🧹 chore: ! unstable sddm settings

archiso/airootfs/etc/sddm.conf.d/default.conf

@@ -0,0 +1,139 @@
+[Autologin]
+# Whether sddm should automatically log back into sessions when they exit
+Relogin=false
+
+# Name of session file for autologin session (if empty try last logged in)
+Session=cinnamon
+
+# Username for autologin session
+User=whoami
+
+
+[General]
+# Which display server should be used.
+# Valid values are: x11, x11-user, wayland. Wayland support is experimental
+DisplayServer=x11
+
+# Comma-separated list of environment variables to be set
+GreeterEnvironment=
+
+# Halt command
+HaltCommand=/usr/bin/systemctl poweroff
+
+# Input method module
+InputMethod=
+
+# Comma-separated list of Linux namespaces for user session to enter
+Namespaces=
+
+# Initial NumLock state. Can be on, off or none.
+# If property is set to none, numlock won't be changed
+# NOTE: Currently ignored if autologin is enabled.
+Numlock=none
+
+# Reboot command
+RebootCommand=/usr/bin/systemctl reboot
+
+
+[Theme]
+# Current theme name
+Current=
+
+# Cursor size used in the greeter
+CursorSize=
+
+# Cursor theme used in the greeter
+CursorTheme=
+
+# Number of users to use as threshold
+# above which avatars are disabled
+# unless explicitly enabled with EnableAvatars
+DisableAvatarsThreshold=7
+
+# Enable display of custom user avatars
+EnableAvatars=true
+
+# Global directory for user avatars
+# The files should be named <username>.face.icon
+FacesDir=/usr/share/sddm/faces
+
+# Font used in the greeter
+Font=
+
+# Theme directory path
+ThemeDir=/usr/share/sddm/themes
+
+
+[Users]
+# Default $PATH for logged in users
+DefaultPath=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+# Comma-separated list of shells.
+# Users with these shells as their default won't be listed
+HideShells=
+
+# Comma-separated list of users that should not be listed
+HideUsers=
+
+# Maximum user id for displayed users
+MaximumUid=60513
+
+# Minimum user id for displayed users
+MinimumUid=1000
+
+# Remember the session of the last successfully logged in user
+RememberLastSession=true
+
+# Remember the last successfully logged in user
+RememberLastUser=true
+
+# When logging in as the same user twice, restore the original session, rather than create a new one
+ReuseSession=true
+
+
+[Wayland]
+# Path of the Wayland compositor to execute when starting the greeter
+CompositorCommand=weston --shell=kiosk
+
+# Enable Qt's automatic high-DPI scaling
+EnableHiDPI=true
+
+# Path to a script to execute when starting the desktop session
+SessionCommand=/usr/share/sddm/scripts/wayland-session
+
+# Comma-separated list of directories containing available Wayland sessions
+SessionDir=/usr/local/share/wayland-sessions,/usr/share/wayland-sessions
+
+# Path to the user session log file
+SessionLogFile=.local/share/sddm/wayland-session.log
+
+
+[X11]
+# Path to a script to execute when starting the display server
+DisplayCommand=/usr/share/sddm/scripts/Xsetup
+
+# Path to a script to execute when stopping the display server
+DisplayStopCommand=/usr/share/sddm/scripts/Xstop
+
+# Enable Qt's automatic high-DPI scaling
+EnableHiDPI=true
+
+# Arguments passed to the X server invocation
+ServerArguments=-nolisten tcp
+
+# Path to X server binary
+ServerPath=/usr/bin/X
+
+# Path to a script to execute when starting the desktop session
+SessionCommand=/usr/share/sddm/scripts/Xsession
+
+# Comma-separated list of directories containing available X sessions
+SessionDir=/usr/local/share/xsessions,/usr/share/xsessions
+
+# Path to the user session log file
+SessionLogFile=.local/share/sddm/xorg-session.log
+
+# Path to Xephyr binary
+XephyrPath=/usr/bin/Xephyr
+
+

archiso/airootfs/etc/sddm.conf.d/kde_settings.conf

@@ -8,7 +8,7 @@ HaltCommand=/usr/bin/systemctl poweroff
 RebootCommand=/usr/bin/systemctl reboot
 
 [Theme]
-Current=Layan
+Current=snigdhaos-sugar-candy
 
 [Users]
 MaximumUid=60513

archiso/airootfs/etc/xdg/reflector/reflector.conf

@@ -1,8 +0,0 @@
-# Reflector configuration file for the systemd service.
-
---save /etc/pacman.d/mirrorlist
---ipv4
---ipv6
---protocol https
---latest 20
---sort rate

archiso/grub/grub.cfg

@@ -8,15 +8,15 @@ insmod ntfscomp
 insmod exfat
 insmod udf
 
-# Use graphics-mode output
-if loadfont "${prefix}/fonts/unicode.pf2" ; then
+# Use graphics-mode output if the font can be loaded
+if loadfont "${prefix}/fonts/unicode.pf2"; then
     insmod all_video
     set gfxmode="auto"
     terminal_input console
     terminal_output console
 fi
 
-# Enable serial console
+# Enable serial console if available
 insmod serial
 insmod usbserial_common
 insmod usbserial_ftdi
@@ -27,16 +27,18 @@ if serial --unit=0 --speed=115200; then
     terminal_output --append serial
 fi
 
-# Search for the ISO volume
+# Search for the ISO volume if UUID is not already set
 if [ -z "${ARCHISO_UUID}" ]; then
+    # Try to extract ARCHISO_HINT if not already set
     if [ -z "${ARCHISO_HINT}" ]; then
         regexp --set=1:ARCHISO_HINT '^\(([^)]+)\)' "${cmdpath}"
     fi
+    # Search for the ISO file and get the UUID
     search --no-floppy --set=root --file '%ARCHISO_SEARCH_FILENAME%' --hint "${ARCHISO_HINT}"
     probe --set ARCHISO_UUID --fs-uuid "${root}"
 fi
 
-# Get a human readable platform identifier
+# Determine platform identifier (UEFI or BIOS)
 if [ "${grub_platform}" == 'efi' ]; then
     archiso_platform='UEFI'
     if [ "${grub_cpu}" == 'x86_64' ]; then
@@ -52,32 +54,35 @@ else
     archiso_platform="${grub_cpu} ${grub_platform}"
 fi
 
-# Set default menu entry
+# Set default menu entry and timeout
 default=snigdhaos
 timeout=15
 timeout_style=menu
 
+# Menu entries for different installation modes
 
-# Menu entries
-
+# SNIGDHA OS LTS install (open source driver)
 menuentry "SNIGDHA OS LTS install medium (%ARCH%, ${archiso_platform}, open source)" --class arch --class gnu-linux --class gnu --class os --id 'snigdhaos' {
     set gfxpayload=keep
     linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux-lts archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} cow_spacesize=4G copytoram=n driver=free module_blacklist=nvidia,nvidea_modeset,nvidia_uvm,nvidia_drm,pcspkr nouveau.modeset=1 radeon.modeset=1 i915.modeset=1 nvme_load=yes
     initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux-lts.img
 }
 
+# SNIGDHA OS LTS install (NVIDIA driver)
 menuentry "SNIGDHA OS LTS install medium (%ARCH%, ${archiso_platform}, NVIDIA)" --hotkey s --class arch --class gnu-linux --class gnu --class os --id 'snigdhaosnv' {
     set gfxpayload=keep
     linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux-lts archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} cow_spacesize=4G copytoram=n driver=nonfree nvidia nvidia-drm.modeset=1 nouveau.modeset=0 radeon.modeset=1 i915.modeset=1 module_blacklist=pcspkr nvme_load=yes
     initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux-lts.img
 }
 
+# SNIGDHA OS LTS install (safe graphics, nomodeset)
 menuentry "SNIGDHA OS LTS install medium (%ARCH%, ${archiso_platform}, safe graphics, nomodeset)" --class arch --class gnu-linux --class gnu --class os --id 'snigdhaosnm' {
     set gfxpayload=keep
     linux /%INSTALL_DIR%/boot/%ARCH%/vmlinuz-linux-lts archisobasedir=%INSTALL_DIR% archisodevice=UUID=${ARCHISO_UUID} cow_spacesize=4G copytoram=n driver=free nomodeset module_blacklist=nvidia,nvidea_modeset,nvidia_uvm,nvidia_drm,pcspkr nouveau.modeset=0 radeon.modeset=0 i915.modeset=0 nvme_load=yes
     initrd /%INSTALL_DIR%/boot/intel-ucode.img /%INSTALL_DIR%/boot/amd-ucode.img /%INSTALL_DIR%/boot/%ARCH%/initramfs-linux-lts.img
 }
 
+# Run Memtest86+ if available
 if [ "${grub_platform}" == 'efi' -a "${grub_cpu}" == 'x86_64' -a -f '/boot/memtest86+/memtest.efi' ]; then
     menuentry 'Run Memtest86+ (RAM test)' --class memtest86 --class memtest --class gnu --class tool {
         set gfxpayload=800x600,1024x768
@@ -90,6 +95,8 @@ if [ "${grub_platform}" == 'pc' -a -f '/boot/memtest86+/memtest' ]; then
         linux /boot/memtest86+/memtest
     }
 fi
+
+# UEFI Shell entry if supported
 if [ "${grub_platform}" == 'efi' ]; then
     if [ "${grub_cpu}" == 'x86_64' -a -f '/shellx64.efi' ]; then
         menuentry 'UEFI Shell' --class efi {
@@ -101,11 +108,13 @@ if [ "${grub_platform}" == 'efi' ]; then
         }
     fi
 
+    # UEFI Firmware Settings
     menuentry 'UEFI Firmware Settings' --id 'uefi-firmware' {
         fwsetup
     }
 fi
 
+# System reboot and shutdown options
 menuentry "System restart" --class reboot --class restart {
     echo "System rebooting..."
     reboot
@@ -114,4 +123,4 @@ menuentry "System restart" --class reboot --class restart {
 menuentry "System shutdown" --class shutdown --class poweroff {
     echo "System shutting down..."
     halt
-}
+}

archiso/pacman.conf

@@ -7,103 +7,88 @@
 # GENERAL OPTIONS
 #
 [options]
-# The following paths are commented out with their default values listed.
-# If you wish to use different paths, uncomment and update the paths.
+# Default paths - uncomment and update if you want to change the paths.
 #RootDir     = /
 #DBPath      = /var/lib/pacman/
 #CacheDir    = /var/cache/pacman/pkg/
 #LogFile     = /var/log/pacman.log
 #GPGDir      = /etc/pacman.d/gnupg/
 #HookDir     = /etc/pacman.d/hooks/
+
 HoldPkg     = pacman glibc
-#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
-#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
-#CleanMethod = KeepInstalled
 Architecture = auto
 
+# Package upgrade exclusions
 # Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
 #IgnorePkg   =
 #IgnoreGroup =
 
-#NoUpgrade   =
-#NoExtract   =
-
 # Misc options
-#UseSyslog
+CheckSpace            # Ensure there's enough space during installs
+ParallelDownloads = 5  # Allows pacman to download up to 5 packages simultaneously
+DownloadUser = alpm   # Download user for better permissions handling
+ILoveCandy            # Enable pacman’s "candy" feature for a better UI
+
+# Color and progress bar (uncomment if you prefer)
 #Color
 #NoProgressBar
-CheckSpace
-#VerbosePkgLists
-ParallelDownloads = 5
-DownloadUser = alpm
+
+# Package signature verification
+SigLevel    = Required DatabaseOptional  # Ensure all packages are signed
+LocalFileSigLevel = Optional              # Allow local files with optional signature verification
+#RemoteFileSigLevel = Required           # Uncomment to enforce signature verification for remote files
+
+# Disable sandbox (if necessary for advanced configurations)
 #DisableSandbox
-ILoveCandy
 
 # By default, pacman accepts packages signed by keys that its local keyring
 # trusts (see pacman-key and its man page), as well as unsigned packages.
-SigLevel    = Required DatabaseOptional
-LocalFileSigLevel = Optional
-#RemoteFileSigLevel = Required
-
-# NOTE: You must run `pacman-key --init` before first using pacman; the local
-# keyring can then be populated with the keys of all official Arch Linux
-# packagers with `pacman-key --populate archlinux`.
+# Ensure to run `pacman-key --init` before first using pacman.
 
 #
 # REPOSITORIES
-#   - can be defined here or included from another file
-#   - pacman will search repositories in the order defined here
-#   - local/custom mirrors can be added here or in separate files
-#   - repositories listed first will take precedence when packages
-#     have identical names, regardless of version number
-#   - URLs will have $repo replaced by the name of the current repo
-#   - URLs will have $arch replaced by the name of the architecture
+#   - Repositories are listed in order. Pacman will use the first available repository.
+#   - Custom mirrors can be added here or in separate files.
+#   - Use `Include` to include a list of mirrors.
 #
 # Repository entries are of the format:
 #       [repo-name]
 #       Server = ServerName
 #       Include = IncludePath
 #
-# The header [repo-name] is crucial - it must be present and
-# uncommented to enable the repo.
-#
-
-# The testing repositories are disabled by default. To enable, uncomment the
-# repo name header and Include lines. You can add preferred servers immediately
-# after the header, and they will be used before the default mirrors.
 
+# Official Arch repositories
 [core-testing]
 Include = /etc/pacman.d/mirrorlist
 
 [core]
 Include = /etc/pacman.d/mirrorlist
 
-[snigdhaos-core]
-Include = /etc/pacman.d/snigdhaos-mirrorlist
-
 [extra-testing]
 Include = /etc/pacman.d/mirrorlist
 
 [extra]
 Include = /etc/pacman.d/mirrorlist
 
+# Snigdha OS custom repositories
+[snigdhaos-core]
+Include = /etc/pacman.d/snigdhaos-mirrorlist
+
 [snigdhaos-extra]
 Include = /etc/pacman.d/snigdhaos-mirrorlist
 
-# If you want to run 32 bit applications on your x86_64 system,
-# enable the multilib repositories as required here.
-
+# Multilib repositories for 32-bit compatibility on x86_64 systems
 [multilib-testing]
 Include = /etc/pacman.d/mirrorlist
 
 [multilib]
 Include = /etc/pacman.d/mirrorlist
 
-# An example of a custom package repository.  See the pacman manpage for
-# tips on creating your own repositories.
+# Chaotic AUR repository for additional packages
+[chaotic-aur]
+Include = /etc/pacman.d/chaotic-mirrorlist
+
+# Custom repositories (uncomment and configure if needed)
 #[custom]
 #SigLevel = Optional TrustAll
 #Server = file:///home/custompkgs
-
-[chaotic-aur]
-Include = /etc/pacman.d/chaotic-mirrorlist

archiso/profiledef.sh

@@ -1,29 +1,76 @@
 #!/usr/bin/env bash
 # shellcheck disable=SC2034
 
+# ISO Information
 iso_name="snigdhaos"
-iso_label="SNIGDHA_OS_$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y%m)"
 iso_publisher="Snigdha OS <https://snigdhaos.org>"
 iso_application="Snigdha OS Live/Rescue DVD"
-iso_version="$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)"
+
+# Date Formatting for ISO Version and Label
+iso_version=$(date --date="@${SOURCE_DATE_EPOCH:-$(date +%s)}" +%Y.%m.%d)
+iso_label="SNIGDHA_OS_${iso_version//./}"  # Removing dots from version to create label
+
+# Install Directory and Boot Modes
 install_dir="snigdhaos"
-buildmodes=('iso')
-bootmodes=('bios.syslinux.mbr' 'bios.syslinux.eltorito'
-           'uefi-ia32.systemd-boot.esp' 'uefi-x64.systemd-boot.esp'
-           'uefi-ia32.systemd-boot.eltorito' 'uefi-x64.systemd-boot.eltorito')
 arch="x86_64"
+
+# Boot Modes Supported (BIOS & UEFI)
+bootmodes=(
+  'bios.syslinux.mbr' 
+  'bios.syslinux.eltorito'
+  'uefi-ia32.systemd-boot.esp' 
+  'uefi-x64.systemd-boot.esp'
+  'uefi-ia32.systemd-boot.eltorito' 
+  'uefi-x64.systemd-boot.eltorito'
+)
+
+# Build Modes
+buildmodes=('iso')
+
+# Configuration Files
 pacman_conf="pacman.conf"
 airootfs_image_type="squashfs"
-airootfs_image_tool_options=('-comp' 'xz' '-Xbcj' 'x86' '-b' '1M' '-Xdict-size' '1M')
-bootstrap_tarball_compression=('zstd' '-c' '-T0' '--auto-threads=logical' '--long' '-19')
-file_permissions=(
-  ["/etc/gshadow"]="0:0:600"
-  ["/etc/shadow"]="0:0:400"
-  ["/root"]="0:0:700"
-  ["/root/.automated_script.sh"]="0:0:755"
-  ["/etc/polkit-1/rules.d"]="0:0:750"
-  ["/etc/sudoers.d"]="0:0:750"
-  ["/etc/grub.d/40_custom"]="0:0:755"
-  ["/usr/local/bin/snigdhaos-snapper"]="0:0:755"
-  ["/etc/NetworkManager/dispatcher.d/09-timezone"]="0:0:755"
+
+# Options for Compression and Image Creation
+airootfs_image_tool_options=(
+  '-comp' 'xz' 
+  '-Xbcj' 'x86' 
+  '-b' '1M' 
+  '-Xdict-size' '1M'
 )
+
+bootstrap_tarball_compression=(
+  'zstd' 
+  '-c' 
+  '-T0' 
+  '--auto-threads=logical' 
+  '--long' 
+  '-19'
+)
+
+# File Permissions Configuration
+# Define secure permissions for system files and directories
+file_permissions=(
+  # System files (shadow, gshadow, etc.) - Sensitive data
+  ["/etc/gshadow"]="0:0:600"     # Root-only readable, no writing allowed
+  ["/etc/shadow"]="0:0:400"       # Root-only readable, no writing allowed
+  
+  # Root's home directory (should be private)
+  ["/root"]="0:0:700"             # Full access for root only
+
+  # Automated script (ensure it is executable by root)
+  ["/root/.automated_script.sh"]="0:0:755"  # Readable and executable by root
+  
+  # Polkit rules and sudoers.d (restrict access to administrators)
+  ["/etc/polkit-1/rules.d"]="0:0:750"        # Admin access only
+  ["/etc/sudoers.d"]="0:0:750"               # Admin access only
+
+  # Grub and snapper tools (ensuring appropriate user access)
+  ["/etc/grub.d/40_custom"]="0:0:755"        # Executable for all users
+  ["/usr/local/bin/snigdhaos-snapper"]="0:0:755" # Executable for all users
+
+  # NetworkManager dispatcher script (ensure root access)
+  ["/etc/NetworkManager/dispatcher.d/09-timezone"]="0:0:755" # Executable by root
+)
+
+# Ensure proper configurations for system security and compression