -f "${HOME}/.config/no-show-user-motd" + else + if test ! -d "${HOME}/.config"; then + mkdir "${HOME}/.config" + fi + touch "${HOME}/.config/no-show-user-motd" + fi + +# Update device firmware +[no-exit-message] +update-firmware: + fwupdmgr refresh --force + fwupdmgr get-updates + fwupdmgr update + +# Clean up old up unused podman images, volumes, flatpak packages and rpm-ostree content +clean-system: + #!/usr/bin/bash + podman image prune -af + podman volume prune -f + flatpak uninstall --unused + rpm-ostree cleanup -bm + +# Check for local overrides +check-local-overrides: + #!/usr/bin/bash + diff -r \ + --suppress-common-lines \ + --color="always" \ + --exclude "passwd*" \ + --exclude "group*" \ + --exclude="subgid*" \ + --exclude="subuid*" \ + --exclude="machine-id" \ + --exclude="adjtime" \ + --exclude="fstab" \ + --exclude="system-connections" \ + --exclude="shadow*" \ + --exclude="gshadow*" \ + --exclude="ssh_host*" \ + --exclude="cmdline" \ + --exclude="crypttab" \ + --exclude="hostname" \ + --exclude="localtime" \ + --exclude="locale*" \ + --exclude="*lock" \ + --exclude=".updated" \ + --exclude="*LOCK" \ + --exclude="vconsole*" \ + --exclude="00-keyboard.conf" \ + --exclude="grub" \ + --exclude="system.control*" \ + --exclude="cdi" \ + --exclude="default.target" \ + /usr/etc /etc 2>/dev/null | sed '/Binary\ files\ /d' + +# Rerun Yafti +rerun-yafti: + yafti -f /usr/share/ublue-os/firstboot/yafti.yml + +alias assemble := distrobox-assemble + +# Create distroboxes from a defined manifest +distrobox-assemble CONTAINER="prompt" ACTION="create" FILE="/etc/distrobox/distrobox.ini": + #!/usr/bin/bash + # Distroboxes are gathered from distrobox.ini, please add them there + source /usr/lib/ujust/ujust.sh + AssembleList {{ FILE }} {{ ACTION }} {{ CONTAINER }} + +# Create toolbox containers from a defined manifest (this spec will not be expanded) +toolbox-assemble CONTAINER="prompt" ACTION="create" FILE="/etc/toolbox/toolbox.ini": + #!/usr/bin/bash + # Toolboxes are gathered from toolbox.ini, please add them there + source /usr/lib/ujust/ujust.sh + ToolboxAssembleList {{ FILE }} {{ ACTION }} {{ CONTAINER }} + +# Run a non-flatpak application with standard memory allocator (needs an argument!) +with-standard-malloc APP: + #!/usr/bin/bash + bwrap --dev-bind / / --ro-bind /dev/null /etc/ld.so.preload {{ APP }} + +# Add the unfiltered Flathub flatpak repo +enable-flathub-unfiltered: + #!/usr/bin/bash + flatpak remote-add --if-not-exists --user flathub https://flathub.org/repo/flathub.flatpakrepo + +# search for an installed SELinux module +semodule-check MODULE: + #! /bin/run0 /bin/bash + if [ -n "$( semodule -l | grep {{ MODULE }} )" ] ; then + semodule -l | grep {{ MODULE }} + fi + +# Install Steam via choice of 3 methods +install-steam: + #!/usr/bin/bash + if [ -z "$(pgrep Xwayland)" ] && [ -z "$(pgrep Xorg)" ] ; then + echo "Steam requires X or Xwayland, which your variant of secureblue has disabled by default." + echo "Please run 'ujust toggle-xwayland' to re-enable it." + toggle_xwayland_now="" + read -p "Would you like to run 'ujust toggle-xwayland' now? [Y/n] " toggle_xwayland_now + toggle_xwayland_now=${toggle_xwayland_now:-y} + if [[ "$toggle_xwayland_now" == [Yy]* ]]; then + echo "Running 'ujust toggle-xwayland'" + ujust toggle-xwayland + reboot_now="" + read -p "Would you like to reboot now? [y/N] " reboot_now + if [[ "$reboot_now" == [Yy]* ]]; then + echo "Rebooting" + systemctl reboot + fi + fi + fi + valid_input="0" + method_selection="" + echo "Please select a method to install steam:" + echo " 1) Flatpak - will install the steam flatpak from flathub-unverified" + echo " 2) Distrobox - will set up steam via the bazzite-arch distrobox image" + while [[ "$valid_input" == "0" ]]; do + read -p "Selection [1-2]: " method_selection + if [[ "$method_selection" == [12]* ]]; then + valid_input="1" + else + echo "That is not a valid selection." + fi + done + + echo "" # blank space + case "$method_selection" in + 1) + echo "Flatpak method selected." + echo "Enabling the unfiltered Flathub repo." + ujust enable-flathub-unfiltered + echo "Installing Steam flatpak." + flatpak install -y flathub com.valvesoftware.Steam + echo "Disabling hardened_malloc for Steam." + flatpak override --user --unset-env=LD_PRELOAD --nofilesystem=host-os com.valvesoftware.Steam + ;; + 2) + echo "Distrobox method selected." + if [ -n "$(ujust semodule-check harden_container_userns)" ] ; then + echo "Distrobox requires that secureblue's harden-container-userns module be disabled" + echo "Please run 'ujust toggle-container-domain-userns-creation'" + container_userns_now="" + read -p "Would you like to run 'ujust toggle-container-domain-userns-creation' now? [Y/n] " container_userns_now + container_userns_now=${container_userns_now:-y} + if [[ "$container_userns_now" == [Yy]* ]]; then + echo "Running 'ujust toggle-container-domain-userns-creation'" + ujust toggle-container-domain-userns-creation + fi + fi + echo "Creating bazzite-arch distrobox." + distrobox-create --unshare-netns --nvidia --image ghcr.io/ublue-os/bazzite-arch --name bazzite-arch -Y + echo "Exporting Steam from bazzite-arch distrobox." + distrobox-enter -n bazzite-arch -- distrobox-export --app steam + ;; + esac + + echo "Steam requires support for 32-bit processes/syscalls." + if [ -n "$(rpm-ostree kargs | grep 'ia32_emulation=0')" ] ; then + echo "This script will now remove the 'ia32_emulation=0' kernel argument." + rpm-ostree kargs --delete-if-present="ia32_emulation=0" + else + echo "Do not set the 'ia32_emulation=0' kernel argument." + fi