#!/bin/bash

read -p "Hostname: " HOSTNAME
read -p "Username: " USERNAME
read -sp "User password: " PASS
read -sp "ROOT PASSWORD: " ROOT_PASS
read -sp "LUKS Passphrase: " LUKS_PASS
read -p "Main partition: " PART

parted -s "$PART" mklabel gpt
parted -s "$PART" mkpart primary fat32 1MiB 3GB
parted -s "$PART" set 1 esp on
parted -s "$PART" mkpart primary linux-swap 3GB 27GB
parted -s "$PART" mkpart primary ext4 27GB 100%

echo -n "$LUKS_PASS" | cryptsetup luksFormat --type luks2 --iter-time 5000 "${PART}3"
echo -n "$LUKS_PASS" | cryptsetup open "${PART}3" roothome

mkfs.fat -F 32 "${PART}1"
mkfs.ext4 /dev/mapper/roothome

mount /dev/mapper/roothome /mnt
mkdir -p /mnt/boot
mount "${PART}1" /mnt/boot
swapon "${PART}2"

pacstrap /mnt base linux linux-firmware
genfstab -U /mnt >> /mnt/etc/fstab

arch-chroot /mnt /bin/bash <<EOF

ln -sf /usr/share/zoneinfo/Area/Location /etc/localtime
hwclock --systohc
echo "$HOSTNAME" >> /etc/hostname

pacman -S --noconfirm base-devel # base programs
pacman -S --noconfirm alsa-utils bluez bluez-utils bridge-utils networkmanager nvidia-open nvidia-utils pantum-universal-driver pavucontrol pipewire pipewire-alsa pipewire-jack pipewire-pulse polykit-gnome usbutils # drivers and its utils
pacman -S alacritty firefox eog flameshot keepassxc ly sway swaybg zip unzip # daily tools

pacman -S --noconfirm ufw clamav # security

# pacman -S nvidia-container-toolkit cuda # Heavy-weight

pacman -S --noconfirm cmake cloc code cppcheck emacs cups docker docker-compose efibootmgr gdb ghidra ghostscript git git-lfs libvirtman-db man-pages mkcert nasm net-tools openssh qemu-base qemu-full rustup valgrind virt-manager virt-viewer wireplumber wireguard-tools wireshark-qt wmenu wofi xdg-desktop-portal-gtk xdg-desktop-portal-wlr xorg-xwayland #developer tools

systemctl enable NetworkManager
systemctl enable ufw
systemctl enable clamav-daemon
systemctl enable ly
systemctl enable bluetooth

ufw default deny incoming
ufw default allow outgoing
ufw enable

sed -i 's/HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf keyboard encrypt block filesystems fsck)/' /etc/mkinitcpio.conf
mkinitcpio -P

echo -n "$ROOT_PASS" | passwd

bootctl install

cat <<EOF > /boot/loader/loader.conf
default  arch.conf
timeout  3
console-mode max
editor   no
EOF

UUID=$(blkid -s UUID -o value "${PART}3")

cat <<EOF > /loader/entries/arch.conf
title   Arch Linux
linux   /vmlinuz-linux
initrd  /initramfs-linux.img
options cryptdevice=UUID=$UUID:roothome root=/dev/mapper/roothome rw
EOF

EOF