iankelling.org Git - automated-distro-installer/blob - arch-init-chroot

   1 #!/bin/bash -x
   2 set -eE -o pipefail
   3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
   4
   5 for x in /etc/*.pacorig; do
   6     # This started breaking immediately when I stoped doing genfstab.
   7     # It's probably not needed anymore
   8     [[ -e $x ]] || break
   9     mv $x ${x%.pacorig}
  10 done
  11
  12 echo $hostname > /etc/hostname
  13 [[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
  14 l=en_US.UTF-8
  15 echo "$l UTF-8" > /etc/locale.gen
  16 locale-gen
  17 echo "LANG=$l" > /etc/locale.conf
  18 # if coming from windows, and you had to set the time, do this
  19 # hwclock --systohc --utc
  20
  21 # A password is required to access the  volume:
  22 # Command requires device and ampped name as arguments
  23
  24 # If we were using btrfs raid, we supposedly would need this.
  25 # # add btrfs as module instead of hook due to
  26 # # https://wiki.archlinux.org/index.php/Btrfs,
  27 # # https://bugs.archlinux.org/task/42884
  28 # # disabled, as with just the module, startup spammed something about
  29 # # command takes a device name and something else.
  30 # sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
  31 # # remove extra space
  32 # sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
  33
  34
  35
  36
  37 # for desktop without full fs encryption, use this:
  38 #cat > /etc/crypttab <<'EOF'
  39 #tmp  /dev/lvm/tmp  /dev/urandom  tmp,cipher=aes-xts-plain64,size=256
  40
  41 # otgherwise ERROR: file not found: `fsck.btrfs'
  42 pacman -S --noconfirm btrfs-progs
  43
  44 pacman -S --noconfirm grub gptfdisk
  45
  46
  47 shopt -s extglob
  48 echo "$0: fstab:"
  49 cat /etc/fstab
  50 # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
  51 # if cryptdevice was lvm, it woulde be in this format,
  52 # where x2-vg is from lvdisplay, VG Name field.
  53 # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
  54 # but, if you are using your own fstab, it seems you just give it a name,
  55 # which will be the crypt device name under /dev/mapper/
  56 # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
  57
  58
  59 root_devs=( ${ROOT_PARTITIONS} )
  60 first_root_dev=${root_devs[0]}
  61
  62
  63 k_args=(
  64     cryptdevices=${ROOT_PARTITIONS// /,}
  65     root=/dev/mapper/crypt_dev_${first_root_dev##*/}
  66     resume=${first_root_dev%[0-9]}$swapn
  67 )
  68 extra_encrypt_hooks=()
  69
  70
  71 # If we have more than 1 to decrypt, arch wiki lead me onto
  72 # a sort of hacky way run the encrypt hook multiple times.
  73
  74 base=/usr/lib/initcpio
  75
  76
  77 # https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
  78 # used to have lvm2 after encrypt for lvm, but not using lvm anymore
  79 for x in encrypt btrfs; do
  80     sed -ri -f - /etc/mkinitcpio.conf <<EOF
  81 /^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
  82 EOF
  83 done
  84
  85 # this is the default file, otherwise you use cryptkey=device:fstype:path
  86 sed -ri -f - /etc/mkinitcpio.conf <<EOF
  87 s#^\s*FILES=.*#FILES="/crypto_keyfile.bin"#
  88 EOF
  89 echo "$0: FILES:"
  90 grep FILES /etc/mkinitcpio.conf
  91 k_args="${k_args[*]}"
  92 echo "$0: grub cmdline additions: $k_args"
  93 sed -ri -f - /etc/default/grub <<EOF
  94 \%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
  95 EOF
  96
  97 mkinitcpio -p linux
  98
  99
 100 # remove the default quiet arg.
 101 # this doesn't seem to affect anything, so leave it alone.
 102 #sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
 103
 104 # https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
 105 for dev in $BOOT_DEVICE; do
 106     grub-install --recheck $dev
 107 done
 108 grub-mkconfig -o /boot/grub/grub.cfg
 109 # gtk2 is an optional dependency of unison.
 110 # debian's unison binary has it linked in,
 111 # so i install it so I can use the same binary for syncing
 112 # the two distros.
 113 pacman -S --noconfirm openssh unison gtk2 rsync
 114
 115 echo "root:$ROOTPW" | chpasswd -e
 116
 117 pacman -S --noconfirm sudo
 118
 119 # 9 = user already exists. so we are idempotent.
 120 useradd -m -p "$ROOTPW" ian || [[ $? == 9 ]]
 121
 122 if [[ $hostname == frodo ]]; then
 123     useradd -m -p "$TPPASS" traci || [[ $? == 9 ]]
 124 else
 125     useradd -m traci || [[ $? == 9 ]]
 126 fi
 127 # comparing ian's groups to traci, I see none she should join on arch
 128 usermod -a -G traci ian
 129
 130
 131 /root/distro-install-common/end
 132 systemctl enable sshd
 133
 134 rm -rf /home/ian/.ssh
 135 cp -r /root/.ssh /home/ian
 136 chown -R ian:ian /home/ian/.ssh
 137 # the groups recommended by
 138 # https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
 139 usermod -aG games,rfkill,users,uucp,wheel ian
 140
 141
 142 pacman -S --noconfirm net-tools # for route
 143 # get the mac of the interface used by the broadcast route.
 144 mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
 145
 146
 147 # simple bridge.
 148 cat > /etc/systemd/network/wired.network <<EOF
 149 [Match]
 150 Name=en*
 151
 152 [Network]
 153 Bridge=br0
 154 EOF
 155
 156 cat > /etc/systemd/network/br0.network <<EOF
 157 [Match]
 158 Name=br0
 159
 160 [Network]
 161 DHCP=ipv4
 162 EOF
 163
 164 cat > /etc/systemd/network/br0.netdev <<EOF
 165 [NetDev]
 166 Name=br0
 167 Kind=bridge
 168 # use the same mac as the physical port,
 169 # which is mapped to a static ip in our dhcp server.
 170 MACAddress=$mac
 171 EOF
 172
 173
 174
 175
 176 for x in networkd resolved; do systemctl enable systemd-$x; done