-
-
Save dalefoster/fd4af02bad58c68eca74177aabdb1c8d to your computer and use it in GitHub Desktop.
Revisions
-
fikri-izzuddin revised this gist
Nov 11, 2022 . No changes.There are no files selected for viewing
-
Nov 11, 2022 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,7 @@ sgdisk -Z $DRIVE sgdisk -o -n=1:0:+512MiB -t=1:ef00 -c=1:EFI -n=2:0:0 -t=2:8300 -c=2:ArchOS $DRIVE # encrypt root partiton cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 --use-random /dev/disk/by-partlabel/ArchOS cryptsetup open /dev/disk/by-partlabel/ArchOS crypt_root # format partitions @@ -31,7 +31,7 @@ umount -R /mnt # mount partitions mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@ /dev/mapper/crypt_root /mnt mkdir -p /mnt/{boot,home,.snapshots} mount /dev/disk/by-partlabel/EFI /mnt/boot mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@home /dev/mapper/crypt_root /mnt/home mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@snapshots /dev/mapper/crypt_root /mnt/.snapshots @@ -44,7 +44,7 @@ sed -i 's/#VerbosePkgLists/VerbosePkgLists/' /etc/pacman.conf sed -i 's/#ParallelDownloads.*/ParallelDownloads = 10/' /etc/pacman.conf # update pacman mirrorlist reflector --save /etc/pacman.d/mirrorlist --protocol https --sort rate --thread 12 --latest 5 # base install pacstrap /mnt linux linux-headers linux-firmware base base-devel btrfs-progs amd-ucode git neovim bash-completion zsh zsh-completions @@ -97,7 +97,7 @@ EOF # configure mkinitcpio sed -i 's/MODULES.*/MODULES=(btrfs)/' /etc/mkinitcpio.conf sed -i 's/BINARIES.*/BINARIES=("\/usr\/bin\/btrfs")/' /etc/mkinitcpio.conf sed -i 's/^HOOKS.*/HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt filesystems fsck)/' /etc/mkinitcpio.conf mkinitcpio -P -
Nov 11, 2022 . No changes.There are no files selected for viewing
-
Nov 11, 2022 . 1 changed file with 0 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,10 +8,8 @@ export TIMEZONE="Asia/Singapore" export HOSTNAME=archlinux # create partitions sgdisk -Z $DRIVE sgdisk -o -n=1:0:+512MiB -t=1:ef00 -c=1:EFI -n=2:0:0 -t=2:8300 -c=2:ArchOS $DRIVE # encrypt root partiton cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 /dev/disk/by-partlabel/ArchOS -
Nov 11, 2022 . 1 changed file with 36 additions and 47 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,13 +3,15 @@ export DRIVE=/dev/nvme0n1 export ROOT_PASSWORD=password export USER_NAME=user export USER_PASSWORD=password export LOCALE="en_SG.UTF-8" export TIMEZONE="Asia/Singapore" export HOSTNAME=archlinux # create partitions ``` sgdisk -Z $DRIVE sgdisk -o -n=1:0:+512MiB -t=1:ef00 -c=1:EFI -n=2:0:0 -t=2:8300 -c=2:ArchOS $DRIVE ``` # encrypt root partiton cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 /dev/disk/by-partlabel/ArchOS @@ -25,13 +27,7 @@ mount /dev/mapper/crypt_root /mnt # create btrfs subvolumes btrfs su cr /mnt/@ btrfs su cr /mnt/@home btrfs su cr /mnt/@snapshots umount -R /mnt @@ -41,12 +37,6 @@ mkdir -p /mnt/{boot,home,.snapshots,btrfs,srv,var/abs,var/tmp,var/log,var/cache} mount /dev/disk/by-partlabel/EFI /mnt/boot mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@home /dev/mapper/crypt_root /mnt/home mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@snapshots /dev/mapper/crypt_root /mnt/.snapshots # configure pacman sed -i 's/#UseSyslog/UseSyslog/' /etc/pacman.conf @@ -56,10 +46,10 @@ sed -i 's/#VerbosePkgLists/VerbosePkgLists/' /etc/pacman.conf sed -i 's/#ParallelDownloads.*/ParallelDownloads = 10/' /etc/pacman.conf # update pacman mirrorlist reflector --save /etc/pacman.d/mirrorlist --protocol https --sort rate --thread 12 # base install pacstrap /mnt linux linux-headers linux-firmware base base-devel btrfs-progs amd-ucode git neovim bash-completion zsh zsh-completions # generate fstab genfstab -U /mnt > /mnt/etc/fstab @@ -88,15 +78,15 @@ sed -i 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL' /etc/sudoers # set locale, timezone sed -i 's/#en_SG.UTF-8/en_SG.UTF-8' /etc/locale.gen locale-gen echo LANG=$LOCALE >> /etc/locale.conf export LANG=$LOCALE export LC_ALL=$LOCALE timedatectl set-ntp true ln -sf /usr/share/zoneinfo/$TIMEZONE /etc/localtime hwclock --systohc # set hostname echo $HOSTNAME >> /etc/hostname # set hosts cat << EOF >> /etc/hosts @@ -107,7 +97,7 @@ cat << EOF >> /etc/hosts EOF # configure mkinitcpio sed -i 's/MODULES.*/MODULES=(btrfs)/' /etc/mkinitcpio.conf sed -i 's/BINARIES.*/BINARIES=("\/usr\/bin\/btrfs")/' /etc/mkinitcpio.conf sed -i 's/^HOOKS.*/HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt filesystems)/' /etc/mkinitcpio.conf @@ -118,7 +108,7 @@ pacman -S networkmanager dialog wpa_supplicant xdg-utils xdg-user-dirs systemctl enable NetworkManager # install pipewire pacman -S pipewire pipewire-alsa pipewire-pulse pipewire-jack # install reflector pacman -S reflector @@ -151,30 +141,6 @@ initrd /initramfs-linux.img options rd.luks.name=$ROOT_UUID=crypt_root rd.luks.options=ROOT_UUID=discard root=/dev/mapper/crypt_root rootflags=subvol=@ rw quiet EOF cat << EOF >> /boot/loader/loader.conf default arch.conf editor no @@ -393,4 +359,27 @@ podman system migrate echo "unqualified-search-registries=["docker.io"]" >> /etc/containers/registries.conf # change DNS echo "[global-dns-domain-*]\nservers=1.1.1.1,1.0.0.1" > /etc/NetworkManager/conf.d/dns-servers.conf # nvidia pacman -S nvidia-dkms edit /etc/mkinicpio.conf MODULES=(... nvidia nvidia_modeset nvidia_uvm nvidia_drm ..) mkinitcpio -P pacman -S nvidia-settings edit /etc/X11/xorg.conf.d/20-nvidia.conf Section "Device" Identifier "NVIDIA Card" Driver "nvidia" VendorName "NVIDIA Corporation" BoardName "GeForce GTX 1050 Ti" EndSection Section "Screen" Identifier "Screen0" Device "Device0" Monitor "Monitor0" Option "ForceFullCompositionPipeline" "on" Option "AllowIndirectGLXProtocol" "off" Option "TripleBuffer" "on" EndSection -
Oct 29, 2022 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -267,6 +267,10 @@ bindsym XF86AudioNext exec playerctl next bindsym XF86AudioPrev exec playerctl previous EOF # rustup pacman -S rustup rustup default stable # paru su $USER_NAME cd ~ && \ @@ -302,7 +306,7 @@ systemctl enable snapper-timeline.timer systemctl enable snapper-cleanup.timer # fonts paru -S noto-fonts noto-fonts-cjk noto-fonts-emoji noto-fonts-extra nerd-fonts-jetbrains-mono # alacritty pacman -S alacritty -
Oct 24, 2022 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -388,3 +388,5 @@ usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $USER_NAME podman system migrate echo "unqualified-search-registries=["docker.io"]" >> /etc/containers/registries.conf # change DNS echo "[global-dns-domain-*]\nservers=1.1.1.1,1.0.0.1" > /etc/NetworkManager/conf.d/dns-servers.conf -
May 23, 2022 . 1 changed file with 54 additions and 25 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -225,6 +225,12 @@ echo "crypt_data /dev/my_vg/lv_r10 - tpm2-device=auto" >> /etc/crypttab echo "/dev/mapper/crypt_data /mnt/data ext4 defaults 0 0" >> /etc/fstab sed -i 's/^HOOKS.*/HOOKS=(base udev systemd autodetect keyboard keymap modconf block sd-encrypt lvm2 filesystems)/' /etc/mkinitcpio.conf # firewall pacman -S firewalld firewall-cmd --zone=home --change-interface=eno1 firewall-cmd --set-default-zone=home firewall-cmd --reload # sway wm paru -S sway swaylock swayidle clipman mkdir -P ~/.config/sway @@ -269,24 +275,25 @@ cd paru-bin && \ makepkg -si && \ cd .. && \ sudo rm -rf paru-bin exit # snapper pacman -S snapper umount /.snapshots rm -r /.snapshotsb snapper -c root create-config / btrfs subvolume delete /.snapshots mkdir /.snapshots mount -a chmod 750 /.snapshots cat << EOF >> /etc/snapper/configs/root ALLOW_USERS="$USER_NAME" TIMELINE_MIN_AGE="1800" TIMELINE_LIMIT_HOURLY="24" TIMELINE_LIMIT_DAILY="14" TIMELINE_LIMIT_WEEKLY="2" TIMELINE_LIMIT_MONTHLY="0" TIMELINE_LIMIT_YEARLY="0" EOF @@ -295,33 +302,33 @@ systemctl enable snapper-timeline.timer systemctl enable snapper-cleanup.timer # fonts paru -S noto-fonts noto-fonts-cjk noto-fonts-emoji noto-fonts-extra nerd-fonts-hack # alacritty pacman -S alacritty mkdir -p ~/.config/alacritty cp /usr/share/doc/alacritty/example/alacritty.yml ~/.config/alacritty sed -i 's/set $term.*/set $term alacritty' ~/.config/sway/config # rofi paru -S rofi-lbonn-wayland sed -i 's/set $menu.*/set $menu rofi -show combi' ~/.config/sway/config # TODO waybar pacman -S waybar mkdir -p ~/.config/waybar cp -r /etc/xdg/waybar/* ~/.config/waybar/ # mako pacman -S mako cat << EOF >> ~/.config/sway/config # mako, notification daemon exec mako EOF # japanese input pacman -S fcitx5 fcitx5-configtool fcitx5-qt fcitx5-mozc fcitx5-configtool # add mozc to fcitx5 cat << EOF >> /etc/environment GTK_IM_MODULE=fcitx @@ -337,12 +344,24 @@ EOF # /usr/lib/mozc/mozc_tool --mode=dictionary_tool # mozc dictionary tool # /usr/lib/mozc/mozc_tool --mode=word_register_dialog # mozc word register # optionally, install sway-im paru -S sway-im # samba pacman -S samba curl https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default;hb=HEAD -o /etc/samba/smb.conf sudo cat << EOF >> /etc/samba/smb.conf [global] workgroup = MYGROUP server string = Samba Server server role = standalone server log file = /usr/local/samba/var/log.%m max log size = 50 dns proxy = no mangled names = no [Some name] comment = Some description path = /mnt/data browsable = yes @@ -351,11 +370,21 @@ create mask = 0700 directory mask = 0700 read only = no guest ok = no EOF pdbedit -a -u $USER_NAME systemctl enable --now smb.service systemctl enable --now nmb.service firewall-cmd --permanent --add-service=samba --zone=home # firefox pacman -S firefox echo "MOZ_ENABLE_WAYLAND=1" >> /etc/environment # podman pacman -S podman podman-compose touch /etc/subuid /etc/subgid usermod --add-subuids 100000-165535 --add-subgids 100000-165535 $USER_NAME podman system migrate echo "unqualified-search-registries=["docker.io"]" >> /etc/containers/registries.conf -
May 22, 2022 . 1 changed file with 11 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -322,6 +322,12 @@ EOF # TODO japanese input sudo pacman -S fcitx5 fcitx5-configtool fcitx5-qt fcitx5-mozc fcitx5-configtool # add mozc to fcitx5 cat << EOF >> /etc/environment GTK_IM_MODULE=fcitx QT_IM_MODULE=fcitx XMODIFIERS=@im=fcitx EOF cat << EOF >> ~/.config/sway/config # fcitx5 @@ -348,4 +354,8 @@ guest ok = no sudo pdbedit -a -u $USER_NAME sudo systemctl enable --now smb.service sudo systemctl enable --now nmb.service # firefox sudo pacman -S firefox sudo echo "MOZ_ENABLE_WAYLAND=1" >> /etc/environment -
May 22, 2022 . 1 changed file with 8 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,11 +1,11 @@ # define variables export DRIVE=/dev/nvme0n1 export ROOT_PASSWORD=password export USER_NAME=user export USER_PASSWORD=password export LOCALE="LANG=en_SG.UTF-8" export TIMEZONE="Asia/Singapore" export HOSTNAME=archlinux # create partitions sgdisk -Z $DRIVE @@ -196,8 +196,8 @@ sbctl sign -s /boot/EFI/systemd/systemd-boot.efi sbctl sign -s /boot/vmlinuz-linux sbctl sign -s /boot/vmlinuz-linux-lts sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux -f /boot/initramfs-linux.img /boot/EFI/Linux/linux.efi sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux -f /boot/initramfs-linux-fallback.img /boot/EFI/Linux/linux-fallback.efi sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux-lts -f /boot/initramfs-linux-lts.img /boot/EFI/Linux/linux-lts.efi sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux-lts -f /boot/initramfs-linux-lts-fallback.img /boot/EFI/Linux/linux-lts-fallback.efi sbctl generate-bundles sbctl verify -
May 22, 2022 . 1 changed file with 89 additions and 76 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,53 +8,49 @@ TIMEZONE="Asia/Singapore" HOSTNAME=archlinux # create partitions sgdisk -Z $DRIVE sgdisk -o -n=1:0:+512MiB -t=1:ef00 -c=1:EFI -n=2:0:0 -t=2:8300 -c=2:ArchOS $DRIVE # encrypt root partiton cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 /dev/disk/by-partlabel/ArchOS cryptsetup open /dev/disk/by-partlabel/ArchOS crypt_root # format partitions mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI mkfs.btrfs -L ArchOS /dev/mapper/crypt_root # mount encrypted root partition mount /dev/mapper/crypt_root /mnt # create btrfs subvolumes btrfs su cr /mnt/@ btrfs su cr /mnt/@home btrfs su cr /mnt/@abs btrfs su cr /mnt/@tmp btrfs su cr /mnt/@srv btrfs su cr /mnt/@snapshots btrfs su cr /mnt/@btrfs btrfs su cr /mnt/@log btrfs su cr /mnt/@cache umount -R /mnt # mount partitions mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@ /dev/mapper/crypt_root /mnt mkdir -p /mnt/{boot,home,.snapshots,btrfs,srv,var/abs,var/tmp,var/log,var/cache} mount /dev/disk/by-partlabel/EFI /mnt/boot mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@home /dev/mapper/crypt_root /mnt/home mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@snapshots /dev/mapper/crypt_root /mnt/.snapshots mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@btrfs /dev/mapper/crypt_root /mnt/btrfs mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@srv /dev/mapper/crypt_root /mnt/srv mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@abs /dev/mapper/crypt_root /mnt/var/abs mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@tmp /dev/mapper/crypt_root /mnt/var/tmp mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@log /dev/mapper/crypt_root /mnt/var/log mount -o noatime,space_cache=v2,ssd,discard=async,subvol=@cache /dev/mapper/crypt_root /mnt/var/cache # configure pacman sed -i 's/#UseSyslog/UseSyslog/' /etc/pacman.conf sed -i 's/#Color/Color\\\nILoveCandy/' /etc/pacman.conf sed -i 's/#CheckSpace/CheckSpace/' /etc/pacman.conf sed -i 's/#VerbosePkgLists/VerbosePkgLists/' /etc/pacman.conf sed -i 's/#ParallelDownloads.*/ParallelDownloads = 10/' /etc/pacman.conf @@ -81,22 +77,26 @@ arch-chroot /mnt /bin/zsh echo root:$ROOT_PASSWORD | chpasswd # change root default shell chsh -s /bin/zsh # create new user useradd -mG wheel -s /bin/zsh -p $USER_PASSWORD $USER_NAME # add wheel groups to sudoers sed -i 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL' /etc/sudoers # set locale, timezone sed -i 's/#en_SG.UTF-8/en_SG.UTF-8' /etc/locale.gen locale-gen localectl set-locale $LOCALE export LANG="en_SG.UTF-8" export LC_ALL="en_SG.UTF-8" timedatectl set-ntp true timedatectl set-timezone $TIMEZONE hwclock --systohc # set hostname hostnamectl hostname $HOSTNAME # set hosts cat << EOF >> /etc/hosts @@ -109,9 +109,9 @@ EOF # configure mkinitcpio sed -i 's/MODULES.*/MODULES=(btrfs amdgpu)/' /etc/mkinitcpio.conf sed -i 's/BINARIES.*/BINARIES=("\/usr\/bin\/btrfs")/' /etc/mkinitcpio.conf sed -i 's/^HOOKS.*/HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt filesystems)/' /etc/mkinitcpio.conf mkinitcpio -P # install essential packages pacman -S networkmanager dialog wpa_supplicant xdg-utils xdg-user-dirs @@ -129,37 +129,13 @@ cat << EOF > /etc/xdg/reflector/reflector.conf # Select the transfer protocol (--protocol). --protocol https # Use only the most recently synchronized mirrors (--latest). --latest 5 # Sort the mirrors by MirrorStatus score --sort rate EOF systemctl enable reflector.service systemctl enable reflector.timer # bootloader: systemd-boot bootctl --path /boot install @@ -172,7 +148,7 @@ title Arch Linux linux /vmlinuz-linux initrd /amd-ucode.img initrd /initramfs-linux.img options rd.luks.name=$ROOT_UUID=crypt_root rd.luks.options=ROOT_UUID=discard root=/dev/mapper/crypt_root rootflags=subvol=@ rw quiet EOF cat << EOF >> /boot/loader/entries/arch-fallback.conf @@ -206,22 +182,35 @@ timeout 10 console max EOF reboot # secure boot # enable secure boot, setup mode in BIOS pacman -S sbctl sbctl status sbctl create-keys sbctl enroll-keys sbctl verify sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI sbctl sign -s /boot/EFI/systemd/systemd-boot.efi sbctl sign -s /boot/vmlinuz-linux sbctl sign -s /boot/vmlinuz-linux-lts sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux -f /boot/initramfs-linux.img /boot/EFI/Linux/linux.efi sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux-lts -f /boot/initramfs-linux-lts.img /boot/EFI/Linux/linux-lts.efi sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux -f /boot/initramfs-linux-fallback.img /boot/EFI/Linux/linux-fallback.efi sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline -k /boot/vmlinuz-linux-lts -f /boot/initramfs-linux-lts-fallback.img /boot/EFI/Linux/linux-lts-fallback.efi sbctl generate-bundles sbctl verify sbctl sign -s /boot/EFI/Linux/linux.efi sbctl sign -s /boot/EFI/Linux/linux-fallback.efi sbctl sign -s /boot/EFI/Linux/linux-lts.efi sbctl sign -s /boot/EFI/Linux/linux-lts-fallback.efi # TPM 2.0 # reset TPM in BIOS systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0,7 /dev/disk/by-partlabel/ArchOS sed -i 's/options.*/options rd.luks.name=$ROOT_UUID=crypt_root rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard root=/dev/mapper/crypt_root rootflags=subvol=@ rw quiet' /boot/loader/entries/arch.conf sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch-fallback.conf sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch-lts.conf sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch-lts-fallback.conf @@ -237,8 +226,8 @@ echo "/dev/mapper/crypt_data /mnt/data ext4 defaults 0 0" >> /etc/fstab sed -i 's/^HOOKS.*/HOOKS=(base udev systemd autodetect keyboard keymap modconf block sd-encrypt lvm2 filesystems)/' /etc/mkinitcpio.conf # sway wm paru -S sway swaylock swayidle clipman mkdir -P ~/.config/sway cp /etc/sway/config ~/.config/sway sed 's/# output/output HDMI-A-1 mode 3840x2160 position 0,0 scale 1.5' /etc/sway/config @@ -279,13 +268,37 @@ git clone https://aur.archlinux.org/paru-bin \ cd paru-bin && \ makepkg -si && \ cd .. && \ sudo rm -rf paru-bin # snapper sudo pacman -S snapper sudo umount /.snapshots sudo rm -r /.snapshotsb snapper -c root create-config / btrfs subvolume delete /.snapshots sudo mkdir /.snapshots sudo mount -a sudo chmod 750 /.snapshots cat << EOF >> /etc/snapper/configs/root ALLOW_USERS="$USER_NAME" TIMELINE_MIN_AGE="1800" TIMELINE_LIMIT_HOURLY="5" TIMELINE_LIMIT_DAILY="7" TIMELINE_LIMIT_WEEKLY="0" TIMELINE_LIMIT_MONTHLY="0" TIMELINE_LIMIT_YEARLY="0" EOF systemctl enable snapper-timeline.timer systemctl enable snapper-cleanup.timer # fonts sudo paru -S noto-fonts noto-fonts-cjk noto-fonts-emoji noto-fonts-extra nerd-fonts-hack # alacritty sudo pacman -S alacritty mkdir -p ~/.config/alacritty cp /usr/share/doc/alacritty/example/alacritty.yml ~/.config/alacritty sed -i 's/set $term.*/set $term alacritty' ~/.config/sway/config @@ -300,7 +313,7 @@ mkdir -p ~/.config/waybar cp -r /etc/xdg/waybar/* ~/.config/waybar/ # mako sudo pacman -S mako cat << EOF >> ~/.config/sway/config # mako, notification daemon -
May 21, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,338 @@ # define variables DRIVE=/dev/nvme0n1 ROOT_PASSWORD=password USER_NAME=user USER_PASSWORD=password LOCALE="LANG=en_SG.UTF-8" TIMEZONE="Asia/Singapore" HOSTNAME=archlinux # create partitions sgdisk --zap-all $DRIVE sgdisk --clear \ --new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \ --new=2:0:0 --typecode=2:8300 --change-name=2:ArchOS \ $DRIVE # encrypt root partiton cryptsetup luksFormat --cipher aes-xts-plain64 --hash sha512 /dev/disk/by-partlabel/ArchOS cryptsetup open /dev/disk/by-partlabel/ArchOS crypt_root # format partitions mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI mkfs.btrfs --label ArchOS /dev/mapper/crypt_root # mount encrypted root partition mount /dev/mapper/crypt_root # create btrfs subvolumes btrfs subvolume create /mnt/@ btrfs subvolume create /mnt/@home btrfs subvolume create /mnt/@abs btrfs subvolume create /mnt/@tmp btrfs subvolume create /mnt/@srv btrfs subvolume create /mnt/@snapshots btrfs subvolume create /mnt/@btrfs btrfs subvolume create /mnt/@log btrfs subvolume create /mnt/@cache umount --recursive /mnt # mount partitions mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@ /dev/mapper/crypt_root /mnt mkdir --parents /mnt/{boot,home,.snapshots,btrfs,srv,var/abs,var/tmp,var/log,var/cache} mount /dev/nvme0n1p1 /mnt/boot mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@home /dev/mapper/crypt_root /mnt/home mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@snapshots /dev/mapper/crypt_root /mnt/.snapshots mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@btrfs /dev/mapper/crypt_root /mnt/btrfs mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@srv /dev/mapper/crypt_root /mnt/srv mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@abs /dev/mapper/crypt_root /mnt/var/abs mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@tmp /dev/mapper/crypt_root /mnt/var/tmp mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@log /dev/mapper/crypt_root /mnt/var/log mount --options noatime,space_cache=v2,ssd,discard=async,subvol=@cache /dev/mapper/crypt_root /mnt/var/cache # configure pacman sed -i 's/#UseSyslog/UseSyslog/' /etc/pacman.conf sed -i 's/#Color/Color\\\nILoveCandy/' /etc/pacman.conf sed -i 's/#TotalDownload/TotalDownload/' /etc/pacman.conf sed -i 's/#CheckSpace/CheckSpace/' /etc/pacman.conf sed -i 's/#VerbosePkgLists/VerbosePkgLists/' /etc/pacman.conf sed -i 's/#ParallelDownloads.*/ParallelDownloads = 10/' /etc/pacman.conf # update pacman mirrorlist reflector --save /etc/pacman.d/mirrorlist --protocol https --sort rate --thread 4 # base install pacstrap /mnt linux linux-headers linux-firmware base base-devel btrfs-progs amd-ucode git neovim zsh zsh-completions # generate fstab genfstab -U /mnt > /mnt/etc/fstab # copy pacman config cp /etc/pacman.conf /mnt/etc/pacman.conf # copy pacman mirrorlist cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist # chroot intall fresh install arch-chroot /mnt /bin/zsh # change root password echo root:$ROOT_PASSWORD | chpasswd # change root default shell chsh --shell /bin/zsh # create new user useradd --create-home --groups wheel --shell /bin/zsh --password $USER_PASSWORD $USER_NAME # add wheel groups to sudoers sed -i 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL' /etc/sudoers # set locale, timezone localectl set-locale $LOCALE timedatectl set-ntp true timedatectl set-timezone $TIMEZONE hwclock --systohc # set hostname hostnamectl set-hostname $HOSTNAME # set hosts cat << EOF >> /etc/hosts # <ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost ::1 localhost 127.0.1.1 $HOSTNAME.localdomain $HOSTNAME EOF # configure mkinitcpio sed -i 's/MODULES.*/MODULES=(btrfs amdgpu)/' /etc/mkinitcpio.conf sed -i 's/BINARIES.*/BINARIES=("\/usr\/bin\/btrfs")/' /etc/mkinitcpio.conf sed -i 's/^HOOKS.*/HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems)/' /etc/mkinitcpio.conf mkinitcpio --allpresets # install essential packages pacman -S networkmanager dialog wpa_supplicant xdg-utils xdg-user-dirs systemctl enable NetworkManager # install pipewire pacman -S pipewire pipewire-alsa pipewire-pulse # install reflector pacman -S reflector cat << EOF > /etc/xdg/reflector/reflector.conf # Set the output path where the mirrorlist will be saved (--save). --save /etc/pacman.d/mirrorlist # Select the transfer protocol (--protocol). --protocol https # Use only the most recently synchronized mirrors (--latest). --latest 100 # Sort the mirrors by MirrorStatus score --sort rate EOF systemctl enable --now reflector.service systemctl enable --now reflector.timer # snapper pacman -S snapper umount /.snapshots rm -r /.snapshotsb snapper -c root create-config / btrfs subvolume delete /.snapshots mkdir /.snapshots mount -a chmod 750 /.snapshots cat << EOF >> /etc/snapper/configs/root ALLOW_USERS="$USER_NAME" TIMELINE_MIN_AGE="1800" TIMELINE_LIMIT_HOURLY="5" TIMELINE_LIMIT_DAILY="7" TIMELINE_LIMIT_WEEKLY="0" TIMELINE_LIMIT_MONTHLY="0" TIMELINE_LIMIT_YEARLY="0" EOF systemctl enable snapper-timeline.timer systemctl enable snapper-cleanup.timer # bootloader: systemd-boot bootctl --path /boot install ROOT_UUID=blkid -s UUID -o value /dev/disk/by-partlabel/ArchOS CRYPT_ROOT_UUID=blkid -s UUID -o value /dev/mapper/crypt_root cat << EOF >> /boot/loader/entries/arch.conf title Arch Linux linux /vmlinuz-linux initrd /amd-ucode.img initrd /initramfs-linux.img options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=ROOT_UUID=discard rw quiet EOF cat << EOF >> /boot/loader/entries/arch-fallback.conf title Arch Linux (fallback initramfs) linux /vmlinuz-linux initrd /amd-ucode.img initrd /initramfs-linux-fallback.img options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=ROOT_UUID=discard rw quiet EOF cat << EOF >> /boot/loader/entries/arch-lts.conf title Arch Linux LTS linux /vmlinuz-linux-lts initrd /amd-ucode.img initrd /initramfs-linux-lts.img options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=ROOT_UUID=discard rw quiet EOF cat << EOF >> /boot/loader/entries/arch-lts-fallback.conf title Arch Linux LTS (initramfs) linux /vmlinuz-linux-lts initrd /amd-ucode.img initrd /initramfs-linux-lts-fallback.img options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=ROOT_UUID=discard rw quiet EOF cat << EOF >> /boot/loader/loader.conf default arch.conf editor no timeout 10 console max EOF # TODO secure boot pacman --sync sbctl sbctl status sbctl create-keys sbctl enroll-keys sbctl verify sbctl bundle -s -a /boot/amd-ucode.img -l /usr/share/systemd/bootctl/splash-arch.bmp -c /proc/cmdline /boot/EFI/Linux/linux-linux.efi sbctl generate-bundles sbctl sign -s /boot/EFI/Linux/linux-linux.efi sbctl sign ... # TPM 2.0 sed -i 's/^HOOKS.*/HOOKS=(base udev systemd autodetect keyboard keymap modconf block sd-encrypt filesystems)/' /etc/mkinitcpio.conf systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0,7 /dev/disk/by-partlabel/ArchOS sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch.conf sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch-fallback.conf sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch-lts.conf sed -i 's/options.*/options rd.luks.name=UUID=$ROOT_UUID=crypt_root root=UUID=CRYPT_ROOT_UUID rootflags=subvol=@ rd.luks.options=$ROOT_UUID=tpm2-device=auto,discard rw quiet' /boot/loader/entries/arch-lts-fallback.conf # LVM pacman -S lvm2 cryptsetup open /dev/my_vg/lv_r10 crypt_data mkdir /mnt/data chown USER_NAME:USER_NAME /mnt/data systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/my_vg/lv_r10 echo "crypt_data /dev/my_vg/lv_r10 - tpm2-device=auto" >> /etc/crypttab echo "/dev/mapper/crypt_data /mnt/data ext4 defaults 0 0" >> /etc/fstab sed -i 's/^HOOKS.*/HOOKS=(base udev systemd autodetect keyboard keymap modconf block sd-encrypt lvm2 filesystems)/' /etc/mkinitcpio.conf # sway wm pacman --sync sway swaylock swayidle clipman mkdir --parents ~/.config/sway cp /etc/sway/config ~/.config/sway sed 's/# output/output HDMI-A-1 mode 3840x2160 position 0,0 scale 1.5' /etc/sway/config cat << EOF >> ~/.config/sway/config # enable clipboard manager exec wl-paste -t text --watch clipman store --no-persist # initially enable numlock input * xkb_numlock enable # remove title bar default_border pixel 0 default_floating_border pixel 0 # gaps gaps outer 0 gaps inner 10 # volume control bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +1% bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -1% bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle # brightness control bindsym XF86MonBrightnessDown exec brightnessctl set 5%- bindsym XF86MonBrightnessUp exec brightnessctl set 5%+ # media playback control bindsym XF86AudioPlay exec playerctl play-pause bindsym XF86AudioNext exec playerctl next bindsym XF86AudioPrev exec playerctl previous EOF # paru su $USER_NAME cd ~ && \ git clone https://aur.archlinux.org/paru-bin \ cd paru-bin && \ makepkg -si && \ cd .. && \ sudo rm --recursive --force paru-bin # fonts paru --sync noto-fonts noto-fonts-cjk noto-fonts-emoji noto-fonts-extra nerd-fonts-hack # alacritty sudo pacman --sync alacritty mkdir -p ~/.config/alacritty cp /usr/share/doc/alacritty/example/alacritty.yml ~/.config/alacritty sed -i 's/set $term.*/set $term alacritty' ~/.config/sway/config # rofi sudo paru -S rofi-lbonn-wayland sed -i 's/set $menu.*/set $menu rofi -show combi' ~/.config/sway/config # TODO waybar sudo pacman -S waybar mkdir -p ~/.config/waybar cp -r /etc/xdg/waybar/* ~/.config/waybar/ # mako sudo pacman - s mako cat << EOF >> ~/.config/sway/config # mako, notification daemon exec mako EOF # TODO japanese input sudo pacman -S fcitx5 fcitx5-configtool fcitx5-qt fcitx5-mozc cat << EOF >> ~/.config/sway/config # fcitx5 exec --no-startup-id fcitx5 -d EOF # /usr/lib/mozc/mozc_tool --mode=config_dialog # mozc setting # /usr/lib/mozc/mozc_tool --mode=dictionary_tool # mozc dictionary tool # /usr/lib/mozc/mozc_tool --mode=word_register_dialog # mozc word register # TODO samba sudo pacman -S samba sudo curl https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default;hb=HEAD -o /etc/samba/smb.conf sudo cat << EOF >> /etc/samba/smb.conf [Share] comment = Some description path = /mnt/data browsable = yes writeable = yes create mask = 0700 directory mask = 0700 read only = no guest ok = no sudo pdbedit -a -u $USER_NAME sudo systemctl enable --now smb.service sudo systemctl enable --now nmb.service