diff --git a/config b/config index 7da1c7a..e978ead 100644 --- a/config +++ b/config @@ -1,5 +1,4 @@ # User Variables -# Comment to disable # shellcheck disable=SC2034 install_type=dwm # base|desktop|dwm @@ -7,25 +6,24 @@ install_type=dwm # base|desktop|dwm disk=/dev/nvme0n1 disk_passwd=cryptroot -swapfile=1024 # MiB +swapfile=1024 # MiB, Comment to disable username=ange userpasswd=ange -rootpasswd=root +rootpasswd=root # Comment to disable shell=bash hostname="$username-pc" tz=Europe/Paris -locales=en_US # 'en_US,fr_FR' +locales=en_US # en_US,fr_FR lang=en_US pkg=( base-devel man-{db,pages} tldr bash-completion fzf dosfstools exfatprogs - efibootmgr fastfetch git iwd iptables-nft wireguard-tools bind gnu-netcat diff --git a/install.sh b/install.sh index 1abe430..f407458 100755 --- a/install.sh +++ b/install.sh @@ -1,5 +1,8 @@ #!/bin/bash +echo 'If you want Secure Boot support, you need to put your system in Setup Mode' +read -r + exec &> >(tee logs.out) set -a diff --git a/modules/prechroot/10-disk.sh b/modules/00-prechroot/10-disk.sh similarity index 61% rename from modules/prechroot/10-disk.sh rename to modules/00-prechroot/10-disk.sh index 7ab2562..6929465 100644 --- a/modules/prechroot/10-disk.sh +++ b/modules/00-prechroot/10-disk.sh @@ -2,11 +2,11 @@ #shellcheck disable=SC2154 sgdisk -Z \ - -n '0:0:+512M' -t '0:ef00' -c '0:boot' \ + -n '0:0:+512M' -t '0:ef00' -c '0:esp' \ -n '0:0:0' -t '0:8300' -c '0:root' \ "$disk" -boot=/dev/disk/by-partlabel/boot +esp=/dev/disk/by-partlabel/esp root=/dev/disk/by-partlabel/root [ -n "$disk_passwd" ] && { @@ -15,21 +15,26 @@ root=/dev/disk/by-partlabel/root root=/dev/mapper/cryptroot } -sleep 2 # wait for /dev/disk/by-partlabel/ to be populated +sleep 5 # wait /dev/disk/by-partlabel/ -mkfs.fat -F32 "$boot" +mkfs.vfat -F32 "$esp" mkfs.ext4 -F "$root" mount "$root" /mnt/ -mount -m -o fmask=0077,dmask=0077 /dev/disk/by-partlabel/boot /mnt/boot/ + +cat < /mnt/etc/fstab +UUID=$(blkid "$root" -ovalue -sUUID) / ext4 rw,relatime 0 1 +UUID=$(blkid "$esp" -ovalue -sUUID) /efi vfat rw,fmask=0077,dmask=0077,noauto 0 2 + +EOF [ -n "$swapfile" ] && { dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress chmod 600 /mnt/swapfile mkswap /mnt/swapfile swapon /mnt/swapfile + echo "/swapfile none swap defaults 0 0" >> /mnt/etc/fstab } cp -rfTv rootfs/ /mnt/ -genfstab -U /mnt/ >> /mnt/etc/fstab swapoff /mnt/swapfile diff --git a/modules/prechroot/20-pkg.sh b/modules/00-prechroot/20-pkg.sh similarity index 85% rename from modules/prechroot/20-pkg.sh rename to modules/00-prechroot/20-pkg.sh index 56b8cf8..49ea9db 100644 --- a/modules/prechroot/20-pkg.sh +++ b/modules/00-prechroot/20-pkg.sh @@ -13,6 +13,6 @@ esac [ -d /sys/class/power_supply/BAT0 ] && echo tlp >> pkglist.txt pacstrap -C rootfs/etc/pacman.conf -K /mnt \ - base linux{,-lts,-firmware} "$shell" - < pkglist.txt + base linux{,-lts,-firmware} "$shell" efibootmgr sbctl - < pkglist.txt find /mnt/etc/ -name '*.pacnew' -delete diff --git a/modules/chroot/00-bootstrap.sh b/modules/10-chroot/00-bootstrap.sh similarity index 100% rename from modules/chroot/00-bootstrap.sh rename to modules/10-chroot/00-bootstrap.sh diff --git a/modules/10-chroot/10-bootloader.sh b/modules/10-chroot/10-bootloader.sh new file mode 100644 index 0000000..ef3f849 --- /dev/null +++ b/modules/10-chroot/10-bootloader.sh @@ -0,0 +1,22 @@ +#!/bin/bash +#shellcheck disable=SC2154 + +root="$(findmnt -n -osource /)" +boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)" + +cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')" +[ -n "$cryptdev" ] && { + uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')" + options="cryptdevice=$uuid:${root##*/} " +} + +options="${options}root=$root rw" + +sbctl create-keys +sbctl enroll-keys + +for l in arch{,-lts-fallback}; do + efibootmgr --create --unicode --label "$l" \ + --disk "$boot" --part 1 --loader "\EFI\Linux\arch-linux$l.efi" +done +echo "$options" > /etc/cmdline.d/root.conf diff --git a/modules/chroot/20-users.sh b/modules/10-chroot/20-users.sh similarity index 76% rename from modules/chroot/20-users.sh rename to modules/10-chroot/20-users.sh index 89844d7..82c6dd8 100644 --- a/modules/chroot/20-users.sh +++ b/modules/10-chroot/20-users.sh @@ -4,5 +4,5 @@ shell="$(sed -n "/$shell/{p;q}" /etc/shells)" useradd -mG wheel,video "$username" -s "${shell:-/bin/bash}" -echo "root:$rootpasswd" | chpasswd +[ -n "$rootpasswd" ] && echo "root:$rootpasswd" | chpasswd echo "$username:$userpasswd" | chpasswd diff --git a/modules/chroot/30-services.sh b/modules/10-chroot/30-services.sh similarity index 100% rename from modules/chroot/30-services.sh rename to modules/10-chroot/30-services.sh diff --git a/modules/chroot/40-flatpak.sh b/modules/10-chroot/40-flatpak.sh similarity index 100% rename from modules/chroot/40-flatpak.sh rename to modules/10-chroot/40-flatpak.sh diff --git a/modules/chroot/50-dwm.sh.dwm b/modules/10-chroot/50-dwm.sh similarity index 82% rename from modules/chroot/50-dwm.sh.dwm rename to modules/10-chroot/50-dwm.sh index 37fd2d6..91b7b70 100644 --- a/modules/chroot/50-dwm.sh.dwm +++ b/modules/10-chroot/50-dwm.sh @@ -1,4 +1,5 @@ #!/bin/bash +#shellcheck disable=SC2154 git clone --depth 1 https://git.maby.dev/ange/.dotfiles.git /tmp/dotfiles /tmp/dotfiles/.config/suckless/update.sh diff --git a/modules/chroot/user/10-services.sh b/modules/10-chroot/user/10-services.sh similarity index 100% rename from modules/chroot/user/10-services.sh rename to modules/10-chroot/user/10-services.sh diff --git a/modules/chroot/user/20-dotfiles.sh b/modules/10-chroot/user/20-dotfiles.sh similarity index 100% rename from modules/chroot/user/20-dotfiles.sh rename to modules/10-chroot/user/20-dotfiles.sh diff --git a/modules/postchroot/99-done.sh b/modules/20-postchroot/99-done.sh similarity index 100% rename from modules/postchroot/99-done.sh rename to modules/20-postchroot/99-done.sh diff --git a/modules/base.sh b/modules/base.sh index e52aca6..e6740b9 100644 --- a/modules/base.sh +++ b/modules/base.sh @@ -1,21 +1,21 @@ #!/bin/bash #shellcheck disable=SC2154 -for i in modules/prechroot/*.sh; do +for i in modules/00-prechroot/*.sh; do bash -x "$i" done cp -r modules/chroot/ /mnt/ -for i in modules/chroot/*.sh; do +for i in modules/10-chroot/*.sh; do arch-chroot /mnt bash -x "${i/modules/}" done -for i in modules/chroot/user/*.sh; do +for i in modules/10-chroot/user/*.sh; do arch-chroot /mnt su - "$username" -c "bash -x '${i/modules/}'" done -for i in modules/postchroot/*.sh; do +for i in modules/20-postchroot/*.sh; do bash -x "$i" done diff --git a/modules/chroot/10-bootloader.sh b/modules/chroot/10-bootloader.sh deleted file mode 100644 index 4cc5b2e..0000000 --- a/modules/chroot/10-bootloader.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -#shellcheck disable=SC2154 - -bootctl install - -root="$(findmnt -nr -o source /)" - -cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')" -[ -n "$cryptdev" ] && { - uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')" - options="cryptdevice=$uuid:$(basename "$root") " -} - -options="${options}root=$root" - -for f in /boot/loader/entries/*.conf; do - cat << EOF >> "$f" -options $options rw -EOF -done diff --git a/modules/desktop.sh b/modules/desktop.sh index ea974d4..b1849f5 100644 --- a/modules/desktop.sh +++ b/modules/desktop.sh @@ -6,7 +6,6 @@ printf '%s\n' \ aerc w3m \ alacritty \ bluez{,-utils} \ - dunst libnotify \ feh \ gammastep \ graphicsmagick ghostscript \ diff --git a/rootfs/boot/loader/entries/arch-lts.conf b/rootfs/boot/loader/entries/arch-lts.conf deleted file mode 100644 index d3c2b3e..0000000 --- a/rootfs/boot/loader/entries/arch-lts.conf +++ /dev/null @@ -1,3 +0,0 @@ -title Arch Linux LTS -linux /vmlinuz-linux-lts -initrd /initramfs-linux-lts.img diff --git a/rootfs/boot/loader/entries/arch.conf b/rootfs/boot/loader/entries/arch.conf deleted file mode 100644 index 9833d66..0000000 --- a/rootfs/boot/loader/entries/arch.conf +++ /dev/null @@ -1,3 +0,0 @@ -title Arch Linux -linux /vmlinuz-linux -initrd /initramfs-linux.img diff --git a/rootfs/boot/loader/loader.conf b/rootfs/boot/loader/loader.conf deleted file mode 100644 index 1f7cd7e..0000000 --- a/rootfs/boot/loader/loader.conf +++ /dev/null @@ -1 +0,0 @@ -default arch diff --git a/rootfs/etc/cmdline.d/root.conf b/rootfs/etc/cmdline.d/root.conf new file mode 100644 index 0000000..e69de29 diff --git a/rootfs/etc/mkinitcpio.d/linux-lts.preset b/rootfs/etc/mkinitcpio.d/linux-lts.preset new file mode 100644 index 0000000..2ead6c3 --- /dev/null +++ b/rootfs/etc/mkinitcpio.d/linux-lts.preset @@ -0,0 +1,3 @@ +ALL_kver='/boot/vmlinuz-linux-lts' +PRESETS=('fallback') +fallback_uki='/efi/EFI/Linux/arch-linux-lts-fallback.efi' diff --git a/rootfs/etc/mkinitcpio.d/linux.preset b/rootfs/etc/mkinitcpio.d/linux.preset new file mode 100644 index 0000000..ad5ad5e --- /dev/null +++ b/rootfs/etc/mkinitcpio.d/linux.preset @@ -0,0 +1,3 @@ +ALL_kver="/boot/vmlinuz-linux" +PRESETS=('default') +default_uki="/efi/EFI/Linux/arch-linux.efi" diff --git a/rootfs/etc/modprobe.d/nobeep.conf b/rootfs/etc/modprobe.d/nobeep.conf index 5318126..b46792e 100644 --- a/rootfs/etc/modprobe.d/nobeep.conf +++ b/rootfs/etc/modprobe.d/nobeep.conf @@ -1,2 +1 @@ blacklist pcspkr -blacklist snd_pcsp diff --git a/rootfs/etc/nftables.conf b/rootfs/etc/nftables.conf index ad0d59c..d569bc6 100644 --- a/rootfs/etc/nftables.conf +++ b/rootfs/etc/nftables.conf @@ -7,7 +7,7 @@ table inet filter { chain input { type filter hook input priority filter; policy drop; - #tcp dport 32768-40960 counter meta nftrace set 1 accept comment "WoW VoiceError:17" + #tcp dport 32768-65535 counter meta nftrace set 1 accept comment "WoW VoiceError:17" ct state invalid counter drop ct state {established,related} counter accept diff --git a/rootfs/etc/pacman.conf b/rootfs/etc/pacman.conf index f92e8c5..8b8cad9 100644 --- a/rootfs/etc/pacman.conf +++ b/rootfs/etc/pacman.conf @@ -35,6 +35,8 @@ Color CheckSpace VerbosePkgLists ParallelDownloads = 8 +DownloadUser = alpm +#DisableSandbox ILoveCandy # By default, pacman accepts packages signed by keys that its local keyring diff --git a/rootfs/etc/pacman.d/hooks/10-systemd-boot.hook b/rootfs/etc/pacman.d/hooks/10-systemd-boot.hook deleted file mode 100644 index d65c027..0000000 --- a/rootfs/etc/pacman.d/hooks/10-systemd-boot.hook +++ /dev/null @@ -1,9 +0,0 @@ -[Trigger] -Type = Package -Operation = Upgrade -Target = systemd - -[Action] -Description = Gracefully upgrading systemd-boot... -When = PostTransaction -Exec = /usr/bin/systemctl restart systemd-boot-update.service