From 100b1e7fd69103670e49cc2e7524ba62284f999d Mon Sep 17 00:00:00 2001
From: Conor Budworth <ikarus@qoko.ro>
Date: Sun, 9 Nov 2025 17:51:49 +0100
Subject: [PATCH] Update install_arch_solphyr.sh

---
 install_arch_solphyr.sh | 105 ++++++++++++++++++----------------------
 1 file changed, 48 insertions(+), 57 deletions(-)

diff --git a/install_arch_solphyr.sh b/install_arch_solphyr.sh
index b80ee42..39925bd 100644
--- a/install_arch_solphyr.sh
+++ b/install_arch_solphyr.sh
@@ -2,8 +2,8 @@
 set -euo pipefail
 
 # ───────────────────────────────────────────────
-#  Solphyr Arch Linux Auto-Installer (base only)
-#  LUKS2 • systemd-boot • yay • reproducible .env
+#  Solphyr Arch Linux Auto-Installer
+#  LUKS2 • Btrfs subvolumes • systemd-boot • yay
 # ───────────────────────────────────────────────
 
 b=$(tput bold); r=$(tput sgr0); g=$(tput setaf 2); y=$(tput setaf 3); c=$(tput setaf 6); e=$(tput setaf 1)
@@ -19,57 +19,24 @@ source .env || true
 
 # ── Prompt helpers ─────────────────────────────
 prompt_var() {
-    local var_name="$1"
-    local prompt_text="$2"
-    local default_val
-    default_val="$(eval "echo \${$var_name:-}")"
-
-    if [[ "$NO_PROMPT" == "1" ]]; then
-        info "Using $var_name=$default_val"
-        return 0
-    fi
-
-    local input
-    # disable errexit for the read itself
-    set +e
-    read -e -p "$prompt_text [${default_val}]: " input
-    local rc=$?
-    set -e
+    local var_name="$1" prompt_text="$2"
+    local default_val; default_val="$(eval "echo \${$var_name:-}")"
+    if [[ "$NO_PROMPT" == "1" ]]; then info "Using $var_name=$default_val"; return 0; fi
+    local input; set +e
+    read -e -p "$prompt_text [${default_val}]: " input; local rc=$?; set -e
     [[ $rc -ne 0 ]] && die "Input cancelled"
-    if [[ -n "$input" ]]; then
-        eval "$var_name=\"\$input\""
-    fi
-    return 0
+    [[ -n "$input" ]] && eval "$var_name=\"\$input\""
 }
-
 prompt_secret() {
-    local var_name="$1"
-    local prompt_text="$2"
-    local default_val
-    default_val="$(eval "echo \${$var_name:-}")"
+    local var_name="$1" prompt_text="$2"
+    local default_val; default_val="$(eval "echo \${$var_name:-}")"
     if [[ -z "$default_val" ]]; then
-        set +e
-        read -s -p "$prompt_text: " input
-        local rc=$?
-        set -e
-        echo
+        set +e; read -s -p "$prompt_text: " input; local rc=$?; set -e; echo
         [[ $rc -ne 0 ]] && die "Input cancelled"
         eval "$var_name=\"\$input\""
-    else
-        info "Using $var_name from .env"
-    fi
-    return 0
+    else info "Using $var_name from .env"; fi
 }
-
-save_env() {
-    local var_name="$1"
-    local var_value
-    var_value="$(eval "echo \${$var_name}")"
-    sed -i "/^${var_name}=/d" .env
-    echo "${var_name}=\"${var_value}\"" >> .env
-    return 0
-}
-
+save_env(){ local n=$1 v; v="$(eval "echo \${$n}")"; sed -i "/^${n}=/d" .env; echo "${n}=\"${v}\"" >> .env; }
 
 # ── Gather config ──────────────────────────────
 prompt_var HOSTNAME "Hostname"; prompt_var USERNAME "Username"
@@ -101,13 +68,29 @@ prompt_secret LUKS_PASSWORD "LUKS password"; save_env LUKS_PASSWORD
 echo -n "$LUKS_PASSWORD" | cryptsetup luksFormat --batch-mode --type luks2 \
   --cipher aes-xts-plain64 --key-size 512 --hash sha512 "$ROOT" -
 echo -n "$LUKS_PASSWORD" | cryptsetup open "$ROOT" cryptroot -
-mkfs.fat -F32 "$EFI"; mkfs.ext4 /dev/mapper/cryptroot
-mount /dev/mapper/cryptroot /mnt; mkdir /mnt/boot; mount "$EFI" /mnt/boot
+
+# ── Create Btrfs filesystem & subvolumes ───────
+mkfs.btrfs -L ArchRoot /dev/mapper/cryptroot
+mount /dev/mapper/cryptroot /mnt
+btrfs subvolume create /mnt/@
+btrfs subvolume create /mnt/@home
+btrfs subvolume create /mnt/@log
+btrfs subvolume create /mnt/@snapshots
+umount /mnt
+
+# Mount subvolumes
+mount -o subvol=@,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt
+mkdir -p /mnt/{boot,home,var/log,.snapshots}
+mount -o subvol=@home,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt/home
+mount -o subvol=@log,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt/var/log
+mount -o subvol=@snapshots,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt/.snapshots
+mkfs.fat -F32 "$EFI"
+mount "$EFI" /mnt/boot
 
 # ── Base system ────────────────────────────────
 pacman -Sy --noconfirm reflector
 reflector --country "United Kingdom" --latest 20 --sort rate --save /etc/pacman.d/mirrorlist
-pacstrap -K /mnt base linux linux-firmware vim networkmanager sudo base-devel git
+pacstrap -K /mnt base linux linux-firmware btrfs-progs vim networkmanager sudo base-devel git
 genfstab -U /mnt >> /mnt/etc/fstab
 
 # ── Configure system ───────────────────────────
@@ -125,14 +108,19 @@ cat <<EOF >/etc/hosts
 127.0.1.1 $HOSTNAME.localdomain $HOSTNAME
 EOF
 echo "KEYMAP=$KEYMAP" > /etc/vconsole.conf
-sed -i 's/\(filesystems\)/encrypt \1/' /etc/mkinitcpio.conf
+
+# mkinitcpio encrypt hook
+sed -i 's/\(filesystems\)/encrypt btrfs \1/' /etc/mkinitcpio.conf
 mkinitcpio -P
+
+# ── systemd-boot setup ──
 bootctl install
 chmod 600 /boot/loader/random-seed 2>/dev/null || true
 chmod 700 /boot/loader 2>/dev/null || true
 chmod 700 /boot/EFI/systemd 2>/dev/null || true
 chown -R root:root /boot /boot/EFI || true
-UUID=\$(blkid -s UUID -o value ${ROOT})
+
+LUKS_UUID=\$(cryptsetup luksUUID "${ROOT}")
 cat <<EOF >/boot/loader/loader.conf
 default arch.conf
 timeout 3
@@ -143,13 +131,15 @@ cat <<EOF >/boot/loader/entries/arch.conf
 title   Arch Linux
 linux   /vmlinuz-linux
 initrd  /initramfs-linux.img
-options cryptdevice=UUID=\${UUID}:cryptroot root=/dev/mapper/cryptroot rw
+options cryptdevice=UUID=\${LUKS_UUID}:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ rw
 EOF
+
+# User & yay
 useradd -m -G wheel -s /bin/bash $USERNAME
 sed -i 's/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /etc/sudoers
 systemctl enable NetworkManager
-# yay installation
-if [[ "${INSTALL_YAY,,}" == "yes" ]]; then
+
+if [[ "\${INSTALL_YAY,,}" == "yes" ]]; then
   pacman -S --noconfirm base-devel git go
   echo "%wheel ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/00-yay-temp
   su - "$USERNAME" -c '
@@ -165,23 +155,24 @@ if [[ "${INSTALL_YAY,,}" == "yes" ]]; then
 fi
 CHROOT
 
-# ── Passwords (interactive) ────────────────────
+# ── Passwords ─────────────────────────────────
 info "Set root password"
 until arch-chroot /mnt passwd; do echo "Try again."; done
 info "Set password for ${USERNAME}"
 until arch-chroot /mnt passwd "${USERNAME}"; do echo "Try again."; done
 
+# ── Finish ────────────────────────────────────
 umount -R /mnt
 cryptsetup close cryptroot
 info "Installation complete"
 
 cat <<EOF
 
-${g}${b}✅ Base Arch Linux installation complete!${r}
+${g}${b}✅ Encrypted Btrfs Arch installation complete!${r}
 
 Remove install media and reboot:
   ${b}reboot${r}
 
-Then log in as '${USERNAME}' and run:
+Then log in as '${USERNAME}' and run your post-install script:
   ${c}wget https://your.gitea.instance/raw/setup_postinstall.sh && bash setup_postinstall.sh${r}
 EOF