From 143895bf01168540a652bbb172b16ea155c58e47 Mon Sep 17 00:00:00 2001
From: Tobias Strobel <code@strobel.one>
Date: Sun, 11 Sep 2022 17:16:16 +0200
Subject: [PATCH] Update base setup

---
 install.sh | 178 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 93 insertions(+), 85 deletions(-)

diff --git a/install.sh b/install.sh
index 71c6cc3..619c187 100644
--- a/install.sh
+++ b/install.sh
@@ -117,46 +117,55 @@ echo -e "\n### Setting up partitions"
 umount -R /mnt 2> /dev/null || true
 cryptsetup luksClose luks 2> /dev/null || true
 
-lsblk -plnx size -o name "${device}" | xargs -n1 wipefs --all
-sgdisk --clear "${device}" --new 1::-551MiB "${device}" --new 2::0 --typecode 2:ef00 "${device}"
-sgdisk --change-name=1:primary --change-name=2:ESP "${device}"
-
-part_root="$(ls "${device}"* | grep -E "^${device}p?1$")"
-part_boot="$(ls "${device}"* | grep -E "^${device}p?2$")"
+sgdisk --zap-all "${device}"
+sgdisk --clear \
+    --new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
+    --new=2:0:+8GiB   --typecode=2:8200 --change-name=2:cryptswap \
+    --new=3:0:0       --typecode=3:8300 --change-name=3:cryptsystem \
+    "${device}"
 
 echo -e "\n### Formatting partitions"
-mkfs.vfat -n "EFI" -F 32 "${part_boot}"
-echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id --label luks "${part_root}"
-echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "${part_root}" luks
-mkfs.btrfs -L btrfs /dev/mapper/luks
+# Boot partition
+mkfs.vfat -F 32 -n "EFI" /dev/disk/by-partlabel/EFI
+
+# Swap partition
+cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
+mkswap -L swap /dev/mapper/swap
+swapon -L swap
+
+# System partition
+echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id "/dev/disk/by-partlabel/cryptsystem"
+echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "/dev/disk/by-partlabel/cryptsystem" system
+mkfs.btrfs --force --label system /dev/mapper/system
 
 echo -e "\n### Setting up BTRFS subvolumes"
-mount /dev/mapper/luks /mnt
-btrfs subvolume create /mnt/root
-btrfs subvolume create /mnt/home
-btrfs subvolume create /mnt/pkgs
-btrfs subvolume create /mnt/aurbuild
-btrfs subvolume create /mnt/archbuild
-btrfs subvolume create /mnt/docker
-btrfs subvolume create /mnt/logs
-btrfs subvolume create /mnt/temp
-btrfs subvolume create /mnt/swap
-btrfs subvolume create /mnt/snapshots
-umount /mnt
+o=defaults,x-mount.mkdir
+o_btrfs=$o,compress=zstd,ssd,noatime
 
-mount -o noatime,compress=zstd,subvol=root /dev/mapper/luks /mnt
-mkdir -p /mnt/{mnt/btrfs-root,efi,home,var/{cache/pacman,log,tmp,lib/{aurbuild,archbuild,docker}},swap,.snapshots}
-mount "${part_boot}" /mnt/efi
-mount -o noatime,compress=zstd,subvol=/ /dev/mapper/luks /mnt/mnt/btrfs-root
-mount -o noatime,compress=zstd,subvol=home /dev/mapper/luks /mnt/home
-mount -o noatime,compress=zstd,subvol=pkgs /dev/mapper/luks /mnt/var/cache/pacman
-mount -o noatime,compress=zstd,subvol=aurbuild /dev/mapper/luks /mnt/var/lib/aurbuild
-mount -o noatime,compress=zstd,subvol=archbuild /dev/mapper/luks /mnt/var/lib/archbuild
-mount -o noatime,compress=zstd,subvol=docker /dev/mapper/luks /mnt/var/lib/docker
-mount -o noatime,compress=zstd,subvol=logs /dev/mapper/luks /mnt/var/log
-mount -o noatime,compress=zstd,subvol=temp /dev/mapper/luks /mnt/var/tmp
-mount -o noatime,compress=zstd,subvol=swap /dev/mapper/luks /mnt/swap
-mount -o noatime,compress=zstd,subvol=snapshots /dev/mapper/luks /mnt/.snapshots
+mount -t btrfs LAEL=system /mnt
+btrfs subvolume create /mnt/@root
+btrfs subvolume create /mnt/@home
+btrfs subvolume create /mnt/@snapshots
+btrfs subvolume create /mnt/@pkgs
+btrfs subvolume create /mnt/@aurbuild
+btrfs subvolume create /mnt/@archbuild
+btrfs subvolume create /mnt/@docker
+btrfs subvolume create /mnt/@logs
+btrfs subvolume create /mnt/@temp
+umount -R /mnt
+
+mount -t btrfs -o subvol=@root,$o_btrfs LABEL=system /mnt
+mount -t btrfs -o subvol=@home,$o_btrfs LABEL=system /mnt/home
+mount -t btrfs -o subvol=@snapshots,$o_btrfs LABEL=system /mnt/.snapshots
+mount -t btrfs -o subvol=@pkgs,$o_btrfs LABEL=system /mnt/var/cache/pacman
+mount -t btrfs -o subvol=@aurbuild,$o_btrfs LABEL=system /mnt/var/lib/aurbuild
+mount -t btrfs -o subvol=@archbuild,$o_btrfs LABEL=system /mnt/var/lib/archbuild
+mount -t btrfs -o subvol=@docker,$o_btrfs LABEL=system /mnt/var/lib/docker
+mount -t btrfs -o subvol=@logs,$o_btrfs LABEL=system /mnt/var/log
+mount -t btrfs -o subvol=@tmp,$o_btrfs LABEL=system /mnt/var/temp
+
+#mount LABEL=EFI /mnt/efi
+mount -o $o LABEL=EFI /mnt/boot
 
 echo -e "\n### Configuring custom repo"
 mkdir "/mnt/var/cache/pacman/${user}-local"
@@ -198,7 +207,7 @@ fs_packages=(
 )
 network_packages=(
     "iwd"
-    "systemd-resolvconf"
+    "NetworkManager"
 )
 basic_packages=(
     "man-db"
@@ -212,22 +221,22 @@ basic_packages=(
     "htop"
     "fzf"
     "sudo"
-    "pipewire"
-    "pipewire-pulse"
-    "pipewire-jack"
-    "wireplumber"
-    "firefox"
-    "firefox-i18n-de"
-    "firefox-ublock-origin"
-    "firefox-dark-reader"
-    "aurutils" # from maximbaz repo
-    "devtools" # tools for aurutils
-    "docbook-xls" # depenency of plymouth-git
-    "efitools" # provides KeyTool
-    "libfido2" # for systemd-cryptenroll
-    "bluez"
-    "bluez-utils"
-    "usbutils" # for lsusb
+    #"pipewire"
+    #"pipewire-pulse"
+    #"pipewire-jack"
+    #"wireplumber"
+    #"firefox"
+    #"firefox-i18n-de"
+    #"firefox-ublock-origin"
+    #"firefox-dark-reader"
+    #"aurutils" # from maximbaz repo
+    #"devtools" # tools for aurutils
+    #"docbook-xls" # depenency of plymouth-git
+    #"efitools" # provides KeyTool
+    #"libfido2" # for systemd-cryptenroll
+    #"bluez"
+    #"bluez-utils"
+    #"usbutils" # for lsusb
 )
 all_packages=(
 	${kernel_packages[@]}
@@ -239,50 +248,49 @@ all_packages=(
 pacstrap /mnt base base-devel arch-secure-boot chezmoi ${all_packages[@]}
 
 echo -e "\n### Generating base config files"
+genfstab -L -p /mnt >> /mnt/etc/fstab
+sed -i "s+LABEL=swap+/dev/mapper/swap" /mnt/etc/fstab
+echo "cryptswap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,cipher=aes-xts-plain64,size=256" >> /mnt/etc/crypttab
 
-genfstab -L /mnt >> /mnt/etc/fstab
+systemd-nspawn -bD /mnt
 
-echo "FONT=$font" > /mnt/etc/vconsole.conf
-echo "KEYMAP=de-latin1" >> /mnt/etc/vconsole.conf
-echo "${hostname}" > /mnt/etc/hostname
-sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /mnt/etc/locale.gen
-sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /mnt/etc/locale.gen
-echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
-arch-chroot /mnt locale-gen
+sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /etc/locale.gen
+sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /etc/locale.gen
+locale-gen
 
-ln -sf /usr/share/zoneinfo/Europe/Berlin /mnt/etc/localtime
-
-echo "$hostname" > /mnt/etc/hostname
-echo -e "127.0.0.1\tlocalhost" >>/mnt/etc/hosts
-echo -e "127.0.1.1\t$hostname" >>/mnt/etc/hosts
-echo -e "\n::1\tlocalhost" >>/mnt/etc/hosts
-
-echo -e "\n### Configuring swap file"
-swap_size=$(free --mebi | awk '/Mem:/ {print $2}')
-swap_end=$(( $swap_size + 129 + 1 ))MiB
-truncate -s 0 /mnt/swap/swapfile
-chattr +C /mnt/swap/swapfile
-btrfs property set /mnt/swap/swapfile compression none
-fallocate -l $swap_end /mnt/swap/swapfile
-chmod 600 /mnt/swap/swapfile
-mkswap /mnt/swap/swapfile
-echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab
+systemd-firstboot \
+    --locale="en_US.UTF-8" \
+    --keymap="de-latin1" \
+    --timezone="Europe/Berlin" \
+    --hostname="${hostname}" \
+    --setup-machine-id
+echo "FONT=$font" > /etc/vconsole.conf
+echo -e "127.0.0.1\tlocalhost" >> /etc/hosts
+echo -e "127.0.1.1\t$hostname" >> /etc/hosts
+echo -e "\n::1\tlocalhost"     >> /etc/hosts
+timedatectl set-ntp 1
 
 echo -e "\n### Creating user"
-arch-chroot /mnt useradd -m "$user"
+useradd -m "$user"
 for group in wheel network video audio input storage power; do
-    arch-chroot /mnt groupadd -rf "$group"
-    arch-chroot /mnt gpasswd -a "$user" "$group"
+    groupadd -rf "$group"
+    gpasswd -a "$user" "$group"
 done
-echo "$user:$password" | arch-chroot /mnt chpasswd
+echo "$user:$password" | chpasswd
 
 echo -e "\n### Disabling root login"
-arch-chroot /mnt passwd -dl root
+passwd -dl root
 
 echo -e "\n### Setting permissions on the custom repo"
-arch-chroot /mnt chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
+chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
 
-echo -e "\n### Cloning dotfiles and running initial setup"
-arch-chroot /mnt sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState'
+#echo -e "\n### Cloning dotfiles and running initial setup"
+#sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState'
 
+cat > /etc/NetworkManager/conf.d/wifi_backend.conf <<EOF
+[device]
+wifi.backend=iwd
+EOF
+systemctl enable NetworkManager.service
+poweroff #exit nspawned environment
 echo -e "\n### DONE - reboot and re-run 'chezmoi apply' to complete system setup"