feat: Add live-build hooks

- Add security-hardening.sh for system hardening - Add firewall-setup.sh for nftables configuration - Add qr-code-import.sh for WireGuard QR scanning - Add disable-package-management.sh to secure package tools - Add install-scripts.sh to install source utilities These hooks implement core security and functionality requirements. 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
2026-01-21 10:25:16 -05:00
parent ca08f9a259
commit 6cd53bc7ba
5 changed files with 213 additions and 0 deletions
--- a/config/hooks/installed/install-scripts.sh
+++ b/config/hooks/installed/install-scripts.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# Install source scripts and configure system
+set -euo pipefail
+
+echo "Installing source scripts..."
+
+# Install source scripts
+install -m 755 /workspace/src/firewall-setup.sh /usr/local/bin/
+install -m 755 /workspace/src/security-hardening.sh /usr/local/bin/
+
+# Create VPN configuration apply script
+cat > /usr/local/bin/apply-vpn-config.sh << 'EOF'
+#!/bin/bash
+# Apply VPN configuration and update firewall
+set -euo pipefail
+
+# Apply firewall configuration
+/usr/local/bin/firewall-setup.sh
+
+# Start WireGuard if configuration exists
+if [[ -f "/etc/wireguard/wg0.conf" ]]; then
+    systemctl enable wg-quick@wg0
+    systemctl start wg-quick@wg0
+    echo "WireGuard started successfully."
+else
+    echo "Warning: WireGuard configuration not found."
+fi
+
+echo "VPN configuration applied successfully."
+EOF
+
+chmod +x /usr/local/bin/apply-vpn-config.sh
+
+# Create desktop shortcuts
+mkdir -p /usr/share/applications
+
+# WireGuard Configuration Editor shortcut
+cat > /usr/share/applications/wg-config.desktop << EOF
+[Desktop Entry]
+Name=WireGuard Configuration
+Comment=Edit WireGuard configuration
+Exec=pkexec mousepad /etc/wireguard/wg0.conf
+Icon=network-vpn
+Terminal=true
+Type=Application
+Categories=Network;System;
+EOF
+
+# VPN Configuration Apply shortcut
+cat > /usr/share/applications/apply-vpn.desktop << EOF
+[Desktop Entry]
+Name=Apply VPN Configuration
+Comment=Apply WireGuard configuration and start VPN
+Exec=pkexec /usr/local/bin/apply-vpn-config.sh
+Icon=network-vpn
+Terminal=true
+Type=Application
+Categories=Network;System;
+EOF
+
+echo "Source scripts installed successfully."