#!/bin/bash

read -p "Hostname: " HOSTNAME
read -p "Username: " USERNAME
read -sp "User password: " PASS
read -sp "ROOT PASSWORD: " ROOT_PASS
read -sp "LUKS Passphrase: " LUKS_PASS
read -p "Main partition: " PART

parted -s "$PART" mklabel gpt
parted -s "$PART" mkpart primary fat32 1MiB 3GB
parted -s "$PART" set 1 esp on
parted -s "$PART" mkpart primary linux-swap 3GB 27GB
parted -s "$PART" mkpart primary ext4 27GB 100%

PART_BOOT="${PART}1"
PART_SWAP="${PART}2"
PART_ROOTHOME="${PART}3"

echo -n "$LUKS_PASS" | cryptsetup luksFormat --type luks2 --iter-time 5000 "${PART_ROOTHOME}"
echo -n "$LUKS_PASS" | cryptsetup open "${PART_ROOTHOME}" roothome

mkfs.fat -F 32 "${PART_BOOT}"
mkfs.ext4 /dev/mapper/roothome
mkswap "${PART_SWAP}"

mount /dev/mapper/roothome /mnt
mkdir -p /mnt/boot
mount "${PART_BOOT}" /mnt/boot
swapon "${PART_SWAP}"

pacman -Sy archlinux-keyring

pacstrap /mnt base linux linux-firmware
genfstab -U /mnt >> /mnt/etc/fstab

arch-chroot /mnt /bin/bash <<EOF

ln -sf /usr/share/zoneinfo/Area/Location /etc/localtime
hwclock --systohc
echo "$HOSTNAME" >> /etc/hostname
echo "KEYMAP=trq" >> /etc/vconsole.conf

pacman -S --noconfirm base-devel sudo
pacman -S --noconfirm networkmanager alsa-utils bluez bluez-utils nvidia-open nvidia-utils pavucontrol pipewire pipewire-alsa pipewire-pulse polkit-gnome usbutils sof-firmware
pacman -S --noconfirm alacritty firefox eog flameshot keepassxc ly sway swaybg zip unzip ttf-jetbrains-mono i3status
pacman -S --noconfirm ufw clamav opensnitch firejail

pacman -S --noconfirm cmake cloc vim emacs cups docker docker-compose efibootmgr gdb ghidra ghostscript git git-lfs man-db man-pages mkcert nasm net-tools openssh qemu-base qemu-full dnsmasq dmidecode rustup valgrind virt-manager virt-viewer wireplumber wireguard-tools wireshark-qt wmenu wofi xdg-desktop-portal-gtk xdg-desktop-portal-wlr xorg-xwayland pyright clang iproute2

systemctl enable clamav-freshclam.service
systemctl enable clamav-daemon.service
systemctl enable clamav-clamonacc.service
systemctl enable opensnitchd
systemctl enable NetworkManager
systemctl enable ufw
systemctl enable clamav-daemon
systemctl disable getty@tty0.service
systemctl disable getty@tty1.service
systemctl enable ly@tty1.service

ufw default deny incoming
ufw default allow outgoing
ufw enable

sed -i 's/HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block filesystems fsck)/HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck)/' /etc/mkinitcpio.conf
mkinitcpio -P

printf "Installing yay packages"
yay -S ttf-ms-fonts

printf "Configure ClamAV OnAccess"
printf "OnAccessIncludePath /home/$USERNAME/\nOnAccessIncludePath /home/$USERNAME/\nOnAccessPrevention yes\nTemporaryDirectory /clamav/tmp" | tee -a /etc/clamav/clamd.conf
sed -i '/^ExecStart=/ s/$/ --fdpass/' /etc/systemd/system/clamav-onacc.service

printf "Configuring users..."

echo -n "root:$ROOT_PASS" | chpasswd
useradd -m -G wheel,docker,libvirt,video,audio "$USERNAME"
sed -i 's/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /etc/sudoers

su - "$USERNAME" -c "git clone https://universe.0xinfinity.dev/0x221E/dotfiles.git /home/$USERNAME/dotfiles"

su - "$USERNAME" -c "mkdir -p /home/$USERNAME/.config"
su - "$USERNAME" -c "cp -sr /home/$USERNAME/dotfiles/* /home/$USERNAME/.config/"

printf "Configuring yay..."
su - "$USERNAME" -c "git clone https://aur.archlinux.org/yay.git"
su - "$USERNAME" -c "cd yay && makepkg -si"

echo "$USERNAME:$PASS" | chpasswd

bootctl install

printf "default  arch.conf\ntimeout  3\nconsole-mode max\neditor   no" >> /boot/loader/loader.conf

UUID=\$(blkid -s UUID -o value "${PART_ROOTHOME}")

printf "title   Arch Linux\nlinux   /vmlinuz-linux\ninitrd  /initramfs-linux.img\noptions rd.luks.name=\$UUID=roothome root=/dev/mapper/roothome rw" > /boot/loader/entries/arch.conf

EOF