From 5d0ab1a9aeb916c701b60aaea657c6471072fba5 Mon Sep 17 00:00:00 2001 From: Tobias Strobel Date: Sat, 19 Feb 2022 11:52:56 +0100 Subject: [PATCH] Add setup-system.sh and bootstrap configs --- bootstrap.sh | 2 +- etc/iwd/main.conf | 5 + etc/mkinitcpio.conf | 4 + etc/snap-pac.ini | 46 +++++ etc/snapper/configs/root | 63 +++++++ etc/sudoers.d/override | 1 + etc/systemd/network/20-wired.network | 13 ++ etc/systemd/network/25-wireless.network | 13 ++ .../system/getty@tty1.service.d/override.conf | 3 + setup-system.sh | 174 ++++++++++++++++++ 10 files changed, 323 insertions(+), 1 deletion(-) create mode 100644 etc/iwd/main.conf create mode 100644 etc/mkinitcpio.conf create mode 100644 etc/snap-pac.ini create mode 100644 etc/snapper/configs/root create mode 100644 etc/sudoers.d/override create mode 100644 etc/systemd/network/20-wired.network create mode 100644 etc/systemd/network/25-wireless.network create mode 100644 etc/systemd/system/getty@tty1.service.d/override.conf create mode 100755 setup-system.sh diff --git a/bootstrap.sh b/bootstrap.sh index b53863d..491b2ca 100644 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -310,7 +310,7 @@ mkswap /mnt/swap/swapfile echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab # sudo -sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' /mnt/etc/sudoers +#sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' /mnt/etc/sudoers echo -e "\n### Creating user" arch-chroot /mnt useradd -m "$user" diff --git a/etc/iwd/main.conf b/etc/iwd/main.conf new file mode 100644 index 0000000..b05962e --- /dev/null +++ b/etc/iwd/main.conf @@ -0,0 +1,5 @@ +[General] +EnableNetworkConfiguration=true + +[Network] +EnableIPv6=true diff --git a/etc/mkinitcpio.conf b/etc/mkinitcpio.conf new file mode 100644 index 0000000..ad5428b --- /dev/null +++ b/etc/mkinitcpio.conf @@ -0,0 +1,4 @@ +MODULES=(i915) +BINARIES=(/usr/bin/btrfs) +FILES=() +HOOKS=(base consolefont udev autodetect keyboard keymap modconf block encrypt filesystems fsck shutdown) diff --git a/etc/snap-pac.ini b/etc/snap-pac.ini new file mode 100644 index 0000000..462400f --- /dev/null +++ b/etc/snap-pac.ini @@ -0,0 +1,46 @@ +# snap-pac example configuration file +# see snap-pac(8) for more details + +# Each section corresponds with a snapper configuration. Add additional sections to add +# other configurations to be snapshotted. By default, only the root configuration is snapshotted. +# Create a section named [DEFAULT] to have a setting apply for all snapper configurations + +## Uncomment to set parameters for snapper configuration named root +#[root] + +## How many characters to limit the description for snapper. +## Default is 72 +#desc_limit = 72 + +## Whether or not to take snapshots of this snapper configuration +## Default is True for root configuration and False for all other configurations +#snapshot = True + +## What snapper cleanup algorithm to use +## Default is number +#cleanup_algorithm = number + +## Pre snapshot description. +## Default is the pacman command that triggered the hook +#pre_description = pacman pre snapshot + +## Post snapshot description. +## Default is the list of packages involved in the pacman transaction +#post_description = pacman post snapshot + +## Uncomment to add "important=yes" to userdata for snapshots referring to these packages +## Default is [] +#important_packages = ["linux", "linux-lts"] + +## Uncomment to add "important=yes" to userdata for snapshots that were created with the following commands +## Default is [] +#important_commands = ["pacman -Syu"] + +## Add custom userdata. Each key-value pair should be an item in the list +## Default is [] +#userdata = ["key=value","foo=bar"] + +## Example for another snapper configuration named "home" +# [home] +## Default is False +# snapshot = True diff --git a/etc/snapper/configs/root b/etc/snapper/configs/root new file mode 100644 index 0000000..d71bbf0 --- /dev/null +++ b/etc/snapper/configs/root @@ -0,0 +1,63 @@ + +# subvolume to snapshot +SUBVOLUME="/" + +# filesystem type +FSTYPE="btrfs" + + +# btrfs qgroup for space aware cleanup algorithms +QGROUP="" + + +# fraction or absolute size of the filesystems space the snapshots may use +SPACE_LIMIT="0.5" + +# fraction or absolute size of the filesystems space that should be free +FREE_LIMIT="0.2" + + +# users and groups allowed to work with config +ALLOW_USERS="" +ALLOW_GROUPS="" + +# sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots +# directory +SYNC_ACL="no" + + +# start comparing pre- and post-snapshot in background after creating +# post-snapshot +BACKGROUND_COMPARISON="yes" + + +# run daily number cleanup +NUMBER_CLEANUP="yes" + +# limit for number cleanup +NUMBER_MIN_AGE="1800" +NUMBER_LIMIT="50" +NUMBER_LIMIT_IMPORTANT="10" + + +# create hourly snapshots +TIMELINE_CREATE="yes" + +# cleanup hourly snapshots after some time +TIMELINE_CLEANUP="yes" + +# limits for timeline cleanup +TIMELINE_MIN_AGE="1800" +TIMELINE_LIMIT_HOURLY="10" +TIMELINE_LIMIT_DAILY="10" +TIMELINE_LIMIT_WEEKLY="4" +TIMELINE_LIMIT_MONTHLY="6" +TIMELINE_LIMIT_YEARLY="0" + + +# cleanup empty pre-post-pairs +EMPTY_PRE_POST_CLEANUP="yes" + +# limits for empty pre-post-pair cleanup +EMPTY_PRE_POST_MIN_AGE="1800" + diff --git a/etc/sudoers.d/override b/etc/sudoers.d/override new file mode 100644 index 0000000..40695bb --- /dev/null +++ b/etc/sudoers.d/override @@ -0,0 +1 @@ +%wheel ALL=(ALL:ALL) ALL diff --git a/etc/systemd/network/20-wired.network b/etc/systemd/network/20-wired.network new file mode 100644 index 0000000..028572c --- /dev/null +++ b/etc/systemd/network/20-wired.network @@ -0,0 +1,13 @@ +[Match] +Name=en* + +[Network] +DHCP=yes + +[DHCPv4] +RouteMetric=10 +UseDomains=true + +[IPv6AcceptRA] +RouteMetric=10 +UseDomains=yes diff --git a/etc/systemd/network/25-wireless.network b/etc/systemd/network/25-wireless.network new file mode 100644 index 0000000..b2935f3 --- /dev/null +++ b/etc/systemd/network/25-wireless.network @@ -0,0 +1,13 @@ +[Match] +Name=wl* + +[Network] +DHCP=yes + +[DHCPv4] +RouteMetric=20 +UseDomains=true + +[IPv6AcceptRA] +RouteMetric=20 +UseDomains=yes diff --git a/etc/systemd/system/getty@tty1.service.d/override.conf b/etc/systemd/system/getty@tty1.service.d/override.conf new file mode 100644 index 0000000..39574df --- /dev/null +++ b/etc/systemd/system/getty@tty1.service.d/override.conf @@ -0,0 +1,3 @@ +[Service] +ExecStart= +ExecStart=/usr/bin/agetty --autologin tobias --noclear %I $TERM diff --git a/setup-system.sh b/setup-system.sh new file mode 100755 index 0000000..5219504 --- /dev/null +++ b/setup-system.sh @@ -0,0 +1,174 @@ +#!/bin/bash + +set -e +exec 2> >(while read line; do echo -e "\e[01;31m$line\e[0m"; done) + +script_name="$(basename "$0")" +dotfiles_dir="$( + cd "$(dirname "$0")" + pwd +)" +cd "$dotfiles_dir" + +if (("$EUID")); then + sudo -s "$dotfiles_dir/$script_name" "$@" + exit 0 +fi + +if [ "$1" = "-r" ]; then + echo >&2 "Running in reverse mode!" + reverse=1 +fi + +copy() { + if [ -z "$reverse" ]; then + orig_file="$dotfiles_dir/$1" + dest_file="/$1" + else + orig_file="/$1" + dest_file="$dotfiles_dir/$1" + fi + + mkdir -p "$(dirname "$orig_file")" + mkdir -p "$(dirname "$dest_file")" + + rm -rf "$dest_file" + + cp -R "$orig_file" "$dest_file" + if [ -z "$reverse" ]; then + [ -n "$2" ] && chmod "$2" "$dest_file" + else + chown -R tobias "$dest_file" + fi + echo "$dest_file <= $orig_file" +} + +is_chroot() { + ! cmp -s /proc/1/mountinfo /proc/self/mountinfo +} + +systemctl_enable() { + echo "systemctl enable "$1"" + systemctl enable "$1" +} + +systemctl_enable_start() { + echo "systemctl enable --now "$1"" + systemctl enable "$1" + systemctl start "$1" +} + +echo "" +echo "==========================" +echo "Setting up /etc configs..." +echo "==========================" + +#copy "etc/aurutils/pacman-x86_64.conf" +#copy "etc/bluetooth/main.conf" +#copy "etc/conf.d/snapper" +#copy "etc/default/earlyoom" +#copy "etc/docker/daemon.json" +#copy "etc/fwupd/uefi_capsule.conf" +#copy "etc/modules-load.d/v4l2loopback.conf" +#copy "etc/modprobe.d/v4l2loopback.conf" +#copy "etc/nftables.conf" +#copy "etc/pacman.conf" +#copy "etc/pacman.d/hooks" +#copy "etc/pam.d/polkit-1" +#copy "etc/pam.d/sudo" +copy "etc/snap-pac.ini" +copy "etc/snapper/configs/root" +#copy "etc/ssh/ssh_config" +copy "etc/sudoers.d/override" +#copy "etc/sysctl.d/99-sysctl.conf" +#copy "etc/systemd/journald.conf.d/override.conf" +#copy "etc/systemd/logind.conf.d/override.conf" +copy "etc/systemd/network/20-wired.network" +copy "etc/systemd/network/25-wireless.network" +copy "etc/iwd/main.conf" +copy "etc/mkinitcpio.conf" +#copy "etc/systemd/resolved.conf.d/dnssec.conf" +copy "etc/systemd/system/getty@tty1.service.d/override.conf" +#copy "etc/systemd/system/usbguard.service.d/override.conf" +#copy "etc/systemd/system/reflector.service" +#copy "etc/systemd/system/reflector.timer" +#copy "etc/systemd/system/system-dotfiles-sync.service" +#copy "etc/systemd/system/system-dotfiles-sync.timer" +#copy "etc/systemd/system.conf.d/kill-fast.conf" +#copy "etc/usbguard/usbguard-daemon.conf" 600 +#copy "etc/systemd/system/backup-repo@pkgbuild" +#copy "etc/systemd/system/backup-repo@.service" +#copy "etc/systemd/system/backup-repo@.timer" + +(("$reverse")) && exit 0 + +echo "" +echo "=================================" +echo "Enabling and starting services..." +echo "=================================" + +sysctl --system > /dev/null + +systemctl daemon-reload +#systemctl_enable_start "bluetooth.service" +#systemctl_enable_start "btrfs-scrub@-.timer" +#systemctl_enable_start "btrfs-scrub@mnt-btrfs\x2droot.timer" +#systemctl_enable_start "btrfs-scrub@home.timer" +#systemctl_enable_start "btrfs-scrub@var-cache-pacman.timer" +#systemctl_enable_start "btrfs-scrub@var-log.timer" +#systemctl_enable_start "btrfs-scrub@var-tmp.timer" +#systemctl_enable_start "btrfs-scrub@\x2esnapshots.timer" +#systemctl_enable_start "btrfs-scrub@var-lib-aurbuild.timer" +#systemctl_enable_start "btrfs-scrub@var-lib-archbuild.timer" +#systemctl_enable_start "btrfs-scrub@var-lib-docker.timer" +#systemctl_enable_start "docker.socket" +#systemctl_enable_start "earlyoom.service" +#systemctl_enable_start "fstrim.timer" +#systemctl_enable_start "iwd.service" +#systemctl_enable_start "linux-modules-cleanup.service" +#systemctl_enable_start "lenovo_fix.service" +#systemctl_enable_start "nftables.service" +#systemctl_enable_start "pcscd.socket" +#systemctl_enable_start "reflector.timer" +#systemctl_enable_start "snapper-cleanup.timer" +#systemctl_enable_start "system-dotfiles-sync.timer" +#systemctl_enable_start "systemd-networkd.socket" +#systemctl_enable_start "systemd-resolved.service" +#systemctl_enable_start "tlp.service" + +#if [ ! -s "/etc/usbguard/rules.conf" ]; then +# echo >&2 "=== Remember to set usbguard rules: usbguard generate-policy >! /etc/usbguard/rules.conf" +#else +# chmod 600 /etc/usbguard/rules.conf +# systemctl_enable_start "usbguard.service" +# systemctl_enable_start "usbguard-dbus.service" +#fi + +#systemctl_enable_start "backup-repo@pkgbuild.timer" + +#echo "" +#echo "===============================" +#echo "Creating top level Trash dir..." +#echo "===============================" +#mkdir --parent /.Trash +#chmod a+rw /.Trash +#chmod +t /.Trash +#echo "Done" + +echo "" +echo "=======================================" +echo "Finishing various user configuration..." +echo "=======================================" + +if is_chroot; then + echo >&2 "=== Running in chroot, skipping /etc/resolv.conf setup..." +else + echo "Configuring /etc/resolv.conf" + ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf +fi + +echo "Configuring NTP" +timedatectl set-ntp true + +#echo "Configuring aurutils" +#ln -sf /etc/pacman.conf /etc/aurutils/pacman-maximbaz-local.conf