steam-backlog-enforcer/install.sh
Krzysztof kuhy Rudnicki 7554b58ab7
Some checks are pending
pre-commit / pre-commit (push) Waiting to run
Tests / test (3.10) (push) Waiting to run
Tests / test (3.11) (push) Waiting to run
Tests / test (3.12) (push) Waiting to run
feat: add block-gaming command (Stage 4) + guard-lib migration cleanup
Adds `block-gaming <days>`: uninstalls Steam, kills/uninstalls known game
launchers, and blocks Steam + game-website domains (hosts + iptables) for a
fixed number of days with no in-app way to lift it early. Enforcement is
tamper-resistant via guard-lib's package-block (bind-mounted lock file) and
re-asserted every enforce tick.

Also migrates store_blocker.py's hosts-file locking from raw chattr/mount
calls to guard-lib's file-guard, using the new `sync` subcommand (not
`pacman-relock`) so our own legitimate edits aren't reverted as drift.

Fixes found during live verification:
- iptables never blocked real IPs because DNS was resolved after /etc/hosts
  already redirected every blocked domain to 0.0.0.0 locally - reordered so
  iptables resolves first.
- Game-website blocks only covered bare apex domains; sites that
  301-redirect to www (e.g. newgrounds.com) sailed right through - added
  automatic www. variant generation.
- Launchers (e.g. prismlauncher) were only killed, never uninstalled -
  added best-effort pacman-package removal keyed off /proc/<pid>/exe.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01AFNiYQQgSLAkiBXswyimPq
2026-07-04 11:45:54 +02:00

61 lines
2.3 KiB
Bash
Executable File

#!/usr/bin/env bash
# Install script for Steam Backlog Enforcer.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
echo "=== Steam Backlog Enforcer Installer ==="
echo
# Install Python deps.
echo "Installing Python dependencies..."
pip3 install --break-system-packages requests howlongtobeatpy 2>/dev/null \
|| pip3 install requests howlongtobeatpy
# 'block-gaming' depends on guard-lib (guardctl) for tamper-resistant
# locking. Not fatal if missing - the rest of this tool works without it.
echo
echo "Checking for guard-lib (required by 'block-gaming')..."
if command -v guardctl >/dev/null 2>&1; then
echo "guardctl found on PATH."
elif [[ -x "$HOME/guard-lib/install.sh" ]]; then
echo "guardctl not found - installing guard-lib from $HOME/guard-lib..."
if [[ $EUID -eq 0 ]]; then
bash "$HOME/guard-lib/install.sh"
else
echo "guard-lib install needs root: sudo bash \"$HOME/guard-lib/install.sh\""
echo "('block-gaming' will not work until that is done; the rest of this tool is unaffected.)"
fi
else
echo "Warning: guardctl not found and ~/guard-lib is not present."
echo "'block-gaming' requires guard-lib - set up ~/guard-lib and run its install.sh, then re-run this installer."
echo "(The rest of this tool is unaffected.)"
fi
# Install systemd service (system-level, runs as root).
read -rp "Install systemd enforce service? [y/N] " ans
if [[ "${ans,,}" == "y" ]]; then
if [[ $EUID -ne 0 ]]; then
echo "Error: systemd service install needs root. Re-run with sudo."
exit 1
fi
SERVICE_SRC="$SCRIPT_DIR/steam-backlog-enforcer.service"
SERVICE_DST="/etc/systemd/system/steam-backlog-enforcer.service"
# Set the correct working directory and PYTHONPATH in the service file.
sed "s|WorkingDirectory=.*|WorkingDirectory=$SCRIPT_DIR|; s|PYTHONPATH=.*|PYTHONPATH=$SCRIPT_DIR|" \
"$SERVICE_SRC" > "$SERVICE_DST"
systemctl daemon-reload
systemctl enable steam-backlog-enforcer
echo "Service installed and enabled."
echo " Start now: sudo systemctl start steam-backlog-enforcer"
echo " Check: sudo systemctl status steam-backlog-enforcer"
echo " Logs: sudo journalctl -u steam-backlog-enforcer -f"
fi
echo
echo "Done! Run manually with:"
echo " python3 -m steam_backlog_enforcer.main enforce"