#!/bin/bash -x
set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
for x in /etc/*.pacorig; do
# This started breaking immediately when I stoped doing genfstab.
done
echo $hostname > /etc/hostname
-ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
+[[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
l=en_US.UTF-8
echo "$l UTF-8" > /etc/locale.gen
locale-gen
# # remove extra space
# sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
-# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
-# used to have lvm2 after encrypt for lvm.
-for x in encrypt encrypt1 btrfs; do sed -ri -f - /etc/mkinitcpio.conf <<EOF
-/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
-EOF
-done
pacman -S --noconfirm grub gptfdisk
-if [[ $hostname == x2 || $hostname == demohost ]]; then
- echo "$0: fstab:"
- cat /etc/fstab
- # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
- # if cryptdevice was lvm, it woulde be in this format,
- # where x2-vg is from lvdisplay, VG Name field.
- # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
- # but, if you are using your own fstab, it seems you just give it a name,
- # which will be the crypt device name under /dev/mapper/
- # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
- crypt_dev=(/dev/?da$rootn)
- crypt_name=crypt_dev_${crypt_dev##/dev/}
- k_args=(
- cryptdevice=$crypt_dev:$crypt_name:allow-discards
- root=/dev/mapper/$crypt_name
- resume=${crypt_dev%[0-9]}$swapn
- )
- crypt_mapper_devs=(/dev/mapper/crypt_dev_?d[a-z]$rootn)
- keyfile_vars=()
- for ((i=1; i < ${#crypt_mapper_devs[@]}; i++)); do
- ((i!=1)) || dup_keys=(" ")
- cp /crypto_keyfile.bin /crypto_keyfile$i.bin
- dup_keys+=(/crypto_keyfile$i.bin)
- base=/usr/lib/initcpio
- cp $base/hooks/encrypt{,$i}
- cp $base/install/encrypt{,$i}
- sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
- sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
- crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
- crypt_dev=/dev/${crypt_name#crypt_dev_}
- k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
- cryptkey$i=rootfs:/crypto_keyfile$i.bin)
- done
- # this is the default file, otherwise you use cryptkey=device:fstype:path
+
+shopt -s extglob
+echo "$0: fstab:"
+cat /etc/fstab
+# https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
+# if cryptdevice was lvm, it woulde be in this format,
+# where x2-vg is from lvdisplay, VG Name field.
+# cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
+# but, if you are using your own fstab, it seems you just give it a name,
+# which will be the crypt device name under /dev/mapper/
+# https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
+
+first_boot_dev=${BOOT_DEVICE%% *}
+crypt_dev=${first_boot_dev}$rootn
+crypt_name=$(/root/devbyid $crypt_dev)
+crypt_name=crypt_dev_${crypt_name##*/}
+
+
+k_args=(
+ cryptdevice=$crypt_dev:$crypt_name:allow-discards
+ root=/dev/mapper/$crypt_name
+ resume=${crypt_dev%[0-9]}$swapn
+)
+crypt_mapper_devs=(/dev/mapper/crypt_dev_*$rootn)
+crypt_count=${#crypt_mapper_devs[@]}
+if [[ crypt_count == 0 ]]; then
+ echo "$0: error: expected crypt_mapper_devs length to be > 0"
+ ls -la /dev/mapper
+ exit 1
+fi
+keyfile_vars=()
+dup_keys=()
+extra_encrypt_hooks=()
+
+
+# If we have more than 1 to decrypt, arch wiki lead me onto
+# a sort of hacky way run the encrypt hook multiple times.
+for ((i=1; i < $crypt_count; i++)); do
+ extra_encrypt_hooks+=(encrypt$i)
+ if (( i = 1 )); then dup_keys=(" "); fi # prefix with an empty space
+ cp /crypto_keyfile.bin /crypto_keyfile$i.bin
+ dup_keys+=(/crypto_keyfile$i.bin)
+ base=/usr/lib/initcpio
+ cp $base/hooks/encrypt{,$i}
+ cp $base/install/encrypt{,$i}
+ sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
+ sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
+ crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
+ crypt_dev=/dev/${crypt_name#crypt_dev_}
+ k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
+ cryptkey$i=rootfs:/crypto_keyfile$i.bin)
+done
+
+# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
+# used to have lvm2 after encrypt for lvm, but not using lvm anymore
+for x in encrypt ${extra_encrypt_hooks[@]} btrfs; do
sed -ri -f - /etc/mkinitcpio.conf <<EOF
+/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
+EOF
+done
+
+# this is the default file, otherwise you use cryptkey=device:fstype:path
+sed -ri -f - /etc/mkinitcpio.conf <<EOF
s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
EOF
- echo "$0: FILES:"
- grep FILES /etc/mkinitcpio.conf
- k_args="${k_args[*]}"
- echo "$0: grub cmdline additions: $k_args"
- sed -ri -f - /etc/default/grub <<EOF
+echo "$0: FILES:"
+grep FILES /etc/mkinitcpio.conf
+k_args="${k_args[*]}"
+echo "$0: grub cmdline additions: $k_args"
+sed -ri -f - /etc/default/grub <<EOF
\%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
EOF
-fi
mkinitcpio -p linux
#sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
# https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
-grub-install --recheck $grubdisk
+for dev in $BOOT_DEVICE; do
+ grub-install --recheck $dev
+done
grub-mkconfig -o /boot/grub/grub.cfg
pacman -S --noconfirm openssh unison
pacman -S --noconfirm sudo
-useradd -m -p "$ROOTPW" ian
+# 9 = user already exists. so we are idempotent.
+useradd -m -p "$ROOTPW" ian || [[ $? == 9 ]]
+
+if [[ $hostname == frodo ]]; then
+ useradd -m -p "$TPPASS" traci || [[ $? == 9 ]]
+else
+ useradd -m traci || [[ $? == 9 ]]
+fi
+# comparing ian's groups to traci, I see none she should join on arch
+usermod -a -G traci ian
+
/root/distro-install-common/end
systemctl enable sshd
# https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
usermod -aG games,rfkill,users,uucp,wheel ian
-# setup a bridge, so we can have 1st class vms.
+
+pacman -S --noconfirm net-tools # for route
+# get the mac of the interface used by the broadcast route.
+mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
+
+
+# simple bridge.
cat > /etc/systemd/network/wired.network <<EOF
[Match]
Name=en*
DHCP=ipv4
EOF
-pacman -S --noconfirm net-tools # for route
-mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
cat > /etc/systemd/network/br0.netdev <<EOF
[NetDev]
Name=br0
MACAddress=$mac
EOF
+
+
+
for x in networkd resolved; do systemctl enable systemd-$x; done