Last active
August 12, 2018 21:08
-
-
Save jadams/ab8cd5f5a0481a94f372edde9894a4b3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #https://bit.ly/2Mfzfc5 | |
| gdisk /dev/sda | |
| cryptsetup luksFormat /dev/sda2 | |
| cryptsetup luksOpen /dev/sda2 lvm | |
| lvm pvcreate /dev/mapper/lvm | |
| vgcreate vg0 /dev/mapper/lvm | |
| lvcreate -L 10G -n root vg0 | |
| lvcreate -L 2G -n swap vg0 | |
| lvcreate -l 100%FREE -n home vg0 | |
| mkfs.vfat -F 32 /dev/sda1 | |
| mkfs.ext4 /dev/mapper/vg0-root | |
| mkswap /dev/mapper/vg0-swap | |
| mkfs.ext4 /dev/mapper/vg0-home | |
| swapon /dev/mapper/vg0-swap | |
| mkdir /mnt/gentoo | |
| mount /dev/mapper/vg0-root /mnt/gentoo | |
| cd /mnt/gentoo | |
| ntpd -q -g | |
| wget http://distfiles.gentoo.org/releases/amd64/autobuilds/20180809T214504Z/hardened/stage3-amd64-hardened-20180809T214504Z.tar.xz | |
| tar xpf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner | |
| echo ' | |
| CFLAGS="-O2 -march=native -pipe" | |
| CXXFLAGS="\${CFLAGS}" | |
| CPU_FLAGS_X86="mmx mmxext sse sse2 ssse3 sse3" | |
| MAKEOPTS="-j4" | |
| PORTAGE_NICENESS=19 | |
| EMERGE_DEFAULT_OPTS="--jobs=4" | |
| ' >> /mnt/gentoo/etc/portage/make.conf | |
| mkdir --parents /mnt/gentoo/etc/portage/repos.conf | |
| cp /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf | |
| cp --dereference /etc/resolv.conf /mnt/gentoo/etc/ | |
| mount --types proc /proc /mnt/gentoo/proc | |
| mount --rbind /sys /mnt/gentoo/sys | |
| mount --rbind /dev /mnt/gentoo/dev | |
| cat << EOF | chroot /mnt/gentoo /bin/bash | |
| source /etc/profile | |
| export PS1="(chroot) ${PS1}" | |
| mkdir /boot | |
| mount /dev/sda1 /boot | |
| emerge-webrsync | |
| eselect profile set default/linux/amd64/17.0/hardened | |
| emerge --update --deep --newuse @world | |
| echo "Pacific/Honolulu" > /etc/timezone | |
| emerge --config sys-libs/timezone-data | |
| echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen | |
| locale-gen | |
| eselect locale set en_US.utf8 | |
| env-update && source /etc/profile && export PS1="(chroot) $PS1" | |
| echo ' | |
| /dev/sda1 /boot vfat defaults 0 2 | |
| /dev/mapper/vg0-root / ext4 defaults,noatime 0 1 | |
| /dev/mapper/vg0-home /home ext4 defaults,noatime 0 1 | |
| /dev/mapper/vg0-swap none swap defaults 0 0 | |
| tmpfs /tmp tmpfs defaults,nodev,nosuid,noexec 0 0 | |
| tmpfs /var/tmp tmpfs defaults,nodev,nosuid,noexec 0 0 | |
| tmpfs /run tmpfs defaults,nodev,nosuid,noexec 0 0 | |
| shm /dev/shm tmpfs defaults,nodev,nosuid,noexec 0 0 | |
| ' >> /etc/fstab | |
| emerge sys-kernel/gentoo-sources | |
| emerge sys-kernel/linux-firmware | |
| emerge sys-kernel/genkernel | |
| emerge sys-fs/cryptsetup | |
| genkernel --luks --lvm --no-zfs all | |
| echo 'GRUB_PLATFORMS="efi-64"' >> /etc/portage/make.conf | |
| emerge sys-boot/grub | |
| grub-install --target=x86_64-efi --efi-directory=/boot | |
| echo 'GRUB_CMDLINE_LINUX="dolvm crypt_root=/dev/sda2 root=/dev/mapper/vg0-root root_trim=yes"' >> /etc/default/grub | |
| grub-mkconfig -o /boot/grub/grub.cfg | |
| exit | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment