better error output

[automated-distro-installer] / arch-init-chroot

#!/bin/bash -x
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

for x in /etc/*.pacorig; do
    # This started breaking immediately when I stoped doing genfstab.
    # It's probably not needed anymore
    [[ -e $x ]] || break
    mv $x ${x%.pacorig}
done

echo $hostname > /etc/hostname
[[ -L /etc/localtime ]] || ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
l=en_US.UTF-8
echo "$l UTF-8" > /etc/locale.gen
locale-gen
echo "LANG=$l" > /etc/locale.conf
# if coming from windows, and you had to set the time, do this
# hwclock --systohc --utc

# A password is required to access the  volume:
# Command requires device and ampped name as arguments

# If we were using btrfs raid, we supposedly would need this.
# # add btrfs as module instead of hook due to
# # https://wiki.archlinux.org/index.php/Btrfs,
# # https://bugs.archlinux.org/task/42884
# # disabled, as with just the module, startup spammed something about
# # command takes a device name and something else.
# sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
# # remove extra space
# sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf




# for desktop without full fs encryption, use this:
#cat > /etc/crypttab <<'EOF'
#tmp  /dev/lvm/tmp  /dev/urandom  tmp,cipher=aes-xts-plain64,size=256

# otgherwise ERROR: file not found: `fsck.btrfs'
pacman -S --noconfirm btrfs-progs

pacman -S --noconfirm grub gptfdisk


shopt -s extglob
echo "$0: fstab:"
cat /etc/fstab
# https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
# if cryptdevice was lvm, it woulde be in this format,
# where x2-vg is from lvdisplay, VG Name field.
# cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
# but, if you are using your own fstab, it seems you just give it a name,
# which will be the crypt device name under /dev/mapper/
# https://wiki.archlinux.org/index.php/GRUB#Additional_arguments

first_boot_dev=${BOOT_DEVICE%% *}
crypt_dev=${first_boot_dev}$rootn
crypt_name=$(/root/devbyid $crypt_dev)
crypt_name=crypt_dev_${crypt_name##*/}


k_args=(
    cryptdevice=$crypt_dev:$crypt_name:allow-discards
    root=/dev/mapper/$crypt_name
    resume=${crypt_dev%[0-9]}$swapn
)
crypt_mapper_devs=(/dev/mapper/crypt_dev_*$rootn)
crypt_count=${#crypt_mapper_devs[@]}
if [[ crypt_count == 0 ]]; then
    echo "$0: error: expected crypt_mapper_devs length to be > 0"
    ls -la /dev/mapper
    exit 1
fi
keyfile_vars=()
dup_keys=()
extra_encrypt_hooks=()


# If we have more than 1 to decrypt, arch wiki lead me onto
# a sort of hacky way run the encrypt hook multiple times.
for ((i=1; i < $crypt_count; i++)); do
    extra_encrypt_hooks+=(encrypt$i)
    if (( i = 1 )); then dup_keys=(" "); fi # prefix with an empty space
    cp /crypto_keyfile.bin /crypto_keyfile$i.bin
    dup_keys+=(/crypto_keyfile$i.bin)
    base=/usr/lib/initcpio
    cp $base/hooks/encrypt{,$i}
    cp $base/install/encrypt{,$i}
    sed -i "s/cryptdevice/cryptdevice$i/" $base/hooks/encrypt$i
    sed -i "s/cryptkey/cryptkey$i/" $base/hooks/encrypt$i
    crypt_name=${crypt_mapper_devs[i]#/dev/mapper/}
    crypt_dev=/dev/${crypt_name#crypt_dev_}
    k_args+=(cryptdevice$i=$crypt_dev:$crypt_name:allow-discards
             cryptkey$i=rootfs:/crypto_keyfile$i.bin)
done

# https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
# used to have lvm2 after encrypt for lvm, but not using lvm anymore
for x in encrypt ${extra_encrypt_hooks[@]} btrfs; do
    sed -ri -f - /etc/mkinitcpio.conf <<EOF
/^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
EOF
done

# this is the default file, otherwise you use cryptkey=device:fstype:path
sed -ri -f - /etc/mkinitcpio.conf <<EOF
s#^\s*FILES=.*#FILES="/crypto_keyfile.bin${dup_keys[*]}"#
EOF
echo "$0: FILES:"
grep FILES /etc/mkinitcpio.conf
k_args="${k_args[*]}"
echo "$0: grub cmdline additions: $k_args"
sed -ri -f - /etc/default/grub <<EOF
\%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
EOF

mkinitcpio -p linux


# remove the default quiet arg.
# this doesn't seem to affect anything, so leave it alone.
#sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub

# https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
for dev in $BOOT_DEVICE; do
    grub-install --recheck $dev
done
grub-mkconfig -o /boot/grub/grub.cfg
pacman -S --noconfirm openssh unison

echo "root:$ROOTPW" | chpasswd -e

pacman -S --noconfirm sudo

# 9 = user already exists. so we are idempotent.
useradd -m -p "$ROOTPW" ian || [[ $? == 9 ]]

if [[ $hostname == frodo ]]; then
    useradd -m -p "$TPPASS" traci || [[ $? == 9 ]]
else
    useradd -m traci || [[ $? == 9 ]]
fi
# comparing ian's groups to traci, I see none she should join on arch
usermod -a -G traci ian


/root/distro-install-common/end
systemctl enable sshd

rm -rf /home/ian/.ssh
cp -r /root/.ssh /home/ian
chown ian:ian /home/ian/.ssh
# the groups recommended by
# https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
usermod -aG games,rfkill,users,uucp,wheel ian


pacman -S --noconfirm net-tools # for route
# get the mac of the interface used by the broadcast route.
mac=$(cat /sys/class/net/$(route -n | sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address)


# simple bridge.
cat > /etc/systemd/network/wired.network <<EOF
[Match]
Name=en*

[Network]
Bridge=br0
EOF

cat > /etc/systemd/network/br0.network <<EOF
[Match]
Name=br0

[Network]
DHCP=ipv4
EOF

cat > /etc/systemd/network/br0.netdev <<EOF
[NetDev]
Name=br0
Kind=bridge
# use the same mac as the physical port,
# which is mapped to a static ip in our dhcp server.
MACAddress=$mac
EOF




for x in networkd resolved; do systemctl enable systemd-$x; done