-
Notifications
You must be signed in to change notification settings - Fork 2
/
install.sh
executable file
·113 lines (91 loc) · 2.7 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#! /bin/bash
set -v -e -u -o pipefail
trap on_exit EXIT
on_exit() {
echo
if [[ "$?" = 0 ]] ; then
echo 'SUCCESS!'
else
echo 'FAILURE!'
fi
}
packages=(
base
base-devel
linux
linux-firmware
intel-ucode
networkmanager
reflector
)
drive="${1:-}"
if [[ -z "$drive" ]] ; then
echo Must specify a drive.
exit 1
fi
read -s -p "New password: " password; echo
read -s -p "Confirm password: " confirm; echo
if [ "$password" != "$confirm" ]; then
echo "Passwords don't match."
exit 1
fi
# Turn on NTP on the host, so that the time is synced when we get to hwclock.
timedatectl set-ntp on
# Note that "US," means both US and worldwide mirros.
reflector --country=US, --protocol=https --threads=4 --fastest=5 --save=/etc/pacman.d/mirrorlist
PARTED() {
parted --script --align optimal "$drive" -- "$@"
}
PARTED mklabel gpt
PARTED mkpart primary 0% 512MiB
PARTED set 1 esp on
boot_partition="$(ls "${drive}"*1)"
mkfs.fat -F32 "$boot_partition"
PARTED mkpart primary 512MiB 100%
luks_partition="$(ls "${drive}"*2)"
luks_name="luks"
echo -n "$password" | cryptsetup --batch-mode luksFormat "$luks_partition"
echo -n "$password" | cryptsetup luksOpen "$luks_partition" "$luks_name"
root_device="/dev/mapper/$luks_name"
mkfs.btrfs "$root_device"
mount "$root_device" /mnt
mkdir /mnt/boot
mount "$boot_partition" /mnt/boot
# Make a swapfile that's half the size of physical RAM.
ram_mb="$(free -m | grep "Mem:" | awk '{print $2}')"
swap_mb="$(( ram_mb / 2 ))"
swapfile="/mnt/swapfile"
truncate -s 0 "$swapfile"
chattr +C "$swapfile"
btrfs property set "$swapfile" compression none
dd if=/dev/zero of="$swapfile" bs=1M count="$swap_mb" status=progress
chmod 600 "$swapfile"
mkswap "$swapfile"
swapon "$swapfile"
pacstrap /mnt "${packages[@]}"
genfstab -p /mnt > /mnt/etc/fstab
ln -sf /usr/share/zoneinfo/America/New_York /mnt/etc/localtime
echo 'LANG="en_US.UTF-8"' > /mnt/etc/locale.conf
echo 'en_US.UTF-8 UTF-8' > /mnt/etc/locale.gen
mkdir -p /mnt/boot/loader/entries
cat > /mnt/boot/loader/entries/arch.conf <<END
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=$luks_partition:$luks_name root=$root_device rw
END
# Hooks from https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system
# minus "fsck", because btrfs doesn't support/need it
cat > /mnt/etc/mkinitcpio.conf <<END
HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems)
END
arch-chroot /mnt bash -v -e -u -o pipefail <<END
locale-gen
systemctl enable NetworkManager systemd-timesyncd
hwclock --systohc
mkinitcpio -p linux
bootctl --path=/boot install
echo "root:$password" | chpasswd
END
echo 'SUCCESS!'