#!/bin/bash

DISK="/dev/vda"
MOUNTOPTS="defaults,ssd,compress=zstd,autodefrag,noatime"
PASSWORD="root"

set -e

# Format disk
sgdisk --clear \
  --new=1:0:+1024MiB --typecode=1:ef00 --change-name=1:EFI \
  --new=2:0:0        --typecode=2:8309 --change-name=2:SYS \
  "$DISK"
partprobe "$DISK"

#Create Luks partition
printf "%s\n" "$PASSWORD" | cryptsetup --batch-mode --verify-passphrase luksFormat /dev/disk/by-partlabel/SYS
printf "%s\n" "$PASSWORD" | cryptsetup open /dev/disk/by-partlabel/SYS rootfs

#Create filesystem
mkfs.fat -F32 -n efi /dev/disk/by-partlabel/EFI
mkfs.btrfs -f --label root /dev/mapper/rootfs

#Create btrfs subvolumes
mount -o $MOUNTOPTS /dev/mapper/rootfs /mnt
cd /mnt
btrfs subvolume create @
btrfs subvolume create @readonly
btrfs subvolume create @root
btrfs subvolume create @home
btrfs subvolume create @var
cd
umount /mnt

#Mount volumes
mount --mkdir -o $MOUNTOPTS,subvol=@ /dev/mapper/rootfs /mnt
mount --mkdir -o $MOUNTOPTS,subvol=@readonly /dev/mapper/rootfs /mnt/readonly
mount --mkdir -o $MOUNTOPTS,subvol=@root /dev/mapper/rootfs /mnt/root
mount --mkdir -o $MOUNTOPTS,subvol=@home /dev/mapper/rootfs /mnt/home
mount --mkdir -o $MOUNTOPTS,subvol=@var /dev/mapper/rootfs /mnt/var
mount --mkdir /dev/disk/by-partlabel/EFI /mnt/boot

#Init pacman keys
pacman-key --init
pacman-key --populate
pacman -Sy

##Install base
pacstrap -c -K /mnt \
    base \
  base-devel \
  linux \
  linux-firmware \
  intel-ucode \
  efibootmgr \
  btrfs-progs \
  neovim \
  bash-completion \
  openssh \
  git

#Generate fstab
genfstab -U /mnt | sed "s/subvolid=[0-9]\{3\},//" > /mnt/etc/fstab

cd /mnt/bin
ln -s nvim vi
cd

#configure minitcpio
sed -i "/^HOOKS/s|block|block encrypt btrfs|" /mnt/etc/mkinitcpio.conf
sed -i "s|^BINARIES.*|BINARIES=\(btrfs\)|" /mnt/etc/mkinitcpio.conf

printf "cryptdevice=UUID=%s:rootfs root=UUID=%s rootflags=subvol=@ rw initrd=\\intel-ucode.img initrd=\\initramfs-linux.img loglevel=3 vt.default_red=40,224,152,229,97,198,86,171,40,224,152,229,97,198,86,171 vt.default_grn=44,108,195,192,175,120,182,178,44,108,195,192,175,120,182,178 vt.default_blu=52,117,121,123,239,221,194,191,52,117,121,123,239,221,194,191 intel_iommu=on iommu=pt" \
  "$(blkid --match-token PARTLABEL=SYS -s UUID -o value)" \
  "$(blkid --match-token LABEL=root -s UUID -o value)" \
  > /mnt/etc/kernel/cmdline

sed -i 's|^#default_uki.*|default_uki="/boot/arch-linux.efi"|' /mnt/etc/mkinitcpio.d/linux.preset
sed -i "s|^#default_options|default_options|" /mnt/etc/mkinitcpio.d/linux.preset

arch-chroot /mnt mkinitcpio -P

efibootmgr --create --disk /dev/vda --part 1 --label "Arch Linux" --loader 'arch-linux.efi'

sed -i "s|^#PermitRootLogin.*|PermitRootLogin yes|" /mnt/etc/ssh/sshd_config

systemctl enable sshd.service systemd-networkd.service systemd-timesyncd.service systemd-resolved.service
sed -i 's|root:|root:$y$j9T$3YRxaoJejVW5Dkn60sKFy1$DPB9WlmivJ4BClaiVz8BOJV8MMp.ZCCz.EHehKH6II3:19916::::::|' /mnt/etc/shadow

#umount -R /mnt
#cryptsetup close rootfs