diff --git a/grub b/grub new file mode 100644 index 0000000..1ffeaa1 --- /dev/null +++ b/grub @@ -0,0 +1,54 @@ +# GRUB boot loader configuration + +GRUB_DEFAULT=0 +GRUB_TIMEOUT=5 +GRUB_DISTRIBUTOR="Arch" +GRUB_CMDLINE_LINUX_DEFAULT="audit=0 loglevel=3 quiet" +GRUB_CMDLINE_LINUX="cryptdevice=UUID=:lvm cryptkey=rootfs:/luks.key" + +# Preload both GPT and MBR modules so that they are not missed +GRUB_PRELOAD_MODULES="part_gpt part_msdos" + +# Uncomment to enable booting from LUKS encrypted devices +GRUB_ENABLE_CRYPTODISK=y + +# Set to 'countdown' or 'hidden' to change timeout behavior, +# press ESC key to display menu. +GRUB_TIMEOUT_STYLE=menu + +# Uncomment to use basic console +GRUB_TERMINAL_INPUT=console + +# Uncomment to disable graphical terminal +#GRUB_TERMINAL_OUTPUT=console + +# The resolution used on graphical terminal +# note that you can use only modes which your graphic card supports via VBE +# you can see them in real GRUB with the command `vbeinfo' +GRUB_GFXMODE=auto + +# Uncomment to allow the kernel use the same resolution used by grub +GRUB_GFXPAYLOAD_LINUX=keep + +# Uncomment if you want GRUB to pass to the Linux kernel the old parameter +# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx" +#GRUB_DISABLE_LINUX_UUID=true + +# Uncomment to disable generation of recovery mode menu entries +GRUB_DISABLE_RECOVERY=true + +# Uncomment and set to the desired menu colors. Used by normal and wallpaper +# modes only. Entries specified as foreground/background. +#GRUB_COLOR_NORMAL="light-blue/black" +#GRUB_COLOR_HIGHLIGHT="light-cyan/blue" + +# Uncomment one of them for the gfx desired, a image background or a gfxtheme +#GRUB_BACKGROUND="/path/to/wallpaper" +#GRUB_THEME="/path/to/gfxtheme" + +# Uncomment to get a beep at GRUB start +#GRUB_INIT_TUNE="480 440 1" + +# Uncomment to make GRUB remember the last selection. This requires to +# set 'GRUB_DEFAULT=saved' above. +#GRUB_SAVEDEFAULT="true" diff --git a/install.sh b/install.sh index e38a856..f567302 100755 --- a/install.sh +++ b/install.sh @@ -1,32 +1,43 @@ #!/bin/bash +cd /root/archinstall # install parameters # the storage device on which arch linux shall be installed -storage_device='/dev/sda' - -# boot mode: efi or bios, default=None the install script will determine the boot mode -# boot_mode='efi' - +storage_device='/dev/nvme0n1' # encryption password -encryption_password='barfoo' +encryption_password='bapede bupi' +host='motop' +root_password='foo' +user='moritz' +user_password='foo' +email='moritzmuench@mailbox.org' +boot_mode='efi' +# packages to install +base='base base-devel grub efibootmgr xf86-input-synaptics stow tmux git vim python3 go wpa_supplicant dialog gnome gnome-tweaks libreoffice-fresh virtualbox virtualbox-guest-iso firefox hunspell-de nextcloud-client evolution vlc gst-libav gst-plugins-ugly progress gimp cups samsung-unified-driver sane xsane tlp tp_smapi acpi_call ntfs-3g gimagereader-gtk tesseract-date-eng tesseract-data-deu nmap youtube-dl octave kdenlive pkgfile signal-desktop-bin telegram-desktop-bin freecad zotero slic3r-bin downgrade pmount' -# additional packages to install -base='grub efibootmgr stow tmux git vim python3 wpa_supplicant' +# helper +s() { $* >/dev/null; } +S() { $* >/dev/null 2>&1; } +e() { echo -n " ::: $* ... "; } +d() { echo "done"; echo ""; } +update() { pacman -Syyu; } -# make command silent -s() { - $* >/dev/null 2>&1 -} - - -echo "checking internet connection" -s ping -c1 archlinux.org -if [[ "$?" -ne 0 ]]; then - echo "internet connection needed" - exit 1 +if [[ `echo "$storage_device" | grep -E "(mmcblk|nvme)"` ]]; then + storage="${storage_device}p" +else + storage="$storage_device" fi -echo "determining boot mode" + +e "checking internet connection" +s ping -c1 archlinux.org +if [[ "$?" -ne 0 ]]; then + echo "error: internet connection needed" + exit 1 +fi +d + +e "determining boot mode" if [[ ! "$boot_mode" ]]; then s ls /sys/firmware/efi/efivars if [[ "$?" -eq 0 ]]; then @@ -35,66 +46,180 @@ if [[ ! "$boot_mode" ]]; then boot_mode='bios' fi fi +d -echo "updating system clock" +e "updating system clock" s timedatectl set-ntp true +d -echo "creating partitions" +e "wiping $storage_device" +S umount /mnt/efi +S umount /mnt/boot +S umount /mnt +S vgremove -y vg +S cryptsetup luksClose lvm s wipefs -af "$storage_device" -if [[ "$boot_mode" == "efi" ]]; then - sgdisk -n "1:2048:+1G" -t "1:EF00" "$storage_device" -else - sgdisk -n "1:2048:+1G" -t "1:EF02" "$storage_device" -fi -sgdisk -n "2:0:0" -t "2:8309" "$storage_device" -echo "$encryption_password" | cryptsetup -q luksFormat --type luks1 "${storage_device}2" -echo "$encryption_password" | cryptsetup -q open "${storage_device}2" lvm +d -echo "creating lvm" +e "creating partitions" +if [[ "$boot_mode" == "efi" ]]; then + s sgdisk -n "1:2048:+1G" -t "1:EF00" "$storage_device" +else + s sgdisk -n "1:2048:+1G" -t "1:EF02" "$storage_device" +fi +s sgdisk -n "2:0:0" -t "2:8309" "$storage_device" +echo "$encryption_password" | cryptsetup -q luksFormat --type luks1 "${storage}2" +echo "$encryption_password" | cryptsetup -q open "${storage}2" lvm +d + +e "creating lvm" s pvcreate /dev/mapper/lvm s vgcreate vg /dev/mapper/lvm s lvcreate -L 8G vg -n swap s lvcreate -l 100%FREE vg -n root +d -echo "formatting filesystems" +e "formatting filesystems" if [[ "$boot_mode" == "efi" ]]; then - s mkfs.vfat -F32 "${storage_device}1" + s mkfs.vfat -F32 "${storage}1" else - s mkfs.vfat "${storage_device}1" + s mkfs.vfat "${storage}1" fi -s mkfs.ext4 /dev/vg/root -s mkswap /dev/cg/swap +S mkfs.ext4 /dev/vg/root +s mkswap /dev/vg/swap +d -echo "mounting filesystems" +e "mounting filesystems" s mount /dev/vg/root /mnt if [[ "$boot_mode" == "efi" ]]; then s mkdir /mnt/efi - s mount "${storage_device}1" /mnt/efi + s mount "${storage}1" /mnt/efi else s mkdir /mnt/boot - s mount "${storage_device}1" /mnt/boot + s mount "${storage}1" /mnt/boot fi +d -echo "installing base system" -pacstrap /mnt base +e "installing base system" +s mkdir -p /mnt/var/cache/pacman/pkg +s cp -rp /var/cache/pacman/pkg/* /mnt/var/cache/pacman/pkg/ +s sync +S pacstrap /mnt $base +d -echo "generating fstab" -s genfstab -U /mnt >> /mnt/etc/fstab +e "generating fstab" +genfstab -U /mnt >> /mnt/etc/fstab +d -echo "chrooting into arch" -s arch-chroot /mnt +e "copying config and setup scipts to new installation" +uuid=`blkid | awk '/lvm/ { print $2 }' | grep -oP '[^"]*"\K[^"]*'` +cat < /mnt/root/install.sh +#!/bin/bash -ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime -hwclock --systohc -sed -i 's/#de_DE\.UTF-8/de_DE.UTF-8/g' /etc/locale.gen -locale-gen -echo "LANG=de_DE.UTF-8" > /etc/locale.conf +# helper +s() { \$* >/dev/null; } +S() { \$* >/dev/null 2>&1; } +e() { echo -n " ::: \$* ... "; } +d() { echo "done"; echo ""; } + +e "setting timezone" +s ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime +d + +e "synchronising hardware clock" +s hwclock --systohc +d + +e "setting locale" +s sed -i 's/#de_DE\.UTF-8/de_DE.UTF-8/g' /etc/locale.gen +s locale-gen +echo "LANG=de_DE.UTF-8" > /etc/locale.con#f echo "KEYMAP=de-latin1" > /etc/vconsole.conf -echo "motop" > /etc/hostname -echo "# Static table lookup for hostnames.\n"` - `"# See hosts(5) for details.\n"` - `"127.0.0.1 motop\n"` - `"::1 motop\n"` - `"127.0.1.1 motop.localdomain motop" > /etc/hosts -sed -i 's/FILES=()/FILES=(\/luks.key)/g' /etc/mkinitcpio.conf +d +e "setting hostname $host" +echo "$host" > /etc/hostname +echo "127.0.0.1 $host" > /etc/hosts +echo "::1 $host" >> /etc/hosts +echo "127.0.1.1 $host.localdomain $host" >> /etc/hosts +d + +e "initializing pacman" +S pacman-key --init +d + +e "generating keyfile to unlock luks lvm after boot" +S dd bs=512 count=4 if=/dev/urandom of=/luks.key iflag=fullblock +s chmod 000 /luks.key +echo "$encryption_password" | cryptsetup -q luksAddKey "${storage}2" /luks.key +d + +e "generating mkinitcpio" +#s sed -i 's/ filesystems keyboard / keyboard keymap encrypt lvm2 filesystems /g' /etc/mkinitcpio.conf +#s sed -i 's/FILES=()/FILES=(\/luks.key)/g' /etc/mkinitcpio.conf +S mkinitcpio -p linux +S chmod 600 /boot/initramfs-linux* +d + +e "configuring grub" +#s sed -i 's/#GRUB_ENABLE_CRYPTODISK/GRUB_ENABLE_CRYPTODISK/g' /etc/default/grub +s sed -i 's/UUID=:/UUID=$uuid:/g' /etc/default/grub +#TODO +# for efi mode this needs to be run from an efi system, else this will fail +S grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB --recheck +S grub-mkconfig -o /boot/grub/grub.cfg +d + +e "changing root password" +echo -e "${root_password}\n${root_password}" | passwd +d + +e "adding user $user" +s useradd -m "$user" +echo -e "${user_password}\n${user_password}" | passwd $user +d + +e "yay" +S pacman -S --needed --noconfirm go +su $user -c "cd; git clone https://aur.archlinux.org/yay.git; cd yay; makepkg -s;" +S pacman --noconfirm -U "/home/$user/yay/"\$(ls -ahl /home/$user/yay/ | grep -oE "yay-[0-9.-]+x86_64.pkg.tar.xz") +cd /root +s rm -rf /home/$user/yay +d + +e "printing" +s systemctl enable org.cups.cupsd.service +d + +e "performance" +echo -n 1 > /sys/devices/system/cpu/intel_pstate/no_turbo +s systemctl enable --now tlp.service tlp-sleep.service +s sed -i 's/CriticalPowerAction=HybridSleep/CriticalPowerAction=PowerOff/' /etc/UPower/UPower.conf +d + +e "bluetooth" +s modprobe btusb +s systemctl enable bluetooth.service +d + +e "wifi" +s modprobe iwlwifi +d + +e "git" +s git config --global user.email "$email" +s git config --global user.name "$user" +d + +#e "restoring config" + +exit +EOF +s cp mkinitcpio.conf /mnt/etc/mkinitcpio.conf +s cp grub /mnt/etc/default/grub +d + +e "chrooting into arch" +s arch-chroot /mnt chmod u+x /root/install.sh +d +arch-chroot /mnt /root/install.sh diff --git a/mkinitcpio.conf b/mkinitcpio.conf new file mode 100644 index 0000000..baac20c --- /dev/null +++ b/mkinitcpio.conf @@ -0,0 +1,66 @@ +# vim:set ft=sh +# MODULES +# The following modules are loaded before any boot hooks are +# run. Advanced users may wish to specify all system modules +# in this array. For instance: +# MODULES=(piix ide_disk reiserfs) +MODULES=() + +# BINARIES +# This setting includes any additional binaries a given user may +# wish into the CPIO image. This is run last, so it may be used to +# override the actual binaries included by a given hook +# BINARIES are dependency parsed, so you may safely ignore libraries +BINARIES=() + +# FILES +# This setting is similar to BINARIES above, however, files are added +# as-is and are not parsed in any way. This is useful for config files. +FILES=(/luks.key) + +# HOOKS +# This is the most important setting in this file. The HOOKS control the +# modules and scripts added to the image, and what happens at boot time. +# Order is important, and it is recommended that you do not change the +# order in which HOOKS are added. Run 'mkinitcpio -H ' for +# help on a given hook. +# 'base' is _required_ unless you know precisely what you are doing. +# 'udev' is _required_ in order to automatically load modules +# 'filesystems' is _required_ unless you specify your fs modules in MODULES +# Examples: +## This setup specifies all modules in the MODULES setting above. +## No raid, lvm2, or encrypted root is needed. +# HOOKS=(base) +# +## This setup will autodetect all modules for your system and should +## work as a sane default +# HOOKS=(base udev autodetect block filesystems) +# +## This setup will generate a 'full' image which supports most systems. +## No autodetection is done. +# HOOKS=(base udev block filesystems) +# +## This setup assembles a pata mdadm array with an encrypted root FS. +## Note: See 'mkinitcpio -H mdadm' for more information on raid devices. +# HOOKS=(base udev block mdadm encrypt filesystems) +# +## This setup loads an lvm2 volume group on a usb device. +# HOOKS=(base udev block lvm2 filesystems) +# +## NOTE: If you have /usr on a separate partition, you MUST include the +# usr, fsck and shutdown hooks. +HOOKS=(base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck) + +# COMPRESSION +# Use this to compress the initramfs image. By default, gzip compression +# is used. Use 'cat' to create an uncompressed image. +#COMPRESSION="gzip" +#COMPRESSION="bzip2" +#COMPRESSION="lzma" +#COMPRESSION="xz" +#COMPRESSION="lzop" +#COMPRESSION="lz4" + +# COMPRESSION_OPTIONS +# Additional options for the compressor +#COMPRESSION_OPTIONS=()