Same root cause as the gocryptfs and Nextcloud fixes: kwalletd6 is a
long-running daemon that stays alive for the entire KDE session.
Launching it with setsid keeps it in the autostart service cgroup,
preventing app-logon_script.sh@autostart from reaching finished state.
Replace setsid with systemd-run --user --scope so kwalletd6 runs in
its own transient scope cgroup.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
KDE Plasma runs each autostart .desktop entry as a systemd user unit.
systemd tracks service liveness by cgroup membership, not just the
main PID. Any process forked inside the service — even via setsid or &
— stays in the service's cgroup and keeps app-logon_script.sh@autostart
in active (running) state indefinitely after logon_script.sh exits.
mount_ecrypt_home.sh: wrap the gocryptfs mount call with
systemd-run --user --scope --unit=gocryptfs-home
The FUSE daemon that gocryptfs forks now lives in its own transient
scope cgroup. Exit-code propagation is unchanged because systemd-run
--scope returns the main process's exit code.
0050_nextcloud_desktopclient/user_run.sh: replace
/usr/bin/setsid ... &
with
systemd-run --user --scope --unit=nextcloud-client ... &
setsid creates a new session but does not move the process out of the
cgroup; systemd-run --scope does.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Free-space start alignment
parted reports free space starting at 0,02 MiB (before the GPT
alignment boundary). The collect_free_space awk now rounds the start
up to the next whole MiB (ceiling) and enforces a minimum of 1 MiB,
then recomputes the usable size from the adjusted start. This prevents
parted from being asked to create a partition at 0 MiB, which it
cannot do.
Locale-independent partition creation
The previous `printf 'Yes\n' | parted mkpart` relied on parted
accepting an English answer to its alignment-confirmation prompt.
On a German-locale system parted asks "Ist dies noch akzeptabel?"
and ignores "Yes", causing mkpart to fail. Replaced with `parted -s`
(script/non-interactive mode), consistent with every other parted
call in the script.
Correct new-partition detection on disks with gaps
The old heuristic took the highest partition number after partprobe.
On a disk where existing partitions are numbered 2/3/4, a new
partition in the gap before them receives number 1 — making the
old heuristic point at partition 4 (the existing btrfs volume) and
subsequently run mkfs.btrfs on it. The new awk matches by start
position (OEMDRV_START ± 1 MiB) instead, which is unambiguous
regardless of how numbers are assigned.
Infinite loop on EOF stdin
When the selection while-loop's `read` hits EOF (e.g. stdin exhausted
after sudo consumed a piped password), it returns exit code 1 with an
empty INPUT, which falls through to "Invalid input." and spins
forever. Added `|| { echo; echo "Aborted."; exit 0; }` to all three
read calls in the loop.
install.md: drop stale install_from_repo.sh reference from title;
clarify that REPO_URL/REPO_BRANCH overrides are optional.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
install.sh writes the last 12 chars of the DMI system UUID to
config.d/machine_uuid.sys (0444) after git clone, so non-root scripts
can derive the hardware-bound hostname without needing dmidecode.
conf.dist reads machine_uuid.sys first; falls back to dmidecode (root)
or hostname -s (user) if the file is absent.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of dying immediately, check_tools now lists missing packages,
asks the user to install them with dnf, and re-verifies after install.
Decline still aborts as before.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Each variable is now prompted in a retry loop so a failed test re-prompts
that specific variable instead of restarting the whole wizard. Adds DNS-based
IPA domain validation (_ldap._tcp SRV + _kerberos TXT + _kerberos._udp SRV),
matching what ipa-client-install --domain performs. Fixes syntax errors
(bare `do` → `while true; do`, `continue` → `break`). Expands VARS to include
IPAVAULTNAME, CLIENT_SOFTWARE_SRC, DISTCONFIGPATH_SRC.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
After server checks pass, present all ks_base_profiles/*.cfg files
with their first-paragraph description and require the user to pick
one. The selected profile is copied to ks.cfg in the repo root.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of obtaining a Nextcloud WebDAV token, verify the configured
servers directly:
- Nextcloud: check /status.php for "installed":true and show version
- FreeIPA: check /ipa/session/json for HTTP 200 or 401
Both checks offer restart or quit on failure.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Pass DISPLAY and WAYLAND_DISPLAY explicitly through the su call in
install.sh so Firefox can connect to the user's display session.
Remove the now-unnecessary DISPLAY=:0 fallback from get_nc_token.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Before partitioning, check_repo_url() downloads
system_setup/install.sh from REPO_URL and compares its sha256sum
against the running script. Warns and asks to continue if the URL
is unreachable or the checksums differ.
Also accept an optional first argument to override REPO_URL.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- system_setup/configure.sh: interactive first-time setup wizard that
edits config.d/configure.conf, tests the encrypted home mount, and
obtains a Nextcloud WebDAV token
- configure.md: short usage documentation for configure.sh
- system_setup/install.sh: after cloning the repo, ask whether to run
configure.sh immediately (as the sudo-invoking user via su)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaces KDE desktop environment group and KDE-specific packages
with Cinnamon equivalents (transmission-gtk replaces ktorrent).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Process substitution does not survive sudo, so the script must be
downloaded to a temp file first.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
parted fails to resize a mounted partition non-interactively.
sfdisk --no-reread --force writes the updated partition table
directly without TTY/confirmation issues, and partprobe
re-reads it afterwards.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
parted -s answers confirmation prompts with "no" (conservative),
causing resizepart/mkpart to fail on a mounted partition. Pipe
"Yes" to parted stdin instead so busy-partition warnings are
confirmed and the operation proceeds.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
btrfs supports live filesystem resize, so there is no need to
unmount a mounted btrfs partition before shrinking it. This also
avoids umount failures when the partition is busy (e.g. /home with
an active SSH session). ext4 still requires offline resize.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Brot der Bot
obel1x
unbrot