summaryrefslogtreecommitdiff
path: root/install.sh
blob: 41f4c57e58d841539cda3b9eeb04aaa5b8835683 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

#!/bin/bash

read -p "Hostname: " HOSTNAME
read -p "Username: " USERNAME
read -sp "User password: " PASS
read -sp "ROOT PASSWORD: " ROOT_PASS
read -sp "LUKS Passphrase: " LUKS_PASS
read -p "Main partition: " PART

parted -s "$PART" mklabel gpt
parted -s "$PART" mkpart primary fat32 1MiB 3GB
parted -s "$PART" set 1 esp on
parted -s "$PART" mkpart primary linux-swap 3GB 27GB
parted -s "$PART" mkpart primary ext4 27GB 100%

PART_BOOT="${PART}p1"
PART_SWAP="${PART}p2"
PART_ROOTHOME="${PART}p3"

echo -n "$LUKS_PASS" | cryptsetup luksFormat --type luks2 --iter-time 5000 "${PART_ROOTHOME}"
echo -n "$LUKS_PASS" | cryptsetup open "${PART_ROOTHOME}" roothome

mkfs.fat -F 32 "${PART_BOOT}"
mkfs.ext4 /dev/mapper/roothome
mkswap "${PART_SWAP}"

mount /dev/mapper/roothome /mnt
mkdir -p /mnt/boot
mount "${PART_BOOT}" /mnt/boot
swapon "${PART_SWAP}"

pacman -Sy archlinux-keyring

pacstrap /mnt base linux linux-firmware
genfstab -U /mnt >> /mnt/etc/fstab

arch-chroot /mnt /bin/bash <<EOF

ln -sf /usr/share/zoneinfo/Area/Location /etc/localtime
hwclock --systohc
echo "$HOSTNAME" >> /etc/hostname
echo "KEYMAP=trq" >> /etc/vconsole.conf

pacman -S --noconfirm base-devel sudo
pacman -S --noconfirm networkmanager alsa-utils bluez bluez-utils nvidia-open nvidia-utils pavucontrol pipewire pipewire-alsa pipewire-pulse polkit-gnome usbutils sof-firmware 
pacman -S --noconfirm alacritty firefox eog flameshot keepassxc ly waybar hyprland hyprlock hyprpaper zip unzip ttf-jetbrains-mono
pacman -S --noconfirm intel-ucode ufw clamav opensnitch firejail nemo nemo-terminal swaync

pacman -S --noconfirm cmake cloc vim emacs cups docker docker-compose efibootmgr gdb ghidra ghostscript git git-lfs man-db man-pages mkcert nasm net-tools openssh qemu-base qemu-full dnsmasq dmidecode rustup valgrind virt-manager virt-viewer wireplumber wireguard-tools wireshark-qt wmenu wofi xdg-desktop-portal-gtk xdg-desktop-portal-wlr xdg-desktop-portal-hyprland xorg-xwayland pyright clang iproute2

pacman -S --noconfirm flatpak
pacman -S --noconfirm cliphist
pacman -S --noconfirm sbctl
pacman -S --noconfirm nvtop htop
pacman -S --noconfirm nss-mdns

systemctl enable clamav-freshclam.service
systemctl enable clamav-daemon.service
systemctl enable clamav-clamonacc.service
systemctl enable opensnitchd
systemctl enable NetworkManager
systemctl enable ufw
systemctl enable clamav-daemon
systemctl disable getty@tty0.service
systemctl disable getty@tty1.service
systemctl enable ly@tty1.service

ufw default deny incoming
ufw default allow outgoing
ufw enable

sed -i 's/HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block filesystems fsck)/HOOKS=(base systemd autodetect microcode modconf kms keyboard keymap sd-vconsole block sd-encrypt filesystems fsck)/' /etc/mkinitcpio.conf
mkinitcpio -P

printf "Configure ClamAV OnAccess"
printf "OnAccessIncludePath /home/$USERNAME/\nOnAccessIncludePath /home/$USERNAME/\nOnAccessPrevention yes\nTemporaryDirectory /clamav/tmp" | tee -a /etc/clamav/clamd.conf
sed -i '/^ExecStart=/ s/$/ --fdpass/' /etc/systemd/system/clamav-onacc.service

printf "Configuring users..."

echo -n "root:$ROOT_PASS" | chpasswd
useradd -m -G wheel,docker,libvirt,video,audio "$USERNAME"
sed -i 's/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /etc/sudoers

su - "$USERNAME" -c "git clone https://universe.0xinfinity.dev/0x221E/dotfiles.git /home/$USERNAME/dotfiles"

su - "$USERNAME" -c "mkdir -p /home/$USERNAME/.config"
su - "$USERNAME" -c "cp -sr /home/$USERNAME/dotfiles/* /home/$USERNAME/.config/"

printf "Configuring yay..."
su - "$USERNAME" -c "git clone https://aur.archlinux.org/yay.git"

su - "$USERNAME" -c "echo 'install hyprpwcenter and set up secureboot, and add lockdown=integrity to systemd entry, then cd yay && makepkg -si fonts: yay -S ttf-ms-font and gtk: dracula-gtk-theme' > ~/README.md" 

echo "$USERNAME:$PASS" | chpasswd

bootctl install

printf "default  arch.conf\ntimeout  3\nconsole-mode max\neditor   no" >> /boot/loader/loader.conf

UUID=\$(blkid -s UUID -o value "${PART_ROOTHOME}")

printf "title   Arch Linux\nlinux   /vmlinuz-linux\ninitrd  /initramfs-linux.img\noptions rd.luks.name=\$UUID=roothome root=/dev/mapper/roothome rw" > /boot/loader/entries/arch.conf

EOF
generated by cgit v1.2.3 (git 2.46.0) at 2026-04-14 07:25:40 +0000