From 4bfb24316f20e2eef77c3f44ab48d01b463740c7 Mon Sep 17 00:00:00 2001 From: Conor Budworth Date: Sun, 9 Nov 2025 21:57:06 +0100 Subject: [PATCH] Add chroot_setup.sh --- chroot_setup.sh | 65 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 chroot_setup.sh diff --git a/chroot_setup.sh b/chroot_setup.sh new file mode 100644 index 0000000..22b0458 --- /dev/null +++ b/chroot_setup.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash +set -euo pipefail +source /root/install/.env + +echo ">>> Configuring system" + +ln -sf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime +hwclock --systohc + +echo "${LOCALE} UTF-8" > /etc/locale.gen +locale-gen +echo "LANG=${LOCALE}" > /etc/locale.conf +echo "KEYMAP=${KEYMAP}" > /etc/vconsole.conf +echo "${HOSTNAME}" > /etc/hostname + +cat </etc/hosts +127.0.0.1 localhost +::1 localhost +127.0.1.1 ${HOSTNAME}.localdomain ${HOSTNAME} +EOF + +echo ">>> Creating users" +echo "root:${ROOT_PASSWORD}" | chpasswd +useradd -m -G wheel -s /bin/bash "${USERNAME}" +echo "${USERNAME}:${USER_PASSWORD}" | chpasswd +echo "%wheel ALL=(ALL:ALL) ALL" > /etc/sudoers.d/10-wheel + +echo ">>> Installing additional packages" +pacman -S --noconfirm networkmanager openssl sbsigntools tpm2-tools sbctl + +systemctl enable NetworkManager + +if [[ "${TPM2_ENABLE}" == true ]]; then + echo ">>> Enrolling TPM2 key" + systemd-cryptenroll --tpm2-device=auto /dev/disk/by-partlabel/"Linux LUKS" || true +fi + +echo ">>> Installing bootloader" +bootctl install + +cat </etc/kernel/install.conf +layout=uki +EOF + +echo ">>> Creating initial UKI" +kernel-install add "$(uname -r)" /usr/lib/modules/"$(uname -r)"/vmlinuz + +echo ">>> Installing firstboot service" +install -Dm755 /root/install/firstboot.sh /usr/local/sbin/firstboot.sh +cat <<'UNIT' >/etc/systemd/system/firstboot.service +[Unit] +Description=First Boot Secure Boot Setup +After=network.target + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/firstboot.sh + +[Install] +WantedBy=multi-user.target +UNIT + +systemctl enable firstboot.service + +echo ">>> Base configuration done. Exit chroot and reboot."