veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
veilor-os/docs/CLI.md
s8n 8127f32868 v0.6: pre-stage veilor-update + veilor-doctor CLI tools (#11) 
Two user-facing commands shipped in overlay/usr/local/bin/.
Wraps dnf+flatpak update flow and read-only health diagnostic.
Uses gum if available, plain output otherwise. No kickstart wiring
yet beyond chmod — full integration in v0.6.0 release.

Co-authored-by: veilor-org <admin@veilor.org>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-02 04:39:33 +01:00

128 lines
3.6 KiB
Markdown
Raw Blame History

# veilor-os CLI
User-facing commands shipped at `/usr/local/bin/`. Every veilor-* tool
is a small bash script — readable, auditable, no compiled bits.
---
## `veilor-update`
Wraps `dnf upgrade --refresh -y` plus `flatpak update -y`. One command
for "give me everything new". Mirrors the operator habit of always
patching both DNF and Flatpak — neither is sufficient on its own.
**Usage:**
```sh
veilor-update
```
**What it does:**
1. Pings `mirrors.fedoraproject.org`. If unreachable, exits early with
a helpful message instead of letting `dnf` spin and time out.
2. Runs `sudo dnf upgrade --refresh -y` and tees output for live
progress.
3. Counts packages from the `Upgraded:`/`Installed:` lines of dnf
output and reports the total.
4. If `flatpak` is installed, runs `flatpak update -y`.
5. Compares running kernel to the newest installed kernel and prints
a reboot suggestion if they differ.
**Exit codes:**
| Code | Meaning |
|------|---------|
| 0 | dnf and flatpak both succeeded |
| 1 | dnf upgrade failed |
| 2 | flatpak failed (dnf still ran successfully) |
| 3 | no network — pre-check failed |
**Example:**
```
=== veilor-update: refreshing DNF metadata + applying updates ===
... dnf output ...
=== veilor-update: updating flatpaks ===
... flatpak output ...
=== veilor-update: complete ===
Packages updated : 47
Running kernel : 6.19.14-200.fc43.x86_64
Newest kernel : 6.19.16-200.fc43.x86_64 (reboot suggested)
```
If `gum` is on the system, status banners render with colour and a
spinner; otherwise plain ASCII output. Either form is identical in
substance.
---
## `veilor-doctor`
Read-only diagnostic. Walks the v0.2 hardening checklist and reports
drift. Never modifies system state — fixes are a separate, deliberate
step.
**Usage:**
```sh
veilor-doctor # full coloured table
veilor-doctor --quiet # PASS/FAIL summary only
veilor-doctor --json # machine-readable JSON
```
**Sections checked:**
| Section | Checks |
|------------|--------|
| System | hostname, OS, kernel, uptime |
| Hardening | SELinux mode, USBGuard active, fail2ban active, firewalld zone, `kernel.yama.ptrace_scope`, `kernel.kptr_restrict` |
| Disk | LUKS device + cipher, btrfs subvolume count, root free space |
| Network | NetworkManager state, default route, DNS servers, public IP |
| Updates | last `dnf history` entry, pending update count via `dnf check-update` |
| veilor | state of `veilor-firstboot.service` + `veilor-modules-lock.service` |
**Exit codes:**
| Code | Meaning |
|------|---------|
| 0 | all checks passed |
| 1 | one or more checks failed |
| 2 | bad CLI flag |
**Example output:**
```
── System ──
[OK] hostname veilor
[OK] os veilor-os
[OK] kernel 6.19.14-200.fc43.x86_64
[OK] uptime up 3 hours, 21 minutes
── Hardening ──
[OK] selinux Enforcing
[OK] usbguard active
[OK] fail2ban active
[OK] firewalld_zone drop
[OK] ptrace_scope 2
[OK] kptr_restrict 2
── Disk ──
[OK] luks dm-0: aes-xts-plain64
[OK] btrfs 4 subvolume(s)
[OK] root_free 72G free / 234G (32% used)
19 checks passed.
```
`veilor-doctor --json` emits a single-line JSON object with `pass`,
`fail`, and `checks` keys. Suitable for piping into a monitoring
agent.
---
## See also
- `veilor-power` — switch tuned profile (save / mid / perf)
- `veilor-firstboot` — root-owned, runs once on first boot
- `veilor-installer` — TTY1 TUI installer (live ISO only)
Reference in a new issue View git blame Copy permalink