2021-04-14 08:11:45 -04:00
|
|
|
#!/usr/bin/env -S bash -e
|
2021-01-31 08:36:10 -05:00
|
|
|
|
2021-02-01 03:37:35 -05:00
|
|
|
# Cleaning the TTY.
|
|
|
|
clear
|
2021-02-01 03:13:05 -05:00
|
|
|
|
2021-04-14 19:17:38 -04:00
|
|
|
# Selecting the kernel flavor to install.
|
|
|
|
kernel_selector () {
|
|
|
|
echo "List of kernels:"
|
|
|
|
echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied."
|
|
|
|
echo "2) Hardened — A security-focused Linux kernel."
|
|
|
|
echo "3) Longterm — Long-term support (LTS) Linux kernel and modules."
|
|
|
|
echo "4) Zen Kernel — Optimized for desktop usage."
|
|
|
|
read -r -p "Insert the number of the corresponding kernel: " choice
|
|
|
|
echo "$choice will be installed"
|
2021-04-09 16:53:33 -04:00
|
|
|
case $choice in
|
2021-04-14 19:17:38 -04:00
|
|
|
1 ) kernel=linux
|
2021-04-09 16:53:33 -04:00
|
|
|
;;
|
2021-04-14 19:17:38 -04:00
|
|
|
2 ) kernel=linux-hardened
|
2021-04-09 16:53:33 -04:00
|
|
|
;;
|
2021-04-14 19:17:38 -04:00
|
|
|
3 ) kernel=linux-lts
|
2021-04-09 16:53:33 -04:00
|
|
|
;;
|
2021-04-14 19:17:38 -04:00
|
|
|
4 ) kernel=linux-zen
|
2021-04-09 16:53:33 -04:00
|
|
|
;;
|
2021-04-11 21:33:19 -04:00
|
|
|
* ) echo "You did not enter a valid selection."
|
2021-04-14 19:17:38 -04:00
|
|
|
kernel_selector
|
2021-04-09 16:53:33 -04:00
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
2021-04-14 19:17:38 -04:00
|
|
|
# Checking the microcode to install.
|
|
|
|
CPU=$(grep vendor_id /proc/cpuinfo)
|
|
|
|
if [[ $CPU == *"AuthenticAMD"* ]]
|
|
|
|
then
|
|
|
|
microcode=amd-ucode
|
|
|
|
else
|
|
|
|
microcode=intel-ucode
|
|
|
|
fi
|
2021-04-11 21:33:19 -04:00
|
|
|
|
2021-01-31 08:36:10 -05:00
|
|
|
# Selecting the target for the installation.
|
2021-02-07 03:49:38 -05:00
|
|
|
PS3="Select the disk where Arch Linux is going to be installed: "
|
2021-02-07 04:16:53 -05:00
|
|
|
select ENTRY in $(lsblk -dpnoNAME|grep -P "/dev/sd|nvme");
|
2021-01-31 08:36:10 -05:00
|
|
|
do
|
|
|
|
DISK=$ENTRY
|
|
|
|
echo "Installing Arch Linux on $DISK."
|
|
|
|
break
|
|
|
|
done
|
|
|
|
|
|
|
|
# Deleting old partition scheme.
|
|
|
|
read -r -p "This will delete the current partition table on $DISK. Do you agree [y/N]? " response
|
|
|
|
response=${response,,}
|
|
|
|
if [[ "$response" =~ ^(yes|y)$ ]]
|
|
|
|
then
|
2021-02-01 03:16:23 -05:00
|
|
|
wipefs -af $DISK &>/dev/null
|
|
|
|
sgdisk -Zo $DISK &>/dev/null
|
2021-01-31 08:36:10 -05:00
|
|
|
else
|
2021-02-01 03:13:05 -05:00
|
|
|
echo "Quitting."
|
|
|
|
exit
|
2021-01-31 08:36:10 -05:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Creating a new partition scheme.
|
|
|
|
echo "Creating new partition scheme on $DISK."
|
|
|
|
parted -s $DISK \
|
2021-01-31 08:50:43 -05:00
|
|
|
mklabel gpt \
|
2021-04-11 21:33:19 -04:00
|
|
|
mkpart ESP fat32 1MiB 301MiB \
|
|
|
|
mkpart cryptroot 301MiB 100% \
|
2021-01-31 08:36:10 -05:00
|
|
|
|
|
|
|
ESP="/dev/disk/by-partlabel/ESP"
|
2021-04-11 21:33:19 -04:00
|
|
|
Cryptroot="/dev/disk/by-partlabel/cryptroot"
|
2021-01-31 08:36:10 -05:00
|
|
|
|
2021-02-01 03:33:43 -05:00
|
|
|
# Informing the Kernel of the changes.
|
|
|
|
echo "Informing the Kernel about the disk changes."
|
2021-01-31 08:36:10 -05:00
|
|
|
partprobe $DISK
|
|
|
|
|
|
|
|
# Formatting the ESP as FAT32.
|
|
|
|
echo "Formatting the EFI Partition as FAT32."
|
2021-02-01 03:16:23 -05:00
|
|
|
mkfs.fat -F 32 $ESP &>/dev/null
|
2021-01-31 08:36:10 -05:00
|
|
|
|
|
|
|
# Creating a LUKS Container for the root partition.
|
|
|
|
echo "Creating LUKS Container for the root partition."
|
|
|
|
cryptsetup --type luks1 luksFormat $Cryptroot
|
|
|
|
echo "Opening the newly created LUKS Container."
|
|
|
|
cryptsetup open $Cryptroot cryptroot
|
2021-02-07 03:45:21 -05:00
|
|
|
BTRFS="/dev/mapper/cryptroot"
|
2021-01-31 08:36:10 -05:00
|
|
|
|
|
|
|
# Formatting the LUKS Container as BTRFS.
|
|
|
|
echo "Formatting the LUKS container as BTRFS."
|
2021-02-01 03:16:23 -05:00
|
|
|
mkfs.btrfs $BTRFS &>/dev/null
|
2021-01-31 08:36:10 -05:00
|
|
|
mount $BTRFS /mnt
|
|
|
|
|
|
|
|
# Creating BTRFS subvolumes.
|
|
|
|
echo "Creating BTRFS subvolumes."
|
2021-02-01 03:16:23 -05:00
|
|
|
btrfs su cr /mnt/@ &>/dev/null
|
2021-04-09 18:10:55 -04:00
|
|
|
btrfs su cr /mnt/@boot &>/dev/null
|
2021-02-01 03:16:23 -05:00
|
|
|
btrfs su cr /mnt/@home &>/dev/null
|
2021-04-11 21:33:19 -04:00
|
|
|
btrfs su cr /mnt/@var &>/dev/null
|
2021-01-31 08:36:10 -05:00
|
|
|
|
|
|
|
# Mounting the newly created subvolumes.
|
|
|
|
umount /mnt
|
2021-01-31 09:07:17 -05:00
|
|
|
echo "Mounting the newly created subvolumes."
|
2021-04-09 03:39:46 -04:00
|
|
|
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@ $BTRFS /mnt
|
2021-04-14 00:44:40 -04:00
|
|
|
mkdir -p /mnt/{home,var,boot}
|
2021-04-11 03:30:26 -04:00
|
|
|
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@boot $BTRFS /mnt/boot
|
|
|
|
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@home $BTRFS /mnt/home
|
2021-04-11 21:33:19 -04:00
|
|
|
mount -o ssd,noatime,space_cache,nodatacow,subvol=@var $BTRFS /mnt/var/
|
|
|
|
mkdir -p /mnt/boot/efi
|
2021-04-09 18:10:55 -04:00
|
|
|
mount $ESP /mnt/boot/efi
|
2021-01-31 09:07:17 -05:00
|
|
|
|
2021-04-14 07:56:24 -04:00
|
|
|
chattr +C /mnt/var
|
|
|
|
|
2021-04-14 19:17:38 -04:00
|
|
|
kernel_selector
|
2021-04-11 21:33:19 -04:00
|
|
|
|
2021-01-31 09:07:17 -05:00
|
|
|
# Pacstrap (setting up a base sytem onto the new root).
|
2021-02-01 05:20:58 -05:00
|
|
|
echo "Installing the base system (it may take a while)."
|
2021-04-14 19:20:17 -04:00
|
|
|
pacstrap /mnt base base-devel ${kernel} ${kernel}-headers ${microcode} linux-firmware btrfs-progs grub grub-btrfs efibootmgr sudo networkmanager apparmor &>/dev/null nano gnome-shell gdm gnome-control-center gnome-terminal gnome-software gnome-tweaks nautilus flatpak xdg-user-dirs firewalld
|
2021-01-31 09:07:17 -05:00
|
|
|
|
2021-02-07 03:45:21 -05:00
|
|
|
# Generating /etc/fstab.
|
2021-01-31 09:07:17 -05:00
|
|
|
echo "Generating a new fstab."
|
2021-01-31 09:29:22 -05:00
|
|
|
genfstab -U /mnt >> /mnt/etc/fstab
|
|
|
|
|
|
|
|
# Setting hostname.
|
2021-02-01 01:02:41 -05:00
|
|
|
read -r -p "Please enter the hostname: " hostname
|
2021-01-31 09:29:22 -05:00
|
|
|
echo $hostname > /mnt/etc/hostname
|
|
|
|
|
2021-02-01 01:02:41 -05:00
|
|
|
# Setting up locales.
|
2021-02-01 03:43:08 -05:00
|
|
|
read -r -p "Please insert the locale you use in this format (xx_XX): " locale
|
|
|
|
echo "$locale.UTF-8 UTF-8" > /mnt/etc/locale.gen
|
2021-02-03 03:56:40 -05:00
|
|
|
echo "LANG=$locale.UTF-8" > /mnt/etc/locale.conf
|
2021-02-01 01:02:41 -05:00
|
|
|
|
|
|
|
# Setting up keyboard layout.
|
|
|
|
read -r -p "Please insert the keyboard layout you use: " kblayout
|
2021-02-03 03:56:40 -05:00
|
|
|
echo "KEYMAP=$kblayout" > /mnt/etc/vconsole.conf
|
2021-02-01 01:02:41 -05:00
|
|
|
|
2021-01-31 09:29:22 -05:00
|
|
|
# Setting hosts file.
|
|
|
|
echo "Setting hosts file."
|
|
|
|
cat > /mnt/etc/hosts <<EOF
|
|
|
|
127.0.0.1 localhost
|
|
|
|
::1 localhost
|
|
|
|
127.0.1.1 $hostname.localdomain $hostname
|
|
|
|
EOF
|
|
|
|
|
2021-01-31 12:20:13 -05:00
|
|
|
# Configuring /etc/mkinitcpio.conf
|
2021-04-09 16:29:30 -04:00
|
|
|
echo "Configuring /etc/mkinitcpio for ZSTD compression and LUKS hook."
|
2021-01-31 12:20:13 -05:00
|
|
|
sed -i -e 's,#COMPRESSION="zstd",COMPRESSION="zstd",g' /mnt/etc/mkinitcpio.conf
|
|
|
|
sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block encrypt filesystems,g' /mnt/etc/mkinitcpio.conf
|
|
|
|
|
2021-02-01 01:20:36 -05:00
|
|
|
# Enabling LUKS in GRUB and setting the UUID of the LUKS container.
|
2021-01-31 12:20:13 -05:00
|
|
|
UUID=$(blkid $Cryptroot | cut -f2 -d'"')
|
|
|
|
sed -i 's/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/' /mnt/etc/default/grub
|
2021-01-31 14:03:03 -05:00
|
|
|
sed -i -e "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS,g" /mnt/etc/default/grub
|
2021-04-11 03:52:36 -04:00
|
|
|
sed -i -e "s#root=/dev/mapper/cryptroot#oot=/dev/mapper/cryptroot lsm=lockdown,yama,apparmor,bpf#g" /mnt/etc/default/grub
|
2021-04-10 17:45:28 -04:00
|
|
|
echo "" >> /mnt/etc/default/grub
|
2021-04-14 19:22:35 -04:00
|
|
|
echo -e "# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub
|
2021-01-31 12:20:13 -05:00
|
|
|
|
2021-04-14 19:31:15 -04:00
|
|
|
# Adding keyfile to the initramfs to avoid double password.
|
|
|
|
dd bs=512 count=4 if=/dev/random of=/mnt/.root.key iflag=fullblock &>/dev/null
|
2021-04-14 19:34:10 -04:00
|
|
|
chmod 000 /mnt/.root.key &>/dev/null
|
2021-04-14 19:31:15 -04:00
|
|
|
cryptsetup -v luksAddKey /dev/disk/by-partlabel/cryptroot /mnt/.root.key
|
|
|
|
sed -i -e "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/.root.key,g" /mnt/etc/default/grub
|
|
|
|
sed -i 's#FILES=()#FILES=(/.root.key)#g' /mnt/etc/mkinitcpio.conf
|
|
|
|
|
2021-01-31 12:26:22 -05:00
|
|
|
# Configuring the system.
|
2021-02-07 03:45:21 -05:00
|
|
|
arch-chroot /mnt /bin/bash -e <<EOF
|
2021-01-31 12:26:22 -05:00
|
|
|
|
2021-04-14 19:31:15 -04:00
|
|
|
# Setting up timezone.
|
|
|
|
ln -sf /usr/share/zoneinfo/$(curl -s http://ip-api.com/line?fields=timezone) /etc/localtime &>/dev/null
|
|
|
|
|
2021-01-31 12:20:13 -05:00
|
|
|
# Setting up clock.
|
|
|
|
hwclock --systohc
|
2021-04-14 19:31:15 -04:00
|
|
|
|
2021-01-31 12:20:13 -05:00
|
|
|
# Generating locales.
|
2021-02-01 06:09:02 -05:00
|
|
|
echo "Generating locales."
|
|
|
|
locale-gen &>/dev/null
|
2021-04-14 19:31:15 -04:00
|
|
|
|
2021-01-31 12:20:13 -05:00
|
|
|
# Generating a new initramfs.
|
2021-02-01 06:09:02 -05:00
|
|
|
echo "Creating a new initramfs."
|
2021-04-14 19:31:15 -04:00
|
|
|
chmod 600 /boot/initramfs-linux* &>/dev/null
|
2021-02-01 06:09:02 -05:00
|
|
|
mkinitcpio -P &>/dev/null
|
2021-01-31 12:20:13 -05:00
|
|
|
|
2021-02-01 06:09:02 -05:00
|
|
|
# Installing GRUB.
|
|
|
|
echo "Installing GRUB on /boot."
|
2021-04-09 18:10:55 -04:00
|
|
|
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB &>/dev/null
|
2021-04-14 19:31:15 -04:00
|
|
|
|
2021-01-31 12:20:13 -05:00
|
|
|
# Creating grub config file.
|
2021-02-01 06:09:02 -05:00
|
|
|
echo "Creating GRUB config file."
|
|
|
|
grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
|
2021-01-31 12:26:22 -05:00
|
|
|
EOF
|
|
|
|
|
|
|
|
# Setting root password.
|
2021-02-01 02:46:53 -05:00
|
|
|
echo "Setting root password."
|
2021-01-31 12:26:22 -05:00
|
|
|
arch-chroot /mnt /bin/passwd
|
|
|
|
|
2021-02-07 03:45:21 -05:00
|
|
|
# Enabling auto-trimming service.
|
2021-01-31 12:26:22 -05:00
|
|
|
echo "Enabling auto-trimming."
|
2021-02-01 03:16:23 -05:00
|
|
|
systemctl enable fstrim.timer --root=/mnt &>/dev/null
|
2021-01-31 12:26:22 -05:00
|
|
|
|
2021-02-07 03:45:21 -05:00
|
|
|
# Enabling NetworkManager service.
|
2021-01-31 12:26:22 -05:00
|
|
|
echo "Enabling NetworkManager."
|
2021-02-01 03:16:23 -05:00
|
|
|
systemctl enable NetworkManager --root=/mnt &>/dev/null
|
2021-01-31 14:45:13 -05:00
|
|
|
|
2021-04-11 21:33:19 -04:00
|
|
|
# Enabling GDM
|
|
|
|
systemctl enable gdm --root=/mnt &>/dev/null
|
|
|
|
|
|
|
|
# Enabling AppArmor
|
|
|
|
systemctl enable apparmor --root=/mnt &>/dev/null
|
|
|
|
|
|
|
|
# Enabling Firewalld
|
|
|
|
systemctl enable firewalld --root=/mnt &>/dev/null
|
|
|
|
|
|
|
|
# Setting umask to 077
|
|
|
|
sed -i 's/022/077/g' /etc/profile
|
|
|
|
echo "" >> /etc/bash.bashrc
|
|
|
|
echo "umask 077" >> /etc/bash.bashrc
|
|
|
|
|
2021-02-07 03:45:21 -05:00
|
|
|
echo "Done, you may now wish to reboot (further changes can be done by chrooting into /mnt)."
|
2021-04-09 03:39:46 -04:00
|
|
|
exit
|