Update install_arch_solphyr.sh
This commit is contained in:
parent
a13c2142c4
commit
100b1e7fd6
@ -2,8 +2,8 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# ───────────────────────────────────────────────
|
# ───────────────────────────────────────────────
|
||||||
# Solphyr Arch Linux Auto-Installer (base only)
|
# Solphyr Arch Linux Auto-Installer
|
||||||
# LUKS2 • systemd-boot • yay • reproducible .env
|
# LUKS2 • Btrfs subvolumes • systemd-boot • yay
|
||||||
# ───────────────────────────────────────────────
|
# ───────────────────────────────────────────────
|
||||||
|
|
||||||
b=$(tput bold); r=$(tput sgr0); g=$(tput setaf 2); y=$(tput setaf 3); c=$(tput setaf 6); e=$(tput setaf 1)
|
b=$(tput bold); r=$(tput sgr0); g=$(tput setaf 2); y=$(tput setaf 3); c=$(tput setaf 6); e=$(tput setaf 1)
|
||||||
@ -19,57 +19,24 @@ source .env || true
|
|||||||
|
|
||||||
# ── Prompt helpers ─────────────────────────────
|
# ── Prompt helpers ─────────────────────────────
|
||||||
prompt_var() {
|
prompt_var() {
|
||||||
local var_name="$1"
|
local var_name="$1" prompt_text="$2"
|
||||||
local prompt_text="$2"
|
local default_val; default_val="$(eval "echo \${$var_name:-}")"
|
||||||
local default_val
|
if [[ "$NO_PROMPT" == "1" ]]; then info "Using $var_name=$default_val"; return 0; fi
|
||||||
default_val="$(eval "echo \${$var_name:-}")"
|
local input; set +e
|
||||||
|
read -e -p "$prompt_text [${default_val}]: " input; local rc=$?; set -e
|
||||||
if [[ "$NO_PROMPT" == "1" ]]; then
|
|
||||||
info "Using $var_name=$default_val"
|
|
||||||
return 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
local input
|
|
||||||
# disable errexit for the read itself
|
|
||||||
set +e
|
|
||||||
read -e -p "$prompt_text [${default_val}]: " input
|
|
||||||
local rc=$?
|
|
||||||
set -e
|
|
||||||
[[ $rc -ne 0 ]] && die "Input cancelled"
|
[[ $rc -ne 0 ]] && die "Input cancelled"
|
||||||
if [[ -n "$input" ]]; then
|
[[ -n "$input" ]] && eval "$var_name=\"\$input\""
|
||||||
eval "$var_name=\"\$input\""
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
|
||||||
prompt_secret() {
|
prompt_secret() {
|
||||||
local var_name="$1"
|
local var_name="$1" prompt_text="$2"
|
||||||
local prompt_text="$2"
|
local default_val; default_val="$(eval "echo \${$var_name:-}")"
|
||||||
local default_val
|
|
||||||
default_val="$(eval "echo \${$var_name:-}")"
|
|
||||||
if [[ -z "$default_val" ]]; then
|
if [[ -z "$default_val" ]]; then
|
||||||
set +e
|
set +e; read -s -p "$prompt_text: " input; local rc=$?; set -e; echo
|
||||||
read -s -p "$prompt_text: " input
|
|
||||||
local rc=$?
|
|
||||||
set -e
|
|
||||||
echo
|
|
||||||
[[ $rc -ne 0 ]] && die "Input cancelled"
|
[[ $rc -ne 0 ]] && die "Input cancelled"
|
||||||
eval "$var_name=\"\$input\""
|
eval "$var_name=\"\$input\""
|
||||||
else
|
else info "Using $var_name from .env"; fi
|
||||||
info "Using $var_name from .env"
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
save_env(){ local n=$1 v; v="$(eval "echo \${$n}")"; sed -i "/^${n}=/d" .env; echo "${n}=\"${v}\"" >> .env; }
|
||||||
save_env() {
|
|
||||||
local var_name="$1"
|
|
||||||
local var_value
|
|
||||||
var_value="$(eval "echo \${$var_name}")"
|
|
||||||
sed -i "/^${var_name}=/d" .env
|
|
||||||
echo "${var_name}=\"${var_value}\"" >> .env
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# ── Gather config ──────────────────────────────
|
# ── Gather config ──────────────────────────────
|
||||||
prompt_var HOSTNAME "Hostname"; prompt_var USERNAME "Username"
|
prompt_var HOSTNAME "Hostname"; prompt_var USERNAME "Username"
|
||||||
@ -101,13 +68,29 @@ prompt_secret LUKS_PASSWORD "LUKS password"; save_env LUKS_PASSWORD
|
|||||||
echo -n "$LUKS_PASSWORD" | cryptsetup luksFormat --batch-mode --type luks2 \
|
echo -n "$LUKS_PASSWORD" | cryptsetup luksFormat --batch-mode --type luks2 \
|
||||||
--cipher aes-xts-plain64 --key-size 512 --hash sha512 "$ROOT" -
|
--cipher aes-xts-plain64 --key-size 512 --hash sha512 "$ROOT" -
|
||||||
echo -n "$LUKS_PASSWORD" | cryptsetup open "$ROOT" cryptroot -
|
echo -n "$LUKS_PASSWORD" | cryptsetup open "$ROOT" cryptroot -
|
||||||
mkfs.fat -F32 "$EFI"; mkfs.ext4 /dev/mapper/cryptroot
|
|
||||||
mount /dev/mapper/cryptroot /mnt; mkdir /mnt/boot; mount "$EFI" /mnt/boot
|
# ── Create Btrfs filesystem & subvolumes ───────
|
||||||
|
mkfs.btrfs -L ArchRoot /dev/mapper/cryptroot
|
||||||
|
mount /dev/mapper/cryptroot /mnt
|
||||||
|
btrfs subvolume create /mnt/@
|
||||||
|
btrfs subvolume create /mnt/@home
|
||||||
|
btrfs subvolume create /mnt/@log
|
||||||
|
btrfs subvolume create /mnt/@snapshots
|
||||||
|
umount /mnt
|
||||||
|
|
||||||
|
# Mount subvolumes
|
||||||
|
mount -o subvol=@,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt
|
||||||
|
mkdir -p /mnt/{boot,home,var/log,.snapshots}
|
||||||
|
mount -o subvol=@home,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt/home
|
||||||
|
mount -o subvol=@log,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt/var/log
|
||||||
|
mount -o subvol=@snapshots,compress=zstd,noatime,space_cache=v2 /dev/mapper/cryptroot /mnt/.snapshots
|
||||||
|
mkfs.fat -F32 "$EFI"
|
||||||
|
mount "$EFI" /mnt/boot
|
||||||
|
|
||||||
# ── Base system ────────────────────────────────
|
# ── Base system ────────────────────────────────
|
||||||
pacman -Sy --noconfirm reflector
|
pacman -Sy --noconfirm reflector
|
||||||
reflector --country "United Kingdom" --latest 20 --sort rate --save /etc/pacman.d/mirrorlist
|
reflector --country "United Kingdom" --latest 20 --sort rate --save /etc/pacman.d/mirrorlist
|
||||||
pacstrap -K /mnt base linux linux-firmware vim networkmanager sudo base-devel git
|
pacstrap -K /mnt base linux linux-firmware btrfs-progs vim networkmanager sudo base-devel git
|
||||||
genfstab -U /mnt >> /mnt/etc/fstab
|
genfstab -U /mnt >> /mnt/etc/fstab
|
||||||
|
|
||||||
# ── Configure system ───────────────────────────
|
# ── Configure system ───────────────────────────
|
||||||
@ -125,14 +108,19 @@ cat <<EOF >/etc/hosts
|
|||||||
127.0.1.1 $HOSTNAME.localdomain $HOSTNAME
|
127.0.1.1 $HOSTNAME.localdomain $HOSTNAME
|
||||||
EOF
|
EOF
|
||||||
echo "KEYMAP=$KEYMAP" > /etc/vconsole.conf
|
echo "KEYMAP=$KEYMAP" > /etc/vconsole.conf
|
||||||
sed -i 's/\(filesystems\)/encrypt \1/' /etc/mkinitcpio.conf
|
|
||||||
|
# mkinitcpio encrypt hook
|
||||||
|
sed -i 's/\(filesystems\)/encrypt btrfs \1/' /etc/mkinitcpio.conf
|
||||||
mkinitcpio -P
|
mkinitcpio -P
|
||||||
|
|
||||||
|
# ── systemd-boot setup ──
|
||||||
bootctl install
|
bootctl install
|
||||||
chmod 600 /boot/loader/random-seed 2>/dev/null || true
|
chmod 600 /boot/loader/random-seed 2>/dev/null || true
|
||||||
chmod 700 /boot/loader 2>/dev/null || true
|
chmod 700 /boot/loader 2>/dev/null || true
|
||||||
chmod 700 /boot/EFI/systemd 2>/dev/null || true
|
chmod 700 /boot/EFI/systemd 2>/dev/null || true
|
||||||
chown -R root:root /boot /boot/EFI || true
|
chown -R root:root /boot /boot/EFI || true
|
||||||
UUID=\$(blkid -s UUID -o value ${ROOT})
|
|
||||||
|
LUKS_UUID=\$(cryptsetup luksUUID "${ROOT}")
|
||||||
cat <<EOF >/boot/loader/loader.conf
|
cat <<EOF >/boot/loader/loader.conf
|
||||||
default arch.conf
|
default arch.conf
|
||||||
timeout 3
|
timeout 3
|
||||||
@ -143,13 +131,15 @@ cat <<EOF >/boot/loader/entries/arch.conf
|
|||||||
title Arch Linux
|
title Arch Linux
|
||||||
linux /vmlinuz-linux
|
linux /vmlinuz-linux
|
||||||
initrd /initramfs-linux.img
|
initrd /initramfs-linux.img
|
||||||
options cryptdevice=UUID=\${UUID}:cryptroot root=/dev/mapper/cryptroot rw
|
options cryptdevice=UUID=\${LUKS_UUID}:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@ rw
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
# User & yay
|
||||||
useradd -m -G wheel -s /bin/bash $USERNAME
|
useradd -m -G wheel -s /bin/bash $USERNAME
|
||||||
sed -i 's/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /etc/sudoers
|
sed -i 's/^# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/' /etc/sudoers
|
||||||
systemctl enable NetworkManager
|
systemctl enable NetworkManager
|
||||||
# yay installation
|
|
||||||
if [[ "${INSTALL_YAY,,}" == "yes" ]]; then
|
if [[ "\${INSTALL_YAY,,}" == "yes" ]]; then
|
||||||
pacman -S --noconfirm base-devel git go
|
pacman -S --noconfirm base-devel git go
|
||||||
echo "%wheel ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/00-yay-temp
|
echo "%wheel ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/00-yay-temp
|
||||||
su - "$USERNAME" -c '
|
su - "$USERNAME" -c '
|
||||||
@ -165,23 +155,24 @@ if [[ "${INSTALL_YAY,,}" == "yes" ]]; then
|
|||||||
fi
|
fi
|
||||||
CHROOT
|
CHROOT
|
||||||
|
|
||||||
# ── Passwords (interactive) ────────────────────
|
# ── Passwords ─────────────────────────────────
|
||||||
info "Set root password"
|
info "Set root password"
|
||||||
until arch-chroot /mnt passwd; do echo "Try again."; done
|
until arch-chroot /mnt passwd; do echo "Try again."; done
|
||||||
info "Set password for ${USERNAME}"
|
info "Set password for ${USERNAME}"
|
||||||
until arch-chroot /mnt passwd "${USERNAME}"; do echo "Try again."; done
|
until arch-chroot /mnt passwd "${USERNAME}"; do echo "Try again."; done
|
||||||
|
|
||||||
|
# ── Finish ────────────────────────────────────
|
||||||
umount -R /mnt
|
umount -R /mnt
|
||||||
cryptsetup close cryptroot
|
cryptsetup close cryptroot
|
||||||
info "Installation complete"
|
info "Installation complete"
|
||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
|
|
||||||
${g}${b}✅ Base Arch Linux installation complete!${r}
|
${g}${b}✅ Encrypted Btrfs Arch installation complete!${r}
|
||||||
|
|
||||||
Remove install media and reboot:
|
Remove install media and reboot:
|
||||||
${b}reboot${r}
|
${b}reboot${r}
|
||||||
|
|
||||||
Then log in as '${USERNAME}' and run:
|
Then log in as '${USERNAME}' and run your post-install script:
|
||||||
${c}wget https://your.gitea.instance/raw/setup_postinstall.sh && bash setup_postinstall.sh${r}
|
${c}wget https://your.gitea.instance/raw/setup_postinstall.sh && bash setup_postinstall.sh${r}
|
||||||
EOF
|
EOF
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user