masakichi/install.sh

## install.sh
#!/usr/bin/env bash

set -e
set -x

drive="/dev/vda"
boot_partition="/dev/vda1"
luks_partition="/dev/vda2"
luks_passphrase=''
root_pass=''

parted -s $drive mklabel msdos
parted -s $drive mkpart primary ext4 1MiB 501MiB
parted -s $drive set 1 boot on
parted -s $drive mkpart primary ext4 501MiB 100%

printf %s ${luks_passphrase} | cryptsetup luksFormat --pbkdf-memory 256 --key-file - --batch-mode $luks_partition
luks_partition_uuid=$(blkid -o value -s UUID $luks_partition)

printf %s ${luks_passphrase} | cryptsetup luksOpen --key-file - --batch-mode $luks_partition cryptlvm

pvcreate /dev/mapper/cryptlvm
vgcreate vg0 /dev/mapper/cryptlvm
lvcreate -n swap -L 2G vg0
lvcreate -l 100%FREE vg0 -n root

mkfs.btrfs --force --label root /dev/mapper/vg0-root
mount -t btrfs -o noatime,compress=zstd:2 LABEL=root /mnt

mkfs.ext4 -F -L boot $boot_partition
mkdir /mnt/boot
mount $boot_partition /mnt/boot

mkswap -L swap /dev/mapper/vg0-swap
swapon /dev/vg0/swap

pacstrap /mnt base base-devel linux linux-firmware git grub-bios openssh sudo vim mkinitcpio-netconf mkinitcpio-tinyssh lvm2 cryptsetup mkinitcpio-utils btrfs-progs wget python

cat <<EOF > /mnt/etc/fstab
LABEL=root      /               btrfs           rw,noatime,compress=zstd:2,space_cache,subvolid=5,subvol=/      0 0

LABEL=boot      /boot           ext4            rw,relatime     0 2

LABEL=swap      none            swap            defaults        0 0
EOF

arch-chroot /mnt /bin/bash <<EOT
wget -O /etc/tinyssh/root_key https://github.com/masakichi.keys
sed -i "s/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap modconf block netconf tinyssh encryptssh lvm2 filesystems btrfs fsck)/g" /etc/mkinitcpio.conf
rm -rf /etc/tinyssh/sshkeydir
/usr/bin/ssh-keygen -A
cat /etc/ssh/ssh_host_ed25519_key | /usr/bin/tinyssh-convert /etc/tinyssh/sshkeydir
mkinitcpio -P

cat <<EOF > /etc/crypttab
cryptlvm UUID=${luks_partition_uuid} none luks
EOF

grub-install $drive
sed -i "s|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=\"cryptdevice=UUID=${luks_partition_uuid}:cryptlvm root=/dev/vg0/root ip=:::::eth0:dhcp loglevel=3 quiet\"|g" /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg

cat <<EOF > /etc/systemd/network/default.network
[Match]
Name=eth0 en*

[Network]
DHCP=yes
EOF

echo root:${root_pass} | chpasswd
systemctl enable systemd-networkd systemd-resolved sshd
systemctl set-default multi-user.target

mkdir ~/.ssh
chmod 700 ~/.ssh
wget https://github.com/masakichi.keys -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
EOT
	#!/usr/bin/env bash

	set -e
	set -x

	drive="/dev/vda"
	boot_partition="/dev/vda1"
	luks_partition="/dev/vda2"
	luks_passphrase=''
	root_pass=''

	parted -s $drive mklabel msdos
	parted -s $drive mkpart primary ext4 1MiB 501MiB
	parted -s $drive set 1 boot on
	parted -s $drive mkpart primary ext4 501MiB 100%

	printf %s ${luks_passphrase} \| cryptsetup luksFormat --pbkdf-memory 256 --key-file - --batch-mode $luks_partition
	luks_partition_uuid=$(blkid -o value -s UUID $luks_partition)

	printf %s ${luks_passphrase} \| cryptsetup luksOpen --key-file - --batch-mode $luks_partition cryptlvm

	pvcreate /dev/mapper/cryptlvm
	vgcreate vg0 /dev/mapper/cryptlvm
	lvcreate -n swap -L 2G vg0
	lvcreate -l 100%FREE vg0 -n root

	mkfs.btrfs --force --label root /dev/mapper/vg0-root
	mount -t btrfs -o noatime,compress=zstd:2 LABEL=root /mnt

	mkfs.ext4 -F -L boot $boot_partition
	mkdir /mnt/boot
	mount $boot_partition /mnt/boot

	mkswap -L swap /dev/mapper/vg0-swap
	swapon /dev/vg0/swap

	pacstrap /mnt base base-devel linux linux-firmware git grub-bios openssh sudo vim mkinitcpio-netconf mkinitcpio-tinyssh lvm2 cryptsetup mkinitcpio-utils btrfs-progs wget python

	cat <<EOF > /mnt/etc/fstab
	LABEL=root / btrfs rw,noatime,compress=zstd:2,space_cache,subvolid=5,subvol=/ 0 0

	LABEL=boot /boot ext4 rw,relatime 0 2

	LABEL=swap none swap defaults 0 0
	EOF

	arch-chroot /mnt /bin/bash <<EOT
	wget -O /etc/tinyssh/root_key https://github.com/masakichi.keys
	sed -i "s/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap modconf block netconf tinyssh encryptssh lvm2 filesystems btrfs fsck)/g" /etc/mkinitcpio.conf
	rm -rf /etc/tinyssh/sshkeydir
	/usr/bin/ssh-keygen -A
	cat /etc/ssh/ssh_host_ed25519_key \| /usr/bin/tinyssh-convert /etc/tinyssh/sshkeydir
	mkinitcpio -P

	cat <<EOF > /etc/crypttab
	cryptlvm UUID=${luks_partition_uuid} none luks
	EOF

	grub-install $drive
	sed -i "s\|GRUB_CMDLINE_LINUX_DEFAULT=.*\|GRUB_CMDLINE_LINUX_DEFAULT=\"cryptdevice=UUID=${luks_partition_uuid}:cryptlvm root=/dev/vg0/root ip=:::::eth0:dhcp loglevel=3 quiet\"\|g" /etc/default/grub
	grub-mkconfig -o /boot/grub/grub.cfg

	cat <<EOF > /etc/systemd/network/default.network
	[Match]
	Name=eth0 en*

	[Network]
	DHCP=yes
	EOF

	echo root:${root_pass} \| chpasswd
	systemctl enable systemd-networkd systemd-resolved sshd
	systemctl set-default multi-user.target

	mkdir ~/.ssh
	chmod 700 ~/.ssh
	wget https://github.com/masakichi.keys -O ~/.ssh/authorized_keys
	chmod 600 ~/.ssh/authorized_keys
	EOT