3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
5 for x
in /etc
/*.pacorig
; do
6 # This started breaking immediately when I stoped doing genfstab.
7 # It's probably not needed anymore
12 echo $hostname > /etc
/hostname
13 [[ -L /etc
/localtime
]] ||
ln -s /usr
/share
/zoneinfo
/America
/Los_Angeles
/etc
/localtime
15 echo "$l UTF-8" > /etc
/locale.gen
17 echo "LANG=$l" > /etc
/locale.conf
18 # if coming from windows, and you had to set the time, do this
19 # hwclock --systohc --utc
21 # A password is required to access the volume:
22 # Command requires device and ampped name as arguments
24 # If we were using btrfs raid, we supposedly would need this.
25 # # add btrfs as module instead of hook due to
26 # # https://wiki.archlinux.org/index.php/Btrfs,
27 # # https://bugs.archlinux.org/task/42884
28 # # disabled, as with just the module, startup spammed something about
29 # # command takes a device name and something else.
30 # sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
31 # # remove extra space
32 # sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
37 # for desktop without full fs encryption, use this:
38 #cat > /etc/crypttab <<'EOF'
39 #tmp /dev/lvm/tmp /dev/urandom tmp,cipher=aes-xts-plain64,size=256
41 # otgherwise ERROR: file not found: `fsck.btrfs'
42 pacman
-S --noconfirm btrfs-progs
44 pacman
-S --noconfirm grub gptfdisk
50 # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
51 # if cryptdevice was lvm, it woulde be in this format,
52 # where x2-vg is from lvdisplay, VG Name field.
53 # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
54 # but, if you are using your own fstab, it seems you just give it a name,
55 # which will be the crypt device name under /dev/mapper/
56 # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
59 root_devs
=( ${ROOT_PARTITIONS} )
60 first_root_dev
=${root_devs[0]}
64 cryptdevices
=${ROOT_PARTITIONS// /,}
65 root
=/dev
/mapper
/crypt_dev_
${first_root_dev##*/}
66 resume
=${first_root_dev%[0-9]}$swapn
68 extra_encrypt_hooks
=()
71 # If we have more than 1 to decrypt, arch wiki lead me onto
72 # a sort of hacky way run the encrypt hook multiple times.
74 base
=/usr
/lib
/initcpio
77 # https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
78 # used to have lvm2 after encrypt for lvm, but not using lvm anymore
79 for x
in encrypt btrfs
; do
80 sed -ri -f - /etc
/mkinitcpio.conf
<<EOF
81 /^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
85 # this is the default file, otherwise you use cryptkey=device:fstype:path
86 sed -ri -f - /etc
/mkinitcpio.conf
<<EOF
87 s#^\s*FILES=.*#FILES="/crypto_keyfile.bin"#
90 grep FILES
/etc
/mkinitcpio.conf
92 echo "$0: grub cmdline additions: $k_args"
93 sed -ri -f - /etc
/default
/grub
<<EOF
94 \%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
100 # remove the default quiet arg.
101 # this doesn't seem to affect anything, so leave it alone.
102 #sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
104 # https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
105 for dev
in $BOOT_DEVICE; do
106 grub-install
--recheck $dev
108 grub-mkconfig
-o /boot
/grub
/grub.cfg
109 # gtk2 is an optional dependency of unison.
110 # debian's unison binary has it linked in,
111 # so i install it so I can use the same binary for syncing
113 pacman
-S --noconfirm openssh unison gtk2 rsync
115 echo "root:$ROOTPW" | chpasswd
-e
117 pacman
-S --noconfirm sudo
119 # 9 = user already exists. so we are idempotent.
120 useradd
-m -p "$ROOTPW" ian ||
[[ $?
== 9 ]]
122 if [[ $hostname == frodo
]]; then
123 useradd
-m -p "$TPPASS" traci ||
[[ $?
== 9 ]]
125 useradd
-m traci ||
[[ $?
== 9 ]]
127 # comparing ian's groups to traci, I see none she should join on arch
128 usermod
-a -G traci ian
131 /root
/distro-install-common
/end
132 systemctl
enable sshd
134 rm -rf /home
/ian
/.
ssh
135 cp -r /root
/.
ssh /home
/ian
136 chown
-R ian
:ian
/home
/ian
/.
ssh
137 # the groups recommended by
138 # https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
139 usermod
-aG games
,rfkill
,users
,uucp,wheel ian
142 pacman
-S --noconfirm net-tools
# for route
143 # get the mac of the interface used by the broadcast route.
144 mac
=$
(cat /sys
/class
/net
/$
(route
-n |
sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address
)
148 cat > /etc
/systemd
/network
/wired.network
<<EOF
156 cat > /etc
/systemd
/network
/br0.network
<<EOF
164 cat > /etc
/systemd
/network
/br0.netdev
<<EOF
168 # use the same mac as the physical port,
169 # which is mapped to a static ip in our dhcp server.
176 for x
in networkd resolved
; do systemctl
enable systemd-
$x; done