iankelling.org Git - automated-distro-installer/blob - arch-init-chroot

   1 #!/bin/bash -x
   2 set -eE -o pipefail
   3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?"' ERR
   4
   5 for x in /etc/*.pacorig; do
   6     # This started breaking immediately when I stoped doing genfstab.
   7     # It's probably not needed anymore
   8     [[ -e $x ]] || break
   9     mv $x ${x%.pacorig}
  10 done
  11
  12 echo $hostname > /etc/hostname
  13 ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
  14 l=en_US.UTF-8
  15 echo "$l UTF-8" > /etc/locale.gen
  16 locale-gen
  17 echo "LANG=$l" > /etc/locale.conf
  18 # if coming from windows, and you had to set the time, do this
  19 # hwclock --systohc --utc
  20
  21 # A password is required to access the  volume:
  22 # Command requires device and ampped name as arguments
  23
  24 # If we were using btrfs raid, we supposedly would need this.
  25 # # add btrfs as module instead of hook due to
  26 # # https://wiki.archlinux.org/index.php/Btrfs,
  27 # # https://bugs.archlinux.org/task/42884
  28 # # disabled, as with just the module, startup spammed something about
  29 # # command takes a device name and something else.
  30 # sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
  31 # # remove extra space
  32 # sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
  33
  34 # https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
  35 # used to have lvm2 after encrypt for lvm.
  36 for x in encrypt encrypt1 btrfs; do sed -ri -f - /etc/mkinitcpio.conf <<EOF
  37 /^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
  38 EOF
  39 done
  40
  41
  42
  43 # for desktop without full fs encryption, use this:
  44 #cat > /etc/crypttab <<'EOF'
  45 #tmp  /dev/lvm/tmp  /dev/urandom  tmp,cipher=aes-xts-plain64,size=256
  46
  47 # otgherwise ERROR: file not found: `fsck.btrfs'
  48 pacman -S --noconfirm btrfs-progs
  49
  50 pacman -S --noconfirm grub gptfdisk
  51
  52 if [[ $hostname == x2 || $hostname == demohost ]]; then
  53     echo "$0: fstab:"
  54     cat /etc/fstab
  55     # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
  56     # if cryptdevice was lvm, it woulde be in this format,
  57     # where x2-vg is from lvdisplay, VG Name field.
  58     # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
  59     # but, if you are using your own fstab, it seems you just give it a name,
  60     # which will be the crypt device name under /dev/mapper/
  61     # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
  62     crypt_dev=(/dev/?da$rootn)
  63     crypt_name=crypt_dev_${crypt_dev##/dev/}
  64     k_args=(
  65         cryptdevice=$crypt_dev:$crypt_name:allow-discards
  66         root=/dev/mapper/$crypt_name
  67         resume=${crypt_dev%[0-9]}$swapn
  68     )
  69     crypt_mapper_devs=(/dev/mapper/crypt_dev_?d[a-z]$rootn)
  70     keyfile_vars=()
  71     for ((i=1; i < ${#crypt_mapper_devs[@]}; i++)); do
  72         ((i!=1)) || dup_keys=(" ")
  73         cp /crypto_keyfile.bin /crypto_keyfile$i.bin
  74         dup_keys+=(/crypto_keyfile$i.bin)
  75         base=/usr/lib/initcpio
  76         cp $base/hooks/encrypt{,$i}
  77         cp $base/install/encrypt{,$i}
  78         sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
  79         sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
  80         crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
  81         crypt_dev=/dev/${crypt_name#crypt_dev_}
  82         k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
  83                  cryptkey$i=rootfs:/crypto_keyfile$i.bin)
  84     done
  85     # this is the default file, otherwise you use cryptkey=device:fstype:path
  86     sed -ri -f - /etc/mkinitcpio.conf <<EOF
  87 s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
  88 EOF
  89     echo "$0: FILES:"
  90     grep FILES /etc/mkinitcpio.conf
  91     k_args="${k_args[*]}"
  92     echo "$0: grub cmdline additions: $k_args"
  93     sed -ri -f - /etc/default/grub <<EOF
  94 \%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
  95 EOF
  96 fi
  97
  98 mkinitcpio -p linux
  99
 100
 101 # remove the default quiet arg.
 102 # this doesn't seem to affect anything, so leave it alone.
 103 #sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
 104
 105 # https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
 106 grub-install --recheck $grubdisk
 107 grub-mkconfig -o /boot/grub/grub.cfg
 108 pacman -S --noconfirm openssh unison
 109
 110 echo "root:$ROOTPW" | chpasswd -e
 111
 112 pacman -S --noconfirm sudo
 113
 114 useradd -m -p "$ROOTPW" ian
 115
 116 /root/distro-install-common/end
 117 systemctl enable sshd
 118
 119 rm -rf /home/ian/.ssh
 120 cp -r /root/.ssh /home/ian
 121 chown ian:ian /home/ian/.ssh
 122 # the groups recommended by
 123 # https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
 124 usermod -aG games,rfkill,users,uucp,wheel ian
 125
 126 # setup a bridge, so we can have 1st class vms.
 127 cat > /etc/systemd/network/wired.network <<EOF
 128 [Match]
 129 Name=en*
 130
 131 [Network]
 132 Bridge=br0
 133 EOF
 134
 135 cat > /etc/systemd/network/br0.network <<EOF
 136 [Match]
 137 Name=br0
 138
 139 [Network]
 140 DHCP=ipv4
 141 EOF
 142
 143 pacman -S --noconfirm net-tools # for route
 144 mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)
 145 cat > /etc/systemd/network/br0.netdev <<EOF
 146 [NetDev]
 147 Name=br0
 148 Kind=bridge
 149 # use the same mac as the physical port,
 150 # which is mapped to a static ip in our dhcp server.
 151 MACAddress=$mac
 152 EOF
 153
 154 for x in networkd resolved; do systemctl enable systemd-$x; done