199 lines
6.7 KiB
Bash
Executable File
199 lines
6.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$BASH_SOURCE[0]")" && pwd)"
|
|
|
|
. "$1"
|
|
|
|
function run(){
|
|
echo "[ ] $1"
|
|
echo "# $1" >>install.log
|
|
echo "> $2" >>install.log
|
|
bash -c "$2" &>>install.log \
|
|
&& echo -e "\e[1A\e[K[ \e[32mOK\e[0m ] $1" \
|
|
|| {
|
|
echo -e "\e[1A\e[K[\e[31mFAIL\e[0m] $1"
|
|
bash -c "$3"
|
|
exit 10
|
|
}
|
|
echo >>install.log
|
|
}
|
|
|
|
function run-chroot(){
|
|
echo "[ ] $1"
|
|
echo "# $1" >>install.log
|
|
echo "> chroot /mnt $2" >>install.log
|
|
arch-chroot /mnt bash -c "$2" &>>install.log \
|
|
&& echo -e "\e[1A\e[K[ \e[32mOK\e[0m ] $1" \
|
|
|| {
|
|
echo -e "\e[1A\e[K[\e[31mFAIL\e[0m] $1"
|
|
bash -c "$3"
|
|
exit 20
|
|
}
|
|
echo >>install.log
|
|
}
|
|
|
|
echo "" >install.log
|
|
|
|
echo -n "disk encryption password: "
|
|
read -s PASS
|
|
echo
|
|
echo -n "retype password: "
|
|
read -s PASSRE
|
|
echo
|
|
|
|
if [ "$PASS" != "$PASSRE" ]; then
|
|
echo "password do not match"
|
|
exit 1
|
|
fi
|
|
|
|
echo -n "password for freenen: "
|
|
read -s PASS_USER
|
|
echo
|
|
echo -n "retype password: "
|
|
read -s PASSRE_USER
|
|
echo
|
|
|
|
if [ "$PASS_USER" != "$PASSRE_USER" ]; then
|
|
echo "password do not match"
|
|
exit 2
|
|
fi
|
|
echo
|
|
|
|
echo
|
|
echo === setup localisation
|
|
echo
|
|
|
|
run "enable ntp" "timedatectl set-ntp true"
|
|
run "set timezone" "timedatectl set-timezone Europe/Amsterdam"
|
|
|
|
echo
|
|
echo === setup partitions
|
|
echo
|
|
|
|
run "applly partion table" "sfdisk $DISK <$SFDISK_FILE"
|
|
run "format boot partition" "mkfs.fat -F 32 ${UEFI_PARTITION}"
|
|
run "format swap partition" "mkswap ${SWAP_PARTITION}"
|
|
echo -n "$PASS" >keyfile.luks
|
|
run "encrypt root partition" "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${ROOT_PARTITION}" "rm keyfile.luks"
|
|
run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${ROOT_PARTITION} cryptelfroot" "rm keyfile.luks"
|
|
rm keyfile.luks
|
|
run "format root partition" "mkfs.btrfs /dev/mapper/cryptelfroot"
|
|
|
|
run "mount root partition" "mount /dev/mapper/cryptelfroot /mnt"
|
|
run "create root btrfs subvolume" "btrfs subvolume create /mnt/@elfRoot"
|
|
run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home"
|
|
run "unmount btrfs" "umount /mnt"
|
|
run "mount root subvolume" "mount -o subvol=@elfRoot /dev/mapper/cryptelfroot /mnt"
|
|
run "mount boot partition" "mount --mkdir ${UEFI_PARTITION} /mnt/boot"
|
|
run "mount home subvolume" "mount --mkdir -o subvol=@home /dev/mapper/cryptelfroot /mnt/home"
|
|
run "enable swap" "swapon ${SWAP_PARTITION}"
|
|
|
|
echo
|
|
echo === install arch
|
|
echo
|
|
|
|
run "install base of arch" "pacstrap /mnt base linux linux-firmware"
|
|
run "intall utitlities" "pacstrap /mnt btrfs-progs man vim sudo"
|
|
run "intall networkmanager" "pacstrap /mnt networkmanager"
|
|
run "generate fstab" "genfstab -U /mnt >>/mnt/etc/fstab"
|
|
|
|
echo
|
|
echo === set locals
|
|
echo
|
|
|
|
run-chroot "set timezone" "ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime"
|
|
run-chroot "set hwclock to UTC" "hwclock --systohc"
|
|
run-chroot "update locals.gen" "sed --in-place -E -e 's/^#?en_GB.UTF-8/en_GB.UTF-8/' -e 's/^#?en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen"
|
|
run-chroot "generate locals" "locale-gen"
|
|
run-chroot "config locals" "echo \"LANG=en_GB.UTF-8\" >/etc/locale.conf"
|
|
run-chroot "set hostname" "echo \"$HOSTNAME\" >/etc/hostname"
|
|
run-chroot "create hosts file" "cat >/etc/hosts <<EOF
|
|
127.0.0.1 localhost
|
|
::1 localhost
|
|
127.0.1.1 $HOSTNAME
|
|
EOF
|
|
"
|
|
|
|
echo
|
|
echo === install bootloader
|
|
echo
|
|
|
|
run-chroot "config initramfs" "sed --in-place -e 's/HOOKS=(.*)/HOOKS=(base udev autodetect microcode modconf kms keyboard block encrypt filesystems fsck)/' /etc/mkinitcpio.conf"
|
|
run-chroot "generate initramfs" "mkinitcpio -P"
|
|
|
|
DISKUUID=$(blkid --output export ${ROOT_PARTITION} | grep '^UUID' | sed 's/UUID=//')
|
|
run-chroot "install systemd-boot" "bootctl install"
|
|
run-chroot "create boot config for main" "cat >/boot/loader/entries/arch.conf <<EOF
|
|
title E.L.F. OS
|
|
linux /vmlinuz-linux
|
|
initrd /initramfs-linux.img
|
|
options cryptdevice=UUID=$DISKUUID:cryptelfroot:allow-discards root=/dev/mapper/cryptelfroot rootflags=subvol=@elfRoot rd.luks.options=discard rw
|
|
EOF
|
|
"
|
|
run-chroot "create boot config fallback" "cat >/boot/loader/entries/arch-fallback.conf <<EOF
|
|
title E.L.F. OS fallback
|
|
linux /vmlinuz-linux
|
|
initrd /initramfs-linux-fallback.img
|
|
options cryptdevice=UUID=$DISKUUID:cryptelfroot:allow-discards root=/dev/mapper/cryptelfroot rootflags=subvol=@elfRoot rd.luks.options=discard rw
|
|
EOF
|
|
"
|
|
run-chroot "create main boot config" "cat >/boot/loader/loader.conf <<EOF
|
|
default arch.conf
|
|
timeout 4
|
|
console-mode max
|
|
editor no
|
|
EOF
|
|
"
|
|
|
|
echo
|
|
echo === setup user
|
|
echo
|
|
|
|
run-chroot "add .ssh dir to skel" "mkdir -p /etc/skel/.ssh"
|
|
run-chroot "create admin group" "groupadd admin"
|
|
run-chroot "create user" "useradd --home-dir /home/${USERNAME} --create-home --skel /etc/skel ${USERNAME} --groups admin"
|
|
run-chroot "set password for user" "echo \"${USERNAME}:$PASS_USER\" | chpasswd"
|
|
run-chroot "add user to sudoers" "echo \"%admin ALL=(ALL:ALL) ALL\" >>/etc/sudoers"
|
|
run "clone keys repo" "git clone https://gitea.finnvanreenen.nl/FReenen/keys.git /mnt/opt/keys"
|
|
run-chroot "create authoized keys" "cd /opt/keys/ssh && cat ${USER_SSH_KEYS} > /home/${USERNAME}/.ssh/authorized_keys"
|
|
|
|
echo
|
|
echo === prepair first boot
|
|
echo
|
|
|
|
run "copy config files" "cp -r $SCRIPT_DIR/configs /mnt/opt/elfOS_configFiles"
|
|
run "copy fist boot script" "cp $SCRIPT_DIR/first-boot.sh /mnt/first-boot.sh && chmod 700 /mnt/first-boot.sh"
|
|
run "make script executable" "cp $SCRIPT_DIR/first-boot.sh /mnt/first-boot.sh"
|
|
run "create fist boot config" "cat >/mnt/first-boot.env <<EOF
|
|
USERNAME=$USERNAME
|
|
HOSTNAME=$HOSTNAME
|
|
CONFIG_DIR=/opt/elfOS_configFiles
|
|
LOG_FILE=/var/log/elfOS/first-boot.log
|
|
EOF
|
|
"
|
|
run "set access fist boot script" "chmod 700 /mnt/first-boot.env"
|
|
run "create first boot service" "cat >/mnt/etc/systemd/system/first_boot.service <<EOF
|
|
[Unit]
|
|
Description=first boot install script
|
|
|
|
[Service]
|
|
Type=simple
|
|
StandardOutput=journal+console
|
|
ExecStart=/first-boot.sh
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
"
|
|
run-chroot "enable first boot service" "systemctl enable first_boot.service"
|
|
run "copy install log to disk" "mkdir /mnt/var/log/elfOS"
|
|
run "copy install log to disk" "cp $SCRIPT_DIR/install.log /mnt/var/log/elfOS/install.log"
|
|
|
|
echo
|
|
echo === umount and reboot
|
|
echo
|
|
|
|
run "umount drives" "umount -R /mnt"
|
|
run "close cryptelfroot" "cryptsetup close cryptelfroot"
|
|
run "reboot" "shutdown -r now"
|