dotfiles/install.sh

#!/bin/bash

set -e

DISK="/dev/vda"
MOUNTOPTS="defaults,ssd,compress=zstd,autodefrag,noatime"
PACSTRAP_EXTRA_ARGS="-c"
### Switch to the script directory
cd "$(dirname "$0")"
DIRNAME="$(pwd)"
source scripts/functions.sh

### Format disk
sgdisk --clear \
  --new=1:0:+1024MiB --typecode=1:ef00 --change-name=1:EFI \
  --new=2:0:0        --typecode=2:8309 --change-name=2:SYS \
  "$DISK"
partprobe "$DISK"

### Create Luks partition
printf "%s\n" "root" | cryptsetup --batch-mode --verify-passphrase luksFormat /dev/disk/by-partlabel/SYS
printf "%s\n" "root" | cryptsetup open /dev/disk/by-partlabel/SYS rootfs

### Create filesystem
mkfs.fat -F32 -n efi /dev/disk/by-partlabel/EFI
mkfs.btrfs -f --label root /dev/mapper/rootfs

### Create btrfs subvolumes
mount -o $MOUNTOPTS /dev/mapper/rootfs /mnt
cd /mnt
btrfs subvolume create @
btrfs subvolume create @root
btrfs subvolume create @home
btrfs subvolume create @var
cd "$DIRNAME"
umount /mnt

### Mount volumes
mount --mkdir -o $MOUNTOPTS,subvol=@ /dev/mapper/rootfs /mnt
mount --mkdir -o $MOUNTOPTS,subvol=@root /dev/mapper/rootfs /mnt/root
mount --mkdir -o $MOUNTOPTS,subvol=@home /dev/mapper/rootfs /mnt/home
mount --mkdir -o $MOUNTOPTS,subvol=@var /dev/mapper/rootfs /mnt/var
mount --mkdir /dev/disk/by-partlabel/EFI /mnt/boot

### Init pacman
pacman-key --init
pacman-key --populate
pacman -Sy

sed -i "s|^#Color.*|Color|" /etc/pacman.conf
sed -i "s|^#ParallelDownloads.*|ParallelDownloads = 10|" /etc/pacman.conf 

### Install base
pacstrap "$PACSTRAP_EXTRA_ARGS" -K /mnt \
  base \
  base-devel \
  linux \
  linux-firmware \
  intel-ucode \
  efibootmgr \
  btrfs-progs \
  neovim \
  bash-completion \
  openssh \
  git

### Generate fstab
genfstab -U /mnt | sed "s/subvolid=[0-9]\{3\},//" > /mnt/etc/fstab

### Configure boot environnement
sed -i "/^HOOKS/s|block|block encrypt btrfs|" /mnt/etc/mkinitcpio.conf
sed -i "s|^BINARIES.*|BINARIES=\(btrfs\)|" /mnt/etc/mkinitcpio.conf

printf "cryptdevice=UUID=%s:rootfs root=UUID=%s rootflags=subvol=@ rw initrd=\\intel-ucode.img initrd=\\initramfs-linux.img loglevel=3 %s intel_iommu=on iommu=pt" \
  "$(blkid --match-token PARTLABEL=SYS -s UUID -o value)" \
  "$(blkid --match-token LABEL=root -s UUID -o value)" \
  "$(_kernel_colors)" \
  > /mnt/etc/kernel/cmdline

sed -i 's|^#default_uki.*|default_uki="/boot/arch-linux.efi"|' /mnt/etc/mkinitcpio.d/linux.preset
sed -i "s|^#default_options|default_options|" /mnt/etc/mkinitcpio.d/linux.preset

arch-chroot /mnt mkinitcpio -P

efibootmgr --create --disk $DISK --part 1 --label "Arch Linux" --loader 'arch-linux.efi'

### Configure installation
# Configure vi
cd /mnt/bin
ln -s nvim vi
cd "$DIRNAME"

# Configure login
sed -i 's|^root:.*|root:$y$j9T$BPO20nCgFZ8NuDn6LZ6KU0$681FWXbptNoLEbIKmyRtivt1NCpfPugq0hgtI8lsjCC:19916::::::|' /mnt/etc/shadow
printf "PermitRootLogin yes" > /mnt/etc/ssh/sshd_config.d/99-permitrootlogin.conf

# Configure network
cp network/00-wired.network /mnt/etc/systemd/network/00-wired.network
cp network/resolved.conf /mnt/etc/systemd/resolved.conf
cd /mnt/etc
ln -sf ../run/systemd/resolve/stub-resolv.conf resolv.conf
cd "$DIRNAME"

# Configure tty
mkdir -p /mnt/etc/systemd/system/getty@tty1.service.d/
cp links/tty/autologin.conf /mnt/etc/systemd/system/getty@tty1.service.d/override.conf
cp links/tty/bash.bashexports /mnt/etc/bash.bashexports
cp links/tty/bash.bashaliases /mnt/etc/bash.bashaliases
cp links/tty/bash.bashrc  /mnt/etc/bash.bashrc
cp links/tty/inputrc  /mnt/etc/inputrc
cp links/tty/issue  /mnt/etc/issue

# Enable services
arch-chroot /mnt systemctl enable sshd.service systemd-networkd.service systemd-timesyncd.service systemd-resolved.service

echo "DONE !!! Dont forget to change passwords and deny PermitRootLogin on /etc/ssh/sshd_config.d/99-permitrootlogin.conf after installation"