nixos-config/harden.sh

#!/bin/sh

# This will harden the security of these dotfiles, preventing
# unpriveleged users from editing system-level (root configuration)
# files maliciously

# Run this inside of ~/.dotfiles (or whatever directory you installed
# the dotfiles to)

# Run this as root!

# BTW, this assumes your user account has a PID/GID of 1000

# After running this, the command `nix flake update` will require root

if [ "$#" = 1 ]; then
    dotfilesDir=$1;
else
    dotfilesDir=$(pwd);
fi
pushd $dotfilesDir &> /dev/null;
chown 0:0 .;
chown 0:0 profiles/*;
chown -R 0:0 system;
chown -R 0:0 patches;
chown 0:0 flake.lock;
chown 0:0 flake.nix
chown 0:0 profiles/*/configuration.nix;
chown 0:0 harden.sh;
chown 0:0 soften.sh;
chown 0:0 install.sh;
chown 0:0 update.sh;
chown 1000:users **/README.org;
popd &> /dev/null;
Added hardening script for security 2024-02-25 23:13:35 +05:30			`#!/bin/sh`

			`# This will harden the security of these dotfiles, preventing`
			`# unpriveleged users from editing system-level (root configuration)`
			`# files maliciously`

			`# Run this inside of ~/.dotfiles (or whatever directory you installed`
			`# the dotfiles to)`

			`# Run this as root!`

			`# BTW, this assumes your user account has a PID/GID of 1000`

			# After running this, the command `nix flake update` will require root

			`if [ "$#" = 1 ]; then`
			`dotfilesDir=$1;`
			`else`
			`dotfilesDir=$(pwd);`
			`fi`
			`pushd $dotfilesDir &> /dev/null;`
Added update to dir permissions 2024-02-29 07:12:06 +05:30			`chown 0:0 .;`
			`chown 0:0 profiles/*;`
			`chown -R 0:0 system;`
			`chown -R 0:0 patches;`
			`chown 0:0 flake.lock;`
			`chown 0:0 flake.nix`
			`chown 0:0 profiles/*/configuration.nix;`
			`chown 0:0 harden.sh;`
Testing update system from git repo script 2024-04-07 00:28:01 +05:30			`chown 0:0 soften.sh;`
			`chown 0:0 install.sh;`
			`chown 0:0 update.sh;`
Added hardening script for security 2024-02-25 23:13:35 +05:30			`chown 1000:users **/README.org;`
			`popd &> /dev/null;`