48 lines
1.5 KiB
Text
48 lines
1.5 KiB
Text
|
#!/usr/bin/bash
|
||
|
|
# veilor-firstboot — set admin password on first boot, then self-disable.
|
||
|
|
# Runs on TTY1 before SDDM. Only fires while admin password is empty/expired.
|
||
|
|
|
||
|
|
set -uo pipefail
|
||
|
|
|
||
|
|
STATE=/var/lib/veilor-firstboot.done
|
||
|
|
[[ -f $STATE ]] && exit 0
|
||
|
|
|
||
|
|
# Branded banner
|
||
|
|
clear
|
||
|
|
cat << 'EOF'
|
||
|
|
|
||
|
|
┌──────────────────────────────────────────────────────────┐
|
||
|
|
│ │
|
||
|
|
│ veilor-os │
|
||
|
|
│ first boot — admin password │
|
||
|
|
│ │
|
||
|
|
└──────────────────────────────────────────────────────────┘
|
||
|
|
|
||
|
|
Set a password for the local admin account.
|
||
|
|
|
||
|
|
Requirements: minimum 14 characters, at least one digit,
|
||
|
|
one uppercase, one lowercase, one special character.
|
||
|
|
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# Loop until passwd succeeds (pwquality enforces complexity)
|
||
|
|
until passwd admin; do
|
||
|
|
echo
|
||
|
|
echo " Password not accepted. Try again."
|
||
|
|
echo
|
||
|
|
sleep 1
|
||
|
|
done
|
||
|
|
|
||
|
|
# Mark done so service doesn't fire again
|
||
|
|
touch "$STATE"
|
||
|
|
|
||
|
|
# Disable self for next boots
|
||
|
|
systemctl disable veilor-firstboot.service >/dev/null 2>&1 || true
|
||
|
|
|
||
|
|
echo
|
||
|
|
echo " Password set. Starting graphical session..."
|
||
|
|
sleep 2
|
||
|
|
|
||
|
|
# Start SDDM (was held back by service ordering)
|
||
|
|
systemctl start sddm.service
|