#!/usr/bin/env bash set -euo pipefail source /root/install/.env echo ">>> Configuring system" chmod 0600 /var/lib/systemd/random-seed || true ln -sf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime hwclock --systohc echo "${LOCALE} UTF-8" > /etc/locale.gen locale-gen echo "LANG=${LOCALE}" > /etc/locale.conf echo "KEYMAP=${KEYMAP}" > /etc/vconsole.conf echo "${HOSTNAME}" > /etc/hostname cat </etc/hosts 127.0.0.1 localhost ::1 localhost 127.0.1.1 ${HOSTNAME}.localdomain ${HOSTNAME} EOF echo ">>> Creating users" # Root password echo "root:${ROOT_PASSWORD}" | chpasswd # Create user only if missing if ! id -u "${USERNAME}" &>/dev/null; then useradd -m -G wheel -s /bin/bash "${USERNAME}" else echo "User ${USERNAME} already exists, skipping creation." fi # Always (re)set password echo "${USERNAME}:${USER_PASSWORD}" | chpasswd # Ensure sudoers configuration exists mkdir -p /etc/sudoers.d echo "%wheel ALL=(ALL:ALL) ALL" > /etc/sudoers.d/10-wheel chmod 440 /etc/sudoers.d/10-wheel echo ">>> Installing additional packages" pacman -S --noconfirm networkmanager openssl sbsigntools tpm2-tools sbctl systemctl enable NetworkManager if [[ "${TPM2_ENABLE}" == true ]]; then echo ">>> Enrolling TPM2 key" systemd-cryptenroll --tpm2-device=auto "${DISK}p2" || true fi echo ">>> Installing bootloader" bootctl install cat </etc/kernel/install.conf layout=uki EOF echo ">>> Creating initial UKI" KERNEL_VER=$(ls /usr/lib/modules | sort -V | tail -n1) echo ">>> Creating initial UKI for kernel $KERNEL_VER" kernel-install add "$KERNEL_VER" "/usr/lib/modules/$KERNEL_VER/vmlinuz" echo ">>> Installing firstboot service" install -Dm755 /root/install/firstboot.sh /usr/local/sbin/firstboot.sh cat <<'UNIT' >/etc/systemd/system/firstboot.service [Unit] Description=First Boot Secure Boot Setup After=network.target [Service] Type=oneshot ExecStart=/usr/local/sbin/firstboot.sh [Install] WantedBy=multi-user.target UNIT systemctl enable firstboot.service echo ">>> Base configuration done. Exit chroot and reboot."