commit cf02f03a30b854e7e55a3f04a66904b8cdeba677
Author: Myve <forge@myvelabs.com>
Date:   Fri Jun 14 07:14:44 2024 +0000

    First commit

diff --git a/iwd-connect b/iwd-connect
new file mode 100644
index 0000000..c469267
--- /dev/null
+++ b/iwd-connect
@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+iwd_station=$(iwctl station list | grep connected | awk '{print $(NF-1)}')
+[ ${iwd_station} ] || exit 1
+
+clear
+
+iwctl station ${iwd_station} get-networks
+
+while true
+do
+  unset hidden_yes_no
+  if [ ${1} ]
+  then
+    ssid=${1}
+  else
+    read -r -p 'Network SSID: ' ssid
+  fi
+
+  if iwctl known-networks list | grep -q -w ${ssid}
+  then
+    echo
+    break
+  elif iwctl station ${iwd_station} get-networks | grep -q -w ${ssid}
+  then
+    echo
+    break
+  else
+    until [[ ${hidden_yes_no} = [yYnN] ]]
+    do
+      read -n 1 -r -p 'Is network hidden (y/n): ' hidden_yes_no
+      [[ ${hidden_yes_no} = [yYnN] ]] || echo -e '\n\n\e[1;31mNot a valid answer, type "y" or "n"\e[0m'
+    done
+    echo -e '\n'
+
+    if [[ ${hidden_yes_no} = [yY] ]]
+    then
+      hidden_network='-hidden'
+      break
+    fi
+  fi
+done
+
+while true
+do
+  if iwctl known-networks list | grep -q -w ${ssid}
+  then
+    if ! iwctl station ${iwd_station} connect ${ssid} "$2"
+    then
+      iwctl station ${iwd_station} connect-hidden ${ssid} "$2"
+    fi
+  else
+    echo -e -n "Enter wifi passphrase for ${ssid} (or leave blank if there is none): "
+    read -r -p '' wifipass
+    if [ -z ${wifipass} ]
+    then
+    wifipass='""'
+    fi
+  
+    iwctl --passphrase ${wifipass} station ${iwd_station} connect${hidden_network} ${ssid} "$2"
+  fi
+
+  if iwctl station ${iwd_station} show | grep -w 'Connected network' | grep -q ${ssid}
+  then
+    unset wifipass
+
+    clear
+    iwctl station ${iwd_station} show
+
+    until iwctl station ${iwd_station} show | grep -q 'IPv4 address'
+    do
+      sleep 3
+    done
+
+    clear
+    iwctl station ${iwd_station} show
+
+    echo -e '\e[1;32mSuccess!\e[0m\n'
+    exit 0
+  else
+    echo -e '\n\e[1;31mInvalid passphrase, try again\e[0m'
+  fi
+done
diff --git a/mkiso b/mkiso
new file mode 100644
index 0000000..1ffc85b
--- /dev/null
+++ b/mkiso
@@ -0,0 +1,158 @@
+#!/usr/bin/env bash
+set -e
+
+# Insert SSH keys here
+sshkeys=''
+
+# Fill in iso output directory
+isopath=
+
+# Exit if run without sudo
+if [ ${EUID} -ne 0 ]
+then
+    echo "Please run as root"
+    exit 1
+fi
+
+# Exit if directory doesn't exist
+if ! [ -d ${isopath}/ ]
+then
+    echo "ISO output path isn't specified"
+    exit 1
+fi
+
+# Create work directory
+workdir=$(mktemp -d)
+cd ${workdir}/
+
+clear
+
+# Download latest releng profile
+echo "$(tput setaf 4)$(tput bold):: Downloading necessary files$(tput sgr0)"
+curl --fail -s https://git.myvelabs.com/mirrors/archiso/archive/master.tar.gz | tar xz -C .
+rsync -a ./archiso/configs/releng ./ --exclude '*reflector*'
+rm -r ./archiso/
+
+# Tweak releng profile
+# Create directories
+mkdir -p ./releng/airootfs/var/lib/iwd
+mkdir -p ./releng/airootfs/etc/wireguard
+
+# Download essential arch scripts
+curl --fail -s -L https://git.myvelabs.app/lab/archlinux/raw/branch/master/installer.sh >./releng/airootfs/usr/local/bin/installer
+curl --fail -s -L https://git.myvelabs.app/lab/archlinux/raw/branch/master/recover.sh >./releng/airootfs/usr/local/bin/recover
+
+# IWD connector
+curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/iwd-connect >./releng/airootfs/usr/local/bin/iwd-connect
+
+# ~/.zshrc
+curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/zshrc >./releng/airootfs/root/.zshrc
+
+# Copy mirrorlist
+cp /etc/pacman.d/mirrorlist ./releng/airootfs/etc/pacman.d/
+
+# Custom pacman.conf
+sed -i \
+  -e '/Color/c\Color' \
+  -e '/ParallelDownloads/c\ParallelDownloads = 10' \
+  ./releng/pacman.conf
+
+# SSH
+echo 'PasswordAuthentication no
+AuthenticationMethods publickey' >./releng/airootfs/etc/ssh/sshd_config.d/zz-archiso.conf
+mkdir -p ./releng/airootfs/root/.ssh
+echo "${sshkeys}" >./releng/airootfs/root/.ssh/authorized_keys
+
+# Remove livecd
+find ./releng/ -type f -iname "*livecd*" -exec rm -r -f {} \;
+
+# Modify packages.x86_64
+echo 'bash-completion
+yubikey-personalization
+yubikey-full-disk-encryption
+wireguard-tools' >>./releng/packages.x86_64
+sed -i 's/^livecd-sounds/#&/' ./releng/packages.x86_64
+
+# # permissions for profiledef.sh
+sed -i '/livecd-sound/d' ./releng/profiledef.sh
+sed -i 's#^)$#  ["/usr/local/bin/recover"]="0:0:755"\
+  ["/usr/local/bin/installer"]="0:0:755"\
+  ["/usr/local/bin/iwd-connect"]="0:0:755"\
+  ["/var/lib/iwd"]="0:0:0700"\
+  ["/etc/wireguard/"]="0:0:0700"\
+&#' ./releng/profiledef.sh
+
+# Tweak /etc/motd
+sed -i 's/iwctl/iwd-connect/' ./releng/airootfs/etc/motd
+
+# Show IP address at login
+sed -i 's#\[Service\]#&\
+ExecStartPre=/bin/sh -c '\''sed -i 1q /etc/issue; echo >> /etc/issue; if ping -q -c 1 -W 3 1.1.1.1 >/dev/null; then sed -i "/Arch Linux/a Local IP: $(ip r | awk "{print \\$(NF-2);exit}")" /etc/issue; fi'\''#' ./releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
+
+# Bootloader modifications
+# Systemd-boot
+sed -i 's/beep on/#&/' ./releng/efiboot/loader/loader.conf
+sed -i 's/timeout 15/timeout 5/' ./releng/efiboot/loader/loader.conf
+mv ./releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf ./releng/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf
+sed -i 's/) with speech/, Copy to RAM)/' ./releng/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf
+sed -i 's/accessibility=on/copytoram/' ./releng/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf
+
+# Grub
+sed -i 's/timeout=15/timeout=5/' ./releng/grub/grub.cfg
+sed -i 's/play 600 988 1 1319 4/#&/' ./releng/grub/grub.cfg
+sed -i 's/with speakup screen reader/Copy to RAM/' ./releng/grub/grub.cfg
+sed -i 's/timeout=15/timeout=5/' ./releng/grub/loopback.cfg
+sed -i 's/with speakup screen reader/Copy to RAM/' ./releng/grub/loopback.cfg
+sed -i 's/archlinux-accessibility/archlinux-copy-to-ram/' ./releng/grub/grub.cfg
+sed -i 's/accessibility=on/copytoram/' ./releng/grub/grub.cfg
+
+# Syslinux
+sed -i 's/TIMEOUT 150/TIMEOUT 50/' ./releng/syslinux/archiso_sys.cfg
+sed -i 's/# Accessibility/# Copy to RAM/' ./releng/syslinux/archiso_sys-linux.cfg
+sed -i 's/arch64speech/arch64ram/' ./releng/syslinux/archiso_sys-linux.cfg
+sed -i 's/speakup screen reader/Copy to RAM option/' ./releng/syslinux/archiso_sys-linux.cfg
+sed -i 's/ with speech feedback//' ./releng/syslinux/archiso_sys-linux.cfg
+sed -i 's/) with ^speech/, Copy to RAM)/' ./releng/syslinux/archiso_sys-linux.cfg
+sed -i 's/accessibility=on/copytoram/' ./releng/syslinux/archiso_sys-linux.cfg
+
+# vconsole.conf
+echo 'KEYMAP=us
+FONT=ter-224n' >./releng/airootfs/etc/vconsole.conf
+
+# Install ZFS
+case ${1} in
+    zfs)
+        cat >>./releng/pacman.conf <<'zfs'
+
+[archzfs]
+Server = https://archzfs.com/$repo/$arch
+zfs
+        mkdir -p ./releng/airootfs/usr/share/pacman/keyrings
+        curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/zfs/archzfs-trusted >./releng/airootfs/usr/share/pacman/keyrings/archzfs-trusted
+        curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/zfs/archzfs.gpg >./releng/airootfs/usr/share/pacman/keyrings/archzfs.gpg
+        echo 'archzfs-linux' >>./releng/packages.x86_64
+        ;;
+esac
+
+# Custom pacman.conf
+sed -e '/^#\|^$\|IgnorePkg/d' \
+    -e "/^\[core\]$\|^\[extra\]$\|^\[archzfs\]$/a\\
+CacheServer = https://pacman.myvelabs.com" \
+    /etc/pacman.conf >./releng/airootfs/etc/pacman.conf
+
+# Begin mkarchiso
+if mkarchiso -v -w ./workdir -o ./output ./releng -r
+then
+    case ${1} in
+        zfs)
+            rename -- "archlinux" "archzfs" ./output/*
+            ;;
+        *)
+            rename -- ".iso" "${version}.iso" ./output/*
+            ;;
+    esac
+
+    mv ./output/*.iso ${isopath}/
+    cd ~
+    rm -r -f /tmp/tmp.*/
+fi
\ No newline at end of file
diff --git a/zfs/archzfs-trusted b/zfs/archzfs-trusted
new file mode 100644
index 0000000..d9b5ffb
--- /dev/null
+++ b/zfs/archzfs-trusted
@@ -0,0 +1 @@
+DDF7DB817396A49B2A2723F7403BD972F75D9D76:4:
diff --git a/zfs/archzfs.gpg b/zfs/archzfs.gpg
new file mode 100644
index 0000000..8e6a360
--- /dev/null
+++ b/zfs/archzfs.gpg
@@ -0,0 +1,61 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFtDvKwBCADfjeYybNsoGu+NLUQHBQHlV8jfqQMqox/vZXiUD6dm4aWvOpL8
+YTT+WWh9aBItUubci8/VK80rAhzB/graYNhBB6XIEnCtEJH5V6PsZIN09avvdIbD
+I6jWnQ3s6LuPqVGWOoOxUbEtcnw8Ax+OU6eqZ9v3kMIkx3nXZaHWGDLjhFVW+CiZ
+FqhXywQhgvi391KphDMK7daMLW5VphCaiVJbZ8VDoLiDH6X1sRITtgcOAiowT7js
+Nl8z334d3Cy4FQ4vrAcPtQbBd2mQbDECLPXoWMTyh+JpYkPCBkF/CTawf8LhQcgs
+eHtHt9S7rGtQgbGzuCShM/4g1g9q+GfDLKBHABEBAAG0IkFyY2haRlMgQm90IDxi
+dWlsZGJvdEBhcmNoemZzLmNvbT6JAVEEEwEIADsCGwMFCwkIBwIGFQoJCAsCBBYC
+AwECHgECF4ACGQEWIQTd99uBc5akmyonI/dAO9ly912ddgUCX7+aSgAKCRBAO9ly
+912ddrCpCAChG5Et8ODGXK9KnKGAI9hCIAAumwl1G+lGkEUpBGegyOn093DGB3zV
+7RZYl3BPQMdr7KoezxP7RYZdN5XF3vELBlNxy1W7s95HXKbCSVxh8fSXqtyxtDRs
+6ISTQ0OnkmG3cSbdc9uyrpxa7lt4wUA3Kq9JHiAZnBoGj0eSZoRq4LGdYJB54xfB
+5lN3YqLDjqfVAmwwv6TeWQSRzRj5nxJQWxY/JOTPwh/LRjOtj1YwAqRXA3Q45+bB
+T8PZPb1QAqA5g9zvHXOnVyv3wjDb389zXz6I9YUg5+YW8apIN8C2LamZy1rgErxO
+1GYQ5k8zZddwiZ3pP0lgTFKba+7EOT9WiQIzBBABCAAdFiEE7+1GyEvRHdl5iZUs
+IsaVeeESPOYFAlzrNI4ACgkQIsaVeeESPOZWLg/+N+uUsB8ELWPUXiKVIDuEoL07
+cyxYw7Ru2UW3sq/NT2/AkYuHmrXcYD8GYu3LKzzsbhAoUEYtGOX38X7yN1gVOOb1
+wmjAP9NwgDJ7anqMxtogC3geplMXLs+Zv7EMS/UvvZf7wCqmhRI07jr8ZZZOXale
+LdPICnq9Wm1Ah4k/JGcAEolYuBsTPbPaox4J42+l0GuVEvlTiWnG0G3IFhkvfeJP
+iaQJ/9aLiN6qExhJd5Az3Y0l/wq3Kjom31gJZLO4tHnXVoc/82JuIGJkDZDWOC00
+FqmX5fiC3k6Tid6Mt5KNb6ySA0Uo4hRl1iQde6XlZVhRUECM+5W9FscaMlWr2Vuu
+RDe16/UXtFB0UTlqsJmCg33SwwzxpOLHVpTm4HrBMCtxG7hEeCUpG19ips0D3AdW
+mltpNaUtA11yKBj69O9iMepgnmW6mGdpSiuj4khmmTKisfe/e56Tky6vU1BrqrBm
+Gv21uKfoeODKwrb36m5dMev6DSYxk0+94kNcS1iM7ZCVJ76JZ+KriSRWIwy0gvp6
+bnHs4AlNlZhcjapYyfF6zI26sc15NbEVd9p4HzYGp+NVR/MOuXLGtn2azGb4E1EN
+vKuB6OZ1N64Cs1Bnijkd3ZJU1PDxrTVmnWaQZtraL35OksyQMoGUk09uXunNyRPz
+71jM0+BBQF0nXhJAzcW0HUFyY2haRlMgQm90IDxib3RAYXJjaHpmcy5jb20+iQFO
+BBMBCAA4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE3ffbgXOWpJsqJyP3
+QDvZcvddnXYFAl+/mkoACgkQQDvZcvddnXaGBAf8DKyvFLA0ZW8PHWtXbcQk1pzo
+OrHfYKnR1bEIZ9rw+OurJPdyv8ONY9D4BxFJ/p2pDDRSoIIRifVHFYnUPpk156/e
+z0vxftSDgpBaeq+IU4I2/XlcKu5QDk4RLKGB44w6AolLXYYnFaEtCxPlDF9lYT5+
+13eyuD3WJm8rzU8FswuXKmpn40aq3CiXDLyApuVjIf79xhqQfdXgCGdoDHUvZrp1
+lAAwAs/9UrPJGjDImv3dF0fTOfQiySeEPmusW0A0kf6FVpYCPAyjCg1CJEBCpzS8
+Hu6h9ic1WHjxWRKAqKkPki6YOOGojEO3PVIBJk6jChquGvAyBRfpDGdExMXIlYkC
+MwQQAQgAHRYhBO/tRshL0R3ZeYmVLCLGlXnhEjzmBQJc6zSYAAoJECLGlXnhEjzm
+mn4P/iRwTZoo/8hg5lwiAvmOau3O5mmYiiQ5ruuy6Y8Gs1p+QQFmXMnNI76TWeU+
+lAM26qd8hJAvKCcSyxR/vMtdnDdF4x+nw1oIFcWnX2T9cAwmNLsui+byKpg5KyCu
+x3zruwo+oUyGTa5JzjqSZAhRygrB4KvQ29Ja8aF84zlbWeRie3awHChoGKBAXpK+
+SKQS+UWRnUNVgrR+BaPhMvGKIU+Y6V5KPNPMy2JIx8sF5NMn+VdsI0FUUWq2PDUS
+eCQrSgj4MdOw/WXWUj/z2PIrqn3xsd3cG6eif6zYNuymA8Wvc1gi2IbjfN5mJwre
+YAgTVkVDATmyc9uGquQ+qPtyZfsD+jjepswbTGJWESyaq5bNXR7ewbWPXxU9elxs
+KSlwSzLo3wIRKIEkySSOp10no5A6/D+W1eHQY/FnZfri/o3bWoQkLD5qYabWLx/Y
+iq7f9hURlH86j+9fHeUTyJQSj+JlJYrfkozH5+EZjp2mDaQ3bTbC6/N0OpX89DAZ
+cVdHKrGtC9BAH5mlBAW2qouLwnST1q7Ssp7UxNFdllL95cCi54KRz7QBm6U5JFUm
+v44Wm6bqHDznHJJ6+Hqd9dJtKs4s6iYVi8hOVm9bH3QyoZ5e4ZQyziS8aAUysFsR
+Y6ZKSzFTEn3GIjjGreqbNo43ymTHR3L18EJFo4/bLexGl/3DuQENBFtDvKwBCADV
+X/D3KV3lIbzSqVQ0F+kgOXgLxGLT7zilnHbfJlqaYK5Ud03YuSdCntSTDzuzPe4s
+8VkFkcGKj0CypZLtyMXFBj7I7poqemv7tJKCwZO6n+JNtHYT6cPehz1WpZEXXuZd
+PRzpUV1PJi59p0PYxmfe344p0U2LC9tpXoi/2JlOWI0yz/qbzR8+qT7hnqmeHNhl
+2LqAcJcK+8ZgXWO5873Hi+ohrqyaO6zPzHZ6RB4VRq0glIQyXIVgYf/JK0oMZMk5
+3uxJm0Sbv3wtU4TzJTQVAf3hgzKJrCeRbZqJ2tovRpnpP8KNiulQ2ARvcZZu5mLk
+4j3tgPSZzB9mu/mMVFBxABEBAAGJATYEGAEIACACGwwWIQTd99uBc5akmyonI/dA
+O9ly912ddgUCX7+aMgAKCRBAO9ly912ddpUxCACezp4NNi692FjDRu+CR6v34WMb
+jagYOgd2XkeNKhb1HhluG1kTvJMJwNt1r6Gyum04vmgJaIMZ2QJ/wTsReSeFA6AY
+qpNBMnSB+VFyLF6kY3xR39lsjarZBj3dfz5wT7sN0uGRUopeGEYSTkfgam2Slf97
+0MqgF2or/62Dxnb6wFlrnE/TOuy1L7RbMDVWUBmpDVojhMvlq1CL881v6mpCXOCg
+tiaKt3o0ZzSPdAABO2MmxLoqySHeEAibybLDSJFlb9BnihP4bkVa8CP0XXA1i5dQ
+dCfSm7TlGW7+Zl8RP7o1OMJHQ6GATJF9Oj+Zjg9rPf/EfCg/2wIoZhf8CLjB
+=6o8C
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/zshrc b/zshrc
new file mode 100644
index 0000000..1acb2fe
--- /dev/null
+++ b/zshrc
@@ -0,0 +1,142 @@
+#
+# ~/.zshrc
+#
+# PS1='\e[31m[\u\e[0m@\h \W]\$ '
+
+# iwd connection status
+function iwd-status
+{
+    iwctl station $(iwctl station list | grep connected | awk '{print $(NF-1)}') show
+}
+
+# Reflector mirrors
+function mirrors
+{
+    [ ${1} ] || return 1
+    echo
+    reflector --country ${1} --age 24 --latest 20 --protocol https --fastest 25 --sort rate --save /etc/pacman.d/mirrorlist
+    echo
+    cat /etc/pacman.d/mirrorlist
+    echo
+}
+
+# Wireguard functions
+function wglist
+{
+    if [ ${1} ]
+    then
+        ls /etc/wireguard | grep ${1}
+    else
+        ls /etc/wireguard
+    fi
+}
+
+function wd
+{
+    for wireguard in $(wg show | grep interface | awk '{print $2}')
+    do
+        wg-quick down ${wireguard}
+    done
+}
+
+function wu
+{
+    wd
+
+    if [ ${1} ]
+    then
+        wg-quick up $(ls /etc/wireguard | grep ${1} | shuf -n 1 | sed "s/.conf//g")
+    else
+        wg-quick up $(ls /etc/wireguard | shuf -n 1 | sed "s/.conf//g")
+    fi
+}
+
+# Shortcuts for optional auxilliaries
+function install-i3
+{
+    mount -o remount,size=2G /run/archiso/cowspace
+    pacman -Sy --ask 4 \
+     xorg xorg-xinit i3-gaps i3status dmenu konsole kate dolphin breeze-icons pipewire-jack phonon-qt5-gstreamer \
+     firefox firefox-decentraleyes firefox-ublock-origin ttf-dejavu
+    echo 'exec i3' > ~/.xinitrc
+    echo -e '\nXDG_CURRENT_DESKTOP=gnome' >/etc/environment
+    startx
+}
+
+function install-zfs
+{
+    mount -o remount,size=2G /run/archiso/cowspace
+    pacman-key --init
+    cat >>/etc/pacman.conf <<'EOF'
+
+[archzfs]
+Server = https://archzfs.com/$repo/$arch
+EOF
+    pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76
+    pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76
+
+    pacman -Sy --ask 4 archzfs-dkms linux-headers
+    modprobe zfs
+}
+
+# Bash completion
+autoload bashcompinit
+bashcompinit
+
+function _installer
+{
+    local cur prev
+
+    cur=${COMP_WORDS[COMP_CWORD]}
+    prev=${COMP_WORDS[COMP_CWORD-1]}
+
+    case ${COMP_CWORD} in
+        1)
+            COMPREPLY=($(compgen -W "arch arch-vm vm arch-passthrough passthrough airgap server homelab recover" -- ${cur}))
+            ;;
+
+        *)
+            COMPREPLY=()
+            ;;
+
+    esac
+}
+
+complete -F _installer installer
+
+function _iwd-connect
+{
+    iwd_station=$(iwctl station list | grep connected | awk '{print $(NF-1)}')
+    [ ${iwd_station} ] || return 1
+
+    local cur prev
+
+    cur=${COMP_WORDS[COMP_CWORD]}
+    prev=${COMP_WORDS[COMP_CWORD-1]}
+
+    case ${COMP_CWORD} in
+        1)
+            COMPREPLY=($(compgen -W "$(iwctl station ${iwd_station} get-networks | awk '{print $1}' | grep -v -- 'Available\|---\|.*90m.*\S*')" -- ${cur}))
+            ;;
+
+        *)
+            COMPREPLY=()
+            ;;
+
+    esac
+}
+
+complete -F _iwd-connect iwd-connect
+
+# Turn off sshd public-key-only authentication
+function ssh-off
+{
+    rm /etc/ssh/sshd_config.d/zz-archiso.conf
+    systemctl restart sshd.service
+}
+function ssh-on
+{
+    echo 'PasswordAuthentication no
+AuthenticationMethods publickey' >/etc/ssh/sshd_config.d/zz-archiso.conf
+    systemctl restart sshd.service
+}
\ No newline at end of file