Update base setup
This commit is contained in:
Tobias Strobel
parent
70e10f4cc2
commit
143895bf01
178
install.sh
178
install.sh
|
|
@ -117,46 +117,55 @@ echo -e "\n### Setting up partitions"
|
|||
umount -R /mnt 2> /dev/null || true
|
||||
cryptsetup luksClose luks 2> /dev/null || true
|
||||
|
||||
lsblk -plnx size -o name "${device}" | xargs -n1 wipefs --all
|
||||
sgdisk --clear "${device}" --new 1::-551MiB "${device}" --new 2::0 --typecode 2:ef00 "${device}"
|
||||
sgdisk --change-name=1:primary --change-name=2:ESP "${device}"
|
||||
|
||||
part_root="$(ls "${device}"* | grep -E "^${device}p?1$")"
|
||||
part_boot="$(ls "${device}"* | grep -E "^${device}p?2$")"
|
||||
sgdisk --zap-all "${device}"
|
||||
sgdisk --clear \
|
||||
--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
|
||||
--new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \
|
||||
--new=3:0:0 --typecode=3:8300 --change-name=3:cryptsystem \
|
||||
"${device}"
|
||||
|
||||
echo -e "\n### Formatting partitions"
|
||||
mkfs.vfat -n "EFI" -F 32 "${part_boot}"
|
||||
echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id --label luks "${part_root}"
|
||||
echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "${part_root}" luks
|
||||
mkfs.btrfs -L btrfs /dev/mapper/luks
|
||||
# Boot partition
|
||||
mkfs.vfat -F 32 -n "EFI" /dev/disk/by-partlabel/EFI
|
||||
|
||||
# Swap partition
|
||||
cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
|
||||
mkswap -L swap /dev/mapper/swap
|
||||
swapon -L swap
|
||||
|
||||
# System partition
|
||||
echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id "/dev/disk/by-partlabel/cryptsystem"
|
||||
echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "/dev/disk/by-partlabel/cryptsystem" system
|
||||
mkfs.btrfs --force --label system /dev/mapper/system
|
||||
|
||||
echo -e "\n### Setting up BTRFS subvolumes"
|
||||
mount /dev/mapper/luks /mnt
|
||||
btrfs subvolume create /mnt/root
|
||||
btrfs subvolume create /mnt/home
|
||||
btrfs subvolume create /mnt/pkgs
|
||||
btrfs subvolume create /mnt/aurbuild
|
||||
btrfs subvolume create /mnt/archbuild
|
||||
btrfs subvolume create /mnt/docker
|
||||
btrfs subvolume create /mnt/logs
|
||||
btrfs subvolume create /mnt/temp
|
||||
btrfs subvolume create /mnt/swap
|
||||
btrfs subvolume create /mnt/snapshots
|
||||
umount /mnt
|
||||
o=defaults,x-mount.mkdir
|
||||
o_btrfs=$o,compress=zstd,ssd,noatime
|
||||
|
||||
mount -o noatime,compress=zstd,subvol=root /dev/mapper/luks /mnt
|
||||
mkdir -p /mnt/{mnt/btrfs-root,efi,home,var/{cache/pacman,log,tmp,lib/{aurbuild,archbuild,docker}},swap,.snapshots}
|
||||
mount "${part_boot}" /mnt/efi
|
||||
mount -o noatime,compress=zstd,subvol=/ /dev/mapper/luks /mnt/mnt/btrfs-root
|
||||
mount -o noatime,compress=zstd,subvol=home /dev/mapper/luks /mnt/home
|
||||
mount -o noatime,compress=zstd,subvol=pkgs /dev/mapper/luks /mnt/var/cache/pacman
|
||||
mount -o noatime,compress=zstd,subvol=aurbuild /dev/mapper/luks /mnt/var/lib/aurbuild
|
||||
mount -o noatime,compress=zstd,subvol=archbuild /dev/mapper/luks /mnt/var/lib/archbuild
|
||||
mount -o noatime,compress=zstd,subvol=docker /dev/mapper/luks /mnt/var/lib/docker
|
||||
mount -o noatime,compress=zstd,subvol=logs /dev/mapper/luks /mnt/var/log
|
||||
mount -o noatime,compress=zstd,subvol=temp /dev/mapper/luks /mnt/var/tmp
|
||||
mount -o noatime,compress=zstd,subvol=swap /dev/mapper/luks /mnt/swap
|
||||
mount -o noatime,compress=zstd,subvol=snapshots /dev/mapper/luks /mnt/.snapshots
|
||||
mount -t btrfs LAEL=system /mnt
|
||||
btrfs subvolume create /mnt/@root
|
||||
btrfs subvolume create /mnt/@home
|
||||
btrfs subvolume create /mnt/@snapshots
|
||||
btrfs subvolume create /mnt/@pkgs
|
||||
btrfs subvolume create /mnt/@aurbuild
|
||||
btrfs subvolume create /mnt/@archbuild
|
||||
btrfs subvolume create /mnt/@docker
|
||||
btrfs subvolume create /mnt/@logs
|
||||
btrfs subvolume create /mnt/@temp
|
||||
umount -R /mnt
|
||||
|
||||
mount -t btrfs -o subvol=@root,$o_btrfs LABEL=system /mnt
|
||||
mount -t btrfs -o subvol=@home,$o_btrfs LABEL=system /mnt/home
|
||||
mount -t btrfs -o subvol=@snapshots,$o_btrfs LABEL=system /mnt/.snapshots
|
||||
mount -t btrfs -o subvol=@pkgs,$o_btrfs LABEL=system /mnt/var/cache/pacman
|
||||
mount -t btrfs -o subvol=@aurbuild,$o_btrfs LABEL=system /mnt/var/lib/aurbuild
|
||||
mount -t btrfs -o subvol=@archbuild,$o_btrfs LABEL=system /mnt/var/lib/archbuild
|
||||
mount -t btrfs -o subvol=@docker,$o_btrfs LABEL=system /mnt/var/lib/docker
|
||||
mount -t btrfs -o subvol=@logs,$o_btrfs LABEL=system /mnt/var/log
|
||||
mount -t btrfs -o subvol=@tmp,$o_btrfs LABEL=system /mnt/var/temp
|
||||
|
||||
#mount LABEL=EFI /mnt/efi
|
||||
mount -o $o LABEL=EFI /mnt/boot
|
||||
|
||||
echo -e "\n### Configuring custom repo"
|
||||
mkdir "/mnt/var/cache/pacman/${user}-local"
|
||||
|
|
@ -198,7 +207,7 @@ fs_packages=(
|
|||
)
|
||||
network_packages=(
|
||||
"iwd"
|
||||
"systemd-resolvconf"
|
||||
"NetworkManager"
|
||||
)
|
||||
basic_packages=(
|
||||
"man-db"
|
||||
|
|
@ -212,22 +221,22 @@ basic_packages=(
|
|||
"htop"
|
||||
"fzf"
|
||||
"sudo"
|
||||
"pipewire"
|
||||
"pipewire-pulse"
|
||||
"pipewire-jack"
|
||||
"wireplumber"
|
||||
"firefox"
|
||||
"firefox-i18n-de"
|
||||
"firefox-ublock-origin"
|
||||
"firefox-dark-reader"
|
||||
"aurutils" # from maximbaz repo
|
||||
"devtools" # tools for aurutils
|
||||
"docbook-xls" # depenency of plymouth-git
|
||||
"efitools" # provides KeyTool
|
||||
"libfido2" # for systemd-cryptenroll
|
||||
"bluez"
|
||||
"bluez-utils"
|
||||
"usbutils" # for lsusb
|
||||
#"pipewire"
|
||||
#"pipewire-pulse"
|
||||
#"pipewire-jack"
|
||||
#"wireplumber"
|
||||
#"firefox"
|
||||
#"firefox-i18n-de"
|
||||
#"firefox-ublock-origin"
|
||||
#"firefox-dark-reader"
|
||||
#"aurutils" # from maximbaz repo
|
||||
#"devtools" # tools for aurutils
|
||||
#"docbook-xls" # depenency of plymouth-git
|
||||
#"efitools" # provides KeyTool
|
||||
#"libfido2" # for systemd-cryptenroll
|
||||
#"bluez"
|
||||
#"bluez-utils"
|
||||
#"usbutils" # for lsusb
|
||||
)
|
||||
all_packages=(
|
||||
${kernel_packages[@]}
|
||||
|
|
@ -239,50 +248,49 @@ all_packages=(
|
|||
pacstrap /mnt base base-devel arch-secure-boot chezmoi ${all_packages[@]}
|
||||
|
||||
echo -e "\n### Generating base config files"
|
||||
genfstab -L -p /mnt >> /mnt/etc/fstab
|
||||
sed -i "s+LABEL=swap+/dev/mapper/swap" /mnt/etc/fstab
|
||||
echo "cryptswap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,cipher=aes-xts-plain64,size=256" >> /mnt/etc/crypttab
|
||||
|
||||
genfstab -L /mnt >> /mnt/etc/fstab
|
||||
systemd-nspawn -bD /mnt
|
||||
|
||||
echo "FONT=$font" > /mnt/etc/vconsole.conf
|
||||
echo "KEYMAP=de-latin1" >> /mnt/etc/vconsole.conf
|
||||
echo "${hostname}" > /mnt/etc/hostname
|
||||
sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /mnt/etc/locale.gen
|
||||
sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /mnt/etc/locale.gen
|
||||
echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
|
||||
arch-chroot /mnt locale-gen
|
||||
sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /etc/locale.gen
|
||||
sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /etc/locale.gen
|
||||
locale-gen
|
||||
|
||||
ln -sf /usr/share/zoneinfo/Europe/Berlin /mnt/etc/localtime
|
||||
|
||||
echo "$hostname" > /mnt/etc/hostname
|
||||
echo -e "127.0.0.1\tlocalhost" >>/mnt/etc/hosts
|
||||
echo -e "127.0.1.1\t$hostname" >>/mnt/etc/hosts
|
||||
echo -e "\n::1\tlocalhost" >>/mnt/etc/hosts
|
||||
|
||||
echo -e "\n### Configuring swap file"
|
||||
swap_size=$(free --mebi | awk '/Mem:/ {print $2}')
|
||||
swap_end=$(( $swap_size + 129 + 1 ))MiB
|
||||
truncate -s 0 /mnt/swap/swapfile
|
||||
chattr +C /mnt/swap/swapfile
|
||||
btrfs property set /mnt/swap/swapfile compression none
|
||||
fallocate -l $swap_end /mnt/swap/swapfile
|
||||
chmod 600 /mnt/swap/swapfile
|
||||
mkswap /mnt/swap/swapfile
|
||||
echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab
|
||||
systemd-firstboot \
|
||||
--locale="en_US.UTF-8" \
|
||||
--keymap="de-latin1" \
|
||||
--timezone="Europe/Berlin" \
|
||||
--hostname="${hostname}" \
|
||||
--setup-machine-id
|
||||
echo "FONT=$font" > /etc/vconsole.conf
|
||||
echo -e "127.0.0.1\tlocalhost" >> /etc/hosts
|
||||
echo -e "127.0.1.1\t$hostname" >> /etc/hosts
|
||||
echo -e "\n::1\tlocalhost" >> /etc/hosts
|
||||
timedatectl set-ntp 1
|
||||
|
||||
echo -e "\n### Creating user"
|
||||
arch-chroot /mnt useradd -m "$user"
|
||||
useradd -m "$user"
|
||||
for group in wheel network video audio input storage power; do
|
||||
arch-chroot /mnt groupadd -rf "$group"
|
||||
arch-chroot /mnt gpasswd -a "$user" "$group"
|
||||
groupadd -rf "$group"
|
||||
gpasswd -a "$user" "$group"
|
||||
done
|
||||
echo "$user:$password" | arch-chroot /mnt chpasswd
|
||||
echo "$user:$password" | chpasswd
|
||||
|
||||
echo -e "\n### Disabling root login"
|
||||
arch-chroot /mnt passwd -dl root
|
||||
passwd -dl root
|
||||
|
||||
echo -e "\n### Setting permissions on the custom repo"
|
||||
arch-chroot /mnt chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
|
||||
chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
|
||||
|
||||
echo -e "\n### Cloning dotfiles and running initial setup"
|
||||
arch-chroot /mnt sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState'
|
||||
#echo -e "\n### Cloning dotfiles and running initial setup"
|
||||
#sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState'
|
||||
|
||||
cat > /etc/NetworkManager/conf.d/wifi_backend.conf <<EOF
|
||||
[device]
|
||||
wifi.backend=iwd
|
||||
EOF
|
||||
systemctl enable NetworkManager.service
|
||||
poweroff #exit nspawned environment
|
||||
echo -e "\n### DONE - reboot and re-run 'chezmoi apply' to complete system setup"
|
||||
|
|
|
|||
Loading…
Reference in a new issue