emmet/nixos-config
0
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity

Moved scripts into scripts/

Browse Source
This commit is contained in:
Emmet
2024-12-28 11:03:24 -06:00
parent cedb24e74d
commit a8f84076e1
11 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
scripts/harden.sh Executable file
View File

@@ -0,0 +1,33 @@
#!/bin/sh
# This will harden the security of these dotfiles, preventing
# unpriveleged users from editing system-level (root configuration)
# files maliciously
# Run this inside of ~/.dotfiles (or whatever directory you installed
# the dotfiles to)
# Run this as root!
# BTW, this assumes your user account has a PID/GID of 1000
# After running this, the command `nix flake update` will require root
if [ "$#" = 1 ]; then
SCRIPT_DIR=$1;
else
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
fi
pushd $SCRIPT_DIR/.. &> /dev/null;
sudo chown 0:0 .;
sudo chown 0:0 profiles/*;
sudo chown -R 0:0 system;
sudo chown 0:0 -R scripts;
sudo chown -R 0:0 patches;
sudo chown 0:0 flake.lock;
sudo chown 0:0 flake.nix
sudo chown 0:0 profiles
sudo chown 0:0 profiles/*/configuration.nix;
sudo chown 0:0 profiles/homelab/base.nix;
sudo chown 1000:users **/README.org;
popd &> /dev/null;