{"id":49271057,"url":"https://github.com/p10ns11y/arch-machine","last_synced_at":"2026-05-30T07:03:07.634Z","repository":{"id":350307327,"uuid":"1204051495","full_name":"p10ns11y/arch-machine","owner":"p10ns11y","description":"**The only Arch Linux setup that audits itself harder than your ex audits your text messages 👀💔**.  Meet arch-machine 🛡️🤖 — your AI-forged, profile-based Arch Linux fortress 🏰 that turns a fresh install into a paranoid, self-healing, ML/AI-ready workstation ⚡ faster than you can say “yay/paru/pacman … oh god why is it still compiling” 😩�","archived":false,"fork":false,"pushed_at":"2026-05-28T19:56:13.000Z","size":816,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"sentinel","last_synced_at":"2026-05-28T20:04:07.277Z","etag":null,"topics":["agents","ai","archlinux","devex","installers","ml","security","sentinels","shell","system-audit","tools","virusscan","vulenrability"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p10ns11y.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS-MOTTO.md","dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-07T16:37:16.000Z","updated_at":"2026-05-28T19:30:33.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/p10ns11y/arch-machine","commit_stats":null,"previous_names":["p10ns11y/arch-machine"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/p10ns11y/arch-machine","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p10ns11y%2Farch-machine","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p10ns11y%2Farch-machine/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p10ns11y%2Farch-machine/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p10ns11y%2Farch-machine/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p10ns11y","download_url":"https://codeload.github.com/p10ns11y/arch-machine/tar.gz/refs/heads/sentinel","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p10ns11y%2Farch-machine/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33682998,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-30T02:00:06.278Z","response_time":92,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","ai","archlinux","devex","installers","ml","security","sentinels","shell","system-audit","tools","virusscan","vulenrability"],"created_at":"2026-04-25T13:42:13.334Z","updated_at":"2026-05-30T07:03:07.626Z","avatar_url":"https://github.com/p10ns11y.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# arch-machine\n\n\u003cimg src=\"tinfoil.jpg\" alt=\"tinfoil\" width=\"140\" style=\"display: block; margin: auto;\"\u003e\n\n\nProfile-based bootstrap and maintenance system for Arch Linux workstations focused on ML/AI development and security hardening.\n\n[![CI](https://github.com/p10ns11y/arch-machine/actions/workflows/ci.yml/badge.svg)](https://github.com/p10ns11y/arch-machine/actions/workflows/ci.yml)\n[![ShellCheck](https://github.com/p10ns11y/arch-machine/actions/workflows/ci.yml/badge.svg?job=shellcheck)](https://github.com/p10ns11y/arch-machine/actions)\n[![Evidence](https://img.shields.io/badge/evidence-first-blue)](https://github.com/p10ns11y/arch-machine/tree/sentinel#evidence--the-differentiator)\n\nFor a more entertaining introduction, see [FUNREADME.md](FUNREADME.md) – where security meets humor.\n\n## Prerequisites\n\n- **Arch Linux** (primary target)\n- **Internet access** for downloads\n- **sudo privileges** for system operations\n- **yq** or **jq** for YAML/JSON processing (auto-installed if missing)\n\n## Safety Note\n\nThe security-dev profile includes security hardening and scans. Review [Safety \u0026 Requirements](docs/SECURITY.md) before choosing profiles.\n\n## Quick Start (Thin Sentinel First)\n\n```bash\n# Clone the repository\ngit clone \u003crepository-url\u003e\ncd arch-machine\n\n# Make scripts executable\nchmod +x install.sh migrate.sh\n\n# 1. Thin install (default — recommended first step)\n#    Only the tinfoil guardian CLI + TUI. Fast, minimal footprint.\n./install.sh\n#    (or ./install.sh --thin)\n\n# 2. Use the sentinel immediately\ntinfoil tui              # interactive menus (audit, profiles, remediation, evidence)\ntinfoil                  # quick global audit\n\n# 3. Later — full hardened workstation (via same installer or from the TUI)\n./install.sh --profile ml-dev\n# or\n./install.sh --profile security-dev\n\n# Post-installation (after full profile)\nmaintenance/systemd-setup.sh setup\n```\n\n## Installation Profiles\n\n### `minimal`\nBasic development tools (git, python, node, rust) and essential system packages.\n\n### `ml-dev` (Recommended)\nEverything in `minimal` plus ROCm GPU acceleration, ML/AI environments, and data science packages.\n\nPre-configured Conda environments:\n- **ai_amd**: AI/ML environment with PyTorch, ROCm GPU support, JupyterLab, and essential data science packages (numpy, pandas, scikit-learn, xgboost, etc.)\n- **xai_exp**: Experimental AI environment with similar packages optimized for latest Python versions\n\n### `security-dev`\nEverything in `minimal` plus Kubernetes security hardening, runtime monitoring, and encrypted storage.\n\nSee [Installation Guide](docs/INSTALLATION.md) for detailed profile information and customization options.\n\n## Adapting for Other Distributions\n\n#### Ubuntu/Debian\n```bash\n# Replace pacman with apt\nsed -i 's/pacman -S/apt install/g' modules/system/install.sh\n\n# Update package names\n# arch-package → debian-package equivalents\n# Example: reflector → apt update\n```\n\n#### Fedora/RHEL/CentOS\n```bash\n# Replace pacman with dnf/yum\nsed -i 's/pacman -S/dnf install/g' modules/system/install.sh\n\n# Update service management\n# systemctl → systemctl (same, but check init system)\n```\n\n#### General Adaptation Steps\n1. **Update Package Manager**: Replace `pacman` calls with your distro's package manager\n2. **Service Management**: Verify systemd compatibility (most modern distros use it)\n3. **Package Names**: Update package names to match your distribution\n4. **Paths**: Check `/usr/local/bin`, `/etc/systemd/system` availability\n5. **Dependencies**: Ensure `yq`, `jq`, `curl`, `git` are available\n\n#### Testing on Other Distros\n```bash\n# Test package manager detection\n./install.sh --validate\n\n# Dry run installation\n./install.sh --profile minimal --dry-run\n\n# Check for missing packages\ngrep \"pacman -S\" modules/system/install.sh\n```\n\n## Maintenance\n\nThe system includes automated weekly maintenance for system updates, security scans, and health monitoring.\n\n- **Automated**: Runs weekly via systemd timers\n- **Manual**: Individual maintenance scripts in `maintenance/`\n- **Evidence Extraction**: Generates AI-optimized evidence bundles from logs\n\nSee [Maintenance Guide](docs/MAINTENANCE.md) for complete maintenance documentation.\n\n## Interactive TUI (New in 2026 Sentinel)\n\nLaunch the beautiful gum-powered vigilant control center:\n\n```bash\ntinfoil tui          # after system install (or go run bin/tinfoil.go tui in dev)\n./install.sh --tui   # during setup\n```\n\nFlows include:\n- 🔍 Full security audit (live vulns, SBOM, Lynis...)\n- 🧹 Policy-guided remediation (ruthless audit → kill, with multiple confirms)\n- 📦 Profile installer with live yq-powered module toggles + dry-run\n- 📜 Evidence extraction, maintenance, log browser (fzf)\n- Humorous self-aware tone: \"The Sentinel sees your choices, citizen\"\n\nZero extra deps beyond what's already in the fortress. Pure shell + gum.\n\n## Key Features\n\n- **Modular Installation**: Choose from different profiles\n- **Automated Maintenance**: Weekly system updates and security scans\n- **Backup \u0026 Recovery**: Configuration backups with rollback\n- **Log Evidence Extraction**: Token-efficient AI agent integration\n- **Migration Support**: Seamless transition from existing setups\n\n## Project Structure\n\n```\narch-machine/\n├── config/                 # Tool definitions and profiles\n├── modules/                # Installation modules\n├── maintenance/            # Maintenance and automation\n├── lib/                    # Shared libraries\n├── systemd/                # Systemd units\n├── logs/                   # Log files and reports\n└── docs/                   # Detailed documentation\n```\n\n## Documentation\n\n- [Safety \u0026 Requirements](docs/SECURITY.md) - Important safety information and system requirements\n- [Installation Guide](docs/INSTALLATION.md) - Detailed setup and profiles\n- [Maintenance Guide](docs/MAINTENANCE.md) - System maintenance and automation\n- [Evidence Extraction](docs/EVIDENCE.md) - AI-optimized log processing (legacy content in EVIDENCE-EXTRACTION.md during transition)\n- [Backup Guide](docs/BACKUP.md) - Backup and recovery procedures\n- [Troubleshooting](docs/TROUBLESHOOTING.md) - Common issues and solutions\n- [Development](docs/DEVELOPMENT.md) - Contributing and development guide\n- [Author's Motto](AUTHORS-MOTTO.md) - Project philosophy (\"Solve your own machine first, then empower others to adapt\") — prominently linked from docs/INDEX.md too. Full sentinel lore lives only in [FUNREADME.md](FUNREADME.md).\n\n## Verification\n\nAfter installation, verify your setup:\n\n```bash\n# Run comprehensive validation\n./install.sh --validate\n\n# Check maintenance status\nmaintenance/systemd-setup.sh status\n\n# View recent logs\ntail logs/installer.log\n```\n\n## License\n\nSee LICENSE file for details.\n\n## Contributing\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Test thoroughly\n5. Submit a pull request\n\nPlease ensure all changes include appropriate logging and error handling.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp10ns11y%2Farch-machine","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp10ns11y%2Farch-machine","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp10ns11y%2Farch-machine/lists"}