From fd13e821d9aab50b858a411bc1b739d2b9742c5b Mon Sep 17 00:00:00 2001
From: Declan Teevan <dt@hexolan.com>
Date: Sun, 8 Feb 2026 15:35:32 +0000
Subject: [PATCH] feat(distro): security pkg stubs

Left out tooling like `clamav`, for now, as not really looking to
bootstrap installs with that.

Sandboxes are pretty sufficient a lot of the time (+ setting up
`opensnitch` / some other connection-level firewall).
---
 distro/arch/setup.sh   | 22 ++++++++++++++++++++--
 distro/debian/setup.sh | 27 +++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/distro/arch/setup.sh b/distro/arch/setup.sh
index 1c6ce93..fafd5b0 100644
--- a/distro/arch/setup.sh
+++ b/distro/arch/setup.sh
@@ -31,9 +31,20 @@ AUR_APPS = (
   # insomnia
 )
 
+# Security Apps
+ARCH_SECURITY_APPS = (
+  apparmor
+  firejail
+)
+
+ARCH_SECURITY_AUR_APPS = (
+  # NOTE: These apparmor profiles aren't *ALWAYS* the best on Arch without modification
+  # apparmor.d
+)
+
 # TODO: customise install level within script
 # select custom 'packages' / 'apps' (minimal dots, core apps/cfgs only, etc)
-HYPR_APPS = (
+ARCH_HYPR_APPS = (
   hyprland
   hyprlock
   hypridle
@@ -42,7 +53,7 @@ HYPR_APPS = (
   waybar
 )
 
-HYPR_AUR_APPS = (
+ARCH_HYPR_AUR_APPS = (
   awww-git
 )
 
@@ -52,3 +63,10 @@ HYPR_AUR_APPS = (
 # Install Scripts
 #
 
+# TODO
+
+#
+# Enable Services (systemd)
+#
+
+# todo: also support for non systemd setups / alternatives
\ No newline at end of file
diff --git a/distro/debian/setup.sh b/distro/debian/setup.sh
index a9bf588..3f3a10a 100644
--- a/distro/debian/setup.sh
+++ b/distro/debian/setup.sh
@@ -1 +1,28 @@
 #!/bin/bash
+
+#
+# Repository Setup
+#
+
+# TODO: adding additional repositories for packages
+sudo apk add
+
+#
+# Packages
+#
+
+STANDARD_PKGS = (
+    build-essential
+
+    fastfetch
+    kitty
+    zoxide
+
+    neovim
+)
+
+# TODO: auditd, apparmor, firejail setups within script (+ apparmor cfgs?)
+# these have better support on Ubuntu/Debian (than a distro like Arch), from testing and usage: https://github.com/roddhjav/apparmor.d
+SECURITY_PKGS = (
+
+)
\ No newline at end of file