Last active
May 8, 2023 09:50
-
-
Save jdmonty/3c8b07d2d90f1947d9840fb7d000d3c0 to your computer and use it in GitHub Desktop.
Revisions
-
jdmonty revised this gist
May 8, 2023 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -163,3 +163,5 @@ done arch-chroot /mnt chsh -s /usr/bin/zsh echo "$user:$password" | arch-chroot /mnt chpasswd arch-chroot /mnt passwd -dl root # update -
May 8, 2023 . 1 changed file with 81 additions and 186 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -28,44 +28,19 @@ exec 2> >(tee "stderr.log" >&2) export SNAP_PAC_SKIP=y # Dialog # MOUNT_OPTIONS "noatime,compress=zstd,ssd,commit=120";; # KEYMAP us # TIMEZONE America/Chicago time_zone="$(curl --fail https://ipapi.co/timezone)" # FS "btrfs" # DISK "/dev/nvme0n1" # ISO='US' # mirror ISO country code # https://gist.github.com/jdmonty/3c8b07d2d90f1947d9840fb7d000d3c0 # https://gist.github.com/jdmonty/3c8b07d2d90f1947d9840fb7d000d3c0/raw font="ter-v22b" device='/dev/nvme0n1' hostname='telos' user='monty' password='passwordtest' echo -e "\n### Checking UEFI boot mode" @@ -78,67 +53,15 @@ echo -e "\n### Setting up clock" timedatectl set-ntp true hwclock --systohc --utc echo -e "\n### Installing additional tools" pacman -Sy --noconfirm --needed git terminus-font dialog wget curl setfont $font echo -e "\n### Setting up partitions" umount -R /mnt 2> /dev/null || true sgdisk --clear "${device}" --new 1::-551MiB "${device}" --new 2::0 --typecode 2:ef00 "${device}" sgdisk --change-name=1:'ROOT' --change-name=2:'EFI' "${device}" # create partitions # partition 1 (UEFI Boot Partition) @@ -149,95 +72,17 @@ sgdisk -a 2048 -o ${DISK} # ef00 EFI system partition # ef01 MBR partition scheme # ef02 BIOS boot partition part_root="$(ls ${device}* | grep -E "^${device}p?1$")" part_boot="$(ls ${device}* | grep -E "^${device}p?2$")" echo -e "\n### Formatting partitions" mkfs.vfat -n "EFI" -F 32 "${part_boot}" mkfs.btrfs -L ROOT ${part_root} -f mount -t btrfs ${part_root} /mnt echo -e "\n### Setting up BTRFS subvolumes" mount ${part_root} /mnt btrfs subvolume create /mnt/root btrfs subvolume create /mnt/home btrfs subvolume create /mnt/pkgs @@ -250,21 +95,71 @@ btrfs subvolume create /mnt/swap btrfs subvolume create /mnt/snapshots umount /mnt mount -o noatime,nodiratime,compress=zstd,subvol=root ${part_root} /mnt mkdir -p /mnt/{mnt/btrfs-root,efi,home,var/{cache/pacman,log,tmp,lib/{aurbuild,archbuild,docker}},swap,.snapshots} mount "${part_boot}" /mnt/efi mount -o noatime,nodiratime,compress=zstd,subvol=/ ${part_root} /mnt/mnt/btrfs-root mount -o noatime,nodiratime,compress=zstd,subvol=home ${part_root} /mnt/home mount -o noatime,nodiratime,compress=zstd,subvol=pkgs ${part_root} /mnt/var/cache/pacman mount -o noatime,nodiratime,compress=zstd,subvol=aurbuild ${part_root} /mnt/var/lib/aurbuild mount -o noatime,nodiratime,compress=zstd,subvol=archbuild ${part_root} /mnt/var/lib/archbuild mount -o noatime,nodiratime,compress=zstd,subvol=docker ${part_root} /mnt/var/lib/docker mount -o noatime,nodiratime,compress=zstd,subvol=logs ${part_root} /mnt/var/log mount -o noatime,nodiratime,compress=zstd,subvol=temp ${part_root} /mnt/var/tmp mount -o noatime,nodiratime,compress=zstd,subvol=swap ${part_root} /mnt/swap mount -o noatime,nodiratime,compress=zstd,subvol=snapshots ${part_root} /mnt/.snapshots # Install the base packages pacstrap /mnt base base-devel linux linux-firmware git btrfs-progs efibootmgr # Configure the system #echo "FONT=$font" > /mnt/etc/vconsole.conf #genfstab -L /mnt >> /mnt/etc/fstab #echo "${hostname}" > /mnt/etc/hostname #echo "en_US.UTF-8 UTF-8" >> /mnt/etc/locale.gen #arch-chroot /mnt ln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime #ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime #arch-chroot /mnt locale-gen #echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf #arch-chroot /mnt mkinitcpio -P echo "FONT=$font" > /mnt/etc/vconsole.conf genfstab -L /mnt >> /mnt/etc/fstab echo "${hostname}" > /mnt/etc/hostname echo "en_US.UTF-8 UTF-8" >> /mnt/etc/locale.gen ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime arch-chroot /mnt locale-gen cat << EOF > /mnt/etc/mkinitcpio.conf MODULES=() BINARIES=() FILES=() HOOKS=(base consolefont udev autodetect modconf block filesystems keyboard) EOF arch-chroot /mnt mkinitcpio -p linux # Create a boot entry arch-chroot /mnt bootctl --path=/efi install echo "default arch" > /mnt/efi/loader/loader.conf #echo "timeout 3" >> /mnt/efi/loader/loader.conf #echo "editor 0" >> /mnt/efi/loader/loader.conf # Set up the boot loader entry echo "title Arch Linux" > /mnt/efi/loader/entries/arch.conf echo "linux /vmlinuz-linux" >> /mnt/efi/loader/entries/arch.conf echo "initrd /intel-ucode.img" >> /mnt/efi/loader/entries/arch.conf echo "initrd /initramfs-linux.img" >> /mnt/efi/loader/entries/arch.conf echo "options root=UUID=$(blkid -s UUID -o value ${part_root}) rootflags=subvol=/ rw" >> /mnt/efi/loader/entries/arch.conf echo -e "\n### Configuring swap file" btrfs filesystem mkswapfile --size 4G /mnt/swap/swapfile echo "/swap/swapfile none swap defaults 0 0" >> /mnt/etc/fstab echo -e "\n### Creating user" arch-chroot /mnt useradd -m -s /usr/bin/zsh "$user" for group in wheel network video input; do arch-chroot /mnt groupadd -rf "$group" arch-chroot /mnt gpasswd -a "$user" "$group" done arch-chroot /mnt chsh -s /usr/bin/zsh echo "$user:$password" | arch-chroot /mnt chpasswd arch-chroot /mnt passwd -dl root -
May 8, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,270 @@ #!/bin/bash # # Arch Linux installation # # Bootable USB: # - [Download](https://archlinux.org/download/) ISO and GPG files # - Verify the ISO file: `$ pacman-key -v archlinux-<version>-dual.iso.sig` # - Create a bootable USB with: `# dd if=archlinux*.iso of=/dev/sdX && sync` # # UEFI setup: # # - Set boot mode to UEFI, disable Legacy mode entirely. # - Temporarily disable Secure Boot. # - Make sure a strong UEFI administrator password is set. # - Delete preloaded OEM keys for Secure Boot, allow custom ones. # - Set SATA operation to AHCI mode. # # Run installation: # # - Connect to wifi via: `# iwctl station wlan0 connect WIFI-NETWORK` # - Run: `# bash <(curl -sL https://github.com/jdmonty/archlinux-install)` set -uo pipefail trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR exec 1> >(tee "stdout.log") exec 2> >(tee "stderr.log" >&2) export SNAP_PAC_SKIP=y # Dialog BACKTITLE="Arch Linux installation" # MOUNT_OPTIONS "noatime,compress=zstd,ssd,commit=120";; # KEYMAP us # TIMEZONE America/Chicago time_zone="$(curl --fail https://ipapi.co/timezone)" # FS "btrfs" # DISK "/dev/nvme0n1" # ISO='US' # mirror ISO country code get_input() { title="$1" description="$2" input=$(dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --inputbox "$description" 0 0) echo "$input" } get_password() { title="$1" description="$2" init_pass=$(dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --passwordbox "$description" 0 0) : ${init_pass:?"password cannot be empty"} test_pass=$(dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --passwordbox "$description again" 0 0) if [[ "$init_pass" != "$test_pass" ]]; then echo "Passwords did not match" >&2 exit 1 fi echo $init_pass } get_choice() { title="$1" description="$2" shift 2 options=("$@") dialog --clear --stdout --backtitle "$BACKTITLE" --title "$title" --menu "$description" 0 0 0 "${options[@]}" } echo -e "\n### Checking UEFI boot mode" if [ ! -f /sys/firmware/efi/fw_platform_size ]; then echo >&2 "You must boot in UEFI mode to continue" exit 2 fi echo -e "\n### Setting up clock" timedatectl set-ntp true hwclock --systohc --utc # ------------------------------------------------------------------------------ # 1 ---------------------------------------------------------------------------- echo -e "\n### Installing additional tools" pacman -Sy --noconfirm --needed git reflector terminus-font dialog wget curl # 2 ---------------------------------------------------------------------------- pacman -S --noconfirm archlinux-keyring pacman -S --noconfirm --needed pacman-contrib terminus-font setfont ter-v22b sed -i 's/^#ParallelDownloads/ParallelDownloads/' /etc/pacman.conf pacman -S --noconfirm --needed reflector rsync grub cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup # --age <n> : n minimum age of last sync in hours # --country <country name or code> # --fastest <n> : Return the n fastest mirrors that meet the other criteria. # --sort {age,rate,country,score,delay} reflector --age 48 --country 'US' --fastest 5 --latest 20 --sort rate \ --save /etc/pacman.d/mirrorlist # ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------ # 1 ---------------------------------------------------------------------------- devicelist=$(lsblk -dplnx size -o name,size | grep -Ev "boot|rpmb|loop" | tac | tr '\n' ' ') read -r -a devicelist <<< $devicelist device=$(get_choice "Installation" "Select installation disk" "${devicelist[@]}") || exit 1 clear # luks # luks_header_device=$(get_choice "Installation" "Select disk to write LUKS header to" "${devicelist[@]}") || exit 1 # clear echo -e "\n### Setting up fastest mirrors" reflector --latest 30 --sort rate --save /etc/pacman.d/mirrorlist # 2 ---------------------------------------------------------------------------- # Set the disk to nvme0n1 DISK="/dev/nvme0n1" # ------------------------------------------------------------------------------ # 1 ---------------------------------------------------------------------------- echo -e "\n### Setting up partitions" umount -R /mnt 2> /dev/null || true cryptsetup luksClose luks 2> /dev/null || true lsblk -plnx size -o name "${device}" | xargs -n1 wipefs --all sgdisk --clear "${device}" --new 1::-551MiB "${device}" --new 2::0 --typecode 2:ef00 "${device}" sgdisk --change-name=1:primary --change-name=2:ESP "${device}" # 2 ---------------------------------------------------------------------------- # make sure everything is unmounted before we start umount -A --recursive /mnt # zap all on disk sgdisk -Z ${DISK} # new gpt disk 2048 alignment # defaults to 1 MiB (2048 on disks with 512-byte sectors) on freshly formatted disks. sgdisk -a 2048 -o ${DISK} # create partitions # partition 1 (UEFI Boot Partition) # Boot disks for EFI-based systems require an EFI System Partition (gdisk internal code 0xEF00) formatted as FAT-32. I recommended making this partition 550 MiB. # Some boot loaders for BIOS-based systems make use of a BIOS Boot Partition (gdisk internal code 0xEF02), in which the secondary boot loader is stored, possibly without the benefit of a filesystem. (GRUB2 may optionally use such a partition.) This partition can typically be quite small (roughly 32 to 200 KiB, although 1 MiB is more common in practice) # If Windows is to boot from a GPT disk, a partition of type Microsoft Reserved (sgdisk internal code 0x0C01) is recommended. This partition should be about 128 MiB in size. It ordinarily follows the EFI System Partition and immediately precedes the Windows data partitions. (Note that GNU Parted creates all FAT partitions as this type, which actually makes the partition unusable for normal file storage in both Windows and Mac OS X.) # 8300 Linux filesystem # ef00 EFI system partition # ef01 MBR partition scheme # ef02 BIOS boot partition sgdisk -n 1::+551M --typecode=1:ef00 --change-name=1:'EFIBOOT' ${DISK} # partition 2 (Root), default start, remaining sgdisk -n 2::-0 --typecode=2:8300 --change-name=2:'ROOT' ${DISK} # reread partition table to ensure it is correct partprobe ${DISK} # 3 ---------------------------------------------------------------------------- # Prepare the disk parted -s $DISK mklabel gpt parted -s $DISK mkpart ESP fat32 1MiB 513MiB parted -s $DISK set 1 boot on parted -s $DISK mkpart primary btrfs 513MiB 100% # ------------------------------------------------------------------------------ # 1 ---------------------------------------------------------------------------- part_root="$(ls ${device}* | grep -E "^${device}p?1$")" part_boot="$(ls ${device}* | grep -E "^${device}p?2$")" if [ "$device" != "$luks_header_device" ]; then cryptargs="--header $luks_header_device" else cryptargs="" luks_header_device="$part_root" fi echo -e "\n### Formatting partitions" mkfs.vfat -n "EFI" -F 32 "${part_boot}" echo -n ${password} | cryptsetup luksFormat --type luks2 --pbkdf argon2id --label luks $cryptargs "${part_root}" echo -n ${password} | cryptsetup luksOpen $cryptargs "${part_root}" luks mkfs.btrfs -L btrfs /dev/mapper/luks # 2 ---------------------------------------------------------------------------- if [[ "${DISK}" =~ "nvme" ]]; then partition2=${DISK}p2 partition3=${DISK}p3 else partition2=${DISK}2 partition3=${DISK}3 fi if [[ "${FS}" == "btrfs" ]]; then mkfs.vfat -F32 -n "EFIBOOT" ${partition2} mkfs.btrfs -L ROOT ${partition3} -f mount -t btrfs ${partition3} /mnt subvolumesetup elif [[ "${FS}" == "ext4" ]]; then mkfs.vfat -F32 -n "EFIBOOT" ${partition2} mkfs.ext4 -L ROOT ${partition3} mount -t ext4 ${partition3} /mnt elif [[ "${FS}" == "luks" ]]; then mkfs.vfat -F32 -n "EFIBOOT" ${partition2} # enter luks password to cryptsetup and format root partition echo -n "${LUKS_PASSWORD}" | cryptsetup -y -v luksFormat ${partition3} - # open luks container and ROOT will be place holder echo -n "${LUKS_PASSWORD}" | cryptsetup open ${partition3} ROOT - # now format that container mkfs.btrfs -L ROOT ${partition3} # create subvolumes for btrfs mount -t btrfs ${partition3} /mnt subvolumesetup # store uuid of encrypted partition for grub echo ENCRYPTED_PARTITION_UUID=$(blkid -s UUID -o value ${partition3}) >> $CONFIGS_DIR/setup.conf fi # 3 ---------------------------------------------------------------------------- # Format the partitions mkfs.fat -F 32 ${DISK}p1 mkfs.btrfs -f ${DISK}p2 # Mount the partitions mount ${DISK}p2 /mnt btrfs subvolume create /mnt/@ umount /mnt mount -o subvol=@,compress=zstd ${DISK}p2 /mnt mkdir -p /mnt/boot/efi mount ${DISK}p1 /mnt/boot/efi # ------------------------------------------------------------------------------ # 1 ---------------------------------------------------------------------------- echo -e "\n### Setting up BTRFS subvolumes" mount /dev/mapper/luks /mnt btrfs subvolume create /mnt/root btrfs subvolume create /mnt/home btrfs subvolume create /mnt/pkgs btrfs subvolume create /mnt/aurbuild btrfs subvolume create /mnt/archbuild btrfs subvolume create /mnt/docker btrfs subvolume create /mnt/logs btrfs subvolume create /mnt/temp btrfs subvolume create /mnt/swap btrfs subvolume create /mnt/snapshots umount /mnt # 2 ---------------------------------------------------------------------------- # create nonroot subvolumes btrfs subvolume create /mnt/@ btrfs subvolume create /mnt/@home btrfs subvolume create /mnt/@var btrfs subvolume create /mnt/@tmp btrfs subvolume create /mnt/@.snapshots # unmount root to remount with subvolume umount /mnt # mount @ subvolume mount -o ${MOUNT_OPTIONS},subvol=@ ${partition3} /mnt # make directories home, .snapshots, var, tmp mkdir -p /mnt/{home,var,tmp,.snapshots} # mount subvolumes mount -o ${MOUNT_OPTIONS},subvol=@home ${partition3} /mnt/home mount -o ${MOUNT_OPTIONS},subvol=@tmp ${partition3} /mnt/tmp mount -o ${MOUNT_OPTIONS},subvol=@var ${partition3} /mnt/var mount -o ${MOUNT_OPTIONS},[email protected] ${partition3} /mnt/.snapshots