53a2b944f72ad2583e8d16f0aa9500f4f8633d21
3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
5 for x
in /etc
/*.pacorig
; do
9 echo $hostname > /etc
/hostname
10 ln -s /usr
/share
/zoneinfo
/America
/Los_Angeles
/etc
/localtime
12 echo "$l UTF-8" > /etc
/locale.gen
14 echo "LANG=$l" > /etc
/locale.conf
15 # if coming from windows, and you had to set the time, do this
16 # hwclock --systohc --utc
18 # A password is required to access the volume:
19 # Command requires device and ampped name as arguments
21 # If we were using btrfs raid, we supposedly would need this.
22 # # add btrfs as module instead of hook due to
23 # # https://wiki.archlinux.org/index.php/Btrfs,
24 # # https://bugs.archlinux.org/task/42884
25 # # disabled, as with just the module, startup spammed something about
26 # # command takes a device name and something else.
27 # sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
28 # # remove extra space
29 # sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
31 # https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
32 # used to have lvm2 after encrypt for lvm.
33 for x
in encrypt encrypt1 btrfs
; do sed -ri -f - /etc
/mkinitcpio.conf
<<EOF
34 /^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
40 # for desktop without full fs encryption, use this:
41 #cat > /etc/crypttab <<'EOF'
42 #tmp /dev/lvm/tmp /dev/urandom tmp,cipher=aes-xts-plain64,size=256
44 # otgherwise ERROR: file not found: `fsck.btrfs'
45 pacman
-S --noconfirm btrfs-progs
47 pacman
-S --noconfirm grub gptfdisk
49 if [[ $hostname == x2 ||
$hostname == demohost
]]; then
52 # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
53 # if cryptdevice was lvm, it woulde be in this format,
54 # where x2-vg is from lvdisplay, VG Name field.
55 # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
56 # but, if you are using your own fstab, it seems you just give it a name,
57 # which will be the crypt device name under /dev/mapper/
58 # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
60 crypt_name
=crypt_dev_
${crypt_dev##/dev/}
62 cryptdevice
=$crypt_dev:$crypt_name:allow-discards
63 root
=/dev
/mapper
/$crypt_name
64 resume
=${crypt_dev%3}2
66 crypt_mapper_devs
=(/dev
/mapper
/crypt_dev_?d
[a-z
]3)
68 for ((i
=1; i
< ${#crypt_mapper_devs[@]}; i
++)); do
69 ((i
!=1)) || dup_keys
=(" ")
70 cp /crypto_keyfile.bin
/crypto_keyfile
$i.bin
71 dup_keys
+=(/crypto_keyfile
$i.bin
)
72 base
=/usr
/lib
/initcpio
73 cp $base/hooks
/encrypt
{,$i}
74 cp $base/install
/encrypt
{,$i}
75 sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks
/encrypt
$i
76 sed -i "s/cryptkey/cryptkey$i/" $base/hooks
/encrypt
$i
77 crypt_name
=${crypt_mapper_devs[i]#/dev/mapper/}
78 crypt_dev
=/dev
/${crypt_name#crypt_dev_}
79 k_args
+=(cryptdevice
$i=$crypt_dev:$crypt_name:allow-discards
80 cryptkey
$i=rootfs
:/crypto_keyfile
$i.bin
)
82 # this is the default file, otherwise you use cryptkey=device:fstype:path
83 sed -ri -f - /etc
/mkinitcpio.conf
<<EOF
84 s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
87 grep FILES
/etc
/mkinitcpio.conf
89 echo "$0: grub cmdline additions: $k_args"
90 sed -ri -f - /etc
/default
/grub
<<EOF
91 \%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
98 # remove the default quiet arg.
99 # this doesn't seem to affect anything, so leave it alone.
100 #sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
102 # https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
103 grub-install
--recheck $grubdisk
104 grub-mkconfig
-o /boot
/grub
/grub.cfg
105 pacman
-S --noconfirm openssh unison
107 echo "root:$ROOTPW" | chpasswd
-e
109 pacman
-S --noconfirm sudo
111 useradd
-m -p "$ROOTPW" ian
113 /root
/distro-install-common
/end
114 systemctl
enable sshd
116 rm -rf /home
/ian
/.
ssh
117 cp -r /root
/.
ssh /home
/ian
118 chown ian
:ian
/home
/ian
/.
ssh
119 # the groups recommended by
120 # https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
121 usermod
-aG games
,rfkill
,users
,uucp,wheel ian
123 # setup a bridge, so we can have 1st class vms.
124 cat > /etc
/systemd
/network
/wired.network
<<EOF
132 cat > /etc
/systemd
/network
/br0.network
<<EOF
140 pacman
-S --noconfirm net-tools
# for route
141 mac
=$
(cat /sys
/class
/net
/$
(route
-n |
sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address
)
142 cat > /etc
/systemd
/network
/br0.netdev
<<EOF
146 # use the same mac as the physical port,
147 # which is mapped to a static ip in our dhcp server.
151 for x
in networkd resolved
; do systemctl
enable systemd-
$x; done