107 lines
3.2 KiB
Bash
Executable File
107 lines
3.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
DISK="/dev/vda"
|
|
MOUNTOPTS="defaults,ssd,compress=zstd,autodefrag,noatime"
|
|
PASSWORD="root"
|
|
|
|
set -e
|
|
|
|
# Format disk
|
|
sgdisk --clear \
|
|
--new=1:0:+1024MiB --typecode=1:ef00 --change-name=1:EFI \
|
|
--new=2:0:0 --typecode=2:8309 --change-name=2:SYS \
|
|
"$DISK"
|
|
partprobe "$DISK"
|
|
|
|
#Create Luks partition
|
|
printf "%s\n" "$PASSWORD" | cryptsetup --batch-mode --verify-passphrase luksFormat /dev/disk/by-partlabel/SYS
|
|
printf "%s\n" "$PASSWORD" | cryptsetup open /dev/disk/by-partlabel/SYS rootfs
|
|
|
|
#Create filesystem
|
|
mkfs.fat -F32 -n efi /dev/disk/by-partlabel/EFI
|
|
mkfs.btrfs -f --label root /dev/mapper/rootfs
|
|
|
|
#Create btrfs subvolumes
|
|
mount -o $MOUNTOPTS /dev/mapper/rootfs /mnt
|
|
cd /mnt
|
|
btrfs subvolume create @
|
|
btrfs subvolume create @readonly
|
|
btrfs subvolume create @root
|
|
btrfs subvolume create @home
|
|
btrfs subvolume create @var
|
|
cd
|
|
umount /mnt
|
|
|
|
#Mount volumes
|
|
mount --mkdir -o $MOUNTOPTS,subvol=@ /dev/mapper/rootfs /mnt
|
|
mount --mkdir -o $MOUNTOPTS,subvol=@readonly /dev/mapper/rootfs /mnt/readonly
|
|
mount --mkdir -o $MOUNTOPTS,subvol=@root /dev/mapper/rootfs /mnt/root
|
|
mount --mkdir -o $MOUNTOPTS,subvol=@home /dev/mapper/rootfs /mnt/home
|
|
mount --mkdir -o $MOUNTOPTS,subvol=@var /dev/mapper/rootfs /mnt/var
|
|
mount --mkdir /dev/disk/by-partlabel/EFI /mnt/boot
|
|
|
|
#Init pacman keys
|
|
pacman-key --init
|
|
pacman-key --populate
|
|
pacman -Sy
|
|
|
|
sed -i "s|^#Color.*|Color|" /etc/pacman.conf
|
|
sed -i "s|^#ParallelDownloads.*|ParallelDownloads = 10|" /etc/pacman.conf
|
|
|
|
##Install base
|
|
pacstrap -c -K /mnt \
|
|
base \
|
|
base-devel \
|
|
linux \
|
|
linux-firmware \
|
|
intel-ucode \
|
|
efibootmgr \
|
|
btrfs-progs \
|
|
neovim \
|
|
bash-completion \
|
|
openssh \
|
|
git
|
|
|
|
#Generate fstab
|
|
genfstab -U /mnt | sed "s/subvolid=[0-9]\{3\},//" > /mnt/etc/fstab
|
|
|
|
#Configure installation
|
|
cd /mnt/bin
|
|
ln -s nvim vi
|
|
cd
|
|
|
|
sed -i "/^HOOKS/s|block|block encrypt btrfs|" /mnt/etc/mkinitcpio.conf
|
|
sed -i "s|^BINARIES.*|BINARIES=\(btrfs\)|" /mnt/etc/mkinitcpio.conf
|
|
|
|
printf "cryptdevice=UUID=%s:rootfs root=UUID=%s rootflags=subvol=@ rw initrd=\\intel-ucode.img initrd=\\initramfs-linux.img loglevel=3 vt.default_red=40,224,152,229,97,198,86,171,40,224,152,229,97,198,86,171 vt.default_grn=44,108,195,192,175,120,182,178,44,108,195,192,175,120,182,178 vt.default_blu=52,117,121,123,239,221,194,191,52,117,121,123,239,221,194,191 intel_iommu=on iommu=pt" \
|
|
"$(blkid --match-token PARTLABEL=SYS -s UUID -o value)" \
|
|
"$(blkid --match-token LABEL=root -s UUID -o value)" \
|
|
> /mnt/etc/kernel/cmdline
|
|
|
|
sed -i 's|^#default_uki.*|default_uki="/boot/arch-linux.efi"|' /mnt/etc/mkinitcpio.d/linux.preset
|
|
sed -i "s|^#default_options|default_options|" /mnt/etc/mkinitcpio.d/linux.preset
|
|
|
|
arch-chroot /mnt mkinitcpio -P
|
|
|
|
efibootmgr --create --disk /dev/vda --part 1 --label "Arch Linux" --loader 'arch-linux.efi'
|
|
|
|
sed -i 's|^root:.*|root:$y$j9T$BPO20nCgFZ8NuDn6LZ6KU0$681FWXbptNoLEbIKmyRtivt1NCpfPugq0hgtI8lsjCC:19916::::::|' /mnt/etc/shadow
|
|
sed -i "s|^#PermitRootLogin.*|PermitRootLogin yes|" /mnt/etc/ssh/sshd_config
|
|
|
|
cat << EOF > /mnt/etc/systemd/network/00-wired.network
|
|
[Match]
|
|
Name=*
|
|
|
|
[Network]
|
|
DHCP=yes
|
|
EOF
|
|
|
|
cd /mnt/etc
|
|
ln -sf ../run/systemd/resolve/stub-resolv.conf resolv.conf
|
|
cd
|
|
|
|
arch-chroot /mnt systemctl enable sshd.service systemd-networkd.service systemd-timesyncd.service systemd-resolved.service
|
|
|
|
#umount -R /mnt
|
|
#cryptsetup close rootfs
|