Add 4 configurable profiles (stable-cinnamon, stable-niri,
mainline-cinnamon, mainline-niri) with a single unified build
entry point.
- iso/build.sh: replaces build-iso.sh / build-live-iso.sh /
build-niri-live-iso.sh; accepts --profile and --type flags
- iso/_inner-build-unified.sh: replaces the three _inner-build-*.sh
scripts; branches on BUILD_TYPE / DESKTOP / KERNEL_PKG env vars
- config/profiles/stable-niri/: new — linux (k6) + niri/Wayland/noctalia
- config/profiles/mainline-cinnamon/: new — linux-mainline (k7) + Cinnamon/X11
- config/profiles/mainline-niri/packages.live.list: symlink added
- config/profiles/stable-cinnamon/packages.live.list: symlink added
- Makefile: PROFILE variable (default stable-cinnamon), shellcheck updated
- installer/install.sh: respects DEFAULT_PROFILE env (set by live ISO)
- tests/run-qemu-test.sh: passes PROFILE through to build and overlay
Live ISOs embed the installer pre-configured for the same profile
they were built with (DEFAULT_PROFILE in /etc/profile.d/).
- Add nvidia/nvidia-dkms/nvidia-libs-32bit/nvidia-vaapi-driver to niri
live and installed profiles; wireless-regdb and sof-firmware to all
profiles (fixes regulatory.db and SOF firmware dmesg errors)
- iso/postsetup-nvidia.sh: new mklive -x hook that re-runs dracut inside
the rootfs chroot after the overlay is applied; ensures the squashfs
initramfs includes nvidia.ko and omits nouveau.ko at build time —
no driver install needed at runtime (fixes /run tmpfs overflow that was
killing wireplumber by corrupting D-Bus sockets)
- Both ISO inner build scripts gain -x postsetup-nvidia.sh and the nonfree
repo flag so nvidia packages resolve correctly
- niri config: wireplumber started via supervisor loop (waits for PipeWire
socket, auto-restarts on crash) replacing the one-shot exec — survives
any D-Bus or pipewire disruption
- build-niri-live-iso.sh: NVIDIA modprobe blacklist-nouveau.conf,
btusb-quirks.conf, modules-load.d/nvidia.conf, dracut/10-nvidia.conf,
Xorg intel/nvidia configs, prime-run helper, elogind run script loop
guard, timezone Europe/Zurich overlay, updated BOOT_CMDLINE
- build-live-iso.sh: same NVIDIA + timezone + sound udev rule overlays;
live-setup.sh timezone and audio group fix
- installer/lib/grub.sh: GRUB_CMDLINE_LINUX_DEFAULT gains
nvidia-drm.modeset=1 rd.driver.blacklist=nouveau btusb.enable_autosuspend=0
- installer/lib/postinstall.sh: configure_nvidia_prime() adds
blacklist-nouveau.conf, btusb-quirks.conf, dracut omit_drivers nouveau,
modules-load.d with all four nvidia modules
Installs /usr/local/bin/git-askpass (uses zenity or qarma) and sets
core.askPass in /etc/gitconfig. Git now pops a GUI dialog for username/
password instead of trying to open /dev/tty, which fails in headless
contexts (scripts, Claude Code terminal).
Adds zenity to live desktop package lists for both niri and cinnamon profiles.
Propagated to: both live ISO builders and the installer postinstall.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Prevents git from trying to open /dev/tty for password prompts in
environments without a controlling terminal (live ISO, scripts, Claude Code).
Credentials stored once in ~/.git-credentials and reused automatically.
Applied to: both live ISO include overlays and the installer target system.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Store ownership: chown -R 1000:1000 at Docker build time (not runtime)
so the live user can create lock files without flooding the tmpfs overlay
- nix.conf: add build-users-group= to force single-user mode and avoid
daemon connection attempts (xbps nix-daemon v2.30.2 incompatible with
pre-baked nix v2.34.6)
- profile.d: export NIX_REMOTE=local and NIXPKGS_ALLOW_UNFREE=1; wrap nix()
to append --impure so flake installs work without extra flags
- Skel: add ~/.config/nixpkgs/config.nix with allowUnfree=true
- postinstall.sh: fix daemon socket path (/nix/var/nix/...), write
~/.config/nixpkgs/config.nix for installed user
- first-login.sh: add NIX_REMOTE=local alongside NIXPKGS_ALLOW_UNFREE=1
- Remove nix-daemon from live ISO services (wrong version for pre-baked client)
- Misc: bluetooth group, package list reorg, skip vscode install for niri profile
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Instead of downloading at first login, everything is ready at boot:
- iso/build-live-iso.sh:
* apply-live-settings.sh XDG autostart applies theme/wallpaper/terminal
via gsettings at first Cinnamon login (reliable vs dconf binary format)
* /etc/environment: XDG_DATA_DIRS includes nix profile so Cinnamon menu
shows pre-baked nix apps immediately
* /etc/profile.d/nix-prebaked.sh: PATH setup for terminal sessions
* first-login.sh kept at /usr/local/libexec but NOT autostarted (manual
use for Claude/NVM installs)
* NIX_PACKAGES_PREBAKE passed to Docker build
- iso/_inner-build-live.sh:
* Pre-bake nix packages inside Docker before mklive.sh; copy /nix store
into squashfs overlay; set /etc/skel/.nix-profile → store profile path
* Cached at /cache/nix-prebake (keyed by package list md5)
- iso/Dockerfile: add rsync (needed by nix prebake)
- packages.live-desktop.list: add vscode + chromium (XBPS, no download)
- iso/build-live-iso.sh: copy install.sh+lib/ to /usr/local/lib/void-installer/,
config+profiles to /usr/local/share/installer/, bake secrets.env as
/etc/installer-secrets.env, add 'Install Void Linux' .desktop launcher
(opens alacritty+sudo), create /usr/local/bin/void-install wrapper
- installer/first-login.sh: skip nix profile add when /nix has <4GB free
(live tmpfs overlay fills up with ~3-4GB of nix packages); packages are
installed on first login after the system is installed instead
- nix.conf: max-jobs=2 http-connections=10 to limit RAM during nix
package downloads in the live session (was causing OOM with 4GB)
- sha256sum tee: add || true so pipefail doesn't mark BUILD FAILED
when sha256sum writes to the Docker-relative path after the ISO
is already successfully created outside the container
When the DHCP-provided nameserver fails (QEMU 10.0.2.3, slow/broken DNS),
first-login.sh would spin forever waiting for network. Add a live-setup.sh
step that replaces 10.0.2.3 with 8.8.8.8/1.1.1.1 so first-login always
has working DNS immediately on login.
getent blocks indefinitely when the nameserver is unreachable (QEMU 10.0.2.3,
or any network where DNS responds slowly). Replace with curl --connect-timeout 3
which has a hard 3s per-attempt timeout and is independent of the NSS stack.
- dconf 00-cinnamon: add org.cinnamon+gnome.desktop.default-applications.terminal
exec='alacritty' exec-arg='-e' so Nemo right-click → Open in Terminal works
- dconf locks/keyboard: lock input-sources/sources and terminal exec keys so
csd-keyboard doesn't reset them to defaults on first session start
- build-live-iso.sh: add code-open wrapper script (/usr/local/bin/code-open)
that finds 'code' in the live user's nix profile; add open-in-vscode
Nemo action to /usr/share/nemo/actions/
- config/install.conf: add nixpkgs#vscode to NIX_USER_PACKAGES
- packages.live-desktop.list: add setxkbmap (needed by csd-keyboard to
apply XKB keyboard layout)
- first-login.sh: remove nix-env --switch-profile (caused .nix-profile->
.nix-profile circular symlink, breaking all nix profile commands and
causing ELOOP on any exec via nix PATH including xz/tar/node)
- first-login.sh: add circular symlink guard before nix profile add
- first-login.sh: nix profile install -> nix profile add (deprecated alias)
- live-setup.sh: strip mdns from nsswitch.conf hosts line at boot (no
libnss_mdns/Avahi in live; caused first-login DNS hang)
- docs/LIVE_ISO.md: document all three issues and their fixes
