Use download command everywhere

2024-11-11 16:54:18 -07:00
parent fec32ae3f0
commit 481700d2cc
10 changed files with 107 additions and 59 deletions
--- a/fedora-minimal/fedora-minimal.sh
+++ b/fedora-minimal/fedora-minimal.sh
@@ -20,7 +20,7 @@ unpriv(){
  sudo -u nobody "${@}"
 }

-dl() {
+download() {
  unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
 }

@@ -42,13 +42,13 @@ systemctl disable --now systemd-timesyncd
 systemctl mask systemd-timesyncd

 # Harden SSH
-dl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf /etc/ssh/ssh_config.d/10-custom.conf
+download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/ssh/ssh_config.d/10-custom.conf /etc/ssh/ssh_config.d/10-custom.conf
 chmod 644 /etc/ssh/ssh_config.d/10-custom.conf

 # Security kernel settings
-dl https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/etc/modprobe.d/blacklist.conf /etc/modprobe.d/workstation-blacklist.conf
+download https://raw.githubusercontent.com/secureblue/secureblue/live/files/system/usr/etc/modprobe.d/blacklist.conf /etc/modprobe.d/workstation-blacklist.conf
 sudo chmod 644 /etc/modprobe.d/workstation-blacklist.conf
-dl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf /etc/sysctl.d/99-workstation.conf
+download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysctl.d/99-workstation.conf /etc/sysctl.d/99-workstation.conf
 # This doesn't exist (jackwagon)
 # sudo chmod 644 /etc/sysctl.d/30_security-misc_kexec-disable.conf
 # Dracut doesn't seem to work - need to investigate
@@ -56,7 +56,7 @@ dl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/s
 sudo sysctl -p

 # Setup ZRAM
-dl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf
+download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf

 # Setup hardened_malloc
 sudo https_proxy=https://127.0.0.1:8082 dnf copr enable secureblue/hardened_malloc -y
--- a/fedora-minimal/sys-net.sh
+++ b/fedora-minimal/sys-net.sh
@@ -14,29 +14,37 @@
 # License for the specific language governing permissions and limitations under
 # the License.

-set -eu
+set -eu -o pipefail
+
+unpriv(){
+  sudo -u nobody "${@}"
+}
+
+download() {
+  unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null
+}

 # Install necessary packages
 dnf install -y @hardware-support arc-theme chrony gnome-keyring NetworkManager-wifi network-manager-applet qubes-core-agent-networking qubes-core-agent-network-manager xfce4-notifyd

 # Setup NTS
 sudo rm -rf /etc/chrony.conf
-unpriv curl -s --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf | tee /etc/chrony.conf > /dev/null
-unpriv curl --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd | tee /etc/sysconfig/chronyd > /dev/null
+download https://raw.githubusercontent.com/GrapheneOS/infrastructure/main/chrony.conf /etc/chrony.conf
+download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/sysconfig/chronyd /etc/sysconfig/chronyd

 # Theming
 sudo mkdir -p /etc/gtk-3.0
-unpriv curl -s --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-3.0/settings.ini | tee /etc/gtk-3.0/settings.ini > /dev/null
+download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-3.0/settings.ini /etc/gtk-3.0/settings.ini

 sudo mkdir -p /etc/gtk-4.0
-unpriv curl -s --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-4.0/settings.ini | tee /etc/gtk-4.0/settings.ini > /dev/null
+download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini

 # Networking
-unpriv curl -s --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf | tee /etc/NetworkManager/conf.d/00-macrandomize.conf > /dev/null
-unpriv curl -s --proxy http://127.0.0.1:8082 https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/01-transient-hostname.conf | tee /etc/NetworkManager/conf.d/01-transient-hostname.conf > /dev/null
+download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf /etc/NetworkManager/conf.d/00-macrandomize.conf
+download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/01-transient-hostname.conf /etc/NetworkManager/conf.d/01-transient-hostname.conf
 sudo hostnamectl hostname 'localhost'
 sudo hostnamectl --transient hostname ''

 # This breaks saving network settings with the Fedora 40 template rn, so I am commenting it out.
 #sudo mkdir -p /etc/systemd/system/NetworkManager.service.d
-#curl -s --proxy http://127.0.0.1:8082 https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | tee /etc/systemd/system/NetworkManager.service.d/99-brace.conf > /dev/null
+#download https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf /etc/systemd/system/NetworkManager.service.d/99-brace.conf