-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathharden.sh
executable file
·50 lines (41 loc) · 1.29 KB
/
harden.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/sh
# This will harden the security of these dotfiles, preventing
# unpriveleged users from editing system-level (root configuration)
# files maliciously
# Run this inside of ~/.dotfiles (or whatever directory you installed
# the dotfiles to)
# Run this as root!
# BTW, this assumes your user account has a PID/GID of 1000
# After running this, the command `nix flake update` will require root
if [ "$#" = 1 ]; then
SCRIPT_DIR=$1;
else
# shellcheck disable=SC3028
# shellcheck disable=SC3054
# shellcheck disable=SC3020
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
fi
# shellcheck disable=SC2164
# shellcheck disable=SC3044
# shellcheck disable=SC2086
# shellcheck disable=SC3020
pushd $SCRIPT_DIR &> /dev/null;
sudo chown 0:0 .;
sudo chown 0:0 profiles/*;
sudo chown -R 0:0 system;
sudo chown -R 0:0 patches;
sudo chown 0:0 flake.lock;
sudo chown 0:0 flake.nix
sudo chown 0:0 profiles
sudo chown 0:0 profiles/*/configuration.nix;
sudo chown 0:0 profiles/homelab/base.nix;
sudo chown 0:0 harden.sh;
sudo chown 0:0 soften.sh;
sudo chown 0:0 install.sh;
sudo chown 0:0 update.sh;
# shellcheck disable=SC2035
sudo chown 1000:users **/README.org;
# shellcheck disable=SC2164
# shellcheck disable=SC3044
# shellcheck disable=SC3020
popd &> /dev/null;