From 2c990196c32a22699bbce3237f87b183a2ffa120 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 07:36:18 +0100 Subject: [PATCH 01/43] Update README.md --- README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4e69a0ae..4c2d3f80 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,14 @@ # arch-install -Arch Linux Installation using mdadm RAID1, LUKS encryption and btrfs +Arch Linux Installation using LUKS encryption and btrfs ## Info :information_source: | Expect errors to occur during the installation. They only matter if any of the scripts don't finish successfully. -:information_source: | This script will only work on a system with exactly 2 disks of the same size attached! - :exclamation: | Follow [these instructions](https://github.com/LeoMeinel/arch-install/blob/main/virt-manager.md) for virt-manager. -:warning: | All data on both disks will be wiped! +:warning: | All data on the disk will be wiped! ## Pre-installation @@ -20,7 +18,7 @@ Arch Linux Installation using mdadm RAID1, LUKS encryption and btrfs ```sh pacman -Sy git -git clone https://github.com/LeoMeinel/arch-install.git +git clone -b games https://github.com/LeoMeinel/arch-install.git chmod +x /root/arch-install/prepare.sh /root/arch-install/prepare.sh arch-chroot /mnt From 230bed653887148ed731c73dbdf1bc6807f27bf3 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 08:46:48 +0100 Subject: [PATCH 02/43] Modify packages - Mostly remove packages required for development and printing --- pkgs-post.txt | 4 ---- pkgs-prepare.txt | 1 - pkgs-setup.txt | 34 ---------------------------------- 3 files changed, 39 deletions(-) diff --git a/pkgs-post.txt b/pkgs-post.txt index 003d374a..639e9288 100644 --- a/pkgs-post.txt +++ b/pkgs-post.txt @@ -1,7 +1,4 @@ arc-kde -aspnet-targeting-pack-bin -dotnet-sdk-bin -freetube-bin gdlauncher-bin librewolf-bin macchina-bin @@ -15,4 +12,3 @@ vscodium-bin vscodium-bin-marketplace waterfox-g-bin xdg-ninja-git -xxd-standalone diff --git a/pkgs-prepare.txt b/pkgs-prepare.txt index 5cea3e9e..c2c14770 100644 --- a/pkgs-prepare.txt +++ b/pkgs-prepare.txt @@ -10,7 +10,6 @@ linux-lts linux-lts-headers linux-zen linux-zen-headers -mdadm mesa neovim opendoas diff --git a/pkgs-setup.txt b/pkgs-setup.txt index d7db98f5..fb1487f9 100644 --- a/pkgs-setup.txt +++ b/pkgs-setup.txt @@ -1,6 +1,5 @@ alacritty alsa-utils -android-tools apparmor arc-gtk-theme arch-audit @@ -14,46 +13,31 @@ bluez bluez-utils cantarell-fonts celluloid -cups devtools dnsmasq dolphin duf dust -edk2-ovmf efibootmgr efitools ethtool exa fd ffmpegthumbs -filezilla firejail fwupd -gimp git-delta glow -go -gradle -grex grub grub-btrfs -gutenprint gwenview htop -hunspell -hunspell-de -hunspell-en_us -hunspell-fr -hunspell-nl hwinfo hyperfine -inetutils jdk-openjdk jdk11-openjdk jdk17-openjdk jpegoptim -jq kaccounts-providers kalendar kde-cli-tools @@ -67,11 +51,6 @@ kompare krunner ksystemlog ktorrent -libreoffice-extension-texmaths -libreoffice-still -libvirt -lldb -llvm logrotate lrzip lshw @@ -79,7 +58,6 @@ lsof lzop mailcap man-db -mariadb mtools networkmanager nextcloud-client @@ -87,7 +65,6 @@ noto-fonts nss-mdns ntfs-3g okular -openbsd-netcat openssh oxipng p7zip @@ -103,33 +80,24 @@ plasma-desktop plasma-nm plasma-pa plasma-wayland-session -postgresql -postgresql-libs power-profiles-daemon powerdevil -print-manager procs python-notify2 python-pip python-psutil -qemu-desktop qt5-imageformats -quilt ripgrep -rustup sbsigntools screen sddm sddm-kcm signal-desktop -simple-scan snapper spectacle sshfs starship -system-config-printer thunderbird -tokei tpm2-tools tree ttf-nerd-fonts-symbols-2048-em-mono @@ -138,12 +106,10 @@ unrar unzip usbguard usbutils -virt-manager webp-pixbuf-loader wget wireplumber wl-clipboard xdg-dbus-proxy xdg-utils -yq zram-generator From 6d65237861b50115a5044e6a57097998f2b0a5c5 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 10:19:28 +0100 Subject: [PATCH 03/43] Modify for games --- dot-files.sh | 6 +- etc/pacman.d/hooks/99-efibackup.hook | 12 -- etc/pacman.d/hooks/scripts/99-efibackup.sh | 31 ------ post.sh | 6 +- prepare.sh | 124 +++++---------------- setup.sh | 40 ++----- sysuser.sh | 6 +- 7 files changed, 45 insertions(+), 180 deletions(-) delete mode 100644 etc/pacman.d/hooks/99-efibackup.hook delete mode 100644 etc/pacman.d/hooks/scripts/99-efibackup.sh diff --git a/dot-files.sh b/dot-files.sh index 7f443d5f..16ebaa79 100644 --- a/dot-files.sh +++ b/dot-files.sh @@ -3,7 +3,7 @@ # File: dot-files.sh # Author: Leopold Meinel (leo@meinel.dev) # ----- -# Copyright (c) 2022 Leopold Meinel & contributors +# Copyright (c) 2023 Leopold Meinel & contributors # SPDX ID: GPL-3.0-or-later # URL: https://www.gnu.org/licenses/gpl-3.0-standalone.html # ----- @@ -15,12 +15,12 @@ set -e # Set up dot-files case "$1" in setup) - git clone https://github.com/LeoMeinel/dot-files.git ~/dot-files + git clone -b games https://github.com/LeoMeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/setup.sh ~/dot-files/setup.sh ;; setup-root) - git clone https://github.com/LeoMeinel/dot-files.git ~/dot-files + git clone -b games https://github.com/LeoMeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/setup-root.sh ~/dot-files/setup-root.sh ;; diff --git a/etc/pacman.d/hooks/99-efibackup.hook b/etc/pacman.d/hooks/99-efibackup.hook deleted file mode 100644 index 958292fa..00000000 --- a/etc/pacman.d/hooks/99-efibackup.hook +++ /dev/null @@ -1,12 +0,0 @@ -[Trigger] -Operation = Install -Operation = Remove -Operation = Upgrade -Type = Path -Target = usr/lib/modules/*/vmlinuz - -[Action] -Depends = rsync -Description = Backing up /efi... -When = PostTransaction -Exec = /bin/sh -c '/etc/pacman.d/hooks/scripts/99-efibackup.sh' diff --git a/etc/pacman.d/hooks/scripts/99-efibackup.sh b/etc/pacman.d/hooks/scripts/99-efibackup.sh deleted file mode 100644 index 612be0e7..00000000 --- a/etc/pacman.d/hooks/scripts/99-efibackup.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -### -# File: 99-efibackup.sh -# Author: Leopold Meinel (leo@meinel.dev) -# ----- -# Copyright (c) 2022 Leopold Meinel & contributors -# SPDX ID: GPL-3.0-or-later -# URL: https://www.gnu.org/licenses/gpl-3.0-standalone.html -# ----- -### - -set -e -if /usr/bin/mountpoint -q /efi; then - /usr/bin/umount -AR /efi -fi -if /usr/bin/mountpoint -q /.efi.bak; then - /usr/bin/umount -AR /.efi.bak -fi -if /usr/bin/mountpoint -q /boot; then - /usr/bin/umount -AR /boot -fi -/usr/bin/mount /boot -/usr/bin/mount /efi -/usr/bin/mount /.efi.bak -/usr/bin/rsync -aq --delete --mkpath /.efi.bak/ /.efi.bak.old -/usr/bin/rsync -aq --delete --mkpath /efi/ /.efi.bak -if [ -d /.boot.bak ]; then - /usr/bin/rsync -aq --delete --mkpath /.boot.bak/ /.boot.bak.old -fi -/usr/bin/rsync -aq --delete --mkpath /boot/ /.boot.bak -/usr/bin/umount /.efi.bak diff --git a/post.sh b/post.sh index 9fd8750c..77d59094 100644 --- a/post.sh +++ b/post.sh @@ -17,11 +17,9 @@ set -e # Configure dot-files (setup) SYSUSER="" -VIRTUSER="" HOMEUSER="" GUESTUSER="" /dot-files.sh setup -doas su -lc '/dot-files.sh setup' "$VIRTUSER" doas su -lc '/dot-files.sh setup' "$HOMEUSER" doas su -lc '/dot-files.sh setup' "$GUESTUSER" doas su -lc '/dot-files.sh setup-root' root @@ -237,17 +235,15 @@ doas firecfg --clean # Configure dot-files (vscodium) /dot-files.sh vscodium -doas su -lc '/dot-files.sh vscodium' "$VIRTUSER" doas su -lc '/dot-files.sh vscodium' "$HOMEUSER" doas su -lc '/dot-files.sh vscodium' "$GUESTUSER" # Configure firejail doas sed -i 's/^code-oss$/#code-oss #arch-install/;s/^code$/#code #arch-install/;s/^codium$/#codium #arch-install/;s/^dnsmasq$/#dnsmasq #arch-install/;s/^ktorrent$/#ktorrent #arch-install/;s/^nextcloud-desktop$/#nextcloud-desktop #arch-install/;s/^nextcloud$/#nextcloud #arch-install/;s/^signal-desktop$/#signal-desktop #arch-install/;s/^spectacle$/#spectacle #arch-install/;s/^vscodium$/#vscodium #arch-install/' /etc/firejail/firecfg.config -doas firecfg --add-users root "$SYSUSER" "$VIRTUSER" "$HOMEUSER" "$GUESTUSER" +doas firecfg --add-users root "$SYSUSER" "$HOMEUSER" "$GUESTUSER" doas apparmor_parser -r /etc/apparmor.d/firejail-default doas firecfg rm -rf ~/.local/share/applications/* -doas su -c 'rm -rf ~/.local/share/applications/*' "$VIRTUSER" doas su -c 'rm -rf ~/.local/share/applications/*' "$HOMEUSER" doas su -c 'rm -rf ~/.local/share/applications/*' "$GUESTUSER" diff --git a/prepare.sh b/prepare.sh index 7b43841a..c06a9f55 100644 --- a/prepare.sh +++ b/prepare.sh @@ -3,7 +3,7 @@ # File: prepare.sh # Author: Leopold Meinel (leo@meinel.dev) # ----- -# Copyright (c) 2022 Leopold Meinel & contributors +# Copyright (c) 2023 Leopold Meinel & contributors # SPDX ID: GPL-3.0-or-later # URL: https://www.gnu.org/licenses/gpl-3.0-standalone.html # ----- @@ -19,76 +19,28 @@ set -eu mountpoint -q /mnt && umount -AR /mnt -# Detect disks -readarray -t DISKS < <(lsblk -drnpo NAME -I 259,8,254 | tr -d "[:blank:]") -DISKS_LENGTH="${#DISKS[@]}" -for ((i = 0; i < DISKS_LENGTH; i++)); do - udevadm info -q property --property=ID_BUS --value "${DISKS[$i]}" | grep -q "usb" && - { - unset 'DISKS[$i]' - continue - } - DISKS=("${DISKS[@]}") -done - -[ "${#DISKS[@]}" -ne 2 ] && - { - echo "ERROR: There are not exactly 2 disks attached!" - exit 19 - } - -SIZE1="$(lsblk -drno SIZE "${DISKS[0]}" | tr -d "[:space:]")" -SIZE2="$(lsblk -drno SIZE "${DISKS[1]}" | tr -d "[:space:]")" -if [ "$SIZE1" = "$SIZE2" ]; then - DISK1="${DISKS[0]}" - DISK2="${DISKS[1]}" +# Prompt user for disk +# I will use this on an external SSD, therefore USB volumes will be listed too +lsblk -drnpo SIZE,NAME -I 259,8,254 +read -rp "Which disk do you want to erase? (Type '/dev/sdX' fex.): " choice +if lsblk -drnpo SIZE,NAME -I 259,8,254 $choice; then + echo "Erasing $choice..." + DISK1="$choice" else - echo "ERROR: The attached disks don't have the same size!" - exit 19 -fi - -# Prompt user -read -rp "Erase $DISK1 and $DISK2? (Type 'yes' in capital letters): " choice -case "$choice" in -YES) - echo "Erasing $DISK1 and $DISK2..." - ;; -*) - echo "ERROR: User aborted erasing $DISK1 and $DISK2" + echo "ERROR: Drive not suitable for installation" exit 125 - ;; -esac +fi -# Detect & close old crypt volumes +# Detect, close & erase old crypt volumes if lsblk -rno TYPE | grep -q "crypt"; then - OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" - OLD_CRYPT_1="$(lsblk -Mrno TYPE,NAME | grep "crypt" | sed 's/crypt//' | sed -n '2p' | tr -d "[:space:]")" + OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" cryptsetup close "$OLD_CRYPT_0" - cryptsetup close "$OLD_CRYPT_1" -fi - -# Detect & erase old crypt/raid1 volumes -if lsblk -rno TYPE | grep -q "raid1"; then - DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - DISK2P2="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" - DISK2P3="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" - OLD_RAID_0="$(lsblk -Mrnpo TYPE,NAME | grep "raid1" | sed 's/raid1//' | sed -n '1p' | tr -d "[:space:]")" - OLD_RAID_1="$(lsblk -Mrnpo TYPE,NAME | grep "raid1" | sed 's/raid1//' | sed -n '2p' | tr -d "[:space:]")" - if cryptsetup isLuks "$OLD_RAID_0"; then - cryptsetup erase "$OLD_RAID_0" - fi - if cryptsetup isLuks "$OLD_RAID_1"; then - cryptsetup erase "$OLD_RAID_1" + if cryptsetup isLuks "$DISK1"; then + cryptsetup erase "$DISK1" + else + echo "ERROR: Can't erase old crypt volume" + exit 125 fi - sgdisk -Z "$OLD_RAID_0" - sgdisk -Z "$OLD_RAID_1" - mdadm --stop "$OLD_RAID_0" - mdadm --stop "$OLD_RAID_1" - mdadm --zero-superblock "$DISK1P2" - mdadm --zero-superblock "$DISK2P2" - mdadm --zero-superblock "$DISK1P3" - mdadm --zero-superblock "$DISK2P3" fi # Load $KEYMAP & set time @@ -97,42 +49,31 @@ timedatectl set-ntp true # Erase & partition disks sgdisk -Z "$DISK1" -sgdisk -Z "$DISK2" sgdisk -n 0:0:+1G -t 1:ef00 "$DISK1" -sgdisk -n 0:0:+1G -t 1:ef00 "$DISK2" -sgdisk -n 0:0:+1G -t 1:fd00 "$DISK1" -sgdisk -n 0:0:+1G -t 1:fd00 "$DISK2" -sgdisk -n 0:0:0 -t 1:fd00 "$DISK1" -sgdisk -n 0:0:0 -t 1:fd00 "$DISK2" +sgdisk -n 0:0:+1G -t 1:ef02 "$DISK1" +sgdisk -n 0:0:0 -t 1:8300 "$DISK1" # Detect partitions & set variables accordingly DISK1P1="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '1p' | tr -d "[:space:]")" DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" -DISK2P1="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '1p' | tr -d "[:space:]")" -DISK2P2="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" -DISK2P3="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" - -# Configure raid1 -mdadm --create --verbose --level=1 --metadata=1.2 --raid-devices=2 --homehost=any /dev/md/md0 "$DISK1P2" "$DISK2P2" -mdadm --create --verbose --level=1 --metadata=1.2 --raid-devices=2 --homehost=any /dev/md/md1 "$DISK1P3" "$DISK2P3" # Configure encryption +# md0_crypt & md1_crypt will be used for convenience, even tho it might be confusing ## boot -cryptsetup open --type plain -d /dev/urandom /dev/md/md0 to_be_wiped +cryptsetup open --type plain -d /dev/urandom "$DISK1P2" to_be_wiped cryptsetup close to_be_wiped -echo -e "\e[31mUS keymap will be used when booting from\e[0m /dev/md/md0" -cryptsetup -y -v -h sha512 -s 512 luksFormat --type luks1 /dev/md/md0 -cryptsetup open --type luks1 /dev/md/md0 md0_crypt +echo -e "\e[31mUS keymap will be used when booting from\e[0m $DISK1P2" +cryptsetup -y -v -h sha512 -s 512 luksFormat --type luks1 "$DISK1P2" +cryptsetup open --type luks1 "$DISK1P2" md0_crypt ## root -cryptsetup open --type plain -d /dev/urandom /dev/md/md1 to_be_wiped +cryptsetup open --type plain -d /dev/urandom "$DISK1P3" to_be_wiped cryptsetup close to_be_wiped -cryptsetup -y -v -h sha512 -s 512 luksFormat --type luks2 /dev/md/md1 -cryptsetup open --type luks2 /dev/md/md1 md1_crypt +cryptsetup -y -v -h sha512 -s 512 luksFormat --type luks2 "$DISK1P3" +cryptsetup open --type luks2 "$DISK1P3" md1_crypt # Format efi mkfs.fat -n EFI -F32 "$DISK1P1" -mkfs.fat -n EFI -F32 "$DISK2P1" # Format boot mkfs.ext4 -L BOOT /dev/mapper/md0_crypt @@ -153,7 +94,6 @@ btrfs subvolume create /mnt/@snapshots umount /mnt mount -o noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvolid=256 /dev/mapper/md1_crypt /mnt mkdir /mnt/efi -mkdir /mnt/.efi.bak mkdir /mnt/boot mkdir /mnt/var && { @@ -176,14 +116,12 @@ mount -o noexec,nodev,nosuid,noatime,space_cache=v2,compress=zstd,ssd,discard=as mount -o nodev,nosuid,noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvolid=262 /dev/mapper/md1_crypt /mnt/home mount -o noexec,nodev,nosuid,noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvolid=263 /dev/mapper/md1_crypt /mnt/.snapshots mount -o noexec,nodev,nosuid "$DISK1P1" /mnt/efi -mount -o noexec,nodev,nosuid "$DISK2P1" /mnt/.efi.bak mount -o noexec,nodev,nosuid /dev/mapper/md0_crypt /mnt/boot chmod 775 /mnt/var/games # Set SSD state to "frozen" after sleep mkdir -p /mnt/usr/lib/systemd/system-sleep DISK1UUID="$(blkid -s UUID -o value $DISK1)" -DISK2UUID="$(blkid -s UUID -o value $DISK2)" { echo 'if [ "$1" = "post" ]; then' echo ' sleep 1' @@ -192,11 +130,6 @@ DISK2UUID="$(blkid -s UUID -o value $DISK2)" echo ' else' echo ' logger "$0: SSD freeze command failed"' echo ' fi' - echo ' if hdparm --security-freeze /dev/disk/by-uuid/'"$DISK2UUID"'; then' - echo ' logger "$0: SSD freeze command executed successfully"' - echo ' else' - echo ' logger "$0: SSD freeze command failed"' - echo ' fi' echo 'fi' } >/mnt/usr/lib/systemd/system-sleep/freeze-ssd.sh chmod 744 /mnt/usr/lib/systemd/system-sleep/freeze-ssd.sh @@ -236,10 +169,9 @@ genfstab -U /mnt >>/mnt/etc/fstab echo 'tmpfs /dev/shm tmpfs rw,noexec,nodev,nosuid 0 0' echo 'tmpfs /tmp tmpfs rw,nodev,nosuid,uid=0,gid=0,mode=1700 0 0' } >>/mnt/etc/fstab -sed -i '/\/.efi.bak.*vfat/s/rw/rw,noauto/' /mnt/etc/fstab # Prepare /mnt/git/arch-install/setup.sh -git clone https://github.com/LeoMeinel/arch-install.git /mnt/git/arch-install +git clone -b games https://github.com/LeoMeinel/arch-install.git /mnt/git/arch-install chmod +x /mnt/git/arch-install/setup.sh # Remove repo diff --git a/setup.sh b/setup.sh index e08cb12f..14c88f32 100644 --- a/setup.sh +++ b/setup.sh @@ -3,7 +3,7 @@ # File: setup.sh # Author: Leopold Meinel (leo@meinel.dev) # ----- -# Copyright (c) 2022 Leopold Meinel & contributors +# Copyright (c) 2023 Leopold Meinel & contributors # SPDX ID: GPL-3.0-or-later # URL: https://www.gnu.org/licenses/gpl-3.0-standalone.html # ----- @@ -17,11 +17,10 @@ GRUBRESOLUTION="2560x1440" ## Network devices: elements ## Servers: colors ## Clients: flowers -HOSTNAME="tulip" +HOSTNAME="lilium" # https://www.rfc-editor.org/rfc/rfc8375.html DOMAIN="home.arpa" SYSUSER="systux" -VIRTUSER="virt" HOMEUSER="leo" GUESTUSER="guest" @@ -31,18 +30,14 @@ set -eu # Add groups & users sed -i 's/^SHELL=.*/SHELL=\/bin\/bash/' /etc/default/useradd groupadd -r audit -groupadd -r libvirt groupadd -r usbguard useradd -ms /bin/bash -G adm,audit,log,rfkill,sys,systemd-journal,usbguard,wheel "$SYSUSER" -useradd -ms /bin/bash -G libvirt "$VIRTUSER" useradd -ms /bin/bash "$HOMEUSER" useradd -ms /bin/bash "$GUESTUSER" echo "Enter password for root" passwd root echo "Enter password for $SYSUSER" passwd "$SYSUSER" -echo "Enter password for $VIRTUSER" -passwd "$VIRTUSER" echo "Enter password for $HOMEUSER" passwd "$HOMEUSER" echo "Enter password for $GUESTUSER" @@ -65,7 +60,6 @@ chmod 644 /etc/NetworkManager/conf.d/50-mac-random.conf echo '' echo '/usr/bin/firecfg >/dev/null 2>&1' echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $SYSUSER" - echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $VIRTUSER" echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $HOMEUSER" echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $GUESTUSER" echo '' @@ -131,6 +125,12 @@ chmod 644 /etc/systemd/system/snapper-cleanup.timer.d/override.conf chmod 644 /etc/xdg/reflector/reflector.conf sed -i 's/^#PACMAN_AUTH=.*/PACMAN_AUTH=(doas)/' /etc/makepkg.conf sed -i 's/^#Color/Color/;s/^#ParallelDownloads =.*/ParallelDownloads = 10/;s/^#CacheDir/CacheDir/' /etc/pacman.conf +{ + echo "" + echo "# Custom" + echo "[multilib]" + echo "Include = /etc/pacman.d/mirrorlist" +} pacman-key --init ## Update mirrors reflector --save /etc/pacman.d/mirrorlist --country $MIRRORCOUNTRIES --protocol https --latest 20 --sort rate @@ -141,7 +141,7 @@ pacman -Syu --noprogressbar --noconfirm --needed - >/etc/ssh/sshd_config ## Configure /etc/xdg/user-dirs.defaults sed -i 's/^TEMPLATES=.*/TEMPLATES=Documents\/Templates/;s/^PUBLICSHARE=.*/PUBLICSHARE=Documents\/Public/;s/^DESKTOP=.*/DESKTOP=Desktop/;s/^MUSIC=.*/MUSIC=Documents\/Music/;s/^PICTURES=.*/PICTURES=Documents\/Pictures/;s/^VIDEOS=.*/VIDEOS=Documents\/Videos/' /etc/xdg/user-dirs.defaults -## Configure /etc/mdadm.conf -mdadm --detail --scan >>/etc/mdadm.conf ## Configure /etc/usbguard/usbguard-daemon.conf & /etc/usbguard/rules.conf usbguard generate-policy >/etc/usbguard/rules.conf usbguard add-user -g usbguard --devices=modify,list,listen --policy=list --exceptions=listen @@ -212,7 +210,7 @@ cryptsetup -v luksAddKey /dev/disk/by-uuid/"$MD0UUID" /etc/luks/keys/md0_crypt.k ## Configure /etc/bluetooth/main.conf sed -i 's/^#AutoEnable=.*/AutoEnable=true/' /etc/bluetooth/main.conf ## Configure /etc/mkinitcpio.conf -sed -i 's/^FILES=.*/FILES=(\/etc\/luks\/keys\/md0_crypt.key)/;s/^MODULES=.*/MODULES=(btrfs)/;s/^HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block mdadm_udev encrypt filesystems fsck)/' /etc/mkinitcpio.conf +sed -i 's/^FILES=.*/FILES=(\/etc\/luks\/keys\/md0_crypt.key)/;s/^MODULES=.*/MODULES=(btrfs)/;s/^HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)/' /etc/mkinitcpio.conf ### If on nvidia enable kernel modules: nvidia nvidia_modeset nvidia_uvm nvidia_drm pacman -Qq "nvidia-dkms" && sed -i '/^MODULES=.*/s/)$/ nvidia nvidia_modeset nvidia_uvm nvidia_drm)/' /etc/mkinitcpio.conf @@ -254,23 +252,15 @@ chmod 755 /usr/local/bin/vim umount /.snapshots rm -rf /.snapshots cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/root -cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/var_lib_libvirt -cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/var_lib_mysql cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/var_log cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/home sed -i 's/^ALLOW_GROUPS=.*/ALLOW_GROUPS="wheel"/;s/^SPACE_LIMIT=.*/SPACE_LIMIT="0.2"/;s/^NUMBER_LIMIT=.*/NUMBER_LIMIT="5"/;s/^NUMBER_LIMIT_IMPORTANT=.*/NUMBER_LIMIT_IMPORTANT="5"/;s/^TIMELINE_CREATE=.*/TIMELINE_CREATE="yes"/;s/^TIMELINE_CLEANUP=.*/TIMELINE_CLEANUP="yes"/;s/^TIMELINE_LIMIT_HOURLY=.*/TIMELINE_LIMIT_HOURLY="1"/;s/^TIMELINE_LIMIT_DAILY=.*/TIMELINE_LIMIT_DAILY="3"/;s/^TIMELINE_LIMIT_MONTHLY=.*/TIMELINE_LIMIT_MONTHLY="0"/;s/^TIMELINE_LIMIT_YEARLY=.*/TIMELINE_LIMIT_YEARLY="0"/' /usr/share/snapper/config-templates/root -sed -i 's/^ALLOW_GROUPS=.*/ALLOW_GROUPS="wheel"/;s/^SPACE_LIMIT=.*/SPACE_LIMIT="0.05"/;s/^NUMBER_LIMIT=.*/NUMBER_LIMIT="5"/;s/^NUMBER_LIMIT_IMPORTANT=.*/NUMBER_LIMIT_IMPORTANT="5"/;s/^TIMELINE_CREATE=.*/TIMELINE_CREATE="yes"/;s/^TIMELINE_CLEANUP=.*/TIMELINE_CLEANUP="yes"/;s/^TIMELINE_LIMIT_HOURLY=.*/TIMELINE_LIMIT_HOURLY="1"/;s/^TIMELINE_LIMIT_DAILY=.*/TIMELINE_LIMIT_DAILY="1"/;s/^TIMELINE_LIMIT_MONTHLY=.*/TIMELINE_LIMIT_MONTHLY="0"/;s/^TIMELINE_LIMIT_YEARLY=.*/TIMELINE_LIMIT_YEARLY="0"/' /usr/share/snapper/config-templates/var_lib_libvirt -sed -i 's/^ALLOW_GROUPS=.*/ALLOW_GROUPS="wheel"/;s/^SPACE_LIMIT=.*/SPACE_LIMIT="0.2"/;s/^NUMBER_LIMIT=.*/NUMBER_LIMIT="5"/;s/^NUMBER_LIMIT_IMPORTANT=.*/NUMBER_LIMIT_IMPORTANT="5"/;s/^TIMELINE_CREATE=.*/TIMELINE_CREATE="yes"/;s/^TIMELINE_CLEANUP=.*/TIMELINE_CLEANUP="yes"/;s/^TIMELINE_LIMIT_HOURLY=.*/TIMELINE_LIMIT_HOURLY="3"/;s/^TIMELINE_LIMIT_DAILY=.*/TIMELINE_LIMIT_DAILY="2"/;s/^TIMELINE_LIMIT_MONTHLY=.*/TIMELINE_LIMIT_MONTHLY="0"/;s/^TIMELINE_LIMIT_YEARLY=.*/TIMELINE_LIMIT_YEARLY="0"/' /usr/share/snapper/config-templates/var_lib_mysql sed -i 's/^ALLOW_GROUPS=.*/ALLOW_GROUPS="wheel"/;s/^SPACE_LIMIT=.*/SPACE_LIMIT="0.02"/;s/^NUMBER_LIMIT=.*/NUMBER_LIMIT="5"/;s/^NUMBER_LIMIT_IMPORTANT=.*/NUMBER_LIMIT_IMPORTANT="5"/;s/^TIMELINE_CREATE=.*/TIMELINE_CREATE="yes"/;s/^TIMELINE_CLEANUP=.*/TIMELINE_CLEANUP="yes"/;s/^TIMELINE_LIMIT_HOURLY=.*/TIMELINE_LIMIT_HOURLY="1"/;s/^TIMELINE_LIMIT_DAILY=.*/TIMELINE_LIMIT_DAILY="1"/;s/^TIMELINE_LIMIT_MONTHLY=.*/TIMELINE_LIMIT_MONTHLY="0"/;s/^TIMELINE_LIMIT_YEARLY=.*/TIMELINE_LIMIT_YEARLY="0"/' /usr/share/snapper/config-templates/var_log sed -i 's/^ALLOW_GROUPS=.*/ALLOW_GROUPS="wheel"/;s/^SPACE_LIMIT=.*/SPACE_LIMIT="0.2"/;s/^NUMBER_LIMIT=.*/NUMBER_LIMIT="5"/;s/^NUMBER_LIMIT_IMPORTANT=.*/NUMBER_LIMIT_IMPORTANT="5"/;s/^TIMELINE_CREATE=.*/TIMELINE_CREATE="yes"/;s/^TIMELINE_CLEANUP=.*/TIMELINE_CLEANUP="yes"/;s/^TIMELINE_LIMIT_HOURLY=.*/TIMELINE_LIMIT_HOURLY="3"/;s/^TIMELINE_LIMIT_DAILY=.*/TIMELINE_LIMIT_DAILY="3"/;s/^TIMELINE_LIMIT_MONTHLY=.*/TIMELINE_LIMIT_MONTHLY="0"/;s/^TIMELINE_LIMIT_YEARLY=.*/TIMELINE_LIMIT_YEARLY="0"/' /usr/share/snapper/config-templates/home chmod 644 /usr/share/snapper/config-templates/root -chmod 644 /usr/share/snapper/config-templates/var_lib_libvirt -chmod 644 /usr/share/snapper/config-templates/var_lib_mysql chmod 644 /usr/share/snapper/config-templates/var_log chmod 644 /usr/share/snapper/config-templates/home snapper --no-dbus -c root create-config -t root / -snapper --no-dbus -c var_lib_libvirt create-config -t var_lib_libvirt /var/lib/libvirt -snapper --no-dbus -c var_lib_mysql create-config -t var_lib_mysql /var/lib/mysql snapper --no-dbus -c var_log create-config -t var_log /var/log snapper --no-dbus -c home create-config -t home /home btrfs subvolume delete /.snapshots @@ -279,12 +269,6 @@ mount -a chmod 750 /.snapshots chmod a+rx /.snapshots chown :wheel /.snapshots -chmod 750 /var/lib/libvirt/.snapshots -chmod a+rx /var/lib/libvirt/.snapshots -chown :wheel /var/lib/libvirt/.snapshots -chmod 750 /var/lib/mysql/.snapshots -chmod a+rx /var/lib/mysql/.snapshots -chown :wheel /var/lib/mysql/.snapshots chmod 750 /var/log/.snapshots chmod a+rx /var/log/.snapshots chown :wheel /var/log/.snapshots @@ -316,12 +300,8 @@ pacman -Qq "avahi" && systemctl enable avahi-daemon pacman -Qq "bluez" && systemctl enable bluetooth -pacman -Qq "cups" && - systemctl enable cups.service pacman -Qq "util-linux" && systemctl enable fstrim.timer -pacman -Qq "libvirt" && - systemctl enable libvirtd pacman -Qq "networkmanager" && systemctl enable NetworkManager pacman -Qq "power-profiles-daemon" && diff --git a/sysuser.sh b/sysuser.sh index 18f5014c..318fb826 100644 --- a/sysuser.sh +++ b/sysuser.sh @@ -3,7 +3,7 @@ # File: sysuser.sh # Author: Leopold Meinel (leo@meinel.dev) # ----- -# Copyright (c) 2022 Leopold Meinel & contributors +# Copyright (c) 2023 Leopold Meinel & contributors # SPDX ID: GPL-3.0-or-later # URL: https://www.gnu.org/licenses/gpl-3.0-standalone.html # ----- @@ -26,10 +26,10 @@ mkdir -p ~/.config/autostart } >~/.config/autostart/apparmor-notify.desktop # Set up post.sh -git clone https://github.com/LeoMeinel/arch-install.git ~/git/arch-install +git clone -b games https://github.com/LeoMeinel/arch-install.git ~/git/arch-install cp ~/git/arch-install/pkgs-post.txt ~/ cp ~/git/arch-install/post.sh ~/ -sed -i 's//'"$1"'/;s//'"$2"'/;s//'"$3"'/;s//'"$4"'/' ~/post.sh +sed -i 's//'"$1"'/;s//'"$2"'/;s//'"$3"'/' ~/post.sh chmod +x ~/post.sh # Remove repo From b2279bea5016c9f7ca4c41374d49b38f79abfcfa Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 10:32:05 +0100 Subject: [PATCH 04/43] Modify packages - Add lib32-mesa, steam & ttf-liberation - Add lib32-nvidia-utils on nvidia --- pkgs-setup.txt | 3 +++ prepare.sh | 1 + 2 files changed, 4 insertions(+) diff --git a/pkgs-setup.txt b/pkgs-setup.txt index fb1487f9..dc728527 100644 --- a/pkgs-setup.txt +++ b/pkgs-setup.txt @@ -51,6 +51,7 @@ kompare krunner ksystemlog ktorrent +lib32-mesa logrotate lrzip lshw @@ -97,9 +98,11 @@ snapper spectacle sshfs starship +steam thunderbird tpm2-tools tree +ttf-liberation ttf-nerd-fonts-symbols-2048-em-mono unarchiver unrar diff --git a/prepare.sh b/prepare.sh index c06a9f55..f4ce1014 100644 --- a/prepare.sh +++ b/prepare.sh @@ -146,6 +146,7 @@ lshw -C display | grep "vendor:" | grep -q "NVIDIA Corporation" && { echo "egl-wayland" echo "nvidia-dkms" + echo "lib32-nvidia-utils" } >>/root/arch-install/pkgs-prepare.txt lshw -C display | grep "vendor:" | grep -q "Advanced Micro Devices, Inc." && { From 9f4db475b8a1962ace8eb79983bb899d26318caa Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 10:53:08 +0100 Subject: [PATCH 05/43] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4c2d3f80..8d23e028 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ # arch-install -Arch Linux Installation using LUKS encryption and btrfs +Arch Linux Installation using LUKS encryption and btrfs. + +Meant for systems that mainly run steam and other games. ## Info From 5666bfe38b9fa959d5c61f329c693c45c05a15cc Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 11:03:31 +0100 Subject: [PATCH 06/43] Match games instead of main --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5a8ef106..7ed4ce56 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Arch Linux Installation using mdadm RAID1, LUKS encryption and btrfs -Meant for general purpose systems. +Meant for systems that mainly run steam and other games. ## Info From 0c4f23e7ce67033ca2e4af662f6e9152ef295416 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 11:07:01 +0100 Subject: [PATCH 07/43] Remove duplicate line --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index bdcf642a..8d23e028 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ Arch Linux Installation using LUKS encryption and btrfs. Meant for systems that mainly run steam and other games. -Meant for systems that mainly run steam and other games. - ## Info :information_source: | Expect errors to occur during the installation. They only matter if any of the scripts don't finish successfully. From 5038709d1a750ffe54e09effc42924f8e1ca5351 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 11:36:06 +0100 Subject: [PATCH 08/43] Fix erase old crypt volumes --- prepare.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/prepare.sh b/prepare.sh index f4ce1014..08acfb37 100644 --- a/prepare.sh +++ b/prepare.sh @@ -34,9 +34,16 @@ fi # Detect, close & erase old crypt volumes if lsblk -rno TYPE | grep -q "crypt"; then OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" + OLD_CRYPT_1="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '2p' | tr -d "[:space:]")" cryptsetup close "$OLD_CRYPT_0" - if cryptsetup isLuks "$DISK1"; then - cryptsetup erase "$DISK1" + if cryptsetup isLuks "$OLD_CRYPT_0"; then + cryptsetup erase "$OLD_CRYPT_0" + else + echo "ERROR: Can't erase old crypt volume" + exit 125 + fi + if cryptsetup isLuks "$OLD_CRYPT_1"; then + cryptsetup erase "$OLD_CRYPT_1" else echo "ERROR: Can't erase old crypt volume" exit 125 From 01215824e1ea9a706858217c79fe1819a0ca38d7 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 11:47:26 +0100 Subject: [PATCH 09/43] Use DISK1PX from main - The syntax is confusing and doesn't necessarily make sense, but it is pretty close to main and therefore preferrable --- prepare.sh | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/prepare.sh b/prepare.sh index 08acfb37..8a494096 100644 --- a/prepare.sh +++ b/prepare.sh @@ -31,23 +31,28 @@ else exit 125 fi -# Detect, close & erase old crypt volumes +# Detect & close old crypt volumes if lsblk -rno TYPE | grep -q "crypt"; then OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" OLD_CRYPT_1="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '2p' | tr -d "[:space:]")" cryptsetup close "$OLD_CRYPT_0" - if cryptsetup isLuks "$OLD_CRYPT_0"; then - cryptsetup erase "$OLD_CRYPT_0" - else - echo "ERROR: Can't erase old crypt volume" - exit 125 - fi - if cryptsetup isLuks "$OLD_CRYPT_1"; then - cryptsetup erase "$OLD_CRYPT_1" - else - echo "ERROR: Can't erase old crypt volume" - exit 125 - fi + cryptsetup close "$OLD_CRYPT_1" +fi + +# Detect & erase old crypt volumes +DISK1P2="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" +if cryptsetup isLuks "$DISK1P2"; then + cryptsetup erase "$DISK1P2" +else + echo "ERROR: Can't erase old crypt volume" + exit 125 +fi +DISK1P3="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" +if cryptsetup isLuks "$DISK1P3"; then + cryptsetup erase "$DISK1P3" +else + echo "ERROR: Can't erase old crypt volume" + exit 125 fi # Load $KEYMAP & set time From 9c241e71f4eddff2cac6b857c2f319a822c94683 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 11:49:56 +0100 Subject: [PATCH 10/43] Erase crypto_LUKS superblock signature --- prepare.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/prepare.sh b/prepare.sh index 8a494096..c8014a99 100644 --- a/prepare.sh +++ b/prepare.sh @@ -43,6 +43,7 @@ fi DISK1P2="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" if cryptsetup isLuks "$DISK1P2"; then cryptsetup erase "$DISK1P2" + sgdisk -Z "$DISK1P2" else echo "ERROR: Can't erase old crypt volume" exit 125 @@ -50,6 +51,7 @@ fi DISK1P3="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" if cryptsetup isLuks "$DISK1P3"; then cryptsetup erase "$DISK1P3" + sgdisk -Z "$DISK1P3" else echo "ERROR: Can't erase old crypt volume" exit 125 From 6c50e0df181407eef8f734e71ad2de67a6f5826c Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 11:56:25 +0100 Subject: [PATCH 11/43] Fix adding multilib --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index 14c88f32..86c91bf8 100644 --- a/setup.sh +++ b/setup.sh @@ -130,7 +130,7 @@ sed -i 's/^#Color/Color/;s/^#ParallelDownloads =.*/ParallelDownloads = 10/;s/^#C echo "# Custom" echo "[multilib]" echo "Include = /etc/pacman.d/mirrorlist" -} +} >>/etc/pacman.conf pacman-key --init ## Update mirrors reflector --save /etc/pacman.d/mirrorlist --country $MIRRORCOUNTRIES --protocol https --latest 20 --sort rate From 95b521909816302cddce614b742a98e4fa4a4198 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 12:05:57 +0100 Subject: [PATCH 12/43] Add multilib to installation image --- prepare.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/prepare.sh b/prepare.sh index c8014a99..e2860ea1 100644 --- a/prepare.sh +++ b/prepare.sh @@ -150,6 +150,12 @@ chmod 744 /mnt/usr/lib/systemd/system-sleep/freeze-ssd.sh # Install packages sed -i 's/^#Color/Color/;s/^#ParallelDownloads =.*/ParallelDownloads = 10/;s/^#NoProgressBar/NoProgressBar/' /etc/pacman.conf +{ + echo "" + echo "# Custom" + echo "[multilib]" + echo "Include = /etc/pacman.d/mirrorlist" +} >>/etc/pacman.conf reflector --save /etc/pacman.d/mirrorlist --country $MIRRORCOUNTRIES --protocol https --latest 20 --sort rate pacman -Sy --noprogressbar --noconfirm archlinux-keyring lshw lscpu | grep "Vendor ID:" | grep -q "GenuineIntel" && From 99a5fd3147155e41452457ea5da901c2fe64d30b Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 12:06:47 +0100 Subject: [PATCH 13/43] Modify packages - Move lib32-mesa to pkgs-prepare.txt --- pkgs-setup.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs-setup.txt b/pkgs-setup.txt index dc728527..6459d608 100644 --- a/pkgs-setup.txt +++ b/pkgs-setup.txt @@ -51,7 +51,6 @@ kompare krunner ksystemlog ktorrent -lib32-mesa logrotate lrzip lshw From e1fa60ef603bc3aa478bae99a0447ddd58607f64 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 12:07:30 +0100 Subject: [PATCH 14/43] Modify packages - Move lib32-mesa to pkgs-prepare.txt --- pkgs-prepare.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs-prepare.txt b/pkgs-prepare.txt index c2c14770..c1d18683 100644 --- a/pkgs-prepare.txt +++ b/pkgs-prepare.txt @@ -3,6 +3,7 @@ base-devel btrfs-progs git iptables +lib32-mesa linux linux-firmware linux-headers From 727f0d4984ea511ffe424fcb5d1b16496c06a582 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 13:15:53 +0100 Subject: [PATCH 15/43] USE DISK1PX instead of /dev/md/mdX --- setup.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setup.sh b/setup.sh index 86c91bf8..3025299e 100644 --- a/setup.sh +++ b/setup.sh @@ -147,8 +147,11 @@ chmod 777 /dot-files.sh # Configure /etc ## Configure /etc/crypttab -MD0UUID="$(blkid -s UUID -o value /dev/md/md0)" -MD1UUID="$(blkid -s UUID -o value /dev/md/md1)" +DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]" )" +DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" +DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" +MD0UUID="$(blkid -s UUID -o value $DISK1P2)" +MD1UUID="$(blkid -s UUID -o value $DISK1P3)" { echo "md0_crypt UUID=$MD0UUID /etc/luks/keys/md0_crypt.key luks,key-slot=1" echo "md1_crypt UUID=$MD1UUID none luks,key-slot=0" From eed22fcbd1671637ed35e03953544d40141c2d91 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 13:18:24 +0100 Subject: [PATCH 16/43] Remove space --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index 3025299e..f26548bb 100644 --- a/setup.sh +++ b/setup.sh @@ -147,7 +147,7 @@ chmod 777 /dot-files.sh # Configure /etc ## Configure /etc/crypttab -DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]" )" +DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]")" DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" MD0UUID="$(blkid -s UUID -o value $DISK1P2)" From 9d6af6a0fda6a08919ff6e174eb8b8d1b1b0d1e2 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 22 Jan 2023 14:02:05 +0100 Subject: [PATCH 17/43] Fix prompt --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index f26548bb..879e7c24 100644 --- a/setup.sh +++ b/setup.sh @@ -208,7 +208,7 @@ sed -i 's/^hosts: mymachines/hosts: mymachines mdns_minimal [NOTFOUND=return]/' mkdir -p /etc/luks/keys dd bs=1024 count=4 if=/dev/urandom of=/etc/luks/keys/md0_crypt.key iflag=fullblock chmod 000 /etc/luks/keys/md0_crypt.key -echo "Enter passphrase for /dev/md/md0" +echo "Enter passphrase for $DISK1" cryptsetup -v luksAddKey /dev/disk/by-uuid/"$MD0UUID" /etc/luks/keys/md0_crypt.key ## Configure /etc/bluetooth/main.conf sed -i 's/^#AutoEnable=.*/AutoEnable=true/' /etc/bluetooth/main.conf From 1ccbe2a449b00fbad05e6e2ad28879170422fc18 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Mon, 23 Jan 2023 03:18:49 +0100 Subject: [PATCH 18/43] Reorder erasure of crypt volumes - This should prevent potential misdetection and unnecessary errors --- prepare.sh | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/prepare.sh b/prepare.sh index e2860ea1..f734fa16 100644 --- a/prepare.sh +++ b/prepare.sh @@ -20,7 +20,7 @@ mountpoint -q /mnt && umount -AR /mnt # Prompt user for disk -# I will use this on an external SSD, therefore USB volumes will be listed too +# I will use this on an external SSD, therefore USB volumes will be valid lsblk -drnpo SIZE,NAME -I 259,8,254 read -rp "Which disk do you want to erase? (Type '/dev/sdX' fex.): " choice if lsblk -drnpo SIZE,NAME -I 259,8,254 $choice; then @@ -31,30 +31,30 @@ else exit 125 fi -# Detect & close old crypt volumes -if lsblk -rno TYPE | grep -q "crypt"; then +# Detect, close & erase old crypt volumes +if lsblk -rno TYPE "$DISK1" | grep -q "crypt"; then OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" OLD_CRYPT_1="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '2p' | tr -d "[:space:]")" + OLD_DISK1P2="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" + OLD_DISK1P3="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" + ## Close old crypt volumes cryptsetup close "$OLD_CRYPT_0" cryptsetup close "$OLD_CRYPT_1" -fi - -# Detect & erase old crypt volumes -DISK1P2="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" -if cryptsetup isLuks "$DISK1P2"; then - cryptsetup erase "$DISK1P2" - sgdisk -Z "$DISK1P2" -else - echo "ERROR: Can't erase old crypt volume" - exit 125 -fi -DISK1P3="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" -if cryptsetup isLuks "$DISK1P3"; then - cryptsetup erase "$DISK1P3" - sgdisk -Z "$DISK1P3" -else - echo "ERROR: Can't erase old crypt volume" - exit 125 + ## Erase old crypt volumes + if cryptsetup isLuks "$OLD_DISK1P2"; then + cryptsetup erase "$OLD_DISK1P2" + sgdisk -Z "$OLD_DISK1P2" + else + echo "ERROR: Can't erase old crypt volume" + exit 125 + fi + if cryptsetup isLuks "$OLD_DISK1P3"; then + cryptsetup erase "$OLD_DISK1P3" + sgdisk -Z "$OLD_DISK1P3" + else + echo "ERROR: Can't erase old crypt volume" + exit 125 + fi fi # Load $KEYMAP & set time From 9c7f2f51794b3e5241e19434f1eef66a6920ba06 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Mon, 23 Jan 2023 03:51:40 +0100 Subject: [PATCH 19/43] Use games branch for vm instructions --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8d23e028..f5a1752b 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Meant for systems that mainly run steam and other games. :information_source: | Expect errors to occur during the installation. They only matter if any of the scripts don't finish successfully. -:exclamation: | Follow [these instructions](https://github.com/LeoMeinel/arch-install/blob/main/virt-manager.md) for virt-manager. +:exclamation: | Follow [these instructions](https://github.com/LeoMeinel/arch-install/blob/games/virt-manager.md) for virt-manager. :warning: | All data on the disk will be wiped! From 57df3adc1ef77a4b3010bbdf1784bd04603cfd8d Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Mon, 23 Jan 2023 03:59:05 +0100 Subject: [PATCH 20/43] Use games branch for vscodium --- dot-files.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dot-files.sh b/dot-files.sh index daeebcef..668e3c4a 100644 --- a/dot-files.sh +++ b/dot-files.sh @@ -25,7 +25,7 @@ setup-root) ~/dot-files/setup-root.sh ;; vscodium) - git clone https://github.com/LeoMeinel/dot-files.git ~/dot-files + git clone -b games https://github.com/LeoMeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/exts-code.sh ~/dot-files/exts-code.sh ;; From 114145ce4e2253691523141e1ba67178f794dc68 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Thu, 26 Jan 2023 07:01:53 +0100 Subject: [PATCH 21/43] Readd snapper configs - This is meant to provide convenient addition of mysql and libvirt to the user - The subvolumes exist anyways for the same reason so this makes sense --- setup.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/setup.sh b/setup.sh index 2e47aa2e..9abd9997 100644 --- a/setup.sh +++ b/setup.sh @@ -396,6 +396,8 @@ chmod 755 /usr/local/bin/vim umount /.snapshots rm -rf /.snapshots cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/root +cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/var_lib_libvirt +cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/var_lib_mysql cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/var_log cp /usr/share/snapper/config-templates/default /usr/share/snapper/config-templates/home ### START sed @@ -521,9 +523,13 @@ grep -q "$STRING9" "$FILE" && sed -i "s/$STRING9/TIMELINE_LIMIT_YEARLY=\"0\"/" "$FILE" ### END sed chmod 644 /usr/share/snapper/config-templates/root +chmod 644 /usr/share/snapper/config-templates/var_lib_libvirt +chmod 644 /usr/share/snapper/config-templates/var_lib_mysql chmod 644 /usr/share/snapper/config-templates/var_log chmod 644 /usr/share/snapper/config-templates/home snapper --no-dbus -c root create-config -t root / +snapper --no-dbus -c var_lib_libvirt create-config -t var_lib_libvirt /var/lib/libvirt +snapper --no-dbus -c var_lib_mysql create-config -t var_lib_mysql /var/lib/mysql snapper --no-dbus -c var_log create-config -t var_log /var/log snapper --no-dbus -c home create-config -t home /home btrfs subvolume delete /.snapshots @@ -532,6 +538,12 @@ mount -a chmod 750 /.snapshots chmod a+rx /.snapshots chown :wheel /.snapshots +chmod 750 /var/lib/libvirt/.snapshots +chmod a+rx /var/lib/libvirt/.snapshots +chown :wheel /var/lib/libvirt/.snapshots +chmod 750 /var/lib/mysql/.snapshots +chmod a+rx /var/lib/mysql/.snapshots +chown :wheel /var/lib/mysql/.snapshots chmod 750 /var/log/.snapshots chmod a+rx /var/log/.snapshots chown :wheel /var/log/.snapshots From 61f3c7251d90e8876861c9293714558b02b6b36a Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 27 Jan 2023 03:49:47 +0100 Subject: [PATCH 22/43] Fix newline --- setup.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/setup.sh b/setup.sh index 6781cc82..6d7b3b6c 100644 --- a/setup.sh +++ b/setup.sh @@ -237,7 +237,6 @@ chmod 644 /etc/cryptboot.conf echo "PermitRootLogin no" } >>/etc/ssh/sshd_config ## Configure /etc/xdg/user-dirs.defaults - ### START sed FILE=/etc/xdg/user-dirs.defaults STRING="^TEMPLATES=.*" From ad4768348c81c2e000d81603f0a78a73951c0154 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 27 Jan 2023 05:27:08 +0100 Subject: [PATCH 23/43] Display correct partition --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index 6d7b3b6c..adaf9718 100644 --- a/setup.sh +++ b/setup.sh @@ -297,7 +297,7 @@ sed -i "s/$STRING/hosts: mymachines mdns_minimal [NOTFOUND=return]/" "$FILE" mkdir -p /etc/luks/keys dd bs=1024 count=4 if=/dev/urandom of=/etc/luks/keys/md0_crypt.key iflag=fullblock chmod 000 /etc/luks/keys/md0_crypt.key -echo "Enter passphrase for $DISK1" +echo "Enter passphrase for $DISK1P2" cryptsetup -v luksAddKey /dev/disk/by-uuid/"$MD0UUID" /etc/luks/keys/md0_crypt.key ## Configure /etc/bluetooth/main.conf ### START sed From f6c81c72e1e4c2771ef928cffc444b7d0e80f3bd Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 3 Feb 2023 21:26:07 +0100 Subject: [PATCH 24/43] Use bootloader-id grub-arch-games --- post.sh | 2 +- setup.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/post.sh b/post.sh index f86b2aee..12b817ee 100644 --- a/post.sh +++ b/post.sh @@ -378,7 +378,7 @@ pacman -Qq "usbguard-notifier" && # Setup /boot & /efi doas mkinitcpio -P -doas grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-main" +doas grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" doas grub-mkconfig -o /boot/grub/grub.cfg # Remove repo diff --git a/setup.sh b/setup.sh index 6e54be9b..d7420e97 100644 --- a/setup.sh +++ b/setup.sh @@ -232,7 +232,7 @@ chmod 644 /etc/cryptboot.conf FILE=/etc/cryptboot.conf STRING="^EFI_ID_GRUB=.*" grep -q "$STRING" "$FILE" || sed_exit -sed -i "s|$STRING|EFI_ID_GRUB=\"grub-arch-main\"|" "$FILE" +sed -i "s|$STRING|EFI_ID_GRUB=\"grub-arch-games\"|" "$FILE" ### END sed ## Configure /etc/ssh/sshd_config { @@ -597,7 +597,7 @@ pacman -Qq "usbguard" && # Setup /boot & /efi mkinitcpio -P -grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-main" +grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" grub-mkconfig -o /boot/grub/grub.cfg # Enable systemd services later that cause problems with `grub-install` From be2e843747dda72fbabd295d7e25a6cb4942d374 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 3 Feb 2023 21:53:49 +0100 Subject: [PATCH 25/43] Use --removable for grub-install if installing on USB - Fixes #114 --- post.sh | 7 ++++++- setup.sh | 8 ++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/post.sh b/post.sh index 12b817ee..9f8cfde8 100644 --- a/post.sh +++ b/post.sh @@ -378,7 +378,12 @@ pacman -Qq "usbguard-notifier" && # Setup /boot & /efi doas mkinitcpio -P -doas grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" +DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /boot) | tr -d "[:space:]")" +if udevadm info -q property --property=ID_BUS --value "$DISK1" | grep -q "usb"; then + doas grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" --removable +else + doas grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" +fi doas grub-mkconfig -o /boot/grub/grub.cfg # Remove repo diff --git a/setup.sh b/setup.sh index d7420e97..d5bc97ee 100644 --- a/setup.sh +++ b/setup.sh @@ -196,7 +196,7 @@ chmod 777 /dot-files.sh # Configure /etc ## Configure /etc/crypttab -DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]")" +DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /boot) | tr -d "[:space:]")" DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" MD0UUID="$(blkid -s UUID -o value $DISK1P2)" @@ -597,7 +597,11 @@ pacman -Qq "usbguard" && # Setup /boot & /efi mkinitcpio -P -grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" +if udevadm info -q property --property=ID_BUS --value "$DISK1" | grep -q "usb"; then + grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" --removable +else + grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" +fi grub-mkconfig -o /boot/grub/grub.cfg # Enable systemd services later that cause problems with `grub-install` From 5b719286e416ae1a060edc69381e0ed7b4cc3887 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 3 Feb 2023 22:50:40 +0100 Subject: [PATCH 26/43] Use/efi for determining DISK1 --- post.sh | 2 +- setup.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/post.sh b/post.sh index 9f8cfde8..7055a3b8 100644 --- a/post.sh +++ b/post.sh @@ -378,7 +378,7 @@ pacman -Qq "usbguard-notifier" && # Setup /boot & /efi doas mkinitcpio -P -DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /boot) | tr -d "[:space:]")" +DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]")" if udevadm info -q property --property=ID_BUS --value "$DISK1" | grep -q "usb"; then doas grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id="grub-arch-games" --removable else diff --git a/setup.sh b/setup.sh index d5bc97ee..7535f718 100644 --- a/setup.sh +++ b/setup.sh @@ -196,7 +196,7 @@ chmod 777 /dot-files.sh # Configure /etc ## Configure /etc/crypttab -DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /boot) | tr -d "[:space:]")" +DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]")" DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" MD0UUID="$(blkid -s UUID -o value $DISK1P2)" From 1b33145eec9458adc7c4151fc8d1169d632ed95b Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sat, 4 Feb 2023 12:54:07 +0100 Subject: [PATCH 27/43] Modify packages - Remove libreoffice-extension-languagetool --- pkgs-post.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs-post.txt b/pkgs-post.txt index ff5400f7..003d374a 100644 --- a/pkgs-post.txt +++ b/pkgs-post.txt @@ -3,7 +3,6 @@ aspnet-targeting-pack-bin dotnet-sdk-bin freetube-bin gdlauncher-bin -libreoffice-extension-languagetool librewolf-bin macchina-bin papirus-icon-theme-stripped From e12cd38858235c69f5af9f6e2e49815a0a5f60c3 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sun, 12 Feb 2023 18:44:30 +0100 Subject: [PATCH 28/43] Use exit code 1 --- prepare.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prepare.sh b/prepare.sh index f783bbe4..680a571a 100644 --- a/prepare.sh +++ b/prepare.sh @@ -35,7 +35,7 @@ if lsblk -drnpo SIZE,NAME -I 259,8,254 $choice; then DISK1="$choice" else echo "ERROR: Drive not suitable for installation" - exit 125 + exit 1 fi # Detect, close & erase old crypt volumes @@ -53,14 +53,14 @@ if lsblk -rno TYPE "$DISK1" | grep -q "crypt"; then sgdisk -Z "$OLD_DISK1P2" else echo "ERROR: Can't erase old crypt volume" - exit 125 + exit 1 fi if cryptsetup isLuks "$OLD_DISK1P3"; then cryptsetup erase "$OLD_DISK1P3" sgdisk -Z "$OLD_DISK1P3" else echo "ERROR: Can't erase old crypt volume" - exit 125 + exit 1 fi fi From 8d581952fa049676ac1d17be5857b920ee0e0b0f Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Sat, 25 Feb 2023 19:29:33 +0100 Subject: [PATCH 29/43] Merge commit Remove changes by main --- pkgs-setup.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs-setup.txt b/pkgs-setup.txt index b1f21862..0e46b95f 100644 --- a/pkgs-setup.txt +++ b/pkgs-setup.txt @@ -99,7 +99,6 @@ p7zip pacman-contrib pam-u2f pdftk -perl-image-exiftool perl-rename pipewire pipewire-alsa From fb72270da49fa754c3920ab23aed08d8bfd8acf9 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Wed, 19 Apr 2023 20:37:10 +0200 Subject: [PATCH 30/43] Merge remote-tracking branch 'origin/games' into temp-0 --- README.md | 12 +-- dot-files.sh | 6 +- etc/pacman.d/hooks/99-efibackup.hook | 12 --- etc/pacman.d/hooks/scripts/99-efibackup.sh | 23 ----- pkgs-post.txt | 5 - pkgs-prepare.txt | 2 +- pkgs-setup.txt | 42 +------- post.sh | 6 +- prepare.sh | 113 ++++++--------------- setup.sh | 30 +++--- sysuser.sh | 2 +- 11 files changed, 56 insertions(+), 197 deletions(-) delete mode 100644 etc/pacman.d/hooks/99-efibackup.hook delete mode 100644 etc/pacman.d/hooks/scripts/99-efibackup.sh diff --git a/README.md b/README.md index 61dad05c..f4edacde 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,16 @@ # arch-install -Arch Linux Installation using mdadm RAID1, LUKS encryption and btrfs. +Arch Linux Installation using LUKS encryption and btrfs. -Meant for general purpose systems. +Meant for systems that mainly run steam and other games. ## Info :information_source: | Expect errors to occur during the installation. They only matter if any of the scripts don't finish successfully. -:information_source: | This script will only work on a system with exactly 2 disks of the same size attached! +:exclamation: | Follow [these instructions](https://github.com/leomeinel/arch-install/blob/games/virt-manager.md) for virt-manager. -:exclamation: | Follow [these instructions](https://github.com/leomeinel/arch-install/blob/main/virt-manager.md) for virt-manager. - -:warning: | All data on both disks will be wiped! +:warning: | All data on the disk will be wiped! ## Pre-installation @@ -22,7 +20,7 @@ Meant for general purpose systems. ```sh pacman -Sy git -git clone https://github.com/leomeinel/arch-install.git +git clone -b games https://github.com/leomeinel/arch-install.git chmod +x /root/arch-install/prepare.sh /root/arch-install/prepare.sh arch-chroot /mnt diff --git a/dot-files.sh b/dot-files.sh index 24d67f27..b4f02e9a 100644 --- a/dot-files.sh +++ b/dot-files.sh @@ -15,17 +15,17 @@ set -e # Set up dot-files case "$1" in setup) - git clone https://github.com/leomeinel/dot-files.git ~/dot-files + git clone -b games https://github.com/leomeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/setup.sh ~/dot-files/setup.sh ;; setup-root) - git clone https://github.com/leomeinel/dot-files.git ~/dot-files + git clone -b games https://github.com/leomeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/setup-root.sh ~/dot-files/setup-root.sh ;; vscodium) - git clone https://github.com/leomeinel/dot-files.git ~/dot-files + git clone -b games https://github.com/leomeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/exts-code.sh ~/dot-files/exts-code.sh ;; diff --git a/etc/pacman.d/hooks/99-efibackup.hook b/etc/pacman.d/hooks/99-efibackup.hook deleted file mode 100644 index 958292fa..00000000 --- a/etc/pacman.d/hooks/99-efibackup.hook +++ /dev/null @@ -1,12 +0,0 @@ -[Trigger] -Operation = Install -Operation = Remove -Operation = Upgrade -Type = Path -Target = usr/lib/modules/*/vmlinuz - -[Action] -Depends = rsync -Description = Backing up /efi... -When = PostTransaction -Exec = /bin/sh -c '/etc/pacman.d/hooks/scripts/99-efibackup.sh' diff --git a/etc/pacman.d/hooks/scripts/99-efibackup.sh b/etc/pacman.d/hooks/scripts/99-efibackup.sh deleted file mode 100644 index 01f74172..00000000 --- a/etc/pacman.d/hooks/scripts/99-efibackup.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -### -# File: 99-efibackup.sh -# Author: Leopold Meinel (leo@meinel.dev) -# ----- -# Copyright (c) 2023 Leopold Meinel & contributors -# SPDX ID: GPL-3.0-or-later -# URL: https://www.gnu.org/licenses/gpl-3.0-standalone.html -# ----- -### - -set -e -if /usr/bin/mountpoint -q /efi; then - /usr/bin/umount -AR /efi -fi -if /usr/bin/mountpoint -q /.efi.bak; then - /usr/bin/umount -AR /.efi.bak -fi -/usr/bin/mount /efi -/usr/bin/mount /.efi.bak -/usr/bin/rsync -aq --delete --mkpath /.efi.bak/ /.efi.bak.old -/usr/bin/rsync -aq --delete --mkpath /efi/ /.efi.bak -/usr/bin/umount /.efi.bak diff --git a/pkgs-post.txt b/pkgs-post.txt index 95e8c9b1..c4f83178 100644 --- a/pkgs-post.txt +++ b/pkgs-post.txt @@ -1,9 +1,5 @@ arc-kde -aspnet-targeting-pack-bin -dotnet-sdk-bin -freetube-bin gdlauncher-bin -libreoffice-extension-languagetool librewolf-bin macchina-bin sddm-nordic-theme-git @@ -14,4 +10,3 @@ vscodium-bin vscodium-bin-marketplace waterfox-g-bin xdg-ninja-git -xxd-standalone diff --git a/pkgs-prepare.txt b/pkgs-prepare.txt index 653ba756..27d3b6fe 100644 --- a/pkgs-prepare.txt +++ b/pkgs-prepare.txt @@ -4,6 +4,7 @@ btrfs-progs dracut git iptables +lib32-mesa linux linux-firmware linux-headers @@ -12,7 +13,6 @@ linux-lts-headers linux-zen linux-zen-headers lvm2 -mdadm mesa neovim opendoas diff --git a/pkgs-setup.txt b/pkgs-setup.txt index 718fccd4..7a252f93 100644 --- a/pkgs-setup.txt +++ b/pkgs-setup.txt @@ -1,6 +1,5 @@ alacritty alsa-utils -android-tools apparmor arc-gtk-theme arch-audit @@ -14,13 +13,11 @@ bluez bluez-utils cantarell-fonts celluloid -cups devtools dnsmasq dolphin duf dust -edk2-ovmf efibootmgr efitools ethtool @@ -28,37 +25,23 @@ exa fd ffmpeg ffmpegthumbs -filezilla firejail fwupd -gimp git-delta glow -go -gradle -grex -gutenprint gwenview htop -hunspell -hunspell-de -hunspell-en_us -hunspell-fr -hunspell-nl hwinfo hyperfine -inetutils jdk-openjdk jdk17-openjdk jdk8-openjdk jpegoptim -jq kaccounts-providers kalendar kde-cli-tools kde-gtk-config kdegraphics-thumbnailers -kdenlive kdialog kgpg kimageformats @@ -67,11 +50,6 @@ kompare krunner ksystemlog ktorrent -libreoffice-extension-texmaths -libreoffice-still -libvirt -lldb -llvm logrotate lrzip lshw @@ -79,26 +57,20 @@ lsof lzop mailcap man-db -mariadb -mediainfo mtools networkmanager nextcloud-client -noise-suppression-for-voice noto-fonts nss-mdns ntfs-3g okular -openbsd-netcat openssh -opentimelineio oxipng p7zip pacman-contrib pam-u2f papirus-icon-theme pdftk -perl-image-exiftool perl-rename pipewire pipewire-alsa @@ -108,48 +80,38 @@ plasma-desktop plasma-nm plasma-pa plasma-wayland-session -postgresql -postgresql-libs power-profiles-daemon powerdevil -print-manager procs python-notify2 python-pip python-psutil -qemu-desktop qt5-imageformats -quilt ripgrep -rustup sbsigntools screen sddm sddm-kcm signal-desktop -simple-scan -snap-pac snapper spectacle sshfs starship -system-config-printer +steam thunderbird -tokei tpm2-tools tree +ttf-liberation ttf-nerd-fonts-symbols-2048-em-mono unarchiver unrar unzip usbguard usbutils -virt-manager webp-pixbuf-loader wget wireplumber wl-clipboard xdg-dbus-proxy xdg-utils -yq zram-generator diff --git a/post.sh b/post.sh index 9bde2fdd..3e8e66d5 100644 --- a/post.sh +++ b/post.sh @@ -24,11 +24,9 @@ sed_exit() { # Configure dot-files (setup) SYSUSER="" -VIRTUSER="" HOMEUSER="" GUESTUSER="" /dot-files.sh setup -doas su -lc '/dot-files.sh setup' "$VIRTUSER" doas su -lc '/dot-files.sh setup' "$HOMEUSER" doas su -lc '/dot-files.sh setup' "$GUESTUSER" doas su -lc '/dot-files.sh setup-root' root @@ -309,7 +307,6 @@ doas firecfg --clean # Configure dot-files (vscodium) /dot-files.sh vscodium -doas su -lc '/dot-files.sh vscodium' "$VIRTUSER" doas su -lc '/dot-files.sh vscodium' "$HOMEUSER" doas su -lc '/dot-files.sh vscodium' "$GUESTUSER" @@ -347,11 +344,10 @@ STRING="^vscodium$" grep -q "$STRING" "$FILE" || sed_exit doas sed -i "s/$STRING/#vscodium #arch-install/" "$FILE" ## END sed -doas firecfg --add-users root "$SYSUSER" "$VIRTUSER" "$HOMEUSER" "$GUESTUSER" +doas firecfg --add-users root "$SYSUSER" "$HOMEUSER" "$GUESTUSER" doas apparmor_parser -r /etc/apparmor.d/firejail-default doas firecfg rm -rf ~/.local/share/applications/* -doas su -c 'rm -rf ~/.local/share/applications/*' "$VIRTUSER" doas su -c 'rm -rf ~/.local/share/applications/*' "$HOMEUSER" doas su -c 'rm -rf ~/.local/share/applications/*' "$GUESTUSER" diff --git a/prepare.sh b/prepare.sh index 3b64e5f9..d9ad3776 100644 --- a/prepare.sh +++ b/prepare.sh @@ -26,62 +26,32 @@ sed_exit() { mountpoint -q /mnt && umount -AR /mnt -# Detect disks -readarray -t DISKS < <(lsblk -drnpo NAME -I 259,8,254 | tr -d "[:blank:]") -DISKS_LENGTH="${#DISKS[@]}" -for ((i = 0; i < DISKS_LENGTH; i++)); do - udevadm info -q property --property=ID_BUS --value "${DISKS[$i]}" | grep -q "usb" && - { - unset 'DISKS[$i]' - continue - } - DISKS=("${DISKS[@]}") -done -[ "${#DISKS[@]}" -ne 2 ] && - { - echo "ERROR: There are not exactly 2 disks attached!" - exit 1 - } -SIZE1="$(lsblk -drno SIZE "${DISKS[0]}" | tr -d "[:space:]")" -SIZE2="$(lsblk -drno SIZE "${DISKS[1]}" | tr -d "[:space:]")" -if [ "$SIZE1" = "$SIZE2" ]; then - DISK1="${DISKS[0]}" - DISK2="${DISKS[1]}" +# Prompt user for disk +# I will use this on an external SSD, therefore USB volumes will be valid +lsblk -drnpo SIZE,NAME -I 259,8,254 +read -rp "Which disk do you want to erase? (Type '/dev/sdX' fex.): " choice +if lsblk -drnpo SIZE,NAME -I 259,8,254 $choice; then + echo "Erasing $choice..." + DISK1="$choice" else - echo "ERROR: The attached disks don't have the same size!" + echo "ERROR: Drive not suitable for installation" exit 1 fi -# Prompt user -read -rp "Erase $DISK1 and $DISK2? (Type 'yes' in capital letters): " choice -case "$choice" in -YES) - echo "Erasing $DISK1 and $DISK2..." - ;; -*) - echo "ERROR: User aborted erasing $DISK1 and $DISK2" - exit 1 - ;; -esac - -# Detect & close old crypt volumes -if lsblk -rno TYPE | grep -q "crypt"; then - OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" +# Detect, close & erase old crypt volumes +if lsblk -rno TYPE "$DISK1" | grep -q "crypt"; then + OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" + OLD_DISK1P2="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" + ## Close old crypt volumes cryptsetup close "$OLD_CRYPT_0" -fi - -# Detect & erase old crypt/raid1 volumes -if lsblk -rno TYPE | grep -q "raid1"; then - DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - DISK2P2="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - OLD_RAID_0="$(lsblk -Mrnpo TYPE,NAME | grep "raid1" | sed 's/raid1//' | sed -n '1p' | tr -d "[:space:]")" - if cryptsetup isLuks "$OLD_RAID_0"; then - cryptsetup erase "$OLD_RAID_0" + ## Erase old crypt volumes + if cryptsetup isLuks "$OLD_DISK1P2"; then + cryptsetup erase "$OLD_DISK1P2" + sgdisk -Z "$OLD_DISK1P2" + else + echo "ERROR: Can't erase old crypt volume" + exit 1 fi - sgdisk -Z "$OLD_RAID_0" - mdadm --stop "$OLD_RAID_0" - mdadm --zero-superblock "$DISK1P2" - mdadm --zero-superblock "$DISK2P2" fi # Load $KEYMAP & set time @@ -90,30 +60,19 @@ timedatectl set-ntp true # Erase & partition disks sgdisk -Z "$DISK1" -sgdisk -Z "$DISK2" sgdisk -n 0:0:+1G -t 1:ef00 "$DISK1" -sgdisk -n 0:0:+1G -t 1:ef00 "$DISK2" -sgdisk -n 0:0:0 -t 2:fd00 "$DISK1" -sgdisk -n 0:0:0 -t 2:fd00 "$DISK2" +sgdisk -n 0:0:0 -t 2:8300 "$DISK1" # Detect partitions & set variables accordingly DISK1P1="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '1p' | tr -d "[:space:]")" DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" -DISK2P1="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '1p' | tr -d "[:space:]")" -DISK2P2="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - -# Configure raid1 -mdadm --create --verbose --level=1 --metadata=1.2 --raid-devices=2 --homehost=any --name=md0 /dev/md/md0 "$DISK1P2" "$DISK2P2" -## FIXME: This is a hack to fix dracut not auto-assembling the array -#mdadm --stop /dev/md/md0 -#mdadm -AU homehost /dev/md/md0 "$DISK1P2" "$DISK2P2" # Configure encryption ## root -cryptsetup open --type plain -d /dev/urandom /dev/md/md0 to_be_wiped +cryptsetup open --type plain -d /dev/urandom "$DISK1P2" to_be_wiped cryptsetup close to_be_wiped -cryptsetup -y -v -h sha512 -s 512 luksFormat --type luks2 /dev/md/md0 -cryptsetup open --type luks2 --perf-no_read_workqueue --perf-no_write_workqueue --persistent /dev/md/md0 md0_crypt +cryptsetup -y -v -h sha512 -s 512 luksFormat --type luks2 "$DISK1P2" +cryptsetup open --type luks2 "$DISK1P2" md0_crypt # Configure lvm pvcreate /dev/mapper/md0_crypt @@ -123,7 +82,6 @@ lvcreate -l 100%FREE vg0 -n lv1 # Format efi mkfs.fat -n EFI -F32 "$DISK1P1" -mkfs.fat -n EFI -F32 "$DISK2P1" # Configure btrfs mkfs.btrfs -L LV0 /dev/mapper/vg0-lv0 @@ -144,7 +102,6 @@ umount /mnt # Mount volumes mount -o noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvolid=256 /dev/mapper/vg0-lv0 /mnt mkdir /mnt/efi -mkdir /mnt/.efi.bak mkdir /mnt/boot mkdir /mnt/var && { @@ -167,13 +124,11 @@ mount -o noexec,nodev,nosuid,noatime,space_cache=v2,compress=zstd,ssd,discard=as mount -o noexec,nodev,nosuid,noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvolid=262 /dev/mapper/vg0-lv0 /mnt/.snapshots mount -o nodev,nosuid,noatime,space_cache=v2,compress=zstd,ssd,discard=async,subvolid=256 /dev/mapper/vg0-lv1 /mnt/home mount -o noexec,nodev,nosuid "$DISK1P1" /mnt/efi -mount -o noexec,nodev,nosuid "$DISK2P1" /mnt/.efi.bak chmod 775 /mnt/var/games # Set SSD state to "frozen" after sleep mkdir -p /mnt/usr/lib/systemd/system-sleep DISK1UUID="$(blkid -s UUID -o value "$DISK1")" -DISK2UUID="$(blkid -s UUID -o value "$DISK2")" { echo 'if [ "$1" = "post" ]; then' echo ' sleep 1' @@ -182,11 +137,6 @@ DISK2UUID="$(blkid -s UUID -o value "$DISK2")" echo ' else' echo ' logger "$0: SSD freeze command failed"' echo ' fi' - echo ' if hdparm --security-freeze /dev/disk/by-uuid/'"$DISK2UUID"'; then' - echo ' logger "$0: SSD freeze command executed successfully"' - echo ' else' - echo ' logger "$0: SSD freeze command failed"' - echo ' fi' echo 'fi' } >/mnt/usr/lib/systemd/system-sleep/freeze-ssd.sh chmod 744 /mnt/usr/lib/systemd/system-sleep/freeze-ssd.sh @@ -204,6 +154,12 @@ STRING="^#NoProgressBar" grep -q "$STRING" "$FILE" || sed_exit sed -i "s/$STRING/NoProgressBar/" "$FILE" ## END sed +{ + echo "" + echo "# Custom" + echo "[multilib]" + echo "Include = /etc/pacman.d/mirrorlist" +} >>/etc/pacman.conf reflector --save /etc/pacman.d/mirrorlist --country $MIRRORCOUNTRIES --protocol https --latest 20 --sort rate pacman -Sy --noprogressbar --noconfirm archlinux-keyring lshw lscpu | grep "Vendor ID:" | grep -q "GenuineIntel" && @@ -214,6 +170,7 @@ lshw -C display | grep "vendor:" | grep -q "NVIDIA Corporation" && { echo "egl-wayland" echo "nvidia-dkms" + echo "lib32-nvidia-utils" } >>/root/arch-install/pkgs-prepare.txt lshw -C display | grep "vendor:" | grep -q "Advanced Micro Devices, Inc." && { @@ -237,14 +194,6 @@ genfstab -U /mnt >>/mnt/etc/fstab echo 'tmpfs /dev/shm tmpfs rw,noexec,nodev,nosuid 0 0' echo 'tmpfs /tmp tmpfs rw,nodev,nosuid,uid=0,gid=0,mode=1700 0 0' } >>/mnt/etc/fstab -## START sed -FILE=/mnt/etc/fstab -STRING0="\/.efi.bak.*vfat" -grep -q "$STRING0" "$FILE" || sed_exit -STRING1="rw" -grep -q "$STRING1" "$FILE" || sed_exit -sed -i "/$STRING0/s/$STRING1/$STRING1,noauto/" "$FILE" -## END sed # Prepare /mnt/git/arch-install TO_MOVE="$(dirname -- "$(readlink -f -- "$0")")" diff --git a/setup.sh b/setup.sh index 2b57cbbf..73db825a 100644 --- a/setup.sh +++ b/setup.sh @@ -16,11 +16,10 @@ TIMEZONE="Europe/Amsterdam" ## Network devices: elements ## Servers: colors ## Clients: flowers -HOSTNAME="tulip" +HOSTNAME="lilium" # https://www.rfc-editor.org/rfc/rfc8375.html DOMAIN="home.arpa" SYSUSER="systux" -VIRTUSER="virt" HOMEUSER="leo" GUESTUSER="guest" @@ -42,18 +41,14 @@ grep -q "$STRING" "$FILE" || sed_exit sed -i "s/$STRING/SHELL=\/bin\/bash/" "$FILE" ## END sed groupadd -r audit -groupadd -r libvirt groupadd -r usbguard useradd -ms /bin/bash -G adm,audit,log,rfkill,sys,systemd-journal,usbguard,wheel "$SYSUSER" -useradd -ms /bin/bash -G libvirt "$VIRTUSER" useradd -ms /bin/bash "$HOMEUSER" useradd -ms /bin/bash "$GUESTUSER" echo "Enter password for root" passwd root echo "Enter password for $SYSUSER" passwd "$SYSUSER" -echo "Enter password for $VIRTUSER" -passwd "$VIRTUSER" echo "Enter password for $HOMEUSER" passwd "$HOMEUSER" echo "Enter password for $GUESTUSER" @@ -93,7 +88,6 @@ chmod 644 /etc/NetworkManager/conf.d/50-mac-random.conf echo '' echo '/usr/bin/firecfg >/dev/null 2>&1' echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $SYSUSER" - echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $VIRTUSER" echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $HOMEUSER" echo "/usr/bin/su -c '/usr/bin/rm -rf ~/.local/share/applications/*' $GUESTUSER" echo '' @@ -179,6 +173,12 @@ STRING="^#CacheDir" grep -q "$STRING" "$FILE" || sed_exit sed -i "s/$STRING/CacheDir/" "$FILE" ### END sed +{ + echo "" + echo "# Custom" + echo "[multilib]" + echo "Include = /etc/pacman.d/mirrorlist" +} >>/etc/pacman.conf pacman-key --init ## Update mirrors reflector --save /etc/pacman.d/mirrorlist --country $MIRRORCOUNTRIES --protocol https --latest 20 --sort rate @@ -189,13 +189,15 @@ pacman -Syu --noprogressbar --noconfirm --needed - /etc/crypttab @@ -252,8 +254,6 @@ STRING="^VIDEOS=.*" grep -q "$STRING" "$FILE" || sed_exit sed -i "s|$STRING|VIDEOS=Documents/Videos|" "$FILE" ### END sed -## Configure /etc/mdadm.conf -mdadm --detail --scan >>/etc/mdadm.conf ## Configure /etc/usbguard/usbguard-daemon.conf & /etc/usbguard/rules.conf usbguard generate-policy >/etc/usbguard/rules.conf usbguard add-user -g usbguard --devices=modify,list,listen --policy=list --exceptions=listen @@ -303,10 +303,8 @@ sed -i "s/$STRING/AutoEnable=true/" "$FILE" ## If on nvidia add kernel modules: nvidia nvidia_modeset nvidia_uvm nvidia_drm pacman -Qq "nvidia-dkms" && echo "force_drivers+=\" nvidia nvidia_modeset nvidia_uvm nvidia_drm \"" >>/etc/dracut.conf.d/modules.conf -## Configure /etc/dracut.conf.d/cmdline.conf -DISK1="$(lsblk -npo PKNAME $(findmnt -no SOURCE --target /efi) | tr -d "[:space:]")" -DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" DISK1P2UUID="$(blkid -s UUID -o value $DISK1P2)" +## Configure /etc/dracut.conf.d/cmdline.conf PARAMETERS="rd.luks.uuid=luks-$MD0UUID rd.lvm.lv=vg0/lv0 rd.md.uuid=$DISK1P2UUID root=/dev/mapper/vg0-lv0 rootfstype=btrfs rootflags=rw,noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvolid=256,subvol=/@ rd.md.waitclean=1 rd.lvm.lv=vg0/lv1 rd.luks.allow-discards=$DISK1P2UUID rd.vconsole.unicode rd.vconsole.keymap=$KEYMAP quiet loglevel=3 bgrt_disable audit=1 lsm=landlock,lockdown,yama,integrity,apparmor,bpf iommu=pt zswap.enabled=0" #### If on nvidia set kernel parameter nvidia_drm.modeset=1 pacman -Qq "nvidia-dkms" && @@ -526,12 +524,8 @@ pacman -Qq "avahi" && systemctl enable avahi-daemon pacman -Qq "bluez" && systemctl enable bluetooth -pacman -Qq "cups" && - systemctl enable cups.service pacman -Qq "util-linux" && systemctl enable fstrim.timer -pacman -Qq "libvirt" && - systemctl enable libvirtd pacman -Qq "networkmanager" && systemctl enable NetworkManager pacman -Qq "power-profiles-daemon" && diff --git a/sysuser.sh b/sysuser.sh index 58853a31..6878ea0a 100644 --- a/sysuser.sh +++ b/sysuser.sh @@ -28,7 +28,7 @@ mkdir -p ~/.config/autostart # Set up post.sh cp /git/arch-install/pkgs-post.txt ~/ cp /git/arch-install/post.sh ~/ -sed -i 's//'"$1"'/;s//'"$2"'/;s//'"$3"'/;s//'"$4"'/' ~/post.sh +sed -i 's//'"$1"'/;s//'"$2"'/;s//'"$3"'/' ~/post.sh chmod +x ~/post.sh # Remove repo From d2bbdc1bc08a747abc17b9d4e8c1ee94bdf0a628 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Wed, 19 Apr 2023 20:47:04 +0200 Subject: [PATCH 31/43] Use games detect, close & erase --- 0-erase-disks-before-v3.sh | 46 +++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 26 deletions(-) diff --git a/0-erase-disks-before-v3.sh b/0-erase-disks-before-v3.sh index 58617c34..f5028d95 100644 --- a/0-erase-disks-before-v3.sh +++ b/0-erase-disks-before-v3.sh @@ -12,34 +12,28 @@ # Fail on error set -eu -# Detect & close old crypt volumes -if lsblk -rno TYPE | grep -q "crypt"; then - OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" - OLD_CRYPT_1="$(lsblk -Mrno TYPE,NAME | grep "crypt" | sed 's/crypt//' | sed -n '2p' | tr -d "[:space:]")" +# Detect, close & erase old crypt volumes +if lsblk -rno TYPE "$DISK1" | grep -q "crypt"; then + OLD_CRYPT_0="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '1p' | tr -d "[:space:]")" + OLD_CRYPT_1="$(lsblk -Mrno TYPE,NAME $DISK1 | grep "crypt" | sed 's/crypt//' | sed -n '2p' | tr -d "[:space:]")" + OLD_DISK1P2="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" + OLD_DISK1P3="$(lsblk -rnpo TYPE,NAME $DISK1 | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" + ## Close old crypt volumes cryptsetup close "$OLD_CRYPT_0" cryptsetup close "$OLD_CRYPT_1" -fi - -# Detect & erase old crypt/raid1 volumes -if lsblk -rno TYPE | grep -q "raid1"; then - DISK1P2="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - DISK2P2="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '2p' | tr -d "[:space:]")" - DISK1P3="$(lsblk -rnpo TYPE,NAME "$DISK1" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" - DISK2P3="$(lsblk -rnpo TYPE,NAME "$DISK2" | grep "part" | sed 's/part//' | sed -n '3p' | tr -d "[:space:]")" - OLD_RAID_0="$(lsblk -Mrnpo TYPE,NAME | grep "raid1" | sed 's/raid1//' | sed -n '1p' | tr -d "[:space:]")" - OLD_RAID_1="$(lsblk -Mrnpo TYPE,NAME | grep "raid1" | sed 's/raid1//' | sed -n '2p' | tr -d "[:space:]")" - if cryptsetup isLuks "$OLD_RAID_0"; then - cryptsetup erase "$OLD_RAID_0" + ## Erase old crypt volumes + if cryptsetup isLuks "$OLD_DISK1P2"; then + cryptsetup erase "$OLD_DISK1P2" + sgdisk -Z "$OLD_DISK1P2" + else + echo "ERROR: Can't erase old crypt volume" + exit 1 fi - if cryptsetup isLuks "$OLD_RAID_1"; then - cryptsetup erase "$OLD_RAID_1" + if cryptsetup isLuks "$OLD_DISK1P3"; then + cryptsetup erase "$OLD_DISK1P3" + sgdisk -Z "$OLD_DISK1P3" + else + echo "ERROR: Can't erase old crypt volume" + exit 1 fi - sgdisk -Z "$OLD_RAID_0" - sgdisk -Z "$OLD_RAID_1" - mdadm --stop "$OLD_RAID_0" - mdadm --stop "$OLD_RAID_1" - mdadm --zero-superblock "$DISK1P2" - mdadm --zero-superblock "$DISK2P2" - mdadm --zero-superblock "$DISK1P3" - mdadm --zero-superblock "$DISK2P3" fi From 2fcedd7ef0178e7232d7476e5d0d7d02c11ee549 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Wed, 19 Apr 2023 21:36:19 +0200 Subject: [PATCH 32/43] Fix incorrect line from merge --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index 73db825a..2c69a631 100644 --- a/setup.sh +++ b/setup.sh @@ -303,8 +303,8 @@ sed -i "s/$STRING/AutoEnable=true/" "$FILE" ## If on nvidia add kernel modules: nvidia nvidia_modeset nvidia_uvm nvidia_drm pacman -Qq "nvidia-dkms" && echo "force_drivers+=\" nvidia nvidia_modeset nvidia_uvm nvidia_drm \"" >>/etc/dracut.conf.d/modules.conf -DISK1P2UUID="$(blkid -s UUID -o value $DISK1P2)" ## Configure /etc/dracut.conf.d/cmdline.conf +DISK1P2UUID="$(blkid -s UUID -o value $DISK1P2)" PARAMETERS="rd.luks.uuid=luks-$MD0UUID rd.lvm.lv=vg0/lv0 rd.md.uuid=$DISK1P2UUID root=/dev/mapper/vg0-lv0 rootfstype=btrfs rootflags=rw,noatime,compress=zstd:3,ssd,discard=async,space_cache=v2,subvolid=256,subvol=/@ rd.md.waitclean=1 rd.lvm.lv=vg0/lv1 rd.luks.allow-discards=$DISK1P2UUID rd.vconsole.unicode rd.vconsole.keymap=$KEYMAP quiet loglevel=3 bgrt_disable audit=1 lsm=landlock,lockdown,yama,integrity,apparmor,bpf iommu=pt zswap.enabled=0" #### If on nvidia set kernel parameter nvidia_drm.modeset=1 pacman -Qq "nvidia-dkms" && From 79a61c0b2792df97c73fee7fe6b23d6bab166028 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Thu, 20 Apr 2023 16:00:46 +0200 Subject: [PATCH 33/43] Modify packages - Also add freetube-bin to games --- pkgs-post.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs-post.txt b/pkgs-post.txt index c4f83178..1473d926 100644 --- a/pkgs-post.txt +++ b/pkgs-post.txt @@ -1,4 +1,5 @@ arc-kde +freetube-bin gdlauncher-bin librewolf-bin macchina-bin From e60014fcd2eed5e8f56062b0e767b59927b8f261 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Thu, 20 Apr 2023 16:02:57 +0200 Subject: [PATCH 34/43] Don't use special games branch for dot-files --- dot-files.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dot-files.sh b/dot-files.sh index b4f02e9a..24d67f27 100644 --- a/dot-files.sh +++ b/dot-files.sh @@ -15,17 +15,17 @@ set -e # Set up dot-files case "$1" in setup) - git clone -b games https://github.com/leomeinel/dot-files.git ~/dot-files + git clone https://github.com/leomeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/setup.sh ~/dot-files/setup.sh ;; setup-root) - git clone -b games https://github.com/leomeinel/dot-files.git ~/dot-files + git clone https://github.com/leomeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/setup-root.sh ~/dot-files/setup-root.sh ;; vscodium) - git clone -b games https://github.com/leomeinel/dot-files.git ~/dot-files + git clone https://github.com/leomeinel/dot-files.git ~/dot-files chmod +x ~/dot-files/exts-code.sh ~/dot-files/exts-code.sh ;; From da72d785c1fefc76dbe43791607bd4ec4af696bc Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 21 Apr 2023 07:28:34 +0200 Subject: [PATCH 35/43] Use 20%FREE for /var --- prepare.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prepare.sh b/prepare.sh index a6f1a150..4afbcbcc 100644 --- a/prepare.sh +++ b/prepare.sh @@ -80,7 +80,7 @@ pvcreate /dev/mapper/md0_crypt vgcreate vg0 /dev/mapper/md0_crypt lvcreate -l 5%FREE vg0 -n lv0 lvcreate -l 10%FREE vg0 -n lv1 -lvcreate -l 50%FREE vg0 -n lv2 +lvcreate -l 20%FREE vg0 -n lv2 lvcreate -l 100%FREE vg0 -n lv3 # Format efi From efc0cb8e1f427c77d54798871263bc5c9c699350 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 21 Apr 2023 09:31:08 +0200 Subject: [PATCH 36/43] Modify config for games --- install.conf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/install.conf b/install.conf index 1a98646f..6cd2f07b 100644 --- a/install.conf +++ b/install.conf @@ -1,6 +1,5 @@ # USERS SYSUSER="systux" -VIRTUSER="virt" HOMEUSER="leo" GUESTUSER="guest" @@ -9,7 +8,7 @@ GUESTUSER="guest" ## Network devices: elements ## Servers: colors ## Clients: flowers -HOSTNAME="tulip" +HOSTNAME="lilium" ## https://www.rfc-editor.org/rfc/rfc8375.html DOMAIN="home.arpa" @@ -24,4 +23,4 @@ TIMEZONE="Europe/Amsterdam" # Strings are sorted by their time of execution. # x% free means x% of what is left. # / /usr /var /home -DISK_ALLOCATION=("5%FREE" "10%FREE" "50%FREE" "100%FREE") +DISK_ALLOCATION=("5%FREE" "10%FREE" "20%FREE" "100%FREE") From 788c1326d57458796daa2b0d5e0b11be0a5b6c3b Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Tue, 25 Apr 2023 14:03:45 +0200 Subject: [PATCH 37/43] Enable cups for games --- setup.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/setup.sh b/setup.sh index 84cfc8db..306cd017 100644 --- a/setup.sh +++ b/setup.sh @@ -557,6 +557,8 @@ pacman -Qq "avahi" >/dev/null 2>&1 && systemctl enable avahi-daemon pacman -Qq "bluez" >/dev/null 2>&1 && systemctl enable bluetooth +pacman -Qq "cups" >/dev/null 2>&1 && + systemctl enable cups.service pacman -Qq "util-linux" >/dev/null 2>&1 && systemctl enable fstrim.timer pacman -Qq "networkmanager" >/dev/null 2>&1 && From 1ea36369318a5fc50de5d0f836d3e07b61b70d40 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Thu, 27 Apr 2023 19:07:10 +0200 Subject: [PATCH 38/43] Remove enabling libvirt --- setup.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/setup.sh b/setup.sh index 5f65c9b4..21befce6 100644 --- a/setup.sh +++ b/setup.sh @@ -465,8 +465,6 @@ pacman -Qq "cups" >/dev/null 2>&1 && systemctl enable cups.service pacman -Qq "util-linux" >/dev/null 2>&1 && systemctl enable fstrim.timer -pacman -Qq "libvirt" >/dev/null 2>&1 && - systemctl enable libvirtd pacman -Qq "logwatch" >/dev/null 2>&1 && systemctl enable logwatch.timer pacman -Qq "networkmanager" >/dev/null 2>&1 && From 33ef13d9b3e3daf6880fe971652274220965792d Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 28 Apr 2023 05:34:47 +0200 Subject: [PATCH 39/43] Adjust packages for games --- setup.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.sh b/setup.sh index 671c6340..4ad85797 100644 --- a/setup.sh +++ b/setup.sh @@ -158,8 +158,6 @@ reflector --save /etc/pacman.d/mirrorlist --country "$MIRRORCOUNTRIES" --protoco pacman -Syu --noprogressbar --noconfirm --needed - <"$SCRIPT_DIR/pkgs-setup.txt" pacman -Qq "system-config-printer" >/dev/null 2>&1 && DEPENDENCIES+=$'cups-pk-helper' -pacman -Qq "libvirt" >/dev/null 2>&1 && - DEPENDENCIES+=$'\ndnsmasq' pacman -Qq "thunar" >/dev/null 2>&1 && DEPENDENCIES+=$'\ngvfs\nthunar-archive-plugin\nthunar-media-tags-plugin\nthunar-volman\ntumbler' pacman -Qq "wl-clipboard" >/dev/null 2>&1 && @@ -168,6 +166,8 @@ pacman -Qq "pipewire" >/dev/null 2>&1 && DEPENDENCIES+=$'\npipewire-alsa\npipewire-jack\npipewire-pulse' pacman -Qq "apparmor" >/dev/null 2>&1 && DEPENDENCIES+=$'\npython-notify2' +pacman -Qq "steam" >/dev/null 2>&1 && + DEPENDENCIES+=$'\nttf-liberation\nlib32-mesa' pacman -Qq "wlroots" >/dev/null 2>&1 && DEPENDENCIES+=$'\nxorg-xwayland' pacman -Syu --noprogressbar --noconfirm --needed --asdeps - <<<"$DEPENDENCIES" From d8c08649f381c10b6c81eadcd80058260c6cbf70 Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 28 Apr 2023 05:35:30 +0200 Subject: [PATCH 40/43] Don't install lib32-mesa explicitly --- pkgs-prepare.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs-prepare.txt b/pkgs-prepare.txt index aff17dc6..cc04eb30 100644 --- a/pkgs-prepare.txt +++ b/pkgs-prepare.txt @@ -5,7 +5,6 @@ dracut git iptables libpwquality -lib32-mesa linux linux-firmware linux-headers From 022733c2d15878a3196d5bf1ceb74f0678344f4a Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 28 Apr 2023 05:36:28 +0200 Subject: [PATCH 41/43] Don't install ttf-liberation explicitly --- pkgs-setup.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs-setup.txt b/pkgs-setup.txt index 1909cf70..a8fc3b9d 100644 --- a/pkgs-setup.txt +++ b/pkgs-setup.txt @@ -106,7 +106,6 @@ thunderbird tpm2-tools tree ttf-font-awesome -ttf-liberation ttf-nerd-fonts-symbols-2048-em-mono unarchiver unrar From 30e973f5b154be50dd3d86e066be912ac0214bef Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 28 Apr 2023 05:37:50 +0200 Subject: [PATCH 42/43] Adjust for games --- post.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/post.sh b/post.sh index 61ce918a..32a1a9dc 100644 --- a/post.sh +++ b/post.sh @@ -289,8 +289,6 @@ doas sed -i "/$STRING/a BatchInstall" "$FILE" # Install packages paru -S --noprogressbar --noconfirm --needed - <"$SCRIPT_DIR/pkgs-post.txt" -pacman -Qq "dotnet-sdk-bin" >/dev/null 2>&1 && - paru -S --noprogressbar --noconfirm --needed --asdeps aspnet-targeting-pack-bin paru --noprogressbar --noconfirm -Syu paru -Scc From 2ec1b1a2c8b5c46fcc8c7bb305560c5a5532aa8a Mon Sep 17 00:00:00 2001 From: Leopold Johannes Meinel Date: Fri, 28 Apr 2023 05:39:28 +0200 Subject: [PATCH 43/43] Sort alphabetically --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index 4ad85797..5e43cfae 100644 --- a/setup.sh +++ b/setup.sh @@ -167,7 +167,7 @@ pacman -Qq "pipewire" >/dev/null 2>&1 && pacman -Qq "apparmor" >/dev/null 2>&1 && DEPENDENCIES+=$'\npython-notify2' pacman -Qq "steam" >/dev/null 2>&1 && - DEPENDENCIES+=$'\nttf-liberation\nlib32-mesa' + DEPENDENCIES+=$'\nlib32-mesa\nttf-liberation' pacman -Qq "wlroots" >/dev/null 2>&1 && DEPENDENCIES+=$'\nxorg-xwayland' pacman -Syu --noprogressbar --noconfirm --needed --asdeps - <<<"$DEPENDENCIES"