X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;ds=sidebyside;f=arch-init-chroot;fp=arch-init-chroot;h=53a2b944f72ad2583e8d16f0aa9500f4f8633d21;hb=a4bf1d090bfbb5603bd6f2aa9f67a2e8a702d476;hp=0000000000000000000000000000000000000000;hpb=ce5290b5a6eee95cc59b5c1651d73a224c3d5bbd;p=automated-distro-installer

diff --git a/arch-init-chroot b/arch-init-chroot
new file mode 100755
index 0000000..53a2b94
--- /dev/null
+++ b/arch-init-chroot
@@ -0,0 +1,151 @@
+#!/bin/bash -x
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
+
+for x in /etc/*.pacorig; do
+    mv $x ${x%.pacorig}
+done
+
+echo $hostname > /etc/hostname
+ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
+l=en_US.UTF-8
+echo "$l UTF-8" > /etc/locale.gen
+locale-gen
+echo "LANG=$l" > /etc/locale.conf
+# if coming from windows, and you had to set the time, do this
+# hwclock --systohc --utc
+
+# A password is required to access the  volume:
+# Command requires device and ampped name as arguments
+
+# If we were using btrfs raid, we supposedly would need this.
+# # add btrfs as module instead of hook due to
+# # https://wiki.archlinux.org/index.php/Btrfs,
+# # https://bugs.archlinux.org/task/42884
+# # disabled, as with just the module, startup spammed something about
+# # command takes a device name and something else.
+# sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
+# # remove extra space
+# sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
+
+# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
+# used to have lvm2 after encrypt for lvm.
+for x in encrypt encrypt1 btrfs; do sed -ri -f - /etc/mkinitcpio.conf <<EOF
+/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
+EOF
+done
+
+
+
+# for desktop without full fs encryption, use this:
+#cat > /etc/crypttab <<'EOF'
+#tmp  /dev/lvm/tmp  /dev/urandom  tmp,cipher=aes-xts-plain64,size=256
+
+# otgherwise ERROR: file not found: `fsck.btrfs'
+pacman -S --noconfirm btrfs-progs
+
+pacman -S --noconfirm grub gptfdisk
+
+if [[ $hostname == x2 || $hostname == demohost ]]; then
+    echo "$0: fstab:"
+    cat /etc/fstab
+    # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
+    # if cryptdevice was lvm, it woulde be in this format,
+    # where x2-vg is from lvdisplay, VG Name field.
+    # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
+    # but, if you are using your own fstab, it seems you just give it a name,
+    # which will be the crypt device name under /dev/mapper/
+    # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
+    crypt_dev=(/dev/?da3)
+    crypt_name=crypt_dev_${crypt_dev##/dev/}
+    k_args=(
+        cryptdevice=$crypt_dev:$crypt_name:allow-discards
+        root=/dev/mapper/$crypt_name
+        resume=${crypt_dev%3}2
+    )
+    crypt_mapper_devs=(/dev/mapper/crypt_dev_?d[a-z]3)
+    keyfile_vars=()
+    for ((i=1; i < ${#crypt_mapper_devs[@]}; i++)); do
+        ((i!=1)) || dup_keys=(" ")
+        cp /crypto_keyfile.bin /crypto_keyfile$i.bin
+        dup_keys+=(/crypto_keyfile$i.bin)
+        base=/usr/lib/initcpio
+        cp $base/hooks/encrypt{,$i}
+        cp $base/install/encrypt{,$i}
+        sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
+        sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
+        crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
+        crypt_dev=/dev/${crypt_name#crypt_dev_}
+        k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
+                 cryptkey$i=rootfs:/crypto_keyfile$i.bin)
+    done
+    # this is the default file, otherwise you use cryptkey=device:fstype:path
+    sed -ri -f - /etc/mkinitcpio.conf <<EOF
+s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
+EOF
+    echo "$0: FILES:"
+    grep FILES /etc/mkinitcpio.conf
+    k_args="${k_args[*]}"
+    echo "$0: grub cmdline additions: $k_args"
+    sed -ri -f - /etc/default/grub <<EOF
+\%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
+EOF
+fi
+
+mkinitcpio -p linux
+
+
+# remove the default quiet arg.
+# this doesn't seem to affect anything, so leave it alone.
+#sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
+
+# https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
+grub-install --recheck $grubdisk
+grub-mkconfig -o /boot/grub/grub.cfg
+pacman -S --noconfirm openssh unison
+
+echo "root:$ROOTPW" | chpasswd -e
+
+pacman -S --noconfirm sudo
+
+useradd -m -p "$ROOTPW" ian
+
+/root/distro-install-common/end
+systemctl enable sshd
+
+rm -rf /home/ian/.ssh
+cp -r /root/.ssh /home/ian
+chown ian:ian /home/ian/.ssh
+# the groups recommended by
+# https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
+usermod -aG games,rfkill,users,uucp,wheel ian
+
+# setup a bridge, so we can have 1st class vms.
+cat > /etc/systemd/network/wired.network <<EOF
+[Match]
+Name=en*
+
+[Network]
+Bridge=br0
+EOF
+
+cat > /etc/systemd/network/br0.network <<EOF
+[Match]
+Name=br0
+
+[Network]
+DHCP=ipv4
+EOF
+
+pacman -S --noconfirm net-tools # for route
+mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
+cat > /etc/systemd/network/br0.netdev <<EOF
+[NetDev]
+Name=br0
+Kind=bridge
+# use the same mac as the physical port,
+# which is mapped to a static ip in our dhcp server.
+MACAddress=$mac
+EOF
+
+for x in networkd resolved; do systemctl enable systemd-$x; done