add bluetooth + move to run_once scripts

bootstrap.sh

@@ -1,328 +0,0 @@
-#!/usr/bin/env bash
-#
-# Arch Linux installation
-#
-# Bootable USB:
-# - [Download](https://archlinux.org/download/) ISO and GPG files
-# - Verify the ISO file: `$ pacman-key -v archlinux-<version>-x86_64.iso.sig`
-# - Create a bootable USB with: `# dd if=archlinux*.iso of=/dev/sdX && sync`
-#
-# UEFI setup:
-#
-# - Set boot mode to UEFI, disable Legacy mode entirely.
-# - Temporarily disable Secure Boot.
-# - Make sure a strong UEFI administrator password is set.
-# - Delete preloaded OEM keys for Secure Boot, allow custom ones.
-# - Set SATA operation to AHCI mode.
-#
-# Run installation:
-#
-# - Connect to wifi via: `# iwctl station wlan0 connect WIFI-NETWORK`
-# - Run: `# bash <(curl -sL https://link.rafe.li/dot)`
-#
-# WARNING: this script will destroy data on the selected disk.
-#
-
-set -uo pipefail
-trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
-
-exec 1> >(tee "stdout.log")
-exec 2> >(tee "stderr.log" >&2)
-
-export SNAP_PAC_SKIP=y
-
-# Dialog
-BACKTITLE="Arch Linux installation"
-
-get_input() {
-    title="$1"
-    description="$2"
-
-    input=$(dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --inputbox "$description" 0 0)
-    echo "$input"
-}
-
-get_password() {
-    title="$1"
-    description="$2"
-    while : ; do
-        init_pass=$(dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --passwordbox "$description" 0 0)
-        : "${init_pass:?dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --msgbox "Password cannot be empty.\nTry again." 0 0}"
-
-        test_pass=$(dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --passwordbox "$description again" 0 0)
-        if [[ "$init_pass" != "$test_pass" ]]; then
-            dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --msgbox "Passwords did not match.\nTry again." 0 0
-        else
-            break
-        fi
-    done
-    echo "$init_pass"
-}
-
-get_choice() {
-    title="$1"
-    description="$2"
-    shift 2
-    options=("$@")
-    dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --menu "$description" 0 0 0 "${options[@]}"
-}
-
-
-echo -e "\n### Checking UEFI boot mode"
-if [ ! -f /sys/firmware/efi/fw_platform_size ]; then
-    echo >&2 "You must boot in UEFI mode to continue"
-    exit 2
-fi
-
-echo -e "\n### Ensure the system clock is accurate"
-timedatectl set-ntp true
-hwclock --systohc --utc
-
-echo -e "\n### Setting keyboard layout to de-latin1"
-loadkeys de-latin1
-
-echo -e "\n### Installing additional tools"
-pacman -Sy --noconfirm --needed git reflector terminus-font dialog wget
-
-echo -e "\n### HiDPI screens"
-noyes=("Yes" "The font is too small" "No" "The font size is just fine")
-hidpi=$(get_choice "Font size" "Is your screen HiDPI?" "${noyes[@]}") || exit 1
-clear
-[[ "$hidpi" == "Yes" ]] && font="ter-132n" || font="ter-716n"
-setfont "$font"
-
-hostname=$(get_input "Hostname" "Enter hostname") || exit 1
-clear
-: "${hostname:?"hostname cannot be empty"}"
-
-user=$(get_input "User" "Enter username") || exit 1
-clear
-: "${user:?"user cannot be empty"}"
-
-password=$(get_password "User" "Enter password") || exit 1
-clear
-: "${password:?"password cannot be empty"}"
-
-devicelist=$(lsblk -dplnx size -o name,size | grep -Ev "boot|rpmb|loop" | tac | tr '\n' ' ')
-read -r -a devicelist <<< "$devicelist"
-
-device=$(get_choice "Installation" "Select installation disk" "${devicelist[@]}") || exit 1
-
-clear
-
-echo -e "\n### Setting up fastest mirrors"
-reflector --country 'Germany,France,' --protocol https --sort rate --save /etc/pacman.d/mirrorlist
-
-echo -e "\n### Setting up partitions"
-umount -R /mnt 2> /dev/null || true
-cryptsetup luksClose luks 2> /dev/null || true
-
-lsblk -plnx size -o name "${device}" | xargs -n1 wipefs --all
-sgdisk --clear "${device}" --new 1::-551MiB "${device}" --new 2::0 --typecode 2:ef00 "${device}"
-sgdisk --change-name=1:primary --change-name=2:ESP "${device}"
-
-part_root="$(ls "${device}"* | grep -E "^${device}p?1$")"
-part_boot="$(ls "${device}"* | grep -E "^${device}p?2$")"
-
-echo -e "\n### Formatting partitions"
-mkfs.vfat -n "EFI" -F 32 "${part_boot}"
-echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id --label luks "${part_root}"
-echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "${part_root}" luks
-mkfs.btrfs -L btrfs /dev/mapper/luks
-
-echo -e "\n### Setting up BTRFS subvolumes"
-mount /dev/mapper/luks /mnt
-btrfs subvolume create /mnt/root
-btrfs subvolume create /mnt/home
-btrfs subvolume create /mnt/pkgs
-btrfs subvolume create /mnt/aurbuild
-btrfs subvolume create /mnt/archbuild
-btrfs subvolume create /mnt/docker
-btrfs subvolume create /mnt/logs
-btrfs subvolume create /mnt/temp
-btrfs subvolume create /mnt/swap
-btrfs subvolume create /mnt/snapshots
-umount /mnt
-
-mount -o noatime,compress=zstd,subvol=root /dev/mapper/luks /mnt
-mkdir -p /mnt/{mnt/btrfs-root,efi,home,var/{cache/pacman,log,tmp,lib/{aurbuild,archbuild,docker}},swap,.snapshots}
-mount "${part_boot}" /mnt/efi
-mount -o noatime,compress=zstd,subvol=/ /dev/mapper/luks /mnt/mnt/btrfs-root
-mount -o noatime,compress=zstd,subvol=home /dev/mapper/luks /mnt/home
-mount -o noatime,compress=zstd,subvol=pkgs /dev/mapper/luks /mnt/var/cache/pacman
-mount -o noatime,compress=zstd,subvol=aurbuild /dev/mapper/luks /mnt/var/lib/aurbuild
-mount -o noatime,compress=zstd,subvol=archbuild /dev/mapper/luks /mnt/var/lib/archbuild
-mount -o noatime,compress=zstd,subvol=docker /dev/mapper/luks /mnt/var/lib/docker
-mount -o noatime,compress=zstd,subvol=logs /dev/mapper/luks /mnt/var/log
-mount -o noatime,compress=zstd,subvol=temp /dev/mapper/luks /mnt/var/tmp
-mount -o noatime,compress=zstd,subvol=swap /dev/mapper/luks /mnt/swap
-mount -o noatime,compress=zstd,subvol=snapshots /dev/mapper/luks /mnt/.snapshots
-
-echo -e "\n### Configuring custom repo"
-mkdir "/mnt/var/cache/pacman/${user}-local"
-
-# if [[ "${user}" == "maximbaz" && "${hostname}" == "home-"* ]]; then
-#     wget -m -nH -np -q --show-progress --progress=bar:force --reject='index.html*' --cut-dirs=2 -P "/mnt/var/cache/pacman/${user}-local" 'https://pkgbuild.com/~maximbaz/repo/'
-#     rename -- 'maximbaz.' "${user}-local." "/mnt/var/cache/pacman/${user}-local"/*
-# else
-    repo-add "/mnt/var/cache/pacman/${user}-local/${user}-local.db.tar"
-# fi
-
-if ! grep "${user}" /etc/pacman.conf > /dev/null; then
-    cat >> /etc/pacman.conf << EOF
-
-[${user}-local]
-Server = file:///mnt/var/cache/pacman/${user}-local
-
-[maximbaz]
-Server = https://pkgbuild.com/~maximbaz/repo
-
-[options]
-CacheDir = /mnt/var/cache/pacman/pkg
-CacheDir = /mnt/var/cache/pacman/${user}-local
-EOF
-fi
-
-echo -e "\n### Installing packages"
-kernel_packages=(
-	"linux"
-    "linux-headers"
-	"linux-lts"
-	"linux-firmware"
-    "intel-ucode"
-)
-fs_packages=(
-    "btrfs-progs"
-    "dosfstools"
-    "e2fsprogs"
-)
-network_packages=(
-    "iwd"
-    "systemd-resolvconf"
-)
-basic_packages=(
-	"man-db"
-	"man-pages"
-	"pacman-contrib"
-	"neovim"
-    "bash-completion"
-	"git"
-	"rsync"
-	"openssh"
-	"htop"
-    "fzf"
-    "sudo"
-)
-all_packages=(
-	${kernel_packages[@]}
-	${fs_packages[@]}
-	${network_packages[@]}
-	${basic_packages[@]}
-)
-
-pacstrap /mnt base base-devel arch-secure-boot ${all_packages[@]}
-
-echo -e "\n### Generating base config files"
-echo "cryptdevice=PARTLABEL=primary:luks:allow-discards root=LABEL=btrfs rootflags=subvol=root rw quiet mem_sleep_default=deep" > /mnt/etc/kernel/cmdline
-
-genfstab -L /mnt >> /mnt/etc/fstab
-
-echo "FONT=$font" > /mnt/etc/vconsole.conf
-echo "KEYMAP=de-latin1" >> /mnt/etc/vconsole.conf
-echo "${hostname}" > /mnt/etc/hostname
-sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /mnt/etc/locale.gen
-sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /mnt/etc/locale.gen
-echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
-arch-chroot /mnt locale-gen
-
-ln -sf /usr/share/zoneinfo/Europe/Berlin /mnt/etc/localtime
-
-echo "$hostname" > /mnt/etc/hostname
-echo -e "127.0.0.1\tlocalhost" >>/mnt/etc/hosts
-echo -e "127.0.1.1\t$hostname" >>/mnt/etc/hosts
-echo -e "\n::1\tlocalhost" >>/mnt/etc/hosts
-
-# Propagate the systemd-resolved managed configuration to all clients (stub mode)
-ln -sf /run/systemd/resolve/stub-resolv.conf /mnt/etc/resolv.conf
-
-cat >/mnt/etc/systemd/network/20-wired.network <<EOF
-[Match]
-Name=en*
-
-[Network]
-DHCP=yes
-
-[DHCPv4]
-RouteMetric=10
-UseDomains=true
-
-[IPv6AcceptRA]
-RouteMetric=10
-UseDomains=yes
-EOF
-
-cat >/mnt/etc/systemd/network/25-wireless.network <<EOF
-[Match]
-Name=wl*
-
-[Network]
-DHCP=yes
-
-[DHCPv4]
-RouteMetric=20
-UseDomains=true
-
-[IPv6AcceptRA]
-RouteMetric=20
-UseDomains=yes
-EOF
-
-mkdir -p /mnt/etc/iwd
-cat >/mnt/etc/iwd/main.conf <<EOF
-[General]
-EnableNetworkConfiguration=true
-
-[Network]
-EnableIPv6=true
-EOF
-
-arch-chroot /mnt systemctl enable systemd-timesyncd fstrim.timer systemd-networkd systemd-resolved iwd
-
-cat >/mnt/etc/mkinitcpio.conf <<EOF
-MODULES=(i915)
-BINARIES=(/usr/bin/btrfs)
-FILES=()
-HOOKS=(base consolefont udev autodetect keyboard keymap modconf block encrypt filesystems fsck shutdown)
-EOF
-
-arch-chroot /mnt mkinitcpio -p linux
-arch-chroot /mnt arch-secure-boot initial-setup
-
-echo -e "\n### Configuring swap file"
-swap_size=$(free --mebi | awk '/Mem:/ {print $2}')
-swap_end=$(( $swap_size + 129 + 1 ))MiB
-truncate -s 0 /mnt/swap/swapfile
-chattr +C /mnt/swap/swapfile
-btrfs property set /mnt/swap/swapfile compression none
-fallocate -l $swap_end /mnt/swap/swapfile
-chmod 600 /mnt/swap/swapfile
-mkswap /mnt/swap/swapfile
-echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab
-
-# sudo
-#sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' /mnt/etc/sudoers
-
-echo -e "\n### Creating user"
-arch-chroot /mnt useradd -m "$user"
-for group in wheel network video audio input storage power; do
-    arch-chroot /mnt groupadd -rf "$group"
-    arch-chroot /mnt gpasswd -a "$user" "$group"
-done
-echo "$user:$password" | arch-chroot /mnt chpasswd
-# disable root login
-arch-chroot /mnt passwd -dl root
-
-echo -e "\n### Setting permissions on the custom repo"
-arch-chroot /mnt chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
-
-echo -e "\n### Reboot now, and after power off remember to unplug the installation USB"

dot_config/sway/config

@@ -36,9 +36,9 @@ output * bg /usr/share/backgrounds/sway/Sway_Wallpaper_Blue_1920x1080.png fill
 # Example configuration:
 #
 exec swayidle -w \
-         timeout 300 'swaylock -f -c 3c3c3c' \
+         timeout 300 'swaylock -f -c 1e1e1e' \
          timeout 600 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
-         before-sleep 'swaylock -f -c 3c3c3c'
+         before-sleep 'swaylock -f -c 1e1e1e'
 #
 # This will lock your screen after 300 seconds of inactivity, then turn off
 # your displays after another 300 seconds, and turn your screens back on when

etc/bluetooth/main.conf

@@ -0,0 +1,294 @@
+[General]
+
+# Default adapter name
+# Defaults to 'BlueZ X.YZ'
+#Name = BlueZ
+
+# Default device class. Only the major and minor device class bits are
+# considered. Defaults to '0x000000'.
+#Class = 0x000100
+
+# How long to stay in discoverable mode before going back to non-discoverable
+# The value is in seconds. Default is 180, i.e. 3 minutes.
+# 0 = disable timer, i.e. stay discoverable forever
+#DiscoverableTimeout = 0
+
+# Always allow pairing even if there are no agent registered
+# Possible values: true, false
+# Default: false
+#AlwaysPairable = false
+
+# How long to stay in pairable mode before going back to non-discoverable
+# The value is in seconds. Default is 0.
+# 0 = disable timer, i.e. stay pairable forever
+#PairableTimeout = 0
+
+# Use vendor id source (assigner), vendor, product and version information for
+# DID profile support. The values are separated by ":" and assigner, VID, PID
+# and version.
+# Possible vendor id source values: bluetooth, usb (default) or false (disabled)
+#DeviceID = bluetooth:1234:5678:abcd
+
+# Do reverse service discovery for previously unknown devices that connect to
+# us. For BR/EDR this option is really only needed for qualification since the
+# BITE tester doesn't like us doing reverse SDP for some test cases, for LE
+# this disables the GATT client functionally so it can be used in system which
+# can only operate as peripheral.
+# Defaults to 'true'.
+#ReverseServiceDiscovery = true
+
+# Enable name resolving after inquiry. Set it to 'false' if you don't need
+# remote devices name and want shorter discovery cycle. Defaults to 'true'.
+#NameResolving = true
+
+# Enable runtime persistency of debug link keys. Default is false which
+# makes debug link keys valid only for the duration of the connection
+# that they were created for.
+#DebugKeys = false
+
+# Restricts all controllers to the specified transport. Default value
+# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
+# Possible values: "dual", "bredr", "le"
+#ControllerMode = dual
+
+# Enables Multi Profile Specification support. This allows to specify if
+# system supports only Multiple Profiles Single Device (MPSD) configuration
+# or both Multiple Profiles Single Device (MPSD) and Multiple Profiles Multiple
+# Devices (MPMD) configurations.
+# Possible values: "off", "single", "multiple"
+#MultiProfile = off
+
+# Permanently enables the Fast Connectable setting for adapters that
+# support it. When enabled other devices can connect faster to us,
+# however the tradeoff is increased power consumptions. This feature
+# will fully work only on kernel version 4.1 and newer. Defaults to
+# 'false'.
+FastConnectable = true
+
+# Default privacy setting.
+# Enables use of private address.
+# Possible values for LE mode: "off", "network/on", "device"
+# Possible values for Dual mode: "off", "network/on", "device",
+# "limited-network", "limited-device"
+#
+# - off: Local privacy disabled.
+#
+# - network/on: A device will only accept advertising packets from peer
+# devices that contain private addresses. It may not be compatible with some
+# legacy devices since it requires the use of RPA(s) all the time.
+#
+# - device: A device in device privacy mode is only concerned about the
+# privacy of the device and will accept advertising packets from peer devices
+# that contain their Identity Address as well as ones that contain a private
+# address, even if the peer device has distributed its IRK in the past.
+
+# - limited-network: Apply Limited Discoverable Mode to advertising, which
+# follows the same policy as to BR/EDR that publishes the identity address when
+# discoverable, and Network Privacy Mode for scanning.
+#
+# - limited-device: Apply Limited Discoverable Mode to advertising, which
+# follows the same policy as to BR/EDR that publishes the identity address when
+# discoverable, and Device Privacy Mode for scanning.
+#
+# Defaults to "off"
+#Privacy = off
+
+# Specify the policy to the JUST-WORKS repairing initiated by peer
+# Possible values: "never", "confirm", "always"
+# Defaults to "never"
+#JustWorksRepairing = never
+
+# How long to keep temporary devices around
+# The value is in seconds. Default is 30.
+# 0 = disable timer, i.e. never keep temporary devices
+#TemporaryTimeout = 30
+
+# Enables the device to issue an SDP request to update known services when
+# profile is connected. Defaults to true.
+#RefreshDiscovery = true
+
+# Enables experimental features and interfaces, alternatively a list of UUIDs
+# can be given.
+# Possible values: true,false,<UUID List>
+# Possible UUIDS:
+# d4992530-b9ec-469f-ab01-6c481c47da1c (BlueZ Experimental Debug)
+# 671b10b5-42c0-4696-9227-eb28d1b049d6 (BlueZ Experimental Simultaneous Central and Peripheral)
+# 15c0a148-c273-11ea-b3de-0242ac130004 (BlueZ Experimental LL privacy)
+# 330859bc-7506-492d-9370-9a6f0614037f (BlueZ Experimental Bluetooth Quality Report)
+# a6695ace-ee7f-4fb9-881a-5fac66c629af (BlueZ Experimental Offload Codecs)
+# Defaults to false.
+#Experimental = false
+
+# The duration to avoid retrying to resolve a peer's name, if the previous
+# try failed.
+# The value is in seconds. Default is 300, i.e. 5 minutes.
+#RemoteNameRequestRetryDelay = 300
+
+[BR]
+# The following values are used to load default adapter parameters for BR/EDR.
+# BlueZ loads the values into the kernel before the adapter is powered if the
+# kernel supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't
+# provided, the kernel will be initialized to it's default value.  The actual
+# value will vary based on the kernel version and thus aren't provided here.
+# The Bluetooth Core Specification should be consulted for the meaning and valid
+# domain of each of these values.
+
+# BR/EDR Page scan activity configuration
+#PageScanType=
+#PageScanInterval=
+#PageScanWindow=
+
+# BR/EDR Inquiry scan activity configuration
+#InquiryScanType=
+#InquiryScanInterval=
+#InquiryScanWindow=
+
+# BR/EDR Link supervision timeout
+#LinkSupervisionTimeout=
+
+# BR/EDR Page Timeout
+#PageTimeout=
+
+# BR/EDR Sniff Intervals
+#MinSniffInterval=
+#MaxSniffInterval=
+
+[LE]
+# The following values are used to load default adapter parameters for LE.
+# BlueZ loads the values into the kernel before the adapter is powered if the
+# kernel supports the MGMT_LOAD_DEFAULT_PARAMETERS command. If a value isn't
+# provided, the kernel will be initialized to it's default value.  The actual
+# value will vary based on the kernel version and thus aren't provided here.
+# The Bluetooth Core Specification should be consulted for the meaning and valid
+# domain of each of these values.
+# LE advertisement interval (used for legacy advertisement interface only)
+#MinAdvertisementInterval=
+#MaxAdvertisementInterval=
+#MultiAdvertisementRotationInterval=
+
+# LE scanning parameters used for passive scanning supporting auto connect
+# scenarios
+#ScanIntervalAutoConnect=
+#ScanWindowAutoConnect=
+
+# LE scanning parameters used for passive scanning supporting wake from suspend
+# scenarios
+#ScanIntervalSuspend=
+#ScanWindowSuspend=
+
+# LE scanning parameters used for active scanning supporting discovery
+# proceedure
+#ScanIntervalDiscovery=
+#ScanWindowDiscovery=
+
+# LE scanning parameters used for passive scanning supporting the advertisement
+# monitor Apis
+#ScanIntervalAdvMonitor=
+#ScanWindowAdvMonitor=
+
+# LE scanning parameters used for connection establishment.
+#ScanIntervalConnect=
+#ScanWindowConnect=
+
+# LE default connection parameters.  These values are superceeded by any
+# specific values provided via the Load Connection Parameters interface
+#MinConnectionInterval=
+#MaxConnectionInterval=
+#ConnectionLatency=
+#ConnectionSupervisionTimeout=
+#Autoconnecttimeout=
+
+# Scan duration during interleaving scan. Only used when scanning for ADV
+# monitors. The units are msec.
+# Default: 300
+#AdvMonAllowlistScanDuration=
+# Default: 500
+#AdvMonNoFilterScanDuration=
+
+# Enable/Disable Advertisement Monitor interleave scan for power saving.
+# 0: disable
+# 1: enable
+# Defaults to 1
+#EnableAdvMonInterleaveScan=
+
+[GATT]
+# GATT attribute cache.
+# Possible values:
+# always: Always cache attributes even for devices not paired, this is
+# recommended as it is best for interoperability, with more consistent
+# reconnection times and enables proper tracking of notifications for all
+# devices.
+# yes: Only cache attributes of paired devices.
+# no: Never cache attributes
+# Default: always
+#Cache = always
+
+# Minimum required Encryption Key Size for accessing secured characteristics.
+# Possible values: 0 and 7-16. 0 means don't care.
+# Defaults to 0
+#KeySize = 0
+
+# Exchange MTU size.
+# Possible values: 23-517
+# Defaults to 517
+#ExchangeMTU = 517
+
+# Number of ATT channels
+# Possible values: 1-5 (1 disables EATT)
+# Default to 3
+#Channels = 3
+
+[AVDTP]
+# AVDTP L2CAP Signalling Channel Mode.
+# Possible values:
+# basic: Use L2CAP Basic Mode
+# ertm: Use L2CAP Enhanced Retransmission Mode
+#SessionMode = basic
+
+# AVDTP L2CAP Transport Channel Mode.
+# Possible values:
+# basic: Use L2CAP Basic Mode
+# streaming: Use L2CAP Streaming Mode
+#StreamMode = basic
+
+[Policy]
+#
+# The ReconnectUUIDs defines the set of remote services that should try
+# to be reconnected to in case of a link loss (link supervision
+# timeout). The policy plugin should contain a sane set of values by
+# default, but this list can be overridden here. By setting the list to
+# empty the reconnection feature gets disabled.
+#ReconnectUUIDs=00001112-0000-1000-8000-00805f9b34fb,0000111f-0000-1000-8000-00805f9b34fb,0000110a-0000-1000-8000-00805f9b34fb,0000110b-0000-1000-8000-00805f9b34fb
+
+# ReconnectAttempts define the number of attempts to reconnect after a link
+# lost. Setting the value to 0 disables reconnecting feature.
+#ReconnectAttempts=7
+
+# ReconnectIntervals define the set of intervals in seconds to use in between
+# attempts.
+# If the number of attempts defined in ReconnectAttempts is bigger than the
+# set of intervals the last interval is repeated until the last attempt.
+#ReconnectIntervals=1,2,4,8,16,32,64
+
+# AutoEnable defines option to enable all controllers when they are found.
+# This includes adapters present on start as well as adapters that are plugged
+# in later on. Defaults to 'false'.
+AutoEnable=true
+
+# Audio devices that were disconnected due to suspend will be reconnected on
+# resume. ResumeDelay determines the delay between when the controller
+# resumes from suspend and a connection attempt is made. A longer delay is
+# better for better co-existence with Wi-Fi.
+# The value is in seconds.
+# Default: 2
+#ResumeDelay = 2
+
+[AdvMon]
+# Default RSSI Sampling Period. This is used when a client registers an
+# advertisement monitor and leaves the RSSISamplingPeriod unset.
+# Possible values:
+# 0x00       Report all advertisements
+# N = 0xXX   Report advertisements every N x 100 msec (range: 0x01 to 0xFE)
+# 0xFF       Report only one advertisement per device during monitoring period
+# Default: 0xFF
+#RSSISamplingPeriod=0xFF

install.sh

@@ -225,6 +225,9 @@ basic_packages=(
     "docbook-xls" # depenency of plymouth-git
     "efitools" # provides KeyTool
     "libfido2" # for systemd-cryptenroll
+    "bluez"
+    "bluez-utils"
+    "usbutils" # for lsusb
 )
 all_packages=(
 	${kernel_packages[@]}
@@ -233,10 +236,9 @@ all_packages=(
 	${basic_packages[@]}
 )
 
-pacstrap /mnt base base-devel arch-secure-boot ${all_packages[@]}
+pacstrap /mnt base base-devel arch-secure-boot chezmoi ${all_packages[@]}
 
 echo -e "\n### Generating base config files"
-echo "cryptdevice=PARTLABEL=primary:luks:allow-discards root=LABEL=btrfs rootflags=subvol=root rw quiet mem_sleep_default=deep" > /mnt/etc/kernel/cmdline
 
 genfstab -L /mnt >> /mnt/etc/fstab
 
@@ -255,62 +257,6 @@ echo -e "127.0.0.1\tlocalhost" >>/mnt/etc/hosts
 echo -e "127.0.1.1\t$hostname" >>/mnt/etc/hosts
 echo -e "\n::1\tlocalhost" >>/mnt/etc/hosts
 
-# Propagate the systemd-resolved managed configuration to all clients (stub mode)
-ln -sf /run/systemd/resolve/stub-resolv.conf /mnt/etc/resolv.conf
-
-cat >/mnt/etc/systemd/network/20-wired.network <<EOF
-[Match]
-Name=en*
-
-[Network]
-DHCP=yes
-
-[DHCPv4]
-RouteMetric=10
-UseDomains=true
-
-[IPv6AcceptRA]
-RouteMetric=10
-UseDomains=yes
-EOF
-
-cat >/mnt/etc/systemd/network/25-wireless.network <<EOF
-[Match]
-Name=wl*
-
-[Network]
-DHCP=yes
-
-[DHCPv4]
-RouteMetric=20
-UseDomains=true
-
-[IPv6AcceptRA]
-RouteMetric=20
-UseDomains=yes
-EOF
-
-mkdir -p /mnt/etc/iwd
-cat >/mnt/etc/iwd/main.conf <<EOF
-[General]
-EnableNetworkConfiguration=true
-
-[Network]
-EnableIPv6=true
-EOF
-
-arch-chroot /mnt systemctl enable systemd-timesyncd fstrim.timer systemd-networkd systemd-resolved iwd
-
-cat >/mnt/etc/mkinitcpio.conf <<EOF
-MODULES=(i915)
-BINARIES=(/usr/bin/btrfs)
-FILES=()
-HOOKS=(base consolefont udev autodetect keyboard keymap modconf block encrypt filesystems fsck shutdown)
-EOF
-
-arch-chroot /mnt mkinitcpio -p linux
-arch-chroot /mnt arch-secure-boot initial-setup
-
 echo -e "\n### Configuring swap file"
 swap_size=$(free --mebi | awk '/Mem:/ {print $2}')
 swap_end=$(( $swap_size + 129 + 1 ))MiB
@@ -336,11 +282,7 @@ arch-chroot /mnt passwd -dl root
 echo -e "\n### Setting permissions on the custom repo"
 arch-chroot /mnt chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
 
-echo -e "\n### Cloning dotfiles"
-arch-chroot /mnt sudo -u $user bash -c 'git clone --recursive https://code.strobeto.de/strobeltobias/dotfiles.git ~/.dotfiles'
+echo -e "\n### Cloning dotfiles and running initial setup"
+arch-chroot /mnt sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState'
 
-echo -e "\n### Running initial setup"
-arch-chroot /mnt /home/$user/.dotfiles/setup-system.sh
-arch-chroot /mnt sudo -u $user /home/$user/.dotfiles/setup-user.sh
-
-echo -e "\n### DONE - reboot and re-run both ~/.local/share/chezmoi/setup-*.sh scripts"
+echo -e "\n### DONE - reboot and re-run 'chezmoi apply' to complete system setup"

setup-system.sh

@@ -38,7 +38,7 @@ copy() {
     if [ -z "$reverse" ]; then
         [ -n "$2" ] && chmod "$2" "$dest_file"
     else
-        chown -R tobias "$dest_file"
+        chown -R $USER "$dest_file"
     fi
     echo "$dest_file <= $orig_file"
 }
@@ -67,7 +67,7 @@ copy "etc/kernel/cmdline"
 copy "etc/sysctl.d/20-quiet-printk.conf"
 copy "etc/modprobe.d/i915.conf"
 #copy "etc/aurutils/pacman-x86_64.conf"
-#copy "etc/bluetooth/main.conf"
+copy "etc/bluetooth/main.conf"
 #copy "etc/conf.d/snapper"
 #copy "etc/default/earlyoom"
 #copy "etc/docker/daemon.json"
@@ -113,7 +113,7 @@ echo "================================="
 sysctl --system > /dev/null
 
 systemctl daemon-reload
-#systemctl_enable_start "bluetooth.service"
+systemctl_enable_start "bluetooth.service"
 #systemctl_enable_start "btrfs-scrub@-.timer"
 #systemctl_enable_start "btrfs-scrub@mnt-btrfs\x2droot.timer"
 #systemctl_enable_start "btrfs-scrub@home.timer"
@@ -126,8 +126,8 @@ systemctl daemon-reload
 #systemctl_enable_start "btrfs-scrub@var-lib-docker.timer"
 #systemctl_enable_start "docker.socket"
 #systemctl_enable_start "earlyoom.service"
-#systemctl_enable_start "fstrim.timer"
-#systemctl_enable_start "iwd.service"
+systemctl_enable_start "fstrim.timer"
+systemctl_enable_start "iwd.service"
 #systemctl_enable_start "linux-modules-cleanup.service"
 #systemctl_enable_start "lenovo_fix.service"
 #systemctl_enable_start "nftables.service"
@@ -135,8 +135,9 @@ systemctl daemon-reload
 #systemctl_enable_start "reflector.timer"
 #systemctl_enable_start "snapper-cleanup.timer"
 #systemctl_enable_start "system-dotfiles-sync.timer"
-#systemctl_enable_start "systemd-networkd.socket"
-#systemctl_enable_start "systemd-resolved.service"
+systemctl_enable_start "systemd-networkd.socket"
+systemctl_enable_start "systemd-resolved.service"
+systemctl_enable_start "systemd-timesyncd"
 #systemctl_enable_start "tlp.service"
 
 #if [ ! -s "/etc/usbguard/rules.conf" ]; then
@@ -176,16 +177,30 @@ timedatectl set-ntp true
 echo "Configuring aurutils"
 ln -sf /etc/pacman.conf /etc/aurutils/pacman-tobias-local.conf
 
-echo "Configuring plymouth"
-plymouth-set-default-theme -R spinner && arch-secure-boot generate-efi
+PLYMOUTH_THEME="spinner"
+if [ "$(plymouth-set-default-theme)" != "$PLYMOUTH_THEME" ]; then
+    echo "Configuring plymouth"
+    plymouth-set-default-theme "$PLYMOUTH_THEME"
+fi
 
-echo "Preparing KeyTool to allow install PK key"
-mkdir -p /efi/EFI/secureboot
-sbsign --key /etc/arch-secure-boot/keys/db.key --cert /etc/arch-secure-boot/keys/db.crt --output /efi/EFI/secureboot/KeyTool-signed.efi /usr/share/efitools/efi/KeyTool.efi
-cp /etc/secureboot/keys/PK/PK.auth /efi/EFI/secureboot/PK.auth
-mount="$(findmnt -n -o SOURCE -T "/efi")"
-partition="${mount##*[!0-9]}"
-entry="/EFI/secureboot/KeyTool-signed.efi"
-efibootmgr -d "$mount" -p "$partition" -c -l "${entry//\//\\}" -L "KeyTool"
+echo "Configuring mkinitcpio + secure boot"
 
-echo "Reboot into KeyTool and install PK key (EFI/secureboot/PK.auth) to UEFI"
+mkinitcpio -P
+
+if [ ! -s "/etc/arch-secure-boot/keys/PK.auth" ]; then
+    arch-secure-boot initial-setup
+else
+    arch-secure-boot generate-efi
+fi
+
+if [ ! -f /efi/EFI/secureboot/KeyTool-signed.efi ];  then
+    echo "Preparing KeyTool to allow install PK key"
+    mkdir -p /efi/EFI/secureboot
+    sbsign --key /etc/arch-secure-boot/keys/db.key --cert /etc/arch-secure-boot/keys/db.crt --output /efi/EFI/secureboot/KeyTool-signed.efi /usr/share/efitools/efi/KeyTool.efi
+    cp /etc/secureboot/keys/PK/PK.auth /efi/EFI/secureboot/PK.auth
+    mount="$(findmnt -n -o SOURCE -T "/efi")"
+    partition="${mount##*[!0-9]}"
+    entry="/EFI/secureboot/KeyTool-signed.efi"
+    efibootmgr -d "$mount" -p "$partition" -c -l "${entry//\//\\}" -L "KeyTool"
+    echo "Reboot into KeyTool and install PK key (EFI/secureboot/PK.auth) to UEFI"
+fi