[talkingparabola] sync with releng, talkingarch is just too slow ;)v46

talkingarch last synced archiso in v44, but releng has changed a lot since then

Signed-off-by: David P <megver83@parabola.nu>

38 files changed, 329 insertions, 51 deletions

diff --git a/configs/talkingparabola/airootfs/etc/hostname b/configs/talkingparabola/airootfs/etc/hostname
index 8aaf41b..5178d59 100644
--- a/configs/talkingparabola/airootfs/etc/hostname
+++ b/configs/talkingparabola/airootfs/etc/hostname
@@ -1 +1,3 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
 parabolaiso
diff --git a/configs/talkingparabola/airootfs/etc/locale.conf b/configs/talkingparabola/airootfs/etc/locale.conf
index 01ec548..9bf7aef 100644
--- a/configs/talkingparabola/airootfs/etc/locale.conf
+++ b/configs/talkingparabola/airootfs/etc/locale.conf
@@ -1 +1,4 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 LANG=en_US.UTF-8
diff --git a/configs/talkingparabola/airootfs/etc/localtime b/configs/talkingparabola/airootfs/etc/localtime
new file mode 120000
index 0000000..0e35b57
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/localtime
@@ -0,0 +1 @@
+/usr/share/zoneinfo/UTC
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/mkinitcpio.conf b/configs/talkingparabola/airootfs/etc/mkinitcpio.conf
new file mode 100644
index 0000000..aa45b33
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/mkinitcpio.conf
@@ -0,0 +1,69 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# vim:set ft=sh
+# MODULES
+# The following modules are loaded before any boot hooks are
+# run.  Advanced users may wish to specify all system modules
+# in this array.  For instance:
+#     MODULES=(piix ide_disk reiserfs)
+MODULES=()
+
+# BINARIES
+# This setting includes any additional binaries a given user may
+# wish into the CPIO image.  This is run last, so it may be used to
+# override the actual binaries included by a given hook
+# BINARIES are dependency parsed, so you may safely ignore libraries
+BINARIES=()
+
+# FILES
+# This setting is similar to BINARIES above, however, files are added
+# as-is and are not parsed in any way.  This is useful for config files.
+FILES=()
+
+# HOOKS
+# This is the most important setting in this file.  The HOOKS control the
+# modules and scripts added to the image, and what happens at boot time.
+# Order is important, and it is recommended that you do not change the
+# order in which HOOKS are added.  Run 'mkinitcpio -H <hook name>' for
+# help on a given hook.
+# 'base' is _required_ unless you know precisely what you are doing.
+# 'udev' is _required_ in order to automatically load modules
+# 'filesystems' is _required_ unless you specify your fs modules in MODULES
+# Examples:
+##   This setup specifies all modules in the MODULES setting above.
+##   No raid, lvm2, or encrypted root is needed.
+#    HOOKS=(base)
+#
+##   This setup will autodetect all modules for your system and should
+##   work as a sane default
+#    HOOKS=(base udev autodetect block filesystems)
+#
+##   This setup will generate a 'full' image which supports most systems.
+##   No autodetection is done.
+#    HOOKS=(base udev block filesystems)
+#
+##   This setup assembles a pata mdadm array with an encrypted root FS.
+##   Note: See 'mkinitcpio -H mdadm' for more information on raid devices.
+#    HOOKS=(base udev block mdadm encrypt filesystems)
+#
+##   This setup loads an lvm2 volume group on a usb device.
+#    HOOKS=(base udev block lvm2 filesystems)
+#
+##   NOTE: If you have /usr on a separate partition, you MUST include the
+#    usr, fsck and shutdown hooks.
+HOOKS=(base udev memdisk parabolaiso_shutdown parabolaiso parabolaiso_loop_mnt parabolaiso_pxe_common parabolaiso_pxe_nbd parabolaiso_pxe_http parabolaiso_pxe_nfs parabolaiso_kms block filesystems keyboard)
+
+# COMPRESSION
+# Use this to compress the initramfs image. By default, gzip compression
+# is used. Use 'cat' to create an uncompressed image.
+#COMPRESSION="gzip"
+#COMPRESSION="bzip2"
+#COMPRESSION="lzma"
+COMPRESSION="xz"
+#COMPRESSION="lzop"
+#COMPRESSION="lz4"
+
+# COMPRESSION_OPTIONS
+# Additional options for the compressor
+#COMPRESSION_OPTIONS=()
diff --git a/configs/talkingparabola/airootfs/etc/mkinitcpio.d/linux-libre.preset b/configs/talkingparabola/airootfs/etc/mkinitcpio.d/linux-libre.preset
new file mode 100644
index 0000000..782d1cd
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/mkinitcpio.d/linux-libre.preset
@@ -0,0 +1,11 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+# mkinitcpio preset file for the 'linux-libre' package on parabolaiso
+
+PRESETS=('parabolaiso')
+
+ALL_kver='/boot/vmlinuz-linux-libre'
+ALL_config='/etc/mkinitcpio.conf'
+
+parabolaiso_image="/boot/parabolaiso.img"
diff --git a/configs/talkingparabola/airootfs/etc/motd b/configs/talkingparabola/airootfs/etc/motd
index e4c893c..4c7a45d 100644
--- a/configs/talkingparabola/airootfs/etc/motd
+++ b/configs/talkingparabola/airootfs/etc/motd
@@ -1,14 +1,9 @@
+To install Parabola GNU/Linux-libre follow the installation guide:
+https://wiki.parabola.nu/Installation_Guide
 
-===============================================================================
+For Wi-Fi, authenticate to the wireless network using the iwctl utility.
+Ethernet and Wi-Fi connections using DHCP should work automatically.
 
-	 Parabola GNU/Linux-libre live media _DATE_
+After connecting to the internet, the installation guide can be accessed
+via the convenience script Installation_guide.
 
-    To install Parabola, the system must be connected to the internet.
-    For instructions, enter this command:
-      less install.txt
-
-    Press the function keys while holding Alt to switch virtual terminals.
-    This allows entering commands without closing less.
-
-===============================================================================
-
diff --git a/configs/talkingparabola/airootfs/etc/pam.d/su b/configs/talkingparabola/airootfs/etc/pam.d/su
deleted file mode 100644
index a291042..0000000
--- a/configs/talkingparabola/airootfs/etc/pam.d/su
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth		sufficient	pam_rootok.so
-auth		sufficient	pam_wheel.so trust use_uid
-auth		required	pam_unix.so
-account		required	pam_unix.so
-session		required	pam_unix.so
diff --git a/configs/talkingparabola/airootfs/etc/passwd b/configs/talkingparabola/airootfs/etc/passwd
new file mode 100644
index 0000000..2807d5d
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/passwd
@@ -0,0 +1 @@
+root:x:0:0:root:/root:/usr/bin/zsh
diff --git a/configs/talkingparabola/airootfs/etc/shadow b/configs/talkingparabola/airootfs/etc/shadow
new file mode 100644
index 0000000..7edfd69
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/shadow
@@ -0,0 +1 @@
+root::14871::::::
diff --git a/configs/talkingparabola/airootfs/etc/ssh/sshd_config b/configs/talkingparabola/airootfs/etc/ssh/sshd_config
new file mode 100644
index 0000000..8ef1758
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/ssh/sshd_config
@@ -0,0 +1,116 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no # pam does that
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/configs/talkingparabola/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf b/configs/talkingparabola/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf
new file mode 100644
index 0000000..3104779
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/journald.conf.d/volatile-storage.conf
@@ -0,0 +1,5 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[Journal]
+Storage=volatile
diff --git a/configs/talkingparabola/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf b/configs/talkingparabola/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf
new file mode 100644
index 0000000..c6b17a4
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/logind.conf.d/do-not-suspend.conf
@@ -0,0 +1,7 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[Login]
+HandleSuspendKey=ignore
+HandleHibernateKey=ignore
+HandleLidSwitch=ignore
diff --git a/configs/talkingparabola/airootfs/etc/systemd/network/ethernet.network b/configs/talkingparabola/airootfs/etc/systemd/network/20-ethernet.network
index 5e9f0b7..efa309c 100644
--- a/configs/talkingparabola/airootfs/etc/systemd/network/ethernet.network
+++ b/configs/talkingparabola/airootfs/etc/systemd/network/20-ethernet.network
@@ -1,11 +1,13 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 [Match]
 Name=en*
 Name=eth*
 
 [Network]
-DHCP=ipv4
+DHCP=yes
 IPv6PrivacyExtensions=yes
-IPv6AcceptRA=false
 
 [DHCP]
 RouteMetric=512
diff --git a/configs/talkingparabola/airootfs/etc/systemd/network/wireless.network b/configs/talkingparabola/airootfs/etc/systemd/network/20-wireless.network
index 5a6da15..bf9ab9d 100644
--- a/configs/talkingparabola/airootfs/etc/systemd/network/wireless.network
+++ b/configs/talkingparabola/airootfs/etc/systemd/network/20-wireless.network
@@ -1,11 +1,13 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 [Match]
 Name=wlp*
 Name=wlan*
 
 [Network]
-DHCP=ipv4
+DHCP=yes
 IPv6PrivacyExtensions=yes
-IPv6AcceptRA=false
 
 [DHCP]
 RouteMetric=1024
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/brltty.service b/configs/talkingparabola/airootfs/etc/systemd/system/brltty.service
new file mode 120000
index 0000000..f466627
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/brltty.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/brltty.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/choose-mirror.service b/configs/talkingparabola/airootfs/etc/systemd/system/choose-mirror.service
index 1e4d771..b3e4847 100644
--- a/configs/talkingparabola/airootfs/etc/systemd/system/choose-mirror.service
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/choose-mirror.service
@@ -1,10 +1,13 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 [Unit]
 Description=Choose mirror from the kernel command line
 ConditionKernelCommandLine=mirror
 
 [Service]
 Type=oneshot
-ExecStart=/etc/systemd/scripts/choose-mirror
+ExecStart=/usr/local/bin/choose-mirror
 
 [Install]
 WantedBy=multi-user.target
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service b/configs/talkingparabola/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service
new file mode 120000
index 0000000..4c158e6
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/dbus-org.freedesktop.network1.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service b/configs/talkingparabola/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service
new file mode 120000
index 0000000..4f6ae34
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/dbus-org.freedesktop.resolve1.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-resolved.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount b/configs/talkingparabola/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount
index 4eab551..f86a91d 100644
--- a/configs/talkingparabola/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/etc-pacman.d-gnupg.mount
@@ -1,3 +1,6 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 [Unit]
 Description=Temporary /etc/pacman.d/gnupg directory
 
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf b/configs/talkingparabola/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
index d1d8474..370735f 100644
--- a/configs/talkingparabola/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
@@ -1,3 +1,6 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 [Service]
 ExecStart=
 ExecStart=-/sbin/agetty --autologin root --noclear %I 38400 linux
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service
new file mode 120000
index 0000000..2d8d256
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/choose-mirror.service
@@ -0,0 +1 @@
+../choose-mirror.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service
new file mode 120000
index 0000000..3625abd
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/iwd.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/iwd.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service
new file mode 120000
index 0000000..d09eec6
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/pacman-init.service
@@ -0,0 +1 @@
+../pacman-init.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
new file mode 120000
index 0000000..f5071ce
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/reflector.service
@@ -0,0 +1 @@
+../reflector.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
new file mode 120000
index 0000000..4c158e6
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
new file mode 120000
index 0000000..4f6ae34
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/multi-user.target.wants/systemd-resolved.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-resolved.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/configs/talkingparabola/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
new file mode 120000
index 0000000..7d6ad92
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd-wait-online.service
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/pacman-init.service b/configs/talkingparabola/airootfs/etc/systemd/system/pacman-init.service
index 3414ebc..6e9b84d 100644
--- a/configs/talkingparabola/airootfs/etc/systemd/system/pacman-init.service
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/pacman-init.service
@@ -1,3 +1,6 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
 [Unit]
 Description=Initializes Pacman keyring
 Wants=haveged.service
@@ -9,8 +12,7 @@ After=etc-pacman.d-gnupg.mount
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/bin/pacman-key --init
-ExecStart=/usr/bin/pacman-key --populate archlinux
-ExecStart=/usr/bin/pacman-key --populate parabola
+ExecStart=/usr/bin/pacman-key --populate parabola archlinux archlinux32
 
 [Install]
 WantedBy=multi-user.target
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service
new file mode 100644
index 0000000..4058e36
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/reflector.service
@@ -0,0 +1,44 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[Unit]
+Description=pacman mirrorlist update
+Wants=network-online.target
+After=network-online.target nss-lookup.target
+ConditionKernelCommandLine=!mirror
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/reflector --protocol https --latest 70 --sort rate --save /etc/pacman.d/mirrorlist
+Restart=on-failure
+RestartSec=10
+CacheDirectory=reflector
+CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_SYS_TIME CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE CAP_KILL CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_NICE CAP_SYS_RESOURCE CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_SYS_BOOT CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CAP_SYS_CHROOT CAP_BLOCK_SUSPEND CAP_LEASE CAP_SYS_PACCT CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
+Environment=XDG_CACHE_HOME=/var/cache/reflector
+LockPersonality=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectSystem=strict
+ReadWritePaths=/etc/pacman.d/mirrorlist
+RemoveIPC=true
+RestrictAddressFamilies=~AF_AX25 AF_IPX AF_APPLETALK AF_X25 AF_DECnet AF_KEY AF_NETLINK AF_PACKET AF_RDS AF_PPPOX AF_LLC AF_IB AF_MPLS AF_CAN AF_TIPC AF_BLUETOOTH AF_ALG AF_VSOCK AF_KCM AF_UNIX AF_XDP
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources @privileged
+UMask=177
+
+[Install]
+WantedBy=multi-user.target
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/configs/talkingparabola/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
new file mode 120000
index 0000000..51942c8
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/sockets.target.wants/systemd-networkd.socket
@@ -0,0 +1 @@
+/usr/lib/systemd/system/systemd-networkd.socket
\ No newline at end of file
diff --git a/configs/talkingparabola/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf b/configs/talkingparabola/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
new file mode 100644
index 0000000..1b4c091
--- /dev/null
+++ b/configs/talkingparabola/airootfs/etc/systemd/system/systemd-networkd-wait-online.service.d/wait-for-only-one-interface.conf
@@ -0,0 +1,6 @@
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+[Service]
+ExecStart=
+ExecStart=/usr/lib/systemd/systemd-networkd-wait-online --any
diff --git a/configs/talkingparabola/airootfs/root/.automated_script.sh b/configs/talkingparabola/airootfs/root/.automated_script.sh
index aaf5583..ed3a924 100755
--- a/configs/talkingparabola/airootfs/root/.automated_script.sh
+++ b/configs/talkingparabola/airootfs/root/.automated_script.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 script_cmdline ()
 {
@@ -16,7 +16,7 @@ automated_script ()
     script="$(script_cmdline)"
     if [[ -n "${script}" && ! -x /tmp/startup_script ]]; then
         if [[ "${script}" =~ ^((http|https|ftp)://) ]]; then
-            wget "${script}" --retry-connrefused -q -O /tmp/startup_script >/dev/null
+            curl "${script}" --retry-connrefused -s -o /tmp/startup_script >/dev/null
             rt=$?
         else
             cp "${script}" /tmp/startup_script
diff --git a/configs/talkingparabola/airootfs/root/customize_airootfs.sh b/configs/talkingparabola/airootfs/root/customize_airootfs.sh
index 66679b2..c72644a 100755
--- a/configs/talkingparabola/airootfs/root/customize_airootfs.sh
+++ b/configs/talkingparabola/airootfs/root/customize_airootfs.sh
@@ -1,27 +1,12 @@
-#!/bin/bash
+#!/usr/bin/env bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
 
 set -e -u
 
+echo 'Warning: customize_airootfs.sh is deprecated! Support for it will be removed in a future parabolaiso version.'
+
 sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
 locale-gen
 
-ln -sf /usr/share/zoneinfo/UTC /etc/localtime
-
-usermod -s /usr/bin/zsh root
-cp -aT /etc/skel/ /root/
-chmod 700 /root
-# unset the root password
-passwd -d root
-
-sed -i 's/#\(PermitRootLogin \).\+/\1yes/' /etc/ssh/sshd_config
 sed -i "s/#Server/Server/g" /etc/pacman.d/mirrorlist
-sed -i 's/#\(Storage=\)auto/\1volatile/' /etc/systemd/journald.conf
-
-sed -i 's/#\(HandleSuspendKey=\)suspend/\1ignore/' /etc/systemd/logind.conf
-sed -i 's/#\(HandleHibernateKey=\)hibernate/\1ignore/' /etc/systemd/logind.conf
-sed -i 's/#\(HandleLidSwitch=\)suspend/\1ignore/' /etc/systemd/logind.conf
-
-systemctl enable multi-user.target pacman-init.service choose-mirror.service systemd-networkd.service systemd-resolved.service livecd-alsa-unmuter.service brltty.service
-systemctl set-default multi-user.target
-
-sed -i "s/_DATE_/$(date +%Y.%m.%d)/" /etc/motd
diff --git a/configs/talkingparabola/airootfs/root/install.txt b/configs/talkingparabola/airootfs/root/install.txt
deleted file mode 100644
index a594b97..0000000
--- a/configs/talkingparabola/airootfs/root/install.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-View this installation guide online at
-https://wiki.parabola.nu/Installation_Guide
diff --git a/configs/talkingparabola/airootfs/usr/bin/livecd-alsa-unmuter b/configs/talkingparabola/airootfs/usr/bin/livecd-alsa-unmuter
index 6de05a0..2a0d814 100755
--- a/configs/talkingparabola/airootfs/usr/bin/livecd-alsa-unmuter
+++ b/configs/talkingparabola/airootfs/usr/bin/livecd-alsa-unmuter
@@ -1,7 +1,11 @@
 #!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
 
 # Properly initialize the sound card so that we have audio at boot.
 # This script is released under the GNU General Public License.
+
+# shellcheck disable=SC1091
 source /usr/share/livecd-sound/functions
 
 preinit_levels all
diff --git a/configs/talkingparabola/airootfs/usr/bin/pick-a-card b/configs/talkingparabola/airootfs/usr/bin/pick-a-card
index 7f469e8..10f2f79 100755
--- a/configs/talkingparabola/airootfs/usr/bin/pick-a-card
+++ b/configs/talkingparabola/airootfs/usr/bin/pick-a-card
@@ -1,9 +1,12 @@
 #!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
 
 # If there are multiple usable sound cards, prompt the user to choose one,
 # using auditory feedback.
 # This script is released under the GNU General Public License.
 
+# shellcheck disable=SC1091
 source /usr/share/livecd-sound/functions
 
 nwords() {
@@ -12,7 +15,7 @@ nwords() {
 
 is_numeric() {
 	local str=$1
-	expr match "$str" '[[:digit:]]\+$' > /dev/null 2>&1
+	expr "$str" : '[[:digit:]]\+$' > /dev/null 2>&1
 }
 
 set_default_card() {
@@ -28,7 +31,7 @@ play_on_card() {
 
 set -f
 usable_cards="$(list_non_pcsp_cards)"
-num_usable_cards=$(nwords $usable_cards)
+num_usable_cards=$(nwords "$usable_cards")
 
 if [ "$num_usable_cards" -eq 1 ]; then
 	exit 0
@@ -47,7 +50,7 @@ for card in $usable_cards; do
 		continue
 	fi
 	play_on_card "$card" /usr/share/livecd-sound/sounds/beep.wav
-	if read -t 10; then
+	if read -rt 10; then
 		set_default_card "$card"
 		break
 	fi
diff --git a/configs/talkingparabola/airootfs/usr/local/bin/Installation_guide b/configs/talkingparabola/airootfs/usr/local/bin/Installation_guide
new file mode 100755
index 0000000..876fbd2
--- /dev/null
+++ b/configs/talkingparabola/airootfs/usr/local/bin/Installation_guide
@@ -0,0 +1,5 @@
+#!/bin/sh
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+exec lynx 'https://wiki.parabola.nu/Installation_Guide'
diff --git a/configs/talkingparabola/airootfs/etc/systemd/scripts/choose-mirror b/configs/talkingparabola/airootfs/usr/local/bin/choose-mirror
index 13c9f69..e8f8254 100755
--- a/configs/talkingparabola/airootfs/etc/systemd/scripts/choose-mirror
+++ b/configs/talkingparabola/airootfs/usr/local/bin/choose-mirror
@@ -1,4 +1,6 @@
 #!/bin/bash
+#
+# SPDX-License-Identifier: GPL-3.0-or-later
 
 get_cmdline() {
     local param