2024-02-25 23:13:35 +05:30
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
# This will harden the security of these dotfiles, preventing
|
|
|
|
|
# unpriveleged users from editing system-level (root configuration)
|
|
|
|
|
# files maliciously
|
|
|
|
|
|
|
|
|
|
# Run this inside of ~/.dotfiles (or whatever directory you installed
|
|
|
|
|
# the dotfiles to)
|
|
|
|
|
|
|
|
|
|
# Run this as root!
|
|
|
|
|
|
|
|
|
|
# BTW, this assumes your user account has a PID/GID of 1000
|
|
|
|
|
|
|
|
|
|
# After running this, the command `nix flake update` will require root
|
|
|
|
|
|
|
|
|
|
if [ "$#" = 1 ]; then
|
2024-04-14 20:10:46 +05:30
|
|
|
SCRIPT_DIR=$1;
|
2024-02-25 23:13:35 +05:30
|
|
|
else
|
2024-04-14 20:10:46 +05:30
|
|
|
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
2024-02-25 23:13:35 +05:30
|
|
|
fi
|
2024-04-14 20:10:46 +05:30
|
|
|
pushd $SCRIPT_DIR &> /dev/null;
|
2024-07-16 20:32:28 +05:30
|
|
|
sudo chown 0:0 .;
|
|
|
|
|
sudo chown 0:0 profiles/*;
|
|
|
|
|
sudo chown -R 0:0 system;
|
|
|
|
|
sudo chown -R 0:0 patches;
|
|
|
|
|
sudo chown 0:0 flake.lock;
|
|
|
|
|
sudo chown 0:0 flake.nix
|
|
|
|
|
sudo chown 0:0 profiles
|
|
|
|
|
sudo chown 0:0 profiles/*/configuration.nix;
|
|
|
|
|
sudo chown 0:0 profiles/homelab/base.nix;
|
|
|
|
|
sudo chown 0:0 harden.sh;
|
|
|
|
|
sudo chown 0:0 soften.sh;
|
|
|
|
|
sudo chown 0:0 install.sh;
|
|
|
|
|
sudo chown 0:0 update.sh;
|
|
|
|
|
sudo chown 1000:users **/README.org;
|
2024-02-25 23:13:35 +05:30
|
|
|
popd &> /dev/null;
|
