Added hardening script for security

harden.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# This will harden the security of these dotfiles, preventing
+# unpriveleged users from editing system-level (root configuration)
+# files maliciously
+
+# Run this inside of ~/.dotfiles (or whatever directory you installed
+# the dotfiles to)
+
+# Run this as root!
+
+# BTW, this assumes your user account has a PID/GID of 1000
+
+# After running this, the command `nix flake update` will require root
+
+if [ "$#" = 1 ]; then
+    dotfilesDir=$1;
+else
+    dotfilesDir=$(pwd);
+fi
+pushd $dotfilesDir &> /dev/null;
+chown -R root:root system;
+chown -R root:root patches;
+chown root:root flake.lock;
+chown root:root flake.nix
+chown root:root profiles/*/configuration.nix;
+chown 1000:users **/README.org;
+chown root:root harden.sh;
+popd &> /dev/null;

install.org

@@ -72,3 +72,9 @@ If it fails with something to the effect of "could not download {some image file
 I have included a script in the [[./themes][themes directory]] named [[./themes/background-test.sh][background-test.sh]] which performs a rough test on every theme background url, reporting which are broken.
 
 If you're having this error, navigate to the [[./flake.nix][flake.nix]] and select any theme with a good background wallpaper link. As long as it is able to download the new wallpaper, it should be able to build.
+
+*** Do I have to put the configuration files in =~/.dotfiles=?
+No. You can put them in literally any directory you want. I just prefer to use =~/.dotfiles= as a convention. If you change the directory, do keep in mind that the above scripts must be modified, replacing =~/.dotfiles= with whatever directory you want to install them to.
+
+*** So I cloned these dotfiles into ~/.dotfiles, and now there are system-level files owned by my user account.. HOW IS THIS SECURE?!
+If you're worried about someone modifying your system-level (root configuration) files as your unpriveleged user, see [[./harden.sh][harden.sh]].