mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-25 02:51:32 -05:00
Compare commits
No commits in common. "daf2664d08282547f1bb42066a29469eb41efd76" and "8a0504c4d8d823c5d94fc6b1d979675fc7d0e981" have entirely different histories.
daf2664d08
...
8a0504c4d8
131
install.sh
131
install.sh
@ -22,9 +22,6 @@ unpriv(){
|
|||||||
sudo -u nobody "$@"
|
sudo -u nobody "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check if this is a VM
|
|
||||||
virtualization=$(systemd-detect-virt)
|
|
||||||
|
|
||||||
install_mode_selector() {
|
install_mode_selector() {
|
||||||
output 'Is this a desktop or server installation?'
|
output 'Is this a desktop or server installation?'
|
||||||
output '1) Desktop'
|
output '1) Desktop'
|
||||||
@ -41,28 +38,7 @@ install_mode_selector() {
|
|||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
luks_prompt(){
|
|
||||||
if [ "${virtualization}" != 'none' ]; then
|
|
||||||
output "Virtual machine detected. Do you want to set up LUKS?"
|
|
||||||
output '1) No'
|
|
||||||
output '2) Yes'
|
|
||||||
output 'Insert the number of your selection:'
|
|
||||||
read -r choice
|
|
||||||
case $choice in
|
|
||||||
1 ) use_luks='0'
|
|
||||||
;;
|
|
||||||
2 ) use_luks='1'
|
|
||||||
;;
|
|
||||||
* ) output 'You did not enter a valid selection.'
|
|
||||||
luks_prompt
|
|
||||||
esac
|
|
||||||
else
|
|
||||||
use_luks='1'
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
luks_password_prompt () {
|
luks_password_prompt () {
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
output 'Enter your encryption password (the password will not be shown on the screen):'
|
output 'Enter your encryption password (the password will not be shown on the screen):'
|
||||||
read -r -s luks_password
|
read -r -s luks_password
|
||||||
|
|
||||||
@ -77,7 +53,6 @@ luks_password_prompt () {
|
|||||||
output 'Passwords do not match, please try again.'
|
output 'Passwords do not match, please try again.'
|
||||||
luks_password_prompt
|
luks_password_prompt
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
disk_prompt (){
|
disk_prompt (){
|
||||||
@ -132,26 +107,6 @@ hostname_prompt (){
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
network_daemon_prompt(){
|
|
||||||
if [ "${install_mode}" = 'server' ]; then
|
|
||||||
output 'Which network daemon do you want to use'
|
|
||||||
output '1) networkmanager'
|
|
||||||
output '2) systemd-networkd'
|
|
||||||
output 'Insert the number of your selection:'
|
|
||||||
read -r choice
|
|
||||||
case $choice in
|
|
||||||
1 ) network_daemon='networkmanager'
|
|
||||||
;;
|
|
||||||
2 ) network_daemon='systemd-networkd'
|
|
||||||
;;
|
|
||||||
* ) output 'You did not enter a valid selection.'
|
|
||||||
install_mode_selector
|
|
||||||
esac
|
|
||||||
else
|
|
||||||
network_daemon='networkmanager'
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set hardcoded variables (temporary, these will be replaced by future prompts)
|
# Set hardcoded variables (temporary, these will be replaced by future prompts)
|
||||||
locale=en_US
|
locale=en_US
|
||||||
kblayout=us
|
kblayout=us
|
||||||
@ -161,13 +116,14 @@ clear
|
|||||||
|
|
||||||
# Initial prompts
|
# Initial prompts
|
||||||
install_mode_selector
|
install_mode_selector
|
||||||
luks_prompt
|
|
||||||
luks_password_prompt
|
luks_password_prompt
|
||||||
disk_prompt
|
disk_prompt
|
||||||
username_prompt
|
username_prompt
|
||||||
user_password_prompt
|
user_password_prompt
|
||||||
hostname_prompt
|
hostname_prompt
|
||||||
network_daemon_prompt
|
|
||||||
|
# Check if this is a VM
|
||||||
|
virtualization=$(systemd-detect-virt)
|
||||||
|
|
||||||
# Installation
|
# Installation
|
||||||
|
|
||||||
@ -187,13 +143,10 @@ parted -s "${disk}" \
|
|||||||
mklabel gpt \
|
mklabel gpt \
|
||||||
mkpart ESP fat32 1MiB 513MiB \
|
mkpart ESP fat32 1MiB 513MiB \
|
||||||
set 1 esp on \
|
set 1 esp on \
|
||||||
mkpart rootfs 513MiB 100%
|
mkpart cryptroot 513MiB 100%
|
||||||
|
|
||||||
ESP='/dev/disk/by-partlabel/ESP'
|
ESP='/dev/disk/by-partlabel/ESP'
|
||||||
|
cryptroot='/dev/disk/by-partlabel/cryptroot'
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
cryptroot='/dev/disk/by-partlabel/rootfs'
|
|
||||||
fi
|
|
||||||
|
|
||||||
## Informing the Kernel of the changes.
|
## Informing the Kernel of the changes.
|
||||||
output 'Informing the Kernel about the disk changes.'
|
output 'Informing the Kernel about the disk changes.'
|
||||||
@ -204,17 +157,13 @@ output 'Formatting the EFI Partition as FAT32.'
|
|||||||
mkfs.fat -F 32 -s 2 "${ESP}" &>/dev/null
|
mkfs.fat -F 32 -s 2 "${ESP}" &>/dev/null
|
||||||
|
|
||||||
## Creating a LUKS Container for the root partition.
|
## Creating a LUKS Container for the root partition.
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
output 'Creating LUKS Container for the root partition.'
|
output 'Creating LUKS Container for the root partition.'
|
||||||
echo -n "${luks_password}" | cryptsetup luksFormat --pbkdf pbkdf2 "${cryptroot}" -d - &>/dev/null
|
echo -n "${luks_password}" | cryptsetup luksFormat --pbkdf pbkdf2 ${cryptroot} -d - &>/dev/null
|
||||||
echo -n "${luks_password}" | cryptsetup open "${cryptroot}" cryptroot -d -
|
echo -n "${luks_password}" | cryptsetup open ${cryptroot} cryptroot -d -
|
||||||
BTRFS='/dev/mapper/cryptroot'
|
BTRFS='/dev/mapper/cryptroot'
|
||||||
else
|
|
||||||
BTRFS='/dev/disk/by-partlabel/rootfs'
|
|
||||||
fi
|
|
||||||
|
|
||||||
## Formatting the partition as BTRFS.
|
## Formatting the LUKS Container as BTRFS.
|
||||||
output 'Formatting the rootfs as BTRFS.'
|
output 'Formatting the LUKS container as BTRFS.'
|
||||||
mkfs.btrfs "${BTRFS}" &>/dev/null
|
mkfs.btrfs "${BTRFS}" &>/dev/null
|
||||||
mount "${BTRFS}" /mnt
|
mount "${BTRFS}" /mnt
|
||||||
|
|
||||||
@ -241,10 +190,7 @@ if [ "${install_mode}" = 'desktop' ]; then
|
|||||||
btrfs su cr /mnt/@/var_lib_gdm &>/dev/null
|
btrfs su cr /mnt/@/var_lib_gdm &>/dev/null
|
||||||
btrfs su cr /mnt/@/var_lib_AccountsService &>/dev/null
|
btrfs su cr /mnt/@/var_lib_AccountsService &>/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
btrfs su cr /mnt/@/cryptkey &>/dev/null
|
btrfs su cr /mnt/@/cryptkey &>/dev/null
|
||||||
fi
|
|
||||||
|
|
||||||
## Disable CoW on subvols we are not taking snapshots of
|
## Disable CoW on subvols we are not taking snapshots of
|
||||||
chattr +C /mnt/@/boot
|
chattr +C /mnt/@/boot
|
||||||
@ -263,10 +209,7 @@ if [ "${install_mode}" = 'desktop' ]; then
|
|||||||
chattr +C /mnt/@/var_lib_gdm
|
chattr +C /mnt/@/var_lib_gdm
|
||||||
chattr +C /mnt/@/var_lib_AccountsService
|
chattr +C /mnt/@/var_lib_AccountsService
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
chattr +C /mnt/@/cryptkey
|
chattr +C /mnt/@/cryptkey
|
||||||
fi
|
|
||||||
|
|
||||||
## Set the default BTRFS Subvol to Snapshot 1 before pacstrapping
|
## Set the default BTRFS Subvol to Snapshot 1 before pacstrapping
|
||||||
btrfs subvolume set-default "$(btrfs subvolume list /mnt | grep "@/.snapshots/1/snapshot" | grep -oP '(?<=ID )[0-9]+')" /mnt
|
btrfs subvolume set-default "$(btrfs subvolume list /mnt | grep "@/.snapshots/1/snapshot" | grep -oP '(?<=ID )[0-9]+')" /mnt
|
||||||
@ -287,15 +230,10 @@ chmod 600 /mnt/@/.snapshots/1/info.xml
|
|||||||
umount /mnt
|
umount /mnt
|
||||||
output 'Mounting the newly created subvolumes.'
|
output 'Mounting the newly created subvolumes.'
|
||||||
mount -o ssd,noatime,compress=zstd "${BTRFS}" /mnt
|
mount -o ssd,noatime,compress=zstd "${BTRFS}" /mnt
|
||||||
mkdir -p /mnt/{boot,root,home,.snapshots,srv,tmp,var/log,var/crash,var/cache,var/tmp,var/spool,var/lib/libvirt/images,var/lib/machines}
|
mkdir -p /mnt/{boot,root,home,.snapshots,srv,tmp,var/log,var/crash,var/cache,var/tmp,var/spool,var/lib/libvirt/images,var/lib/machines,cryptkey}
|
||||||
if [ "${install_mode}" = 'desktop' ]; then
|
if [ "${install_mode}" = 'desktop' ]; then
|
||||||
mkdir -p /mnt/{var/lib/gdm,var/lib/AccountsService}
|
mkdir -p /mnt/{var/lib/gdm,var/lib/AccountsService}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
mkdir -p /mnt/cryptkey
|
|
||||||
fi
|
|
||||||
|
|
||||||
mount -o ssd,noatime,compress=zstd,nodev,nosuid,noexec,subvol=@/boot "${BTRFS}" /mnt/boot
|
mount -o ssd,noatime,compress=zstd,nodev,nosuid,noexec,subvol=@/boot "${BTRFS}" /mnt/boot
|
||||||
mount -o ssd,noatime,compress=zstd,nodev,nosuid,subvol=@/root "${BTRFS}" /mnt/root
|
mount -o ssd,noatime,compress=zstd,nodev,nosuid,subvol=@/root "${BTRFS}" /mnt/root
|
||||||
mount -o ssd,noatime,compress=zstd,nodev,nosuid,subvol=@/home "${BTRFS}" /mnt/home
|
mount -o ssd,noatime,compress=zstd,nodev,nosuid,subvol=@/home "${BTRFS}" /mnt/home
|
||||||
@ -322,9 +260,7 @@ if [ "${install_mode}" = 'desktop' ]; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
### The encryption is splitted as we do not want to include it in the backup with snap-pac.
|
### The encryption is splitted as we do not want to include it in the backup with snap-pac.
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
mount -o ssd,noatime,compress=zstd,nodatacow,nodev,nosuid,noexec,subvol=@/cryptkey "${BTRFS}" /mnt/cryptkey
|
mount -o ssd,noatime,compress=zstd,nodatacow,nodev,nosuid,noexec,subvol=@/cryptkey "${BTRFS}" /mnt/cryptkey
|
||||||
fi
|
|
||||||
|
|
||||||
mkdir -p /mnt/boot/efi
|
mkdir -p /mnt/boot/efi
|
||||||
mount -o nodev,nosuid,noexec "${ESP}" /mnt/boot/efi
|
mount -o nodev,nosuid,noexec "${ESP}" /mnt/boot/efi
|
||||||
@ -345,11 +281,7 @@ output 'Installing the base system (it may take a while).'
|
|||||||
output "You may see an error when mkinitcpio tries to generate a new initramfs."
|
output "You may see an error when mkinitcpio tries to generate a new initramfs."
|
||||||
output "It is okay. The script will regenerate the initramfs later in the installation process."
|
output "It is okay. The script will regenerate the initramfs later in the installation process."
|
||||||
|
|
||||||
pacstrap /mnt apparmor base chrony efibootmgr firewalld grub grub-btrfs inotify-tools linux-firmware linux-hardened linux-lts "${microcode}" nano reflector sbctl snapper sudo zram-generator
|
pacstrap /mnt apparmor base chrony efibootmgr firewalld grub grub-btrfs inotify-tools linux-firmware linux-hardened linux-lts "${microcode}" nano networkmanager reflector sbctl snapper sudo zram-generator
|
||||||
|
|
||||||
if [ "${network_daemon}" = 'networkmanager' ]; then
|
|
||||||
pacstrap /mnt networkmanager
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${install_mode}" = 'desktop' ]; then
|
if [ "${install_mode}" = 'desktop' ]; then
|
||||||
pacstrap /mnt nautilus gdm gnome-console gnome-control-center flatpak pipewire-alsa pipewire-pulse pipewire-jack
|
pacstrap /mnt nautilus gdm gnome-console gnome-control-center flatpak pipewire-alsa pipewire-pulse pipewire-jack
|
||||||
@ -397,16 +329,10 @@ echo "KEYMAP=$kblayout" > /mnt/etc/vconsole.conf
|
|||||||
output 'Configuring /etc/mkinitcpio for ZSTD compression and LUKS hook.'
|
output 'Configuring /etc/mkinitcpio for ZSTD compression and LUKS hook.'
|
||||||
sed -i 's/#COMPRESSION="zstd"/COMPRESSION="zstd"/g' /mnt/etc/mkinitcpio.conf
|
sed -i 's/#COMPRESSION="zstd"/COMPRESSION="zstd"/g' /mnt/etc/mkinitcpio.conf
|
||||||
sed -i 's/^MODULES=.*/MODULES=(btrfs)/g' /mnt/etc/mkinitcpio.conf
|
sed -i 's/^MODULES=.*/MODULES=(btrfs)/g' /mnt/etc/mkinitcpio.conf
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
sed -i 's/^HOOKS=.*/HOOKS=(systemd autodetect microcode modconf keyboard sd-vconsole block sd-encrypt)/g' /mnt/etc/mkinitcpio.conf
|
sed -i 's/^HOOKS=.*/HOOKS=(systemd autodetect microcode modconf keyboard sd-vconsole block sd-encrypt)/g' /mnt/etc/mkinitcpio.conf
|
||||||
else
|
|
||||||
sed -i 's/^HOOKS=.*/HOOKS=(systemd autodetect microcode modconf keyboard sd-vconsole block)/g' /mnt/etc/mkinitcpio.conf
|
|
||||||
fi
|
|
||||||
|
|
||||||
## Enable LUKS in GRUB and setting the UUID of the LUKS container.
|
## Enable LUKS in GRUB and setting the UUID of the LUKS container.
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
sed -i 's/#GRUB_ENABLE_CRYPTODISK=.*/GRUB_ENABLE_CRYPTODISK=y/g' /mnt/etc/default/grub
|
sed -i 's/#GRUB_ENABLE_CRYPTODISK=.*/GRUB_ENABLE_CRYPTODISK=y/g' /mnt/etc/default/grub
|
||||||
fi
|
|
||||||
echo '' >> /mnt/etc/default/grub
|
echo '' >> /mnt/etc/default/grub
|
||||||
echo '# Booting with BTRFS subvolume
|
echo '# Booting with BTRFS subvolume
|
||||||
GRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true' >> /mnt/etc/default/grub
|
GRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true' >> /mnt/etc/default/grub
|
||||||
@ -419,22 +345,15 @@ sed -i 's/rootflags=subvol=${rootsubvol}//g' /mnt/etc/grub.d/10_linux
|
|||||||
sed -i 's/rootflags=subvol=${rootsubvol}//g' /mnt/etc/grub.d/20_linux_xen
|
sed -i 's/rootflags=subvol=${rootsubvol}//g' /mnt/etc/grub.d/20_linux_xen
|
||||||
|
|
||||||
## Kernel hardening
|
## Kernel hardening
|
||||||
|
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
UUID=$(blkid -s UUID -o value "${cryptroot}")
|
UUID=$(blkid -s UUID -o value "${cryptroot}")
|
||||||
sed -i "s#quiet#rd.luks.name=${UUID}=cryptroot root=${BTRFS} lsm=landlock,lockdown,yama,integrity,apparmor,bpf mitigations=auto,nosmt spectre_v2=on spectre_bhi=on spec_store_bypass_disable=on tsx=off kvm.nx_huge_pages=force nosmt=force l1d_flush=on spec_rstack_overflow=safe-ret gather_data_sampling=force reg_file_data_sampling=on random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none ia32_emulation=0 page_alloc.shuffle=1 randomize_kstack_offset=on debugfs=off lockdown=confidentiality module.sig_enforce=1#g" /mnt/etc/default/grub
|
sed -i "s#quiet#rd.luks.name=${UUID}=cryptroot root=${BTRFS} lsm=landlock,lockdown,yama,integrity,apparmor,bpf mitigations=auto,nosmt spectre_v2=on spectre_bhi=on spec_store_bypass_disable=on tsx=off kvm.nx_huge_pages=force nosmt=force l1d_flush=on spec_rstack_overflow=safe-ret gather_data_sampling=force reg_file_data_sampling=on random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none ia32_emulation=0 page_alloc.shuffle=1 randomize_kstack_offset=on debugfs=off lockdown=confidentiality module.sig_enforce=1#g" /mnt/etc/default/grub
|
||||||
else
|
|
||||||
sed -i "s#quiet#root=${BTRFS} lsm=landlock,lockdown,yama,integrity,apparmor,bpf mitigations=auto,nosmt spectre_v2=on spectre_bhi=on spec_store_bypass_disable=on tsx=off kvm.nx_huge_pages=force nosmt=force l1d_flush=on spec_rstack_overflow=safe-ret gather_data_sampling=force reg_file_data_sampling=on random.trust_bootloader=off random.trust_cpu=off intel_iommu=on amd_iommu=force_isolation efi=disable_early_pci_dma iommu=force iommu.passthrough=0 iommu.strict=1 slab_nomerge init_on_alloc=1 init_on_free=1 pti=on vsyscall=none ia32_emulation=0 page_alloc.shuffle=1 randomize_kstack_offset=on debugfs=off lockdown=confidentiality module.sig_enforce=1#g" /mnt/etc/default/grub
|
|
||||||
fi
|
|
||||||
|
|
||||||
## Add keyfile to the initramfs to avoid double password.
|
## Add keyfile to the initramfs to avoid double password.
|
||||||
if [ "${use_luks}" = '1' ]; then
|
|
||||||
dd bs=512 count=4 if=/dev/random of=/mnt/cryptkey/.root.key iflag=fullblock &>/dev/null
|
dd bs=512 count=4 if=/dev/random of=/mnt/cryptkey/.root.key iflag=fullblock &>/dev/null
|
||||||
chmod 000 /mnt/cryptkey/.root.key &>/dev/null
|
chmod 000 /mnt/cryptkey/.root.key &>/dev/null
|
||||||
echo -n "${luks_password}" | cryptsetup luksAddKey /dev/disk/by-partlabel/rootfs /mnt/cryptkey/.root.key -d -
|
echo -n "${luks_password}" | cryptsetup luksAddKey /dev/disk/by-partlabel/cryptroot /mnt/cryptkey/.root.key -d -
|
||||||
sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf
|
sed -i 's#FILES=()#FILES=(/cryptkey/.root.key)#g' /mnt/etc/mkinitcpio.conf
|
||||||
sed -i "s#module\.sig_enforce=1#module.sig_enforce=1 rd.luks.key=/cryptkey/.root.key#g" /mnt/etc/default/grub
|
sed -i "s#module\.sig_enforce=1#module.sig_enforce=1 rd.luks.key=/cryptkey/.root.key#g" /mnt/etc/default/grub
|
||||||
fi
|
|
||||||
|
|
||||||
## Continue kernel hardening
|
## Continue kernel hardening
|
||||||
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | tee /mnt/etc/modprobe.d/30_security-misc.conf
|
unpriv curl https://raw.githubusercontent.com/Kicksecure/security-misc/master/etc/modprobe.d/30_security-misc.conf | tee /mnt/etc/modprobe.d/30_security-misc.conf
|
||||||
@ -480,8 +399,6 @@ fi
|
|||||||
# Setup dconf
|
# Setup dconf
|
||||||
|
|
||||||
if [ "${install_mode}" = 'desktop' ]; then
|
if [ "${install_mode}" = 'desktop' ]; then
|
||||||
# This doesn't actually take effect atm - need to investigate
|
|
||||||
|
|
||||||
mkdir -p /mnt/etc/dconf/db/local.d/locks
|
mkdir -p /mnt/etc/dconf/db/local.d/locks
|
||||||
|
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/automount-disable | tee /mnt/etc/dconf/db/local.d/locks/automount-disable
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/dconf/db/local.d/locks/automount-disable | tee /mnt/etc/dconf/db/local.d/locks/automount-disable
|
||||||
@ -500,15 +417,12 @@ unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/m
|
|||||||
|
|
||||||
## Setup Networking
|
## Setup Networking
|
||||||
|
|
||||||
if [ "${install_mode}" = 'desktop' ]; then
|
if [ "${install_mode}" = "desktop" ]; then
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf | tee /mnt/etc/NetworkManager/conf.d/00-macrandomize.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/00-macrandomize.conf | tee /mnt/etc/NetworkManager/conf.d/00-macrandomize.conf
|
||||||
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/01-transient-hostname.conf | tee /mnt/etc/NetworkManager/conf.d/01-transient-hostname.conf
|
unpriv curl https://raw.githubusercontent.com/TommyTran732/Linux-Setup-Scripts/main/etc/NetworkManager/conf.d/01-transient-hostname.conf | tee /mnt/etc/NetworkManager/conf.d/01-transient-hostname.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "${network_daemon}" = 'networkmanager' ]; then
|
|
||||||
mkdir -p /mnt/etc/systemd/system/NetworkManager.service.d/
|
|
||||||
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | tee /mnt/etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
unpriv curl https://gitlab.com/divested/brace/-/raw/master/brace/usr/lib/systemd/system/NetworkManager.service.d/99-brace.conf | tee /mnt/etc/systemd/system/NetworkManager.service.d/99-brace.conf
|
||||||
fi
|
|
||||||
|
|
||||||
## Configuring the system.
|
## Configuring the system.
|
||||||
arch-chroot /mnt /bin/bash -e <<EOF
|
arch-chroot /mnt /bin/bash -e <<EOF
|
||||||
@ -521,33 +435,33 @@ arch-chroot /mnt /bin/bash -e <<EOF
|
|||||||
hwclock --systohc
|
hwclock --systohc
|
||||||
|
|
||||||
# Generating locales.my keys aren't even on
|
# Generating locales.my keys aren't even on
|
||||||
echo "Generating locales."
|
output "Generating locales."
|
||||||
locale-gen
|
locale-gen
|
||||||
|
|
||||||
# Create SecureBoot keys. This isn't strictly necessary, but certain things like linux-hardened preset expects it and mkinitcpio will fail without it, sooo...
|
# Create SecureBoot keys. This isn't strictly necessary, but certain things like linux-hardened preset expects it and mkinitcpio will fail without it, sooo...
|
||||||
sbctl create-keys
|
sbctl create-keys
|
||||||
|
|
||||||
# Generating a new initramfs.
|
# Generating a new initramfs.
|
||||||
echo "Creating a new initramfs."
|
output "Creating a new initramfs."
|
||||||
chmod 600 /boot/initramfs-linux*
|
chmod 600 /boot/initramfs-linux*
|
||||||
mkinitcpio -P
|
mkinitcpio -P
|
||||||
|
|
||||||
# Installing GRUB.
|
# Installing GRUB.
|
||||||
echo "Installing GRUB on /boot."
|
output "Installing GRUB on /boot."
|
||||||
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --disable-shim-lock
|
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --disable-shim-lock
|
||||||
|
|
||||||
# Creating grub config file.
|
# Creating grub config file.
|
||||||
echo "Creating GRUB config file."
|
output "Creating GRUB config file."
|
||||||
grub-mkconfig -o /boot/grub/grub.cfg
|
grub-mkconfig -o /boot/grub/grub.cfg
|
||||||
|
|
||||||
# Adding user with sudo privilege
|
# Adding user with sudo privilege
|
||||||
echo "Adding $username with root privilege."
|
output "Adding $username with root privilege."
|
||||||
useradd -m $username
|
useradd -m $username
|
||||||
usermod -aG wheel $username
|
usermod -aG wheel $username
|
||||||
|
|
||||||
if [ "${install_mode}" = 'desktop' ]; then
|
if [ "${install_mode}" = 'desktop' ]; then
|
||||||
# Setting up dconf
|
# Setting up dconf
|
||||||
echo "Setting up dconf."
|
output "Setting up dconf."
|
||||||
dconf update
|
dconf update
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -573,18 +487,13 @@ systemctl enable chronyd --root=/mnt
|
|||||||
systemctl enable firewalld --root=/mnt
|
systemctl enable firewalld --root=/mnt
|
||||||
systemctl enable fstrim.timer --root=/mnt
|
systemctl enable fstrim.timer --root=/mnt
|
||||||
systemctl enable grub-btrfsd.service --root=/mnt
|
systemctl enable grub-btrfsd.service --root=/mnt
|
||||||
|
systemctl enable NetworkManager --root=/mnt
|
||||||
systemctl enable reflector.timer --root=/mnt
|
systemctl enable reflector.timer --root=/mnt
|
||||||
systemctl enable snapper-timeline.timer --root=/mnt
|
systemctl enable snapper-timeline.timer --root=/mnt
|
||||||
systemctl enable snapper-cleanup.timer --root=/mnt
|
systemctl enable snapper-cleanup.timer --root=/mnt
|
||||||
systemctl enable systemd-oomd --root=/mnt
|
systemctl enable systemd-oomd --root=/mnt
|
||||||
systemctl disable systemd-timesyncd --root=/mnt
|
systemctl disable systemd-timesyncd --root=/mnt
|
||||||
|
|
||||||
if [ "${network_daemon}" = 'networkmanager' ]; then
|
|
||||||
systemctl enable NetworkManager --root=/mnt
|
|
||||||
else
|
|
||||||
systemctl enable systemd-networkd --root=/mnt
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${install_mode}" = 'desktop' ]; then
|
if [ "${install_mode}" = 'desktop' ]; then
|
||||||
systemctl enable gdm --root=/mnt
|
systemctl enable gdm --root=/mnt
|
||||||
fi
|
fi
|
||||||
|
Loading…
Reference in New Issue
Block a user