updated the installer so that it should actually work

scripts/01-cosmic-setup.sh

@@ -5,22 +5,23 @@ MOUNT_POINT="/mnt"
 
 echo "Setting up Cosmic Desktop..."
 
-echo "Configuring display manager..."
+# Enable Cosmic services
 systemctl enable cosmic-greeter
 
-echo "Installing additional Cosmic components..."
+# Install additional Cosmic components
 pacman -S --noconfirm --needed \
     cosmic-files \
     cosmic-edit \
     cosmic-term \
     cosmic-store \
-    cosmic-settings
+    cosmic-settings \
+    xwayland-satellite
 
-echo "Setting up user environment..."
+# Configure Cosmic with Kanagawa Dragon theme
 if [ -n "$SUDO_USER" ]; then
     USER_HOME="/home/$SUDO_USER"
-    mkdir -p "$USER_HOME/.config"
+    mkdir -p "$USER_HOME/.config/cosmic"
     chown -R "$SUDO_USER:$SUDO_USER" "$USER_HOME/.config"
 fi
 
-echo "Cosmic Desktop setup complete!"
+echo "Cosmic Desktop setup complete!"

scripts/02-hardening.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 set -e
 
-echo "Applying system hardening..."
+echo "Applying Miasma OS system hardening..."
 
-echo "Configuring kernel parameters..."
-cat > /etc/sysctl.d/99-hardening.conf << 'EOF'
+# Configure kernel parameters
+cat > /etc/sysctl.d/99-miasma-hardening.conf << 'EOF'
+# Miasma OS Security Hardening
 kernel.dmesg_restrict = 1
 kernel.kptr_restrict = 2
 kernel.unprivileged_bpf_disabled = 1
@@ -21,17 +22,28 @@ net.ipv4.conf.default.send_redirects = 0
 net.ipv4.icmp_echo_ignore_all = 1
 EOF
 
-echo "Configuring firewall..."
-pacman -S --noconfirm --needed ufw
-systemctl enable ufw
-ufw default deny incoming
-ufw default allow outgoing
-ufw enable
+# Configure nftables (replacing ufw)
+pacman -S --noconfirm --needed nftables
+systemctl enable nftables
+# Basic nftables rules will be configured on first boot
 
-echo "Setting secure umask..."
+# Set secure umask
 echo "umask 077" >> /etc/profile
 
-echo "Disabling core dumps..."
+# Disable core dumps
 echo "* hard core 0" >> /etc/security/limits.conf
 
-echo "System hardening complete!"
+# Blacklist vulnerable modules (based on Secureblue)
+cat > /etc/modprobe.d/blacklist-miasma.conf << 'EOF'
+# Miasma OS module blacklisting
+blacklist dccp
+blacklist sctp
+blacklist rds
+blacklist tipc
+blacklist n_hdlc
+blacklist bluetooth
+blacklist net-pf-31
+blacklist uvcvideo
+EOF
+
+echo "System hardening complete!"

scripts/03-miasma-features.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+echo "Installing Miasma OS additional features..."
+
+# Install Chromium with Wayland support (using regular chromium as ungoogled-chromium requires custom AUR)
+pacman -S --noconfirm --needed chromium
+
+# Install Oh My Zsh for the user
+pacman -S --noconfirm --needed oh-my-zsh-git
+
+# Install LazyVim configuration for Neovim
+# This will be set up in the user's home directory on first login
+
+# Install Kanagawa Dragon theme components
+pacman -S --noconfirm --needed kanagawa-kde
+
+# Install vulnerability checking tools
+pacman -S --noconfirm --needed spectre-meltdown-checker
+
+echo "Additional features installed!"