47 lines
1.5 KiB
Bash
Executable file
47 lines
1.5 KiB
Bash
Executable file
#!/usr/bin/bash
|
|
# veilor-firstboot — set admin password on first boot, then self-disable.
|
|
# Runs on TTY1 before SDDM. Only fires while admin password is empty/expired.
|
|
|
|
set -uo pipefail
|
|
|
|
STATE=/var/lib/veilor-firstboot.done
|
|
[[ -f $STATE ]] && exit 0
|
|
|
|
# Branded banner
|
|
clear
|
|
cat << 'EOF'
|
|
|
|
┌──────────────────────────────────────────────────────────┐
|
|
│ │
|
|
│ veilor-os │
|
|
│ first boot — admin password │
|
|
│ │
|
|
└──────────────────────────────────────────────────────────┘
|
|
|
|
Set a password for the local admin account.
|
|
|
|
Requirements: minimum 14 characters, at least one digit,
|
|
one uppercase, one lowercase, one special character.
|
|
|
|
EOF
|
|
|
|
# Loop until passwd succeeds (pwquality enforces complexity)
|
|
until passwd admin; do
|
|
echo
|
|
echo " Password not accepted. Try again."
|
|
echo
|
|
sleep 1
|
|
done
|
|
|
|
# Mark done so service doesn't fire again
|
|
touch "$STATE"
|
|
|
|
# Disable self for next boots
|
|
systemctl disable veilor-firstboot.service >/dev/null 2>&1 || true
|
|
|
|
echo
|
|
echo " Password set. Starting graphical session..."
|
|
sleep 2
|
|
|
|
# Start SDDM (was held back by service ordering)
|
|
systemctl start sddm.service
|