byteio/nixos-config
1
0
Fork 0
mirror of https://github.com/librephoenix/nixos-config synced 2025-01-18 22:55:52 +05:30
Code Issues Packages Projects Releases Wiki Activity

feat: adds ability to skip hardening

Browse source
This commit is contained in:
Marcelo 2024-10-26 23:19:03 +01:00
parent e91791b2ac
commit ef6dec6de1
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
install.sh
View file

@ -11,6 +11,7 @@ NC='\033[0m' # No color
SCRIPT_DIR="${HOME}/.dotfiles" SCRIPT_DIR="${HOME}/.dotfiles"
USER_EMAIL="" USER_EMAIL=""
SKIP_REVIEW=0 SKIP_REVIEW=0
DISABLE_HARDEN=0
EDITOR="${EDITOR:-nano}" # Default to nano if EDITOR is not set EDITOR="${EDITOR:-nano}" # Default to nano if EDITOR is not set
# Helper function to display usage message # Helper function to display usage message
@ -20,6 +21,7 @@ show_help() {
printf " -d, --directory <path> Specify the directory to clone the dotfiles (default: ~/.dotfiles)\n" printf " -d, --directory <path> Specify the directory to clone the dotfiles (default: ~/.dotfiles)\n"
printf " -e, --email <email> Provide an email to use for configuration (default: empty)\n" printf " -e, --email <email> Provide an email to use for configuration (default: empty)\n"
printf " -y, --yes Skip editor confirmation for flake.nix review\n" printf " -y, --yes Skip editor confirmation for flake.nix review\n"
printf " -n, --no-harden Skip the security hardening step\n"
printf " -h, --help Show this help message\n" printf " -h, --help Show this help message\n"
exit 0 exit 0
} }
@ -30,6 +32,7 @@ while [ "$#" -gt 0 ]; do
-d|--directory) SCRIPT_DIR="$2"; shift 2;; -d|--directory) SCRIPT_DIR="$2"; shift 2;;
-e|--email) USER_EMAIL="$2"; shift 2;; -e|--email) USER_EMAIL="$2"; shift 2;;
-y|--yes) SKIP_REVIEW=1; shift;; -y|--yes) SKIP_REVIEW=1; shift;;
-n|--no-harden) DISABLE_HARDEN=1; shift;;
-h|--help) show_help;; -h|--help) show_help;;
--) shift; break;; --) shift; break;;
*) printf "${RED}Error:${NC} Unknown option: $1\n"; show_help; exit 1;; *) printf "${RED}Error:${NC} Unknown option: $1\n"; show_help; exit 1;;
@ -72,9 +75,13 @@ if [ "$SKIP_REVIEW" -eq 0 ]; then
$EDITOR "$SCRIPT_DIR/flake.nix" $EDITOR "$SCRIPT_DIR/flake.nix"
fi fi
# Apply security hardening # Apply security hardening if enabled
printf "${CYAN}Applying security hardening...${NC}\n" if [ "$DISABLE_HARDEN" -eq 0 ]; then
sudo "$SCRIPT_DIR/harden.sh" "$SCRIPT_DIR" printf "${CYAN}Applying security hardening...${NC}\n"
sudo "$SCRIPT_DIR/harden.sh" "$SCRIPT_DIR"
else
printf "${YELLOW}Skipping security hardening as requested.${NC}\n"
fi
# Rebuild system with new configuration # Rebuild system with new configuration
printf "${CYAN}Rebuilding system with nixos-rebuild...${NC}\n" printf "${CYAN}Rebuilding system with nixos-rebuild...${NC}\n"