3 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
5 # note, when I did genfstab, i
6 # neeeded to to do for x in mv /etc/*.pacorig; do mv $x ${x%.pacorig}; done
10 echo $hostname > /etc
/hostname
11 [[ -L /etc
/localtime
]] ||
ln -s /usr
/share
/zoneinfo
/America
/Los_Angeles
/etc
/localtime
13 echo "$l UTF-8" > /etc
/locale.gen
15 echo "LANG=$l" > /etc
/locale.conf
16 # if coming from windows, and you had to set the time, do this
17 # hwclock --systohc --utc
19 # A password is required to access the volume:
20 # Command requires device and ampped name as arguments
22 # If we were using btrfs raid, we supposedly would need this.
23 # # add btrfs as module instead of hook due to
24 # # https://wiki.archlinux.org/index.php/Btrfs,
25 # # https://bugs.archlinux.org/task/42884
26 # # disabled, as with just the module, startup spammed something about
27 # # command takes a device name and something else.
28 # sed -ri '/^ *MODULES *=.*btrfs/!s/^( *MODULES *=.*)"/\1 btrfs"/' /etc/mkinitcpio.conf
29 # # remove extra space
30 # sed -ri 's/^( *MODULES *=[^"]*)" */\1"/' /etc/mkinitcpio.conf
35 # for desktop without full fs encryption, use this:
36 #cat > /etc/crypttab <<'EOF'
37 #tmp /dev/lvm/tmp /dev/urandom tmp,cipher=aes-xts-plain64,size=256
39 # otgherwise ERROR: file not found: `fsck.btrfs'
40 pacman
-S --noconfirm btrfs-progs
42 pacman
-S --noconfirm grub gptfdisk
48 # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#Boot_loader
49 # if cryptdevice was lvm, it woulde be in this format,
50 # where x2-vg is from lvdisplay, VG Name field.
51 # cryptdevice=/dev/disk/by-uuid/585dff23-136f-446f-815f-01053b70c957:x2-vg
52 # but, if you are using your own fstab, it seems you just give it a name,
53 # which will be the crypt device name under /dev/mapper/
54 # https://wiki.archlinux.org/index.php/GRUB#Additional_arguments
57 root_devs
=( ${ROOT_PARTITIONS} )
58 first_root_dev
=${root_devs[0]}
62 cryptdevices
=${ROOT_PARTITIONS// /,}
63 root
=/dev
/mapper
/crypt_dev_
${first_root_dev##*/}
64 resume
=${first_root_dev%[0-9]}$swapn
66 extra_encrypt_hooks
=()
69 # If we have more than 1 to decrypt, arch wiki lead me onto
70 # a sort of hacky way run the encrypt hook multiple times.
72 base
=/usr
/lib
/initcpio
75 # https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
76 # used to have lvm2 after encrypt for lvm, but not using lvm anymore
77 for x
in encrypt btrfs
; do
78 sed -ri -f - /etc
/mkinitcpio.conf
<<EOF
79 /^ *HOOKS.*\b$x\b/!s/^( *HOOKS=.*)filesystems/\1$x filesystems/
83 # this is the default file, otherwise you use cryptkey=device:fstype:path
84 sed -ri -f - /etc
/mkinitcpio.conf
<<EOF
85 s#^\s*FILES=.*#FILES="/crypto_keyfile.bin"#
88 grep FILES
/etc
/mkinitcpio.conf
90 echo "$0: grub cmdline additions: $k_args"
91 sed -ri -f - /etc
/default
/grub
<<EOF
92 \%$k_args%!s%^ *GRUB_CMDLINE_LINUX_DEFAULT *= *"%\0$k_args %
98 # remove the default quiet arg.
99 # this doesn't seem to affect anything, so leave it alone.
100 #sed -ri 's/^( *GRUB_CMDLINE_LINUX_DEFAULT *= *.*) ?\bquiet\b(.*)/\1\2/' /etc/default/grub
102 # https://wiki.archlinux.org/index.php/GRUB#Install_to_disk
103 for dev
in $BOOT_DEVICE; do
104 grub-install
--recheck $dev
106 grub-mkconfig
-o /boot
/grub
/grub.cfg
107 # gtk2 is an optional dependency of unison.
108 # debian's unison binary has it linked in,
109 # so i install it so I can use the same binary for syncing
111 pacman
-S --noconfirm openssh unison gtk2 rsync
113 echo "root:$ROOTPW" | chpasswd
-e
115 pacman
-S --noconfirm sudo
117 # 9 = user already exists. so we are idempotent.
118 useradd
-m -p "$ROOTPW" ian ||
[[ $?
== 9 ]]
120 if [[ $hostname == frodo
]]; then
121 useradd
-m -p "$TPPASS" traci ||
[[ $?
== 9 ]]
123 useradd
-m traci ||
[[ $?
== 9 ]]
125 # comparing ian's groups to traci, I see none she should join on arch
126 usermod
-a -G traci ian
129 /root
/distro-install-common
/end
130 systemctl
enable sshd
132 rm -rf /home
/ian
/.
ssh
133 cp -r /root
/.
ssh /home
/ian
134 chown
-R ian
:ian
/home
/ian
/.
ssh
135 # the groups recommended by
136 # https://wiki.archlinux.org/index.php/Users_and_groups#Group_list
137 usermod
-aG games
,rfkill
,users
,uucp,wheel ian
140 pacman
-S --noconfirm net-tools
# for route
141 # get the mac of the interface used by the broadcast route.
142 mac
=$
(cat /sys
/class
/net
/$
(route
-n |
sed -rn 's/^0\.0\.0\.0.*[[:space:]]([^[:space:]]+)[[:space:]]*$/\1/p')/address
)
146 cat > /etc
/systemd
/network
/wired.network
<<EOF
154 cat > /etc
/systemd
/network
/br0.network
<<EOF
162 cat > /etc
/systemd
/network
/br0.netdev
<<EOF
166 # use the same mac as the physical port,
167 # which is mapped to a static ip in our dhcp server.
174 for x
in networkd resolved
; do systemctl
enable systemd-
$x; done