Add chroot_setup.sh

chroot_setup.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+set -euo pipefail
+source /root/install/.env
+
+echo ">>> Configuring system"
+
+ln -sf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime
+hwclock --systohc
+
+echo "${LOCALE} UTF-8" > /etc/locale.gen
+locale-gen
+echo "LANG=${LOCALE}" > /etc/locale.conf
+echo "KEYMAP=${KEYMAP}" > /etc/vconsole.conf
+echo "${HOSTNAME}" > /etc/hostname
+
+cat <<EOF >/etc/hosts
+127.0.0.1 localhost
+::1       localhost
+127.0.1.1 ${HOSTNAME}.localdomain ${HOSTNAME}
+EOF
+
+echo ">>> Creating users"
+echo "root:${ROOT_PASSWORD}" | chpasswd
+useradd -m -G wheel -s /bin/bash "${USERNAME}"
+echo "${USERNAME}:${USER_PASSWORD}" | chpasswd
+echo "%wheel ALL=(ALL:ALL) ALL" > /etc/sudoers.d/10-wheel
+
+echo ">>> Installing additional packages"
+pacman -S --noconfirm networkmanager openssl sbsigntools tpm2-tools sbctl
+
+systemctl enable NetworkManager
+
+if [[ "${TPM2_ENABLE}" == true ]]; then
+  echo ">>> Enrolling TPM2 key"
+  systemd-cryptenroll --tpm2-device=auto /dev/disk/by-partlabel/"Linux LUKS" || true
+fi
+
+echo ">>> Installing bootloader"
+bootctl install
+
+cat <<EOF >/etc/kernel/install.conf
+layout=uki
+EOF
+
+echo ">>> Creating initial UKI"
+kernel-install add "$(uname -r)" /usr/lib/modules/"$(uname -r)"/vmlinuz
+
+echo ">>> Installing firstboot service"
+install -Dm755 /root/install/firstboot.sh /usr/local/sbin/firstboot.sh
+cat <<'UNIT' >/etc/systemd/system/firstboot.service
+[Unit]
+Description=First Boot Secure Boot Setup
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/firstboot.sh
+
+[Install]
+WantedBy=multi-user.target
+UNIT
+
+systemctl enable firstboot.service
+
+echo ">>> Base configuration done. Exit chroot and reboot."