1
0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2024-11-09 12:11:33 -05:00

Getting Install.sh Functioning Again

This commit is contained in:
Tommy 2022-08-24 05:39:39 -04:00 committed by tommytran732
parent 7305ac3232
commit 11c4907534
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2

View File

@ -3,13 +3,13 @@
# Cleaning the TTY. # Cleaning the TTY.
clear clear
# Updating the live environment # Updating the live environment usually causes more problems than its worth, and quite often can't be done without remounting cowspace with more capacity, especially at the end of any given month.
pacman -Syu pacman -Sy
# Installing curl # Installing curl
pacman -S --noconfirm curl pacman -S --noconfirm curl
# Selecting the kernel flavor to install. # Selecting the kernel flavor to install.
kernel_selector () { kernel_selector () {
echo "List of kernels:" echo "List of kernels:"
echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied." echo "1) Stable — Vanilla Linux kernel and modules, with a few patches applied."
@ -90,7 +90,7 @@ BTRFS="/dev/mapper/cryptroot"
# Formatting the LUKS Container as BTRFS. # Formatting the LUKS Container as BTRFS.
echo "Formatting the LUKS container as BTRFS." echo "Formatting the LUKS container as BTRFS."
mkfs.btrfs $BTRFS &>/dev/null mkfs.btrfs $BTRFS &>/dev/null
mount $BTRFS /mnt mount -o clear_cache,nospace_cache $BTRFS /mnt
# Creating BTRFS subvolumes. # Creating BTRFS subvolumes.
echo "Creating BTRFS subvolumes." echo "Creating BTRFS subvolumes."
@ -148,15 +148,16 @@ chmod 600 /mnt/@/.snapshots/1/info.xml
umount /mnt umount /mnt
echo "Mounting the newly created subvolumes." echo "Mounting the newly created subvolumes."
mount -o ssd,noatime,space_cache,compress=zstd:15 $BTRFS /mnt mount -o ssd,noatime,space_cache,compress=zstd:15 $BTRFS /mnt
mkdir -p /mnt/{boot,root,home,.snapshots,srv,tmp,/var/log,/var/log/journal,/var/crash,/var/cache,/var/tmp,/var/spool,/var/lib/libvirt/images,/var/lib/machines,/var/lib/gdm,/var/lib/AccountsService,/cryptkey} mkdir -p /mnt/{boot,root,home,.snapshots,srv,tmp,/var/log,/var/crash,/var/cache,/var/tmp,/var/spool,/var/lib/libvirt/images,/var/lib/machines,/var/lib/gdm,/var/lib/AccountsService,/cryptkey}
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,noexec,subvol=@/boot $BTRFS /mnt/boot mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,noexec,subvol=@/boot $BTRFS /mnt/boot
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/root $BTRFS /mnt/root mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/root $BTRFS /mnt/root
mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/home $BTRFS /mnt/home mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,nodev,nosuid,subvol=@/home $BTRFS /mnt/home
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,subvol=@/.snapshots $BTRFS /mnt/.snapshots mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,subvol=@/.snapshots $BTRFS /mnt/.snapshots
mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,subvol=@/srv $BTRFS /mnt/srv mount -o ssd,noatime,space_cache=v2.autodefrag,compress=zstd:15,discard=async,subvol=@/srv $BTRFS /mnt/srv
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_log $BTRFS /mnt/var/log mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_log $BTRFS /mnt/var/log
# Toolbox (https://github.com/containers/toolbox) needs /var/log/journal to have dev, suid, and exec. Thus I am splitting the subvolume. # Toolbox (https://github.com/containers/toolbox) needs /var/log/journal to have dev, suid, and exec, Thus I am splitting the subvolume. Need to make the directory after /mnt/var/log/ has been mounted.
mkdir -p /mnt/var/log/journal
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_log_journal $BTRFS /mnt/var/log/journal mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,subvol=@/var_log_journal $BTRFS /mnt/var/log/journal
mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_crash $BTRFS /mnt/var/crash mount -o ssd,noatime,space_cache=v2,autodefrag,compress=zstd:15,discard=async,nodatacow,nodev,nosuid,noexec,subvol=@/var_crash $BTRFS /mnt/var/crash
@ -185,7 +186,7 @@ kernel_selector
# Pacstrap (setting up a base sytem onto the new root). # Pacstrap (setting up a base sytem onto the new root).
# As I said above, I am considering replacing gnome-software with pamac-flatpak-gnome as PackageKit seems very buggy on Arch Linux right now. # As I said above, I am considering replacing gnome-software with pamac-flatpak-gnome as PackageKit seems very buggy on Arch Linux right now.
echo "Installing the base system (it may take a while)." echo "Installing the base system (it may take a while)."
pacstrap /mnt base ${kernel} ${microcode} linux-firmware grub grub-btrfs snapper snap-pac efibootmgr sudo networkmanager apparmor python2-notify python-psutil chrony nano gdm gnome-control-center gnome-terminal gnome-software gnome-software-packagekit-plugin gnome-tweaks nautilus pipewire-pulse pipewire-alsa pipewire-jack flatpak firewalld zram-generator adobe-source-han-sans-otc-fonts adobe-source-han-serif-otc-fonts gnu-free-fonts reflector mlocate man-db pacstrap /mnt base ${kernel} ${microcode} linux-firmware grub grub-btrfs snapper snap-pac efibootmgr sudo networkmanager apparmor python-psutil python-notify2 nano gdm gnome-control-center gnome-terminal gnome-software gnome-software-packagekit-plugin gnome-tweaks nautilus pipewire-pulse pipewire-alsa pipewire-jack flatpak firewalld zram-generator adobe-source-han-sans-otc-fonts adobe-source-han-serif-otc-fonts gnu-free-fonts reflector mlocate man-db chrony
# Routing jack2 through PipeWire. # Routing jack2 through PipeWire.
echo "/usr/lib/pipewire-0.3/jack" > /mnt/etc/ld.so.conf.d/pipewire-jack.conf echo "/usr/lib/pipewire-0.3/jack" > /mnt/etc/ld.so.conf.d/pipewire-jack.conf
@ -208,7 +209,7 @@ cat > /mnt/etc/hosts <<EOF
EOF EOF
# Setting username. # Setting username.
read -r -p "Please enter name for a user account (enter empty to not create one): " username read -r -p "Please enter name for a user account (leave empty to skip): " username
# Setting up locales. # Setting up locales.
read -r -p "Please insert the locale you use in this format (xx_XX): " locale read -r -p "Please insert the locale you use in this format (xx_XX): " locale
@ -255,8 +256,8 @@ sed -i "s#quiet#cryptdevice=UUID=$UUID:cryptroot root=$BTRFS lsm=landlock,lockdo
sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf
# Configure AppArmor Parser caching # Configure AppArmor Parser caching
sed -i 's/#write-cache/write-cache/g' /etc/apparmor/parser.conf sed -i 's/#write-cache/write-cache/g' /mnt/etc/apparmor/parser.conf
sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/#g' /etc/apparmor/parser.conf sed -i 's,#Include /etc/apparmor.d/,Include /etc/apparmor.d/,g' /mnt/etc/apparmor/parser.conf
# Blacklisting kernel modules # Blacklisting kernel modules
curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf >> /mnt/etc/modprobe.d/30_security-misc.conf curl https://raw.githubusercontent.com/Whonix/security-misc/master/etc/modprobe.d/30_security-misc.conf >> /mnt/etc/modprobe.d/30_security-misc.conf
@ -323,19 +324,19 @@ EOF
chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf chmod 600 /mnt/etc/NetworkManager/conf.d/ip6-privacy.conf
# Configuring the system. # Configuring the system.
arch-chroot /mnt /bin/bash -e <<EOF arch-chroot /mnt /bin/bash -e <<EOF
# Setting up timezone. # Setting up timezone.
ln -sf /usr/share/zoneinfo/$(curl -s http://ip-api.com/line?fields=timezone) /etc/localtime &>/dev/null ln -sf /usr/share/zoneinfo/$(curl -s http://ip-api.com/line?fields=timezone) /etc/localtime &>/dev/null
# Setting up clock. # Setting up clock.
hwclock --systohc hwclock --systohc
# Generating locales.my keys aren't even on # Generating locales.my keys aren't even on
echo "Generating locales." echo "Generating locales."
locale-gen &>/dev/null locale-gen &>/dev/null
# Generating a new initramfs. # Generating a new initramfs.
echo "Creating a new initramfs." echo "Creating a new initramfs."
chmod 600 /boot/initramfs-linux* &>/dev/null chmod 600 /boot/initramfs-linux* &>/dev/null
@ -352,8 +353,8 @@ arch-chroot /mnt /bin/bash -e <<EOF
# Installing GRUB. # Installing GRUB.
echo "Installing GRUB on /boot." echo "Installing GRUB on /boot."
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile gzio part_gtp cryptodisk luks gcry_rijndael gcry_sha256 btrfs" --disable-shim-lock &>/dev/null grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm_menu gfxterm loadenv configfile gzio part_gpt cryptodisk luks gcry_rijndael gcry_sha256 btrfs" --disable-shim-lock &>/dev/null
# Creating grub config file. # Creating grub config file.
echo "Creating GRUB config file." echo "Creating GRUB config file."
grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null grub-mkconfig -o /boot/grub/grub.cfg &>/dev/null
@ -363,14 +364,16 @@ arch-chroot /mnt /bin/bash -e <<EOF
echo "Adding $username with root privilege." echo "Adding $username with root privilege."
useradd -m $username useradd -m $username
usermod -aG wheel $username usermod -aG wheel $username
passwd ${USER}
groupadd -r audit groupadd -r audit
gpasswd -a ${USER} audit gpasswd -a $username audit
fi fi
EOF EOF
# Enanble AppArmor notifications # Enable AppArmor notifications
bash -c 'cat > /mnt/home/${USER}/.config/autostart/apparmor-notify.desktop' <<-'EOF' # Must create ~/.config/autostart first
mkdir -p -m 700 /mnt/home/${username}/.config/autostart/
bash -c "cat > /mnt/home/${username}/.config/autostart/apparmor-notify.desktop" <<-'EOF'
[Desktop Entry] [Desktop Entry]
Type=Application Type=Application
Name=AppArmor Notify Name=AppArmor Notify
@ -380,10 +383,13 @@ Exec=aa-notify -p -s 1 -w 60 -f /var/log/audit/audit.log
StartupNotify=false StartupNotify=false
NoDisplay=true NoDisplay=true
EOF EOF
chmod 700 /mnt/home/${username}/.config/autostart/apparmor-notify.desktop
arch-chroot /mnt chown -R $username:$username /home/${username}/.config
# Setting user password.
# Setting root password.
echo "Setting root password."
arch-chroot /mnt /bin/passwd
[ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username" [ -n "$username" ] && echo "Setting user password for ${username}." && arch-chroot /mnt /bin/passwd "$username"
# Giving wheel user sudo access. # Giving wheel user sudo access.