mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-21 17:11:34 -05:00
Getting Install.sh Functioning Again
This commit is contained in:
parent
7305ac3232
commit
11c4907534
58
install.sh
58
install.sh
@ -3,13 +3,13 @@
|
|||||||
# Cleaning the TTY.
|
# Cleaning the TTY.
|
||||||
clear
|
clear
|
||||||
|
|
||||||
# Updating the live environment
|
# Updating the live environment usually causes more problems than its worth, and quite often can't be done without remounting cowspace with more capacity, especially at the end of any given month.
|
||||||
pacman -Syu
|
pacman -Sy
|
||||||
|
|
||||||
# Installing curl
|
# Installing curl
|
||||||
pacman -S --noconfirm curl
|
pacman -S --noconfirm curl
|
||||||
|
|
||||||
# Selecting the kernel flavor to install.
|
# Selecting the kernel flavor to install.
|
||||||
kernel_selector () {
|
kernel_selector () {
|
||||||
echo "List of kernels:"
|
echo "List of kernels:"
|
||||||
echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied."
|
echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied."
|
||||||
@ -90,7 +90,7 @@ BTRFS="/dev/mapper/cryptroot"
|
|||||||
# Formatting the LUKS Container as BTRFS.
|
# Formatting the LUKS Container as BTRFS.
|
||||||
echo "Formatting the LUKS container as BTRFS."
|
echo "Formatting the LUKS container as BTRFS."
|
||||||
mkfs.btrfs $BTRFS &>/dev/null
|
mkfs.btrfs $BTRFS &>/dev/null
|
||||||
mount $BTRFS /mnt
|
mount -o clear_cache,nospace_cache $BTRFS /mnt
|
||||||
|
|
||||||
# Creating BTRFS subvolumes.
|
# Creating BTRFS subvolumes.
|
||||||
echo "Creating BTRFS subvolumes."
|
echo "Creating BTRFS subvolumes."
|
||||||
@ -148,15 +148,16 @@ chmod 600 /mnt/@/.snapshots/1/info.xml
|
|||||||
umount /mnt
|
umount /mnt
|
||||||
echo "Mounting the newly created subvolumes."
|
echo "Mounting the newly created subvolumes."
|
||||||
mount -o ssd,noatime,space_cache,compress=zstd:15 $BTRFS /mnt
|
mount -o ssd,noatime,space_cache,compress=zstd:15 $BTRFS /mnt
|
||||||
mkdir -p /mnt/{boot,root,home,.snapshots,srv,tmp,/var/log,/var/log/journal,/var/crash,/var/cache,/var/tmp,/var/spool,/var/lib/libvirt/images,/var/lib/machines,/var/lib/gdm,/var/lib/AccountsService,/cryptkey}
|
mkdir -p /mnt/{boot,root,home,.snapshots,srv,tmp,/var/log,/var/crash,/var/cache,/var/tmp,/var/spool,/var/lib/libvirt/images,/var/lib/machines,/var/lib/gdm,/var/lib/AccountsService,/cryptkey}
|
||||||
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,noexec,subvol=@/boot $BTRFS /mnt/boot
|
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,noexec,subvol=@/boot $BTRFS /mnt/boot
|
||||||
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/root $BTRFS /mnt/root
|
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/root $BTRFS /mnt/root
|
||||||
mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/home $BTRFS /mnt/home
|
mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/home $BTRFS /mnt/home
|
||||||
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,subvol=@/.snapshots $BTRFS /mnt/.snapshots
|
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,subvol=@/.snapshots $BTRFS /mnt/.snapshots
|
||||||
mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,subvol=@/srv $BTRFS /mnt/srv
|
mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,subvol=@/srv $BTRFS /mnt/srv
|
||||||
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_log $BTRFS /mnt/var/log
|
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_log $BTRFS /mnt/var/log
|
||||||
|
|
||||||
# Toolbox (https://github.com/containers/toolbox) needs /var/log/journal to have dev, suid, and exec. Thus I am splitting the subvolume.
|
# Toolbox (https://github.com/containers/toolbox) needs /var/log/journal to have dev, suid, and exec, Thus I am splitting the subvolume. Need to make the directory after /mnt/var/log/ has been mounted.
|
||||||
|
mkdir -p /mnt/var/log/journal
|
||||||
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_log_journal $BTRFS /mnt/var/log/journal
|
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_log_journal $BTRFS /mnt/var/log/journal
|
||||||
|
|
||||||
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_crash $BTRFS /mnt/var/crash
|
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_crash $BTRFS /mnt/var/crash
|
||||||
@ -185,7 +186,7 @@ kernel_selector
|
|||||||
# Pacstrap (setting up a base sytem onto the new root).
|
# Pacstrap (setting up a base sytem onto the new root).
|
||||||
# As I said above, I am considering replacing gnome-software with pamac-flatpak-gnome as PackageKit seems very buggy on Arch Linux right now.
|
# As I said above, I am considering replacing gnome-software with pamac-flatpak-gnome as PackageKit seems very buggy on Arch Linux right now.
|
||||||
echo "Installing the base system (it may take a while)."
|
echo "Installing the base system (it may take a while)."
|
||||||
pacstrap /mnt base ${kernel} ${microcode} linux-firmware grub grub-btrfs snapper snap-pac efibootmgr sudo networkmanager apparmor python2-notify python-psutil chrony nano gdm gnome-control-center gnome-terminal gnome-software gnome-software-packagekit-plugin gnome-tweaks nautilus pipewire-pulse pipewire-alsa pipewire-jack flatpak firewalld zram-generator adobe-source-han-sans-otc-fonts adobe-source-han-serif-otc-fonts gnu-free-fonts reflector mlocate man-db
|
pacstrap /mnt base ${kernel} ${microcode} linux-firmware grub grub-btrfs snapper snap-pac efibootmgr sudo networkmanager apparmor python-psutil python-notify2 nano gdm gnome-control-center gnome-terminal gnome-software gnome-software-packagekit-plugin gnome-tweaks nautilus pipewire-pulse pipewire-alsa pipewire-jack flatpak firewalld zram-generator adobe-source-han-sans-otc-fonts adobe-source-han-serif-otc-fonts gnu-free-fonts reflector mlocate man-db chrony
|
||||||
|
|
||||||
# Routing jack2 through PipeWire.
|
# Routing jack2 through PipeWire.
|
||||||
echo "/usr/lib/pipewire-0.3/jack" > /mnt/etc/ld.so.conf.d/pipewire-jack.conf
|
echo "/usr/lib/pipewire-0.3/jack" > /mnt/etc/ld.so.conf.d/pipewire-jack.conf
|
||||||
@ -208,7 +209,7 @@ cat > /mnt/etc/hosts <<EOF
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Setting username.
|
# Setting username.
|
||||||
read -r -p "Please enter name for a user account (enter empty to not create one): " username
|
read -r -p "Please enter name for a user account (leave empty to skip): " username
|
||||||
|
|
||||||
# Setting up locales.
|
# Setting up locales.
|
||||||
read -r -p "Please insert the locale you use in this format (xx_XX): " locale
|
read -r -p "Please insert the locale you use in this format (xx_XX): " locale
|
||||||
@ -255,8 +256,8 @@ sed -i "s#quiet#cryptdevice=UUID=$UUID:cryptroot root=$BTRFS lsm=landlock,lockdo
|
|||||||
sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf
|
sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf
|
||||||
|
|
||||||
# Configure AppArmor Parser caching
|
# Configure AppArmor Parser caching
|
||||||
sed -i 's/#write-cache/write-cache/g' /etc/apparmor/parser.conf
|
sed -i 's/#write-cache/write-cache/g' /mnt/etc/apparmor/parser.conf
|
||||||
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/#g' /etc/apparmor/parser.conf
|
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/,g' /mnt/etc/apparmor/parser.conf
|
||||||
|
|
||||||
# Blacklisting kernel modules
|
# Blacklisting kernel modules
|
||||||
curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf >> /mnt/etc/modprobe.d/30_security-misc.conf
|
curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf >> /mnt/etc/modprobe.d/30_security-misc.conf
|
||||||
@ -323,19 +324,19 @@ EOF
|
|||||||
|
|
||||||
chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
|
chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
|
||||||
|
|
||||||
# Configuring the system.
|
# Configuring the system.
|
||||||
arch-chroot /mnt /bin/bash -e <<EOF
|
arch-chroot /mnt /bin/bash -e <<EOF
|
||||||
|
|
||||||
# Setting up timezone.
|
# Setting up timezone.
|
||||||
ln -sf /usr/share/zoneinfo/$(curl -s http://ip-api.com/line?fields=timezone) /etc/localtime &>/dev/null
|
ln -sf /usr/share/zoneinfo/$(curl -s http://ip-api.com/line?fields=timezone) /etc/localtime &>/dev/null
|
||||||
|
|
||||||
# Setting up clock.
|
# Setting up clock.
|
||||||
hwclock --systohc
|
hwclock --systohc
|
||||||
|
|
||||||
# Generating locales.my keys aren't even on
|
# Generating locales.my keys aren't even on
|
||||||
echo "Generating locales."
|
echo "Generating locales."
|
||||||
locale-gen &>/dev/null
|
locale-gen &>/dev/null
|
||||||
|
|
||||||
# Generating a new initramfs.
|
# Generating a new initramfs.
|
||||||
echo "Creating a new initramfs."
|
echo "Creating a new initramfs."
|
||||||
chmod 600 /boot/initramfs-linux* &>/dev/null
|
chmod 600 /boot/initramfs-linux* &>/dev/null
|
||||||
@ -352,8 +353,8 @@ arch-chroot /mnt /bin/bash -e <<EOF
|
|||||||
|
|
||||||
# Installing GRUB.
|
# Installing GRUB.
|
||||||
echo "Installing GRUB on /boot."
|
echo "Installing GRUB on /boot."
|
||||||
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile gzio part_gtp cryptodisk luks gcry_rijndael gcry_sha256 btrfs" --disable-shim-lock &>/dev/null
|
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile gzio part_gpt cryptodisk luks gcry_rijndael gcry_sha256 btrfs" --disable-shim-lock &>/dev/null
|
||||||
|
|
||||||
# Creating grub config file.
|
# Creating grub config file.
|
||||||
echo "Creating GRUB config file."
|
echo "Creating GRUB config file."
|
||||||
grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
|
grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
|
||||||
@ -363,14 +364,16 @@ arch-chroot /mnt /bin/bash -e <<EOF
|
|||||||
echo "Adding $username with root privilege."
|
echo "Adding $username with root privilege."
|
||||||
useradd -m $username
|
useradd -m $username
|
||||||
usermod -aG wheel $username
|
usermod -aG wheel $username
|
||||||
passwd ${USER}
|
|
||||||
groupadd -r audit
|
groupadd -r audit
|
||||||
gpasswd -a ${USER} audit
|
gpasswd -a $username audit
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# Enanble AppArmor notifications
|
# Enable AppArmor notifications
|
||||||
bash -c 'cat > /mnt/home/${USER}/.config/autostart/apparmor-notify.desktop' <<-'EOF'
|
# Must create ~/.config/autostart first
|
||||||
|
mkdir -p -m 700 /mnt/home/${username}/.config/autostart/
|
||||||
|
bash -c "cat > /mnt/home/${username}/.config/autostart/apparmor-notify.desktop" <<-'EOF'
|
||||||
[Desktop Entry]
|
[Desktop Entry]
|
||||||
Type=Application
|
Type=Application
|
||||||
Name=AppArmor Notify
|
Name=AppArmor Notify
|
||||||
@ -380,10 +383,13 @@ Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
|
|||||||
StartupNotify=false
|
StartupNotify=false
|
||||||
NoDisplay=true
|
NoDisplay=true
|
||||||
EOF
|
EOF
|
||||||
|
chmod 700 /mnt/home/${username}/.config/autostart/apparmor-notify.desktop
|
||||||
|
arch-chroot /mnt chown -R $username:$username /home/${username}/.config
|
||||||
|
|
||||||
|
|
||||||
|
# Setting user password.
|
||||||
|
|
||||||
|
|
||||||
# Setting root password.
|
|
||||||
echo "Setting root password."
|
|
||||||
arch-chroot /mnt /bin/passwd
|
|
||||||
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
|
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
|
||||||
|
|
||||||
# Giving wheel user sudo access.
|
# Giving wheel user sudo access.
|
||||||
|
Loading…
Reference in New Issue
Block a user