From eee17f033f56307e702cd1a7abaac6232e72b4d8 Mon Sep 17 00:00:00 2001 From: titanz Date: Sun, 26 Jan 2025 18:31:19 +0100 Subject: [PATCH] switched from deprecated hardened-chromium to trivalent --- debian-gnome/debian-gnome.sh | 8 ++++---- debian-gnome/element.sh | 4 ++-- debian-gnome/lokinet.sh | 2 +- debian-gnome/sys-usb.sh | 4 ++-- dom0.sh | 2 +- fedora-gnome/ente.sh | 4 ++-- fedora-gnome/fedora-gnome.sh | 8 ++++---- fedora-gnome/ivpn.sh | 10 +++++----- fedora-gnome/microsoft-edge.sh | 4 ++-- fedora-gnome/mullvad-browser.sh | 2 +- fedora-gnome/mullvad.sh | 10 +++++----- fedora-gnome/sys-usb.sh | 4 ++-- fedora-gnome/{hardened-chromium.sh => trivalent.sh} | 9 +++++---- fedora-gnome/vault.sh | 4 ++-- fedora-minimal/fedora-minimal.sh | 4 ++-- fedora-minimal/sys-net.sh | 6 +++--- whonix/whonix-gateway.sh | 8 ++++---- 17 files changed, 47 insertions(+), 46 deletions(-) rename fedora-gnome/{hardened-chromium.sh => trivalent.sh} (89%) diff --git a/debian-gnome/debian-gnome.sh b/debian-gnome/debian-gnome.sh index 5a81f11..723aceb 100644 --- a/debian-gnome/debian-gnome.sh +++ b/debian-gnome/debian-gnome.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -61,7 +61,7 @@ umask 077 # Fix portals sudo mkdir -p /etc/xdg-desktop-portal -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/xdg-desktop-portal/portals.conf /etc/xdg-desktop-portal/portals.conf +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/xdg-desktop-portal/portals.conf /etc/xdg-desktop-portal/portals.conf # Avoid phased updates download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/apt/apt.conf.d/99sane-upgrades /etc/apt/apt.conf.d/99sane-upgrades @@ -139,5 +139,5 @@ sudo apt update sudo apt install --no-install-recommends gnome-console flatpak qubes-ctap qubes-gpg-split -y # Flatpak update service -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.timer /etc/systemd/user/update-user-flatpaks.timer \ No newline at end of file +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/user/update-user-flatpaks.timer /etc/systemd/user/update-user-flatpaks.timer diff --git a/debian-gnome/element.sh b/debian-gnome/element.sh index 5ccebd3..d786f3d 100644 --- a/debian-gnome/element.sh +++ b/debian-gnome/element.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -28,4 +28,4 @@ download https://packages.element.io/debian/element-io-archive-keyring.gpg /usr/ download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/refs/heads/main/etc/apt/sources.list.d/element-io.sources /etc/apt/sources.list.d/element-io.sources sudo apt update -sudo apt install -y element-desktop \ No newline at end of file +sudo apt install -y element-desktop diff --git a/debian-gnome/lokinet.sh b/debian-gnome/lokinet.sh index d8fdc94..1e8be75 100644 --- a/debian-gnome/lokinet.sh +++ b/debian-gnome/lokinet.sh @@ -26,5 +26,5 @@ echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --prin sudo apt update sudo apt install -y lokinet mullvad-browser resolvconf -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/lokinet-dns-fix.service /etc/systemd/system/lokinet-dns-fix.service +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/lokinet-dns-fix.service /etc/systemd/system/lokinet-dns-fix.service sudo systemctl enable --now lokinet-dns-fix diff --git a/debian-gnome/sys-usb.sh b/debian-gnome/sys-usb.sh index e6522f2..665ef15 100644 --- a/debian-gnome/sys-usb.sh +++ b/debian-gnome/sys-usb.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -28,4 +28,4 @@ curl -s --proxy http://127.0.0.1:8082 -L https://github.com/trustcrypto/OnlyKey- sudo apt install gnome-disk-utility ./OnlyKey_5.5.0_amd64.deb -sudo systemctl disable --now hide-hardware-info.service \ No newline at end of file +sudo systemctl disable --now hide-hardware-info.service diff --git a/dom0.sh b/dom0.sh index 14270cf..5e9dfb3 100644 --- a/dom0.sh +++ b/dom0.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (C) 2023-2024 Thien Tran +# Copyright (C) 2023-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of diff --git a/fedora-gnome/ente.sh b/fedora-gnome/ente.sh index 898fca0..6f600da 100644 --- a/fedora-gnome/ente.sh +++ b/fedora-gnome/ente.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -24,4 +24,4 @@ download() { unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null } -sudo dnf install -y https://github.com/ente-io/photos-desktop/releases/download/v1.7.7/ente-1.7.7-x86_64.rpm \ No newline at end of file +sudo dnf install -y https://github.com/ente-io/photos-desktop/releases/download/v1.7.7/ente-1.7.7-x86_64.rpm diff --git a/fedora-gnome/fedora-gnome.sh b/fedora-gnome/fedora-gnome.sh index 0323a51..11d98bc 100644 --- a/fedora-gnome/fedora-gnome.sh +++ b/fedora-gnome/fedora-gnome.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -66,14 +66,14 @@ sudo dconf update # Fix portals sudo mkdir -p /etc/xdg-desktop-portal -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/xdg-desktop-portal/portals.conf /etc/xdg-desktop-portal/portals.conf +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/xdg-desktop-portal/portals.conf /etc/xdg-desktop-portal/portals.conf # Setup ZRAM download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/systemd/zram-generator.conf /etc/systemd/zram-generator.conf # Flatpak update service -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/user/update-user-flatpaks.timer /etc/systemd/user/update-user-flatpaks.timer +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/user/update-user-flatpaks.service /etc/systemd/user/update-user-flatpaks.service +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/user/update-user-flatpaks.timer /etc/systemd/user/update-user-flatpaks.timer # Setup networking # We don't need the usual mac address randomization and stuff here, because this template is not used for sys-net diff --git a/fedora-gnome/ivpn.sh b/fedora-gnome/ivpn.sh index 895f4bc..2bfdc42 100644 --- a/fedora-gnome/ivpn.sh +++ b/fedora-gnome/ivpn.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -33,11 +33,11 @@ sudo mkdir -p /etc/qubes-bind-dirs.d echo 'binds+=( '\'''/etc/opt/ivpn/mutable''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf sudo mkdir -p /etc/systemd/system/systemd-resolved.service.d -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/systemd-resolved.service.d/override.conf /etc/systemd/system/systemd-resolved.service.d/override.conf +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/systemd-resolved.service.d/override.conf /etc/systemd/system/systemd-resolved.service.d/override.conf -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.service /etc/systemd/system/dnat-to-ns.service -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.path /etc/systemd/system/dnat-to-ns.path -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns-boot.service /etc/systemd/system/dnat-to-ns-boot.service +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/dnat-to-ns.service /etc/systemd/system/dnat-to-ns.service +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/dnat-to-ns.path /etc/systemd/system/dnat-to-ns.path +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/dnat-to-ns-boot.service /etc/systemd/system/dnat-to-ns-boot.service sudo systemctl enable dnat-to-ns.path sudo systemctl enable dnat-to-ns-boot.service diff --git a/fedora-gnome/microsoft-edge.sh b/fedora-gnome/microsoft-edge.sh index 1bfc245..ec7d003 100644 --- a/fedora-gnome/microsoft-edge.sh +++ b/fedora-gnome/microsoft-edge.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -59,4 +59,4 @@ umask 077 # Run `systemctl --user enable --now pactl.service` in your appVM. # For some uncomprehensible reason, manually enabling pipewire-pulse.service will not work for Edge audio. -# Using preset doesn't actually work :/ \ No newline at end of file +# Using preset doesn't actually work :/ diff --git a/fedora-gnome/mullvad-browser.sh b/fedora-gnome/mullvad-browser.sh index e183a85..6f22d2a 100644 --- a/fedora-gnome/mullvad-browser.sh +++ b/fedora-gnome/mullvad-browser.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2024 Thien Tran +# Copyright (C) 2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of diff --git a/fedora-gnome/mullvad.sh b/fedora-gnome/mullvad.sh index fd98391..d2594b6 100644 --- a/fedora-gnome/mullvad.sh +++ b/fedora-gnome/mullvad.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -33,11 +33,11 @@ sudo mkdir -p /etc/qubes-bind-dirs.d echo 'binds+=( '\'''/etc/mullvad-vpn''\'' )' | sudo tee /etc/qubes-bind-dirs.d/50_user.conf sudo mkdir -p /etc/systemd/system/systemd-resolved.service.d -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/systemd-resolved.service.d/override.conf /etc/systemd/system/systemd-resolved.service.d/override.conf +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/systemd-resolved.service.d/override.conf /etc/systemd/system/systemd-resolved.service.d/override.conf -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.service /etc/systemd/system/dnat-to-ns.service -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/systemd/system/dnat-to-ns.path /etc/systemd/system/dnat-to-ns.path +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/dnat-to-ns.service /etc/systemd/system/dnat-to-ns.service +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/systemd/system/dnat-to-ns.path /etc/systemd/system/dnat-to-ns.path sudo systemctl enable dnat-to-ns.path -# Follow these instructions on how to set up the ProxyVM: https://privsec.dev/posts/qubes/using-mullvad-vpn-on-qubes-os/#creating-the-proxyvm \ No newline at end of file +# Follow these instructions on how to set up the ProxyVM: https://privsec.dev/posts/qubes/using-mullvad-vpn-on-qubes-os/#creating-the-proxyvm diff --git a/fedora-gnome/sys-usb.sh b/fedora-gnome/sys-usb.sh index ad032e3..763b72a 100644 --- a/fedora-gnome/sys-usb.sh +++ b/fedora-gnome/sys-usb.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -26,4 +26,4 @@ download() { sudo dnf install -y android-tools mediawriter gnome-disk-utility -# In the dispvm template, delete ~/.config/autostart/nw.desktop to prevent the OnlyKey app from automatically starting. \ No newline at end of file +# In the dispvm template, delete ~/.config/autostart/nw.desktop to prevent the OnlyKey app from automatically starting. diff --git a/fedora-gnome/hardened-chromium.sh b/fedora-gnome/trivalent.sh similarity index 89% rename from fedora-gnome/hardened-chromium.sh rename to fedora-gnome/trivalent.sh index 807a978..f1d331d 100644 --- a/fedora-gnome/hardened-chromium.sh +++ b/fedora-gnome/trivalent.sh @@ -1,6 +1,7 @@ + #!/bin/sh -# Copyright (C) 2024 Thien Tran +# Copyright (C) 2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -24,9 +25,9 @@ download() { unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null } -sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/hardened-chromium -y +sudo https_proxy=127.0.0.1:8082 dnf copr enable secureblue/trivalent -y sudo dnf config-manager setopt fedora-cisco-openh264.enabled=1 rpmfusion-free.enabled=1 rpmfusion-free-updates.enabled=1 rpmfusion-nonfree.enabled=1 rpmfusion-nonfree-updates.enabled=1 -sudo dnf install -y ffmpeg hardened-chromium +sudo dnf install -y ffmpeg trivalent sudo dnf update @multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin umask 022 @@ -50,4 +51,4 @@ umask 077 # Run `systemctl --user enable --now pactl.service` in your appVM. # For some uncomprehensible reason, manually enabling pipewire-pulse.service will not work for Edge audio. -# Using preset doesn't actually work :/ \ No newline at end of file +# Using preset doesn't actually work :/ diff --git a/fedora-gnome/vault.sh b/fedora-gnome/vault.sh index a8dce5a..567ab7a 100644 --- a/fedora-gnome/vault.sh +++ b/fedora-gnome/vault.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -24,4 +24,4 @@ download() { unpriv curl -s --proxy http://127.0.0.1:8082 "${1}" | sudo tee "${2}" > /dev/null } -sudo dnf install -y keepassxc \ No newline at end of file +sudo dnf install -y keepassxc diff --git a/fedora-minimal/fedora-minimal.sh b/fedora-minimal/fedora-minimal.sh index 59d11ae..ac68854 100644 --- a/fedora-minimal/fedora-minimal.sh +++ b/fedora-minimal/fedora-minimal.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -66,4 +66,4 @@ echo 'libhardened_malloc.so' | sudo tee /etc/ld.so.preload sudo chmod 644 /etc/ld.so.preload # Prepare for SELinux -sudo touch /.autorelabel \ No newline at end of file +sudo touch /.autorelabel diff --git a/fedora-minimal/sys-net.sh b/fedora-minimal/sys-net.sh index ba594b1..e38065a 100644 --- a/fedora-minimal/sys-net.sh +++ b/fedora-minimal/sys-net.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -34,10 +34,10 @@ download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main # Theming sudo mkdir -p /etc/gtk-3.0 -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-3.0/settings.ini /etc/gtk-3.0/settings.ini +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development /etc/gtk-3.0/settings.ini/etc/gtk-3.0/settings.ini sudo mkdir -p /etc/gtk-4.0 -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini # Networking download https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf /etc/NetworkManager/conf.d/00-macrandomize.conf diff --git a/whonix/whonix-gateway.sh b/whonix/whonix-gateway.sh index a4f3d3f..130f85b 100644 --- a/whonix/whonix-gateway.sh +++ b/whonix/whonix-gateway.sh @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright (C) 2022-2024 Thien Tran +# Copyright (C) 2022-2024 Lukas Raub # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of @@ -52,10 +52,10 @@ sudo systemctl enable --now hide-hardware-info.service echo 'ConnectionPadding 1' | sudo tee /usr/local/etc/torrc.d/50_user.conf # Theming -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/environment /etc/environment +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/environment /etc/environment sudo mkdir -p /etc/gtk-3.0 -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-3.0/settings.ini /etc/gtk-3.0/settings.ini +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/gtk-3.0/settings.ini /etc/gtk-3.0/settings.ini sudo mkdir -p /etc/gtk-4.0 -download https://raw.githubusercontent.com/TommyTran732/QubesOS-Scripts/main/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini \ No newline at end of file +download https://git.conorz.at/titanz/QubesOS-Scripts/raw/branch/development/etc/gtk-4.0/settings.ini /etc/gtk-4.0/settings.ini