diff options
| -rwxr-xr-x | install.sh | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..41f4c57 --- /dev/null +++ b/install.sh @@ -0,0 +1,105 @@ +#!/bin/bash + +read -p "Hostname: " HOSTNAME +read -p "Username: " USERNAME +read -sp "User password: " PASS +read -sp "ROOT PASSWORD: " ROOT_PASS +read -sp "LUKS Passphrase: " LUKS_PASS +read -p "Main partition: " PART + +parted -s "$PART" mklabel gpt +parted -s "$PART" mkpart primary fat32 1MiB 3GB +parted -s "$PART" set 1 esp on +parted -s "$PART" mkpart primary linux-swap 3GB 27GB +parted -s "$PART" mkpart primary ext4 27GB 100% + +PART_BOOT="${PART}p1" +PART_SWAP="${PART}p2" +PART_ROOTHOME="${PART}p3" + +echo -n "$LUKS_PASS" | cryptsetup luksFormat --type luks2 --iter-time 5000 "${PART_ROOTHOME}" +echo -n "$LUKS_PASS" | cryptsetup open "${PART_ROOTHOME}" roothome + +mkfs.fat -F 32 "${PART_BOOT}" +mkfs.ext4 /dev/mapper/roothome +mkswap "${PART_SWAP}" + +mount /dev/mapper/roothome /mnt +mkdir -p /mnt/boot +mount "${PART_BOOT}" /mnt/boot +swapon "${PART_SWAP}" + +pacman -Sy archlinux-keyring + +pacstrap /mnt base linux linux-firmware +genfstab -U /mnt >> /mnt/etc/fstab + +arch-chroot /mnt /bin/bash <<EOF + +ln -sf /usr/share/zoneinfo/Area/Location /etc/localtime +hwclock --systohc +echo "$HOSTNAME" >> /etc/hostname +echo "KEYMAP=trq" >> /etc/vconsole.conf + +pacman -S --noconfirm base-devel sudo +pacman -S --noconfirm networkmanager alsa-utils bluez bluez-utils nvidia-open nvidia-utils pavucontrol pipewire pipewire-alsa pipewire-pulse polkit-gnome usbutils sof-firmware +pacman -S --noconfirm alacritty firefox eog flameshot keepassxc ly waybar hyprland hyprlock hyprpaper zip unzip ttf-jetbrains-mono +pacman -S --noconfirm intel-ucode ufw clamav opensnitch firejail nemo nemo-terminal swaync + +pacman -S --noconfirm cmake cloc vim emacs cups docker docker-compose efibootmgr gdb ghidra ghostscript git git-lfs man-db man-pages mkcert nasm net-tools openssh qemu-base qemu-full dnsmasq dmidecode rustup valgrind virt-manager virt-viewer wireplumber wireguard-tools wireshark-qt wmenu wofi xdg-desktop-portal-gtk xdg-desktop-portal-wlr xdg-desktop-portal-hyprland xorg-xwayland pyright clang iproute2 + +pacman -S --noconfirm flatpak +pacman -S --noconfirm cliphist +pacman -S --noconfirm sbctl +pacman -S --noconfirm nvtop htop +pacman -S --noconfirm nss-mdns + +systemctl enable clamav-freshclam.service +systemctl enable clamav-daemon.service +systemctl enable clamav-clamonacc.service +systemctl enable opensnitchd +systemctl enable NetworkManager +systemctl enable ufw +systemctl enable clamav-daemon +systemctl disable getty@tty0.service +systemctl disable getty@tty1.service +systemctl enable ly@tty1.service + +ufw default deny incoming +ufw default allow outgoing +ufw enable + +sed -i 's/HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block filesystems fsck)/HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck)/' /etc/mkinitcpio.conf +mkinitcpio -P + +printf "Configure ClamAV OnAccess" +printf "OnAccessIncludePath /home/$USERNAME/\nOnAccessIncludePath /home/$USERNAME/\nOnAccessPrevention yes\nTemporaryDirectory /clamav/tmp" | tee -a /etc/clamav/clamd.conf +sed -i '/^ExecStart=/ s/$/ --fdpass/' /etc/systemd/system/clamav-onacc.service + +printf "Configuring users..." + +echo -n "root:$ROOT_PASS" | chpasswd +useradd -m -G wheel,docker,libvirt,video,audio "$USERNAME" +sed -i 's/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /etc/sudoers + +su - "$USERNAME" -c "git clone https://universe.0xinfinity.dev/0x221E/dotfiles.git /home/$USERNAME/dotfiles" + +su - "$USERNAME" -c "mkdir -p /home/$USERNAME/.config" +su - "$USERNAME" -c "cp -sr /home/$USERNAME/dotfiles/* /home/$USERNAME/.config/" + +printf "Configuring yay..." +su - "$USERNAME" -c "git clone https://aur.archlinux.org/yay.git" + +su - "$USERNAME" -c "echo 'install hyprpwcenter and set up secureboot, and add lockdown=integrity to systemd entry, then cd yay && makepkg -si fonts: yay -S ttf-ms-font and gtk: dracula-gtk-theme' > ~/README.md" + +echo "$USERNAME:$PASS" | chpasswd + +bootctl install + +printf "default arch.conf\ntimeout 3\nconsole-mode max\neditor no" >> /boot/loader/loader.conf + +UUID=\$(blkid -s UUID -o value "${PART_ROOTHOME}") + +printf "title Arch Linux\nlinux /vmlinuz-linux\ninitrd /initramfs-linux.img\noptions rd.luks.name=\$UUID=roothome root=/dev/mapper/roothome rw" > /boot/loader/entries/arch.conf + +EOF |