Finished First Draft Version
This commit is contained in:
parent
b89685c6b3
commit
e6eaba1537
|
|
@ -14,6 +14,7 @@ function show_help() {
|
|||
echo " -m <keymap> Console Keymap to use (default: de)"
|
||||
echo " -t <timezone> Timezone to use (default: Europe/Berlin)"
|
||||
echo " -b Set System Type to BIOS (default: UEFI)"
|
||||
echo " -c Disable Encryption (default: enabled)"
|
||||
}
|
||||
|
||||
function exit_error() {
|
||||
|
|
@ -44,9 +45,10 @@ keymap="de"
|
|||
timezone="Europe/Berlin"
|
||||
systype="x86_64-efi"
|
||||
network=0
|
||||
encryption=1
|
||||
|
||||
## Get CLI Options
|
||||
while getopts 'k:d:n:m:l:h:b?' flag; do
|
||||
while getopts 'k:d:n:m:l:h:bc?' flag; do
|
||||
case "${flag}" in
|
||||
k) kernel="${OPTARG}" ;;
|
||||
n) case "${OPTARG}" in
|
||||
|
|
@ -60,6 +62,7 @@ while getopts 'k:d:n:m:l:h:b?' flag; do
|
|||
m) keymap="${OPTARG}" ;;
|
||||
t) timezone="${OPTARG}" ;;
|
||||
b) systype="i386-pc" ;;
|
||||
c) encryption=0
|
||||
h) hostname="${OPTARG}" ;;
|
||||
?) show_help ;;
|
||||
*) show_help ;;
|
||||
|
|
@ -100,10 +103,10 @@ if [[ "${systype}" == "x86_64-efi" ]]; then
|
|||
mklabel gpt \
|
||||
mkpart ESP fat32 1MiB 513MiB \
|
||||
set esp 1 on \
|
||||
mkpart cryptroot 512MiB 100%
|
||||
mkpart arch 512MiB 100%
|
||||
|
||||
part_esp="/dev/disk/by-partlabel/ESP"
|
||||
part_root="/dev/disk/by-partlabel/cryptroot"
|
||||
part_root="/dev/disk/by-partlabel/arch"
|
||||
extrapkgs="efibootmgr"
|
||||
|
||||
partprobe "${device}"
|
||||
|
|
@ -113,43 +116,47 @@ else
|
|||
mklabel gpt \
|
||||
mkpart grub 1MiB 2MiB \
|
||||
set bios_grub 1 on \
|
||||
mkpart cryptroot 2MiB 100%
|
||||
mkpart arch 2MiB 100%
|
||||
|
||||
part_root="/dev/disk/by-partlabel/cryptroot"
|
||||
part_root="/dev/disk/by-partlabel/arch"
|
||||
fi
|
||||
|
||||
echo "Creating Encrypted Root Partition"
|
||||
cryptsetup luksFormat --type luks1 --cipher aes-xts-plain64 --hash sha512 --key-size 512 "${part_root}"
|
||||
cryptsetup open "${part_root}" "cryptroot"
|
||||
crypt_root="/dev/mapper/cryptroot"
|
||||
if [ $encryption -eq 1 ]; then
|
||||
echo "Creating Encrypted Root Partition"
|
||||
cryptsetup luksFormat --type luks1 --cipher aes-xts-plain64 --hash sha512 --key-size 512 "${part_root}"
|
||||
cryptsetup open "${part_root}" "cryptroot"
|
||||
root_dev="/dev/mapper/cryptroot"
|
||||
else
|
||||
root_dev="${part_root}"
|
||||
fi
|
||||
|
||||
echo "Creating BTRFS Filesystem"
|
||||
mkfs.btrfs -L root "$crypt_root"
|
||||
mkfs.btrfs -L archlinux "${root_dev}"
|
||||
|
||||
echo "Creating BRTFS Subvolumes"
|
||||
mount "${crypt_root}" /mnt
|
||||
mount "${root_dev}" /mnt
|
||||
for sv in "@" "@home" "@data" "@snapshot" "@log" "@pkg" "@machines" "@portables"; do
|
||||
btrfs su cr "/mnt/${sv}"
|
||||
done
|
||||
|
||||
umount /mnt
|
||||
echo "Mounting System Subvolumes"
|
||||
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@ "${crypt_root}" /mnt
|
||||
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@ "${root_dev}" /mnt
|
||||
mkdir -p /mnt/{home,data,.snapshots,var/log,var/cache/pacman/pkg,var/lib/machines,var/lib/portables}
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@home "${crypt_root}" /mnt/home
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@data "${crypt_root}" /mnt/data
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@snapshots "${crypt_root}" /mnt/.snapshots
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@log "${crypt_root}" /mnt/var/log
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@pkg "${crypt_root}" /mnt/var/cache/pacman/pkg
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@machines "${crypt_root}" /mnt/var/lib/machines
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@portables "${crypt_root}" /mnt/var/lib/portables
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@home "${root_dev}" /mnt/home
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@data "${root_dev}" /mnt/data
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@snapshots "${root_dev}" /mnt/.snapshots
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@log "${root_dev}" /mnt/var/log
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@pkg "${root_dev}" /mnt/var/cache/pacman/pkg
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@machines "${root_dev}" /mnt/var/lib/machines
|
||||
mount -o ssd,noatime,space_cache.compress=zstd,autodefrag,discard=async,subvol=@portables "${root_dev}" /mnt/var/lib/portables
|
||||
chattr +C /mnt/var/log /mnt/var/cache/pacman/pkg
|
||||
if [[ "${systype}" == "x86_64-efi" ]]; then
|
||||
mount "${part_esp}" /mnt/boot/efi
|
||||
fi
|
||||
|
||||
echo "Installing Base System Packages"
|
||||
pacstrap /mnt base $kernel $microcode $firmware $extrapkgs btrfs-progs grub grub-btrfs snapper vim git tmux htop lsof strace openssh
|
||||
pacstrap /mnt base $kernel $microcode $firmware $extrapkgs btrfs-progs grub grub-btrfs snapper vim git tmux htop iftop iotop tcpdump mtr rsync wget which zip lsof strace openssh inetutils bc man-pages
|
||||
|
||||
echo "Creating Basic Config Files"
|
||||
genfstab -U /mnt | sed -e 's#suvolid=.*,##g;s#subvol=/.*##g' >> /mnt/etc/fstab
|
||||
|
|
@ -168,3 +175,53 @@ echo "KEYMAP=$keymap" > /mnt/etc/vconsole.conf
|
|||
if [ -d "${scriptdir}/etc" ]; then
|
||||
cp -r "${scriptdir}/etc/"* /mnt/etc/
|
||||
fi
|
||||
|
||||
sed -i 's/#COMPRESSION="zstd"/COMPRESSION="zstd"/g' /mnt/etc/mkinitcpio.conf
|
||||
if [ $encryption -eq 1 ]; then
|
||||
sed -i 's/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems fsck)' /mnt/etc/mkinitcpio.conf
|
||||
|
||||
UUID=$(blkid ${part_root} | cut -f2 -d'"')
|
||||
sed -i 's/#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y' /etc/default/grub
|
||||
sed -i "s#GRUB_CMDLINE_LINUX_DEFAULT=.*#GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=$UUID:cryptroot:allow-discards root=${root_dev}\"#g" /mnt/etc/default/grub
|
||||
else
|
||||
sed -i 's/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap modconf block filesystems fsck)' /mnt/etc/mkinitcpio.conf
|
||||
fi
|
||||
|
||||
arch-chroot /mnt /bin/bash -e <<EOF
|
||||
|
||||
# Timezone and RTC Setup
|
||||
ln -sfn /usr/share/zoneinfo/$timezone /etc/localtime
|
||||
hwclock --systohc
|
||||
|
||||
# Locales
|
||||
echo "Generating Locales"
|
||||
locale-gen
|
||||
|
||||
# Initramfs
|
||||
echo "Generating Initramfs"
|
||||
mkinitcpio -P
|
||||
|
||||
echo "Setting up Snapper"
|
||||
umount /.snapshots
|
||||
rm -r /.snapshots
|
||||
snapper --no-dbus -c root create-config /
|
||||
btrfs subvolume delete /.snapshots &>/dev/null
|
||||
mkdir /.snapshots
|
||||
mount -a
|
||||
chmod 750 /.snapshots
|
||||
|
||||
echo "Installing Grub"
|
||||
if [ "${systype}" == "x86_64-efi" ]; then
|
||||
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB &>/dev/null
|
||||
else
|
||||
grub-install --target=i386-pc ${device}
|
||||
fi
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
|
||||
EOF
|
||||
|
||||
echo "Please set a Password for root"
|
||||
arch-chroot /mnt /bin/passwd
|
||||
|
||||
echo "Enabling Service"
|
||||
systemctl enable sshd grub-btrfs.path --root /mnt
|
||||
|
|
|
|||
Loading…
Reference in a new issue