tobias/dotfiles
1
0
Fork 0
Code Releases Activity

Update base setup

Browse source
This commit is contained in:
Tobias Strobel 2022-09-11 17:16:16 +02:00
parent 70e10f4cc2
commit 143895bf01
1 changed files with 93 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

178
install.sh
View file

@ -117,46 +117,55 @@ echo -e "\n### Setting up partitions"
umount -R /mnt 2> /dev/null || true umount -R /mnt 2> /dev/null || true
cryptsetup luksClose luks 2> /dev/null || true cryptsetup luksClose luks 2> /dev/null || true
lsblk -plnx size -o name "${device}" | xargs -n1 wipefs --all sgdisk --zap-all "${device}"
sgdisk --clear "${device}" --new 1::-551MiB "${device}" --new 2::0 --typecode 2:ef00 "${device}" sgdisk --clear \
sgdisk --change-name=1:primary --change-name=2:ESP "${device}" --new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
--new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \
part_root="$(ls "${device}"* | grep -E "^${device}p?1$")" --new=3:0:0 --typecode=3:8300 --change-name=3:cryptsystem \
part_boot="$(ls "${device}"* | grep -E "^${device}p?2$")" "${device}"
echo -e "\n### Formatting partitions" echo -e "\n### Formatting partitions"
mkfs.vfat -n "EFI" -F 32 "${part_boot}" # Boot partition
echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id --label luks "${part_root}" mkfs.vfat -F 32 -n "EFI" /dev/disk/by-partlabel/EFI
echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "${part_root}" luks
mkfs.btrfs -L btrfs /dev/mapper/luks # Swap partition
cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
mkswap -L swap /dev/mapper/swap
swapon -L swap
# System partition
echo -n "${password}" | cryptsetup luksFormat --type luks2 --pbkdf argon2id "/dev/disk/by-partlabel/cryptsystem"
echo -n "${password}" | cryptsetup luksOpen --allow-discards --persistent "/dev/disk/by-partlabel/cryptsystem" system
mkfs.btrfs --force --label system /dev/mapper/system
echo -e "\n### Setting up BTRFS subvolumes" echo -e "\n### Setting up BTRFS subvolumes"
mount /dev/mapper/luks /mnt o=defaults,x-mount.mkdir
btrfs subvolume create /mnt/root o_btrfs=$o,compress=zstd,ssd,noatime
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/pkgs
btrfs subvolume create /mnt/aurbuild
btrfs subvolume create /mnt/archbuild
btrfs subvolume create /mnt/docker
btrfs subvolume create /mnt/logs
btrfs subvolume create /mnt/temp
btrfs subvolume create /mnt/swap
btrfs subvolume create /mnt/snapshots
umount /mnt
mount -o noatime,compress=zstd,subvol=root /dev/mapper/luks /mnt mount -t btrfs LAEL=system /mnt
mkdir -p /mnt/{mnt/btrfs-root,efi,home,var/{cache/pacman,log,tmp,lib/{aurbuild,archbuild,docker}},swap,.snapshots} btrfs subvolume create /mnt/@root
mount "${part_boot}" /mnt/efi btrfs subvolume create /mnt/@home
mount -o noatime,compress=zstd,subvol=/ /dev/mapper/luks /mnt/mnt/btrfs-root btrfs subvolume create /mnt/@snapshots
mount -o noatime,compress=zstd,subvol=home /dev/mapper/luks /mnt/home btrfs subvolume create /mnt/@pkgs
mount -o noatime,compress=zstd,subvol=pkgs /dev/mapper/luks /mnt/var/cache/pacman btrfs subvolume create /mnt/@aurbuild
mount -o noatime,compress=zstd,subvol=aurbuild /dev/mapper/luks /mnt/var/lib/aurbuild btrfs subvolume create /mnt/@archbuild
mount -o noatime,compress=zstd,subvol=archbuild /dev/mapper/luks /mnt/var/lib/archbuild btrfs subvolume create /mnt/@docker
mount -o noatime,compress=zstd,subvol=docker /dev/mapper/luks /mnt/var/lib/docker btrfs subvolume create /mnt/@logs
mount -o noatime,compress=zstd,subvol=logs /dev/mapper/luks /mnt/var/log btrfs subvolume create /mnt/@temp
mount -o noatime,compress=zstd,subvol=temp /dev/mapper/luks /mnt/var/tmp umount -R /mnt
mount -o noatime,compress=zstd,subvol=swap /dev/mapper/luks /mnt/swap
mount -o noatime,compress=zstd,subvol=snapshots /dev/mapper/luks /mnt/.snapshots mount -t btrfs -o subvol=@root,$o_btrfs LABEL=system /mnt
mount -t btrfs -o subvol=@home,$o_btrfs LABEL=system /mnt/home
mount -t btrfs -o subvol=@snapshots,$o_btrfs LABEL=system /mnt/.snapshots
mount -t btrfs -o subvol=@pkgs,$o_btrfs LABEL=system /mnt/var/cache/pacman
mount -t btrfs -o subvol=@aurbuild,$o_btrfs LABEL=system /mnt/var/lib/aurbuild
mount -t btrfs -o subvol=@archbuild,$o_btrfs LABEL=system /mnt/var/lib/archbuild
mount -t btrfs -o subvol=@docker,$o_btrfs LABEL=system /mnt/var/lib/docker
mount -t btrfs -o subvol=@logs,$o_btrfs LABEL=system /mnt/var/log
mount -t btrfs -o subvol=@tmp,$o_btrfs LABEL=system /mnt/var/temp
#mount LABEL=EFI /mnt/efi
mount -o $o LABEL=EFI /mnt/boot
echo -e "\n### Configuring custom repo" echo -e "\n### Configuring custom repo"
mkdir "/mnt/var/cache/pacman/${user}-local" mkdir "/mnt/var/cache/pacman/${user}-local"
@ -198,7 +207,7 @@ fs_packages=(
) )
network_packages=( network_packages=(
"iwd" "iwd"
"systemd-resolvconf" "NetworkManager"
) )
basic_packages=( basic_packages=(
"man-db" "man-db"
@ -212,22 +221,22 @@ basic_packages=(
"htop" "htop"
"fzf" "fzf"
"sudo" "sudo"
"pipewire" #"pipewire"
"pipewire-pulse" #"pipewire-pulse"
"pipewire-jack" #"pipewire-jack"
"wireplumber" #"wireplumber"
"firefox" #"firefox"
"firefox-i18n-de" #"firefox-i18n-de"
"firefox-ublock-origin" #"firefox-ublock-origin"
"firefox-dark-reader" #"firefox-dark-reader"
"aurutils" # from maximbaz repo #"aurutils" # from maximbaz repo
"devtools" # tools for aurutils #"devtools" # tools for aurutils
"docbook-xls" # depenency of plymouth-git #"docbook-xls" # depenency of plymouth-git
"efitools" # provides KeyTool #"efitools" # provides KeyTool
"libfido2" # for systemd-cryptenroll #"libfido2" # for systemd-cryptenroll
"bluez" #"bluez"
"bluez-utils" #"bluez-utils"
"usbutils" # for lsusb #"usbutils" # for lsusb
) )
all_packages=( all_packages=(
${kernel_packages[@]} ${kernel_packages[@]}
@ -239,50 +248,49 @@ all_packages=(
pacstrap /mnt base base-devel arch-secure-boot chezmoi ${all_packages[@]} pacstrap /mnt base base-devel arch-secure-boot chezmoi ${all_packages[@]}
echo -e "\n### Generating base config files" echo -e "\n### Generating base config files"
genfstab -L -p /mnt >> /mnt/etc/fstab
sed -i "s+LABEL=swap+/dev/mapper/swap" /mnt/etc/fstab
echo "cryptswap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,cipher=aes-xts-plain64,size=256" >> /mnt/etc/crypttab
genfstab -L /mnt >> /mnt/etc/fstab systemd-nspawn -bD /mnt
echo "FONT=$font" > /mnt/etc/vconsole.conf sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /etc/locale.gen
echo "KEYMAP=de-latin1" >> /mnt/etc/vconsole.conf sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /etc/locale.gen
echo "${hostname}" > /mnt/etc/hostname locale-gen
sed -i 's/^#en_US\.UTF-8/en_US\.UTF-8/' /mnt/etc/locale.gen
sed -i 's/^#de_DE\.UTF-8/de_DE\.UTF-8/' /mnt/etc/locale.gen
echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
arch-chroot /mnt locale-gen
ln -sf /usr/share/zoneinfo/Europe/Berlin /mnt/etc/localtime systemd-firstboot \
--locale="en_US.UTF-8" \
echo "$hostname" > /mnt/etc/hostname --keymap="de-latin1" \
echo -e "127.0.0.1\tlocalhost" >>/mnt/etc/hosts --timezone="Europe/Berlin" \
echo -e "127.0.1.1\t$hostname" >>/mnt/etc/hosts --hostname="${hostname}" \
echo -e "\n::1\tlocalhost" >>/mnt/etc/hosts --setup-machine-id
echo "FONT=$font" > /etc/vconsole.conf
echo -e "\n### Configuring swap file" echo -e "127.0.0.1\tlocalhost" >> /etc/hosts
swap_size=$(free --mebi | awk '/Mem:/ {print $2}') echo -e "127.0.1.1\t$hostname" >> /etc/hosts
swap_end=$(( $swap_size + 129 + 1 ))MiB echo -e "\n::1\tlocalhost" >> /etc/hosts
truncate -s 0 /mnt/swap/swapfile timedatectl set-ntp 1
chattr +C /mnt/swap/swapfile
btrfs property set /mnt/swap/swapfile compression none
fallocate -l $swap_end /mnt/swap/swapfile
chmod 600 /mnt/swap/swapfile
mkswap /mnt/swap/swapfile
echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab
echo -e "\n### Creating user" echo -e "\n### Creating user"
arch-chroot /mnt useradd -m "$user" useradd -m "$user"
for group in wheel network video audio input storage power; do for group in wheel network video audio input storage power; do
arch-chroot /mnt groupadd -rf "$group" groupadd -rf "$group"
arch-chroot /mnt gpasswd -a "$user" "$group" gpasswd -a "$user" "$group"
done done
echo "$user:$password" | arch-chroot /mnt chpasswd echo "$user:$password" | chpasswd
echo -e "\n### Disabling root login" echo -e "\n### Disabling root login"
arch-chroot /mnt passwd -dl root passwd -dl root
echo -e "\n### Setting permissions on the custom repo" echo -e "\n### Setting permissions on the custom repo"
arch-chroot /mnt chown -R "$user:$user" "/var/cache/pacman/${user}-local/" chown -R "$user:$user" "/var/cache/pacman/${user}-local/"
echo -e "\n### Cloning dotfiles and running initial setup" #echo -e "\n### Cloning dotfiles and running initial setup"
arch-chroot /mnt sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState' #sudo -u $user sh -c 'chezmoi init --apply https://code.strobeto.de/strobeltobias/dotfiles.git && chezmoi state delete-bucket --bucket=scriptState'
cat > /etc/NetworkManager/conf.d/wifi_backend.conf <<EOF
[device]
wifi.backend=iwd
EOF
systemctl enable NetworkManager.service
poweroff #exit nspawned environment
echo -e "\n### DONE - reboot and re-run 'chezmoi apply' to complete system setup" echo -e "\n### DONE - reboot and re-run 'chezmoi apply' to complete system setup"