1
0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2024-11-13 21:51:33 -05:00
Arch-Setup-Script/install.sh

289 lines
11 KiB
Bash
Raw Normal View History

2021-04-14 08:11:45 -04:00
#!/usr/bin/env -S bash -e
2021-01-31 08:36:10 -05:00
2021-02-01 03:37:35 -05:00
# Cleaning the TTY.
clear
2021-02-01 03:13:05 -05:00
2021-04-14 19:17:38 -04:00
# Selecting the kernel flavor to install.
kernel_selector () {
echo "List of kernels:"
echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied."
echo "2) Hardened — A security-focused Linux kernel."
echo "3) Longterm — Long-term support (LTS) Linux kernel and modules."
echo "4) Zen Kernel — Optimized for desktop usage."
read -r -p "Insert the number of the corresponding kernel: " choice
echo "$choice will be installed"
case $choice in
2021-04-14 19:17:38 -04:00
1 ) kernel=linux
;;
2021-04-14 19:17:38 -04:00
2 ) kernel=linux-hardened
;;
2021-04-14 19:17:38 -04:00
3 ) kernel=linux-lts
;;
2021-04-14 19:17:38 -04:00
4 ) kernel=linux-zen
;;
2021-04-11 21:33:19 -04:00
* ) echo "You did not enter a valid selection."
2021-04-14 19:17:38 -04:00
kernel_selector
esac
}
2021-04-14 19:17:38 -04:00
# Checking the microcode to install.
CPU=$(grep vendor_id /proc/cpuinfo)
if [[ $CPU == *"AuthenticAMD"* ]]
then
microcode=amd-ucode
else
microcode=intel-ucode
fi
2021-04-11 21:33:19 -04:00
2021-01-31 08:36:10 -05:00
# Selecting the target for the installation.
2021-02-07 03:49:38 -05:00
PS3="Select the disk where Arch Linux is going to be installed: "
2021-02-07 04:16:53 -05:00
select ENTRY in $(lsblk -dpnoNAME|grep -P "/dev/sd|nvme");
2021-01-31 08:36:10 -05:00
do
DISK=$ENTRY
echo "Installing Arch Linux on $DISK."
break
done
# Deleting old partition scheme.
read -r -p "This will delete the current partition table on $DISK. Do you agree [y/N]? " response
response=${response,,}
if [[ "$response" =~ ^(yes|y)$ ]]
then
2021-02-01 03:16:23 -05:00
wipefs -af $DISK &>/dev/null
sgdisk -Zo $DISK &>/dev/null
2021-01-31 08:36:10 -05:00
else
2021-02-01 03:13:05 -05:00
echo "Quitting."
exit
2021-01-31 08:36:10 -05:00
fi
# Creating a new partition scheme.
echo "Creating new partition scheme on $DISK."
2021-04-23 02:36:39 -04:00
parted -s "$DISK" \
2021-01-31 08:50:43 -05:00
mklabel gpt \
2021-04-23 02:36:39 -04:00
mkpart ESP fat32 1MiB 101MiB \
2021-04-24 04:47:49 -04:00
set 1 esp on \
2021-04-23 02:39:46 -04:00
mkpart cryptroot 101MiB 100% \
2021-01-31 08:36:10 -05:00
ESP="/dev/disk/by-partlabel/ESP"
2021-04-23 02:39:46 -04:00
cryptroot="/dev/disk/by-partlabel/cryptroot"
2021-01-31 08:36:10 -05:00
2021-02-01 03:33:43 -05:00
# Informing the Kernel of the changes.
echo "Informing the Kernel about the disk changes."
2021-01-31 08:36:10 -05:00
partprobe $DISK
# Formatting the ESP as FAT32.
echo "Formatting the EFI Partition as FAT32."
2021-02-01 03:16:23 -05:00
mkfs.fat -F 32 $ESP &>/dev/null
2021-01-31 08:36:10 -05:00
# Creating a LUKS Container for the root partition.
echo "Creating LUKS Container for the root partition."
2021-04-23 02:39:46 -04:00
cryptsetup --type luks1 luksFormat $cryptroot
2021-01-31 08:36:10 -05:00
echo "Opening the newly created LUKS Container."
2021-04-23 02:39:46 -04:00
cryptsetup open $cryptroot cryptroot
2021-02-07 03:45:21 -05:00
BTRFS="/dev/mapper/cryptroot"
2021-01-31 08:36:10 -05:00
# Formatting the LUKS Container as BTRFS.
echo "Formatting the LUKS container as BTRFS."
2021-02-01 03:16:23 -05:00
mkfs.btrfs $BTRFS &>/dev/null
2021-01-31 08:36:10 -05:00
mount $BTRFS /mnt
# Creating BTRFS subvolumes.
echo "Creating BTRFS subvolumes."
2021-04-23 02:56:35 -04:00
btrfs subvolume create /mnt/@ &>/dev/null
btrfs subvolume create /mnt/@/.snapshots &>/dev/null
2021-04-23 12:38:54 -04:00
mkdir -p /mnt/@/.snapshots/1 &>/dev/null
2021-04-23 10:22:54 -04:00
btrfs subvolume create /mnt/@/.snapshots/1/snapshot &>/dev/null
2021-05-11 05:55:07 -04:00
btrfs subvolume create /mnt/@/boot/ &>/dev/null
2021-04-23 02:56:35 -04:00
btrfs subvolume create /mnt/@/home &>/dev/null
btrfs subvolume create /mnt/@/root &>/dev/null
2021-04-23 11:17:06 -04:00
btrfs subvolume create /mnt/@/srv &>/dev/null
btrfs subvolume create /mnt/@/tmp &>/dev/null
2021-04-23 10:36:09 -04:00
btrfs subvolume create /mnt/@/var_log &>/dev/null
2021-04-23 11:01:19 -04:00
btrfs subvolume create /mnt/@/var_crash &>/dev/null
btrfs subvolume create /mnt/@/var_cache &>/dev/null
btrfs subvolume create /mnt/@/var_tmp &>/dev/null
2021-04-23 11:07:50 -04:00
btrfs subvolume create /mnt/@/var_spool &>/dev/null
2021-04-23 10:36:09 -04:00
btrfs subvolume create /mnt/@/var_lib_gdm &>/dev/null
2021-04-23 11:12:40 -04:00
btrfs subvolume create /mnt/@/var_lib_AccountsService &>/dev/null
btrfs subvolume create /mnt/@/var_lib_libvirt_images &>/dev/null
2021-05-11 05:55:07 -04:00
chattr +C /mnt/@/boot
2021-04-23 11:17:06 -04:00
chattr +C /mnt/@/srv
chattr +C /mnt/@/tmp
2021-04-23 10:36:09 -04:00
chattr +C /mnt/@/var_log
2021-04-23 11:01:19 -04:00
chattr +C /mnt/@/var_crash
chattr +C /mnt/@/var_cache
chattr +C /mnt/@/var_tmp
2021-04-23 11:07:50 -04:00
chattr +C /mnt/@/var_spool
2021-04-23 12:38:54 -04:00
chattr +C /mnt/@/var_lib_libvirt_images
2021-04-23 10:22:54 -04:00
btrfs subvolume set-default $(btrfs subvolume list /mnt | grep "@/.snapshots/1/snapshot" | grep -oP '(?<=ID )[0-9]+') /mnt
2021-01-31 08:36:10 -05:00
2021-04-23 12:38:54 -04:00
cat << EOF >> /mnt/@/.snapshots/1/info.xml
<?xml version="1.0"?>
<snapshot>
2021-04-23 17:43:25 -04:00
<type>single</type>
<num>1</num>
<date>1999-03-31 0:00:00</date>
<description>First Root Filesystem</description>
<cleanup>number</cleanup>
2021-04-23 12:38:54 -04:00
</snapshot>
EOF
chmod 600 /mnt/@/.snapshots/1/info.xml
2021-01-31 08:36:10 -05:00
# Mounting the newly created subvolumes.
umount /mnt
2021-01-31 09:07:17 -05:00
echo "Mounting the newly created subvolumes."
2021-04-23 10:17:41 -04:00
mount -o ssd,noatime,space_cache,compress=zstd:15 $BTRFS /mnt
2021-05-11 05:55:07 -04:00
mkdir -p /mnt/{/boot,root,home,.snapshots,srv,tmp,/var/log,/var/crash,/var/cache,/var/tmp,/var/spool,/var/lib/gdm,/var/lib/AccountsService,/var/lib/libvirt/images}
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,subvol=@/boot $BTRFS /mnt/boot
2021-04-29 02:57:00 -04:00
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,subvol=@/root $BTRFS /mnt/root
mount -o ssd,noatime,space_cache.autodefrag,compress=zstd:15,discard=async,subvol=@/home $BTRFS /mnt/home
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,subvol=@/.snapshots $BTRFS /mnt/.snapshots
mount -o ssd,noatime,space_cache.autodefrag,compress=zstd:15,discard=async,subvol=@/srv $BTRFS /mnt/srv
mount -o ssd,noatime,space_cache.autodefrag,compress=zstd:15,discard=async,subvol=@/srv $BTRFS /mnt/tmp
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_log $BTRFS /mnt/var/log
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_crash $BTRFS /mnt/var/crash
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_cache $BTRFS /mnt/var/cache
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_tmp $BTRFS /mnt/var/tmp
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_spool $BTRFS /mnt/var/spool
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,subvol=@/var_lib_gdm $BTRFS /mnt/var/lib/gdm
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,subvol=@/var_lib_AccountsService $BTRFS /mnt/var/lib/AccountsService
mount -o ssd,noatime,space_cache,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_lib_libvirt_images $BTRFS /mnt/var/lib/libvirt/images
2021-04-23 10:17:41 -04:00
mkdir -p /mnt/boot/efi
2021-04-09 18:10:55 -04:00
mount $ESP /mnt/boot/efi
2021-04-23 10:17:41 -04:00
2021-04-14 19:17:38 -04:00
kernel_selector
2021-04-11 21:33:19 -04:00
2021-01-31 09:07:17 -05:00
# Pacstrap (setting up a base sytem onto the new root).
2021-02-01 05:20:58 -05:00
echo "Installing the base system (it may take a while)."
2021-05-11 06:10:06 -04:00
pacstrap /mnt base base-devel ${kernel} ${kernel}-headers ${microcode} linux-firmware grub grub-btrfs snapper efibootmgr sudo networkmanager apparmor pipewire nano gnome-shell gdm gnome-control-center gnome-terminal gnome-software gnome-tweaks nautilus flatpak xdg-user-dirs firewalld exfatprogs ntfs-3g f2fs-tools udftools
2021-01-31 09:07:17 -05:00
2021-02-07 03:45:21 -05:00
# Generating /etc/fstab.
2021-01-31 09:07:17 -05:00
echo "Generating a new fstab."
2021-01-31 09:29:22 -05:00
genfstab -U /mnt >> /mnt/etc/fstab
2021-04-24 04:49:49 -04:00
sed -i 's#,subvolid=258,subvol=/@/.snapshots/1/snapshot,subvol=@/.snapshots/1/snapshot##g' /mnt/etc/fstab
2021-01-31 09:29:22 -05:00
# Setting hostname.
2021-02-01 01:02:41 -05:00
read -r -p "Please enter the hostname: " hostname
2021-01-31 09:29:22 -05:00
echo $hostname > /mnt/etc/hostname
2021-02-01 01:02:41 -05:00
# Setting up locales.
2021-02-01 03:43:08 -05:00
read -r -p "Please insert the locale you use in this format (xx_XX): " locale
echo "$locale.UTF-8 UTF-8" > /mnt/etc/locale.gen
2021-02-03 03:56:40 -05:00
echo "LANG=$locale.UTF-8" > /mnt/etc/locale.conf
2021-02-01 01:02:41 -05:00
# Setting up keyboard layout.
read -r -p "Please insert the keyboard layout you use: " kblayout
2021-02-03 03:56:40 -05:00
echo "KEYMAP=$kblayout" > /mnt/etc/vconsole.conf
2021-02-01 01:02:41 -05:00
2021-01-31 09:29:22 -05:00
# Setting hosts file.
echo "Setting hosts file."
cat > /mnt/etc/hosts <<EOF
127.0.0.1 localhost
::1 localhost
127.0.1.1 $hostname.localdomain $hostname
EOF
2021-01-31 12:20:13 -05:00
# Configuring /etc/mkinitcpio.conf
echo "Configuring /etc/mkinitcpio for ZSTD compression and LUKS hook."
2021-05-11 02:37:33 -04:00
sed -i 's,#COMPRESSION="zstd",COMPRESSION="zstd",g' /mnt/etc/mkinitcpio.conf
sed -i 's,modconf block filesystems keyboard,keyboard modconf block encrypt filesystems,g' /mnt/etc/mkinitcpio.conf
2021-01-31 12:20:13 -05:00
# Enabling LUKS in GRUB and setting the UUID of the LUKS container.
2021-04-23 02:39:46 -04:00
UUID=$(blkid $cryptroot | cut -f2 -d'"')
2021-01-31 12:20:13 -05:00
sed -i 's/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/' /mnt/etc/default/grub
2021-05-11 02:37:33 -04:00
sed -i "s/quiet/quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS lsm=lockdown,yama,apparmor,bpf/g" /mnt/etc/default/grub
echo "" >> /mnt/etc/default/grub
2021-04-14 19:22:35 -04:00
echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub
2021-01-31 12:20:13 -05:00
2021-04-14 19:31:15 -04:00
# Adding keyfile to the initramfs to avoid double password.
dd bs=512 count=4 if=/dev/random of=/mnt/.root.key iflag=fullblock &>/dev/null
2021-04-14 19:34:10 -04:00
chmod 000 /mnt/.root.key &>/dev/null
2021-04-14 19:31:15 -04:00
cryptsetup -v luksAddKey /dev/disk/by-partlabel/cryptroot /mnt/.root.key
2021-04-23 10:36:09 -04:00
#I also remove the quiet flag here, since not having any sort of output is a pain
2021-05-09 18:08:17 -04:00
sed -i "s,quiet,cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/.root.key,g" /mnt/etc/default/grub
2021-04-14 19:31:15 -04:00
sed -i 's#FILES=()#FILES=(/.root.key)#g' /mnt/etc/mkinitcpio.conf
2021-04-23 02:36:39 -04:00
# Security kernel settings.
echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf
echo "kernel.kexec_load_disabled = 1" > /mnt/etc/sysctl.d/51-kexec-restrict.conf
cat << EOF >> /mnt/etc/sysctl.d/10-security.conf
2021-04-23 17:43:25 -04:00
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
net.core.bpf_jit_harden = 2
kernel.yama.ptrace_scope = 3
kernel.unprivileged_userns_clone = 1
2021-04-23 02:36:39 -04:00
EOF
2021-01-31 12:26:22 -05:00
# Configuring the system.
2021-02-07 03:45:21 -05:00
arch-chroot /mnt /bin/bash -e <<EOF
2021-01-31 12:26:22 -05:00
2021-04-14 19:31:15 -04:00
# Setting up timezone.
ln -sf /usr/share/zoneinfo/$(curl -s http://ip-api.com/line?fields=timezone) /etc/localtime &>/dev/null
2021-01-31 12:20:13 -05:00
# Setting up clock.
hwclock --systohc
2021-04-14 19:31:15 -04:00
2021-01-31 12:20:13 -05:00
# Generating locales.
2021-02-01 06:09:02 -05:00
echo "Generating locales."
locale-gen &>/dev/null
2021-04-14 19:31:15 -04:00
2021-01-31 12:20:13 -05:00
# Generating a new initramfs.
2021-02-01 06:09:02 -05:00
echo "Creating a new initramfs."
2021-04-14 19:31:15 -04:00
chmod 600 /boot/initramfs-linux* &>/dev/null
2021-02-01 06:09:02 -05:00
mkinitcpio -P &>/dev/null
2021-01-31 12:20:13 -05:00
2021-04-23 10:17:41 -04:00
# Snapper configuration
umount /.snapshots
rm -r /.snapshots
snapper --no-dbus -c root create-config /
btrfs subvolume delete /.snapshots
mkdir /.snapshots
mount -a
chmod 750 /.snapshots
systemctl enable grub-btrfs.path
2021-02-01 06:09:02 -05:00
# Installing GRUB.
echo "Installing GRUB on /boot."
2021-04-09 18:10:55 -04:00
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB &>/dev/null
2021-04-23 15:43:21 -04:00
sed -i 's#"rootflags=subvol=${rootsubvol} ##g' /etc/grub.d/10_linux
sed -i 's#"rootflags=subvol=${rootsubvol} ##g' /etc/grub.d/20_linux_xen
2021-04-14 19:31:15 -04:00
2021-01-31 12:20:13 -05:00
# Creating grub config file.
2021-02-01 06:09:02 -05:00
echo "Creating GRUB config file."
grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
2021-04-23 15:43:21 -04:00
pacman -S --noconfirm snap-pac
2021-01-31 12:26:22 -05:00
EOF
# Setting root password.
2021-02-01 02:46:53 -05:00
echo "Setting root password."
2021-01-31 12:26:22 -05:00
arch-chroot /mnt /bin/passwd
2021-02-07 03:45:21 -05:00
# Enabling auto-trimming service.
2021-01-31 12:26:22 -05:00
echo "Enabling auto-trimming."
2021-02-01 03:16:23 -05:00
systemctl enable fstrim.timer --root=/mnt &>/dev/null
2021-01-31 12:26:22 -05:00
2021-02-07 03:45:21 -05:00
# Enabling NetworkManager service.
2021-01-31 12:26:22 -05:00
echo "Enabling NetworkManager."
2021-02-01 03:16:23 -05:00
systemctl enable NetworkManager --root=/mnt &>/dev/null
2021-01-31 14:45:13 -05:00
2021-04-11 21:33:19 -04:00
# Enabling GDM
systemctl enable gdm --root=/mnt &>/dev/null
# Enabling AppArmor
systemctl enable apparmor --root=/mnt &>/dev/null
# Enabling Firewalld
systemctl enable firewalld --root=/mnt &>/dev/null
# Setting umask to 077
2021-04-14 21:16:08 -04:00
sed -i 's/022/077/g' /mnt/etc/profile
echo "" >> /mnt/etc/bash.bashrc
echo "umask 077" >> /mnt/etc/bash.bashrc
2021-04-11 21:33:19 -04:00
2021-04-14 21:16:08 -04:00
#Blacklist Firewire SBP2
echo "blacklist firewire-sbp2" | sudo tee /mnt/etc/modprobe.d/blacklist.conf
2021-02-07 03:45:21 -05:00
echo "Done, you may now wish to reboot (further changes can be done by chrooting into /mnt)."
2021-04-09 03:39:46 -04:00
exit