Without -fg, gocryptfs forks to background and the parent exits,
causing systemd to consider the service done and immediately call
ExecStop (fusermount -u). With -fg, gocryptfs stays as the tracked
service process so ExecStop only fires on explicit service stop at
logout.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
systemd-run service mode returns as soon as the start request is
accepted, before gocryptfs has read the passfile. Poll /proc/mounts
for up to 10 seconds so the passfile is only removed after the mount
is confirmed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Wrap kwriteconfig5 calls in a KDE check so they are skipped on
Cinnamon and other desktops. Also add empty-session setting so
previous apps are not restored on login.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch from --scope to a transient service so systemd can run
fusermount -u via ExecStop before terminating the process.
With KillMode=none, gocryptfs exits on its own once the FUSE
filesystem is detached.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
If the IPA server FQDN cannot be resolved at startup (e.g. due to a
DNSSEC outage or network not yet ready), the logon script would silently
fail later. The new check prompts the user to retry, continue anyway, or
quit, so the problem is immediately visible.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
SSSD >= 2.10.1 no longer raises CAP_DAC_READ_SEARCH to effective in
offline mode, so validate_tgt fails with EACCES reading /etc/krb5.keytab
before the cached-credential fallback is reached. Adding krb5_validate =
False disables the keytab validation step and restores reliable offline
authentication for FreeIPA domain users.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
F44 dropped @kde-spin-initial-setup; plasma-setup (mandatory in @kde-desktop)
is now the first-boot wizard and is not covered by firstboot --disable.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@kde-pim is optional and not selected, so all KDE PIM packages are
safe to exclude. Replaces the previous partial -akonadi-server/mysql
with the complete exclusion list matching cinnamon_fullsetup.cfg.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Anaconda's depsolve pulls in akonadi-server via kmymoney-libs (kmymoney
is an optional package in @office). Exclude the entire akonadi chain
so neither akonadi-server nor any package requiring it gets installed.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Introduce NC_FLATPAK_APP and NC_FLATPAK_DIR variables so the app ID
and ~/.var/app path are defined once and referenced everywhere, rather
than repeated as literals. Also fixes a stray leading '/' in the
nextcloud.cfg grep path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
git clean -fd scopes to the current directory and below, so running it
from the system_setup/ subdirectory missed untracked files in sibling
dirs like config/. Use -C "${SYSCONFIGPATH}" to always clean from the
repo root regardless of invocation directory.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace the broken `git rebase HEAD^` with a proper shallow fetch:
- `git fetch --depth=1` limits local history to one commit, regardless of server history
- `git reset --hard FETCH_HEAD` syncs the working tree to the fetched tip
- `git clean -fd` removes untracked non-ignored files left by old versions
- `git gc --prune=now` immediately purges unreachable history objects
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Set _nc_first=0 in the already-found branch so that a configured folder
prevents subsequent entries from wiping the Nextcloud config.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Before the sync loop, find all *.bak directories in the parent dirs of
configured sync paths, list them with their size, and ask the user to
delete them with a y/N prompt.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace static _bak suffix with _YYYYMMDDhhmmss.bak so repeated runs
never fail trying to overwrite an existing backup directory.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Config wipe now guarded by _nc_wipe_done flag so subsequent new entries
do not destroy the previous setup. _nc_first logic kept as comments for
later activation when multi-folder support is confirmed working.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Shebang changed to sh; replace all [[ ]] with [ ], == with = in [ ]
- Loop over CLIENT_DATA_SYNC[@] directly instead of counting to 100;
replace index-based first-entry check with a _nc_first flag
- Fix missing fi before done, remove stray fi after KWallet block
- Dedent KWallet block to top level (was left indented from inside the loop)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- sync_client_software.sh: add system-wide flatpak session-bus override for
Nextcloud so KWallet D-Bus access works for all users; fix broken compound
test ([ a || b ] → [ a ] || [ b ])
- user_run.sh: check KWallet entries with hasEntry before writing — skip write
and print info message when both passwords are already present; remove stale
commented-out code
- install.sh: forward REPO_URL and REPO_BRANCH into configure.sh environment
for both the su- and direct-bash invocation paths
- configure.sh: simplify do_configure (user cleanup)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add source_fedora_44.inc with verified mirror URLs for Fedora 44 base,
updates, cisco-openh264, and RPM Fusion free/nonfree. Both kde_fullsetup.cfg
and cinnamon_fullsetup.cfg now %include this file instead of inlining the
repo lines. Fix stale comment in source_fedora_44.inc (said Fedora 43).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
cinnamon_fullsetup.cfg: add xapps package so the xapp-gtk3-module GTK
module referenced in Cinnamon's GTK settings is present for Flatpak apps.
user_run.sh: pass --setenv=SESSION_MANAGER= to systemd-run so Qt does not
try to connect to an X11 session manager socket that may not exist (fixes
"Could not open network socket" on Wayland and non-KDE desktops).
Guard the KWallet D-Bus block behind a session-bus presence check
(qdbus | grep org.kde.kwalletd) so it is skipped entirely on Cinnamon and
other non-KDE desktops instead of producing D-Bus errors.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Daniel unbrot Pätzold
obel1x