mhutter/0-pre-chroot.sh

## 0-pre-chroot.sh
#!/usr/bin/env bash
set -e -u -o pipefail -x

# General setup
timedatectl set-ntp true


# Partitioning
sgdisk /dev/sda \
  --new=1:0:+512M \
  --largest-new=2 \
  --typecode=1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B \
  --typecode=2:CA7D7CCB-63ED-4C53-861C-1742536059CC \
  --print

cryptsetup luksFormat /dev/sda2
cryptsetup open /dev/sda2 cryptroot
mkfs.ext4 -m1 /dev/mapper/cryptroot
mkfs.fat -F32 /dev/sda1

mount /dev/mapper/cryptroot /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

# Base setup
pacstrap /mnt base linux linux-firmware vim sudo zsh ansible git
genfstab -U /mnt >> /mnt/etc/fstab

## 1-chroot.sh
#!/usr/bin/env bash
set -e -u -o pipefail -x

# Language/TZ config
ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
hwclock --systohc

sed -Ei 's/^#(en_US.UTF-8)/\1/' /etc/locale.gen
locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf

# Network setup
cat > /etc/hosts <<EOT
127.0.0.1   localhost
::1         localhost
127.0.1.1   arch.localdomain arch
EOT
hostnamectl set-hostname arch
systemctl enable systemd-networkd
systemctl enable systemd-resolved
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
cat > /etc/systemd/network/20-wired.network <<EOT
[Match]
Name=enp0s3
[Network]
DHCP=yes
EOT

# Partitioning/encryption
sed -Ei 's/^HOOKS=.+$/HOOKS=(base udev autodetect keyboard consolefont modconf block encrypt filesystems fsck)/' /etc/mkinitcpio.conf
source <(lsblk /dev/sda2 -o UUID -P -d)
echo "cryptroot UUID=${UUID} none luks2,discard" > /etc/crypttab.initramfs
mkinitcpio -p linux

# Bootloader
bootctl install
cat > /boot/loader/entries/arch.conf <<EOT
title   Arch Linux
linux   /vmlinuz-linux
initrd  /initramfs-linux.img
options root=/dev/mapper/cryptroot cryptdevice=UUID=${UUID}:cryptroot rw
EOT

# User setup
useradd -m -s /bin/zsh -U mh
echo 'mh ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/mh
passwd mh

## 2-post-chroot.sh
#!/usr/bin/env bash
set -e -u -o pipefail -x

umount -R /mnt
sync
	#!/usr/bin/env bash
	set -e -u -o pipefail -x

	# General setup
	timedatectl set-ntp true


	# Partitioning
	sgdisk /dev/sda \
	--new=1:0:+512M \
	--largest-new=2 \
	--typecode=1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B \
	--typecode=2:CA7D7CCB-63ED-4C53-861C-1742536059CC \
	--print

	cryptsetup luksFormat /dev/sda2
	cryptsetup open /dev/sda2 cryptroot
	mkfs.ext4 -m1 /dev/mapper/cryptroot
	mkfs.fat -F32 /dev/sda1

	mount /dev/mapper/cryptroot /mnt
	mkdir /mnt/boot
	mount /dev/sda1 /mnt/boot

	# Base setup
	pacstrap /mnt base linux linux-firmware vim sudo zsh ansible git
	genfstab -U /mnt >> /mnt/etc/fstab
	#!/usr/bin/env bash
	set -e -u -o pipefail -x

	# Language/TZ config
	ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
	hwclock --systohc

	sed -Ei 's/^#(en_US.UTF-8)/\1/' /etc/locale.gen
	locale-gen
	echo 'LANG=en_US.UTF-8' > /etc/locale.conf

	# Network setup
	cat > /etc/hosts <<EOT
	127.0.0.1 localhost
	::1 localhost
	127.0.1.1 arch.localdomain arch
	EOT
	hostnamectl set-hostname arch
	systemctl enable systemd-networkd
	systemctl enable systemd-resolved
	ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
	cat > /etc/systemd/network/20-wired.network <<EOT
	[Match]
	Name=enp0s3
	[Network]
	DHCP=yes
	EOT

	# Partitioning/encryption
	sed -Ei 's/^HOOKS=.+$/HOOKS=(base udev autodetect keyboard consolefont modconf block encrypt filesystems fsck)/' /etc/mkinitcpio.conf
	source <(lsblk /dev/sda2 -o UUID -P -d)
	echo "cryptroot UUID=${UUID} none luks2,discard" > /etc/crypttab.initramfs
	mkinitcpio -p linux

	# Bootloader
	bootctl install
	cat > /boot/loader/entries/arch.conf <<EOT
	title Arch Linux
	linux /vmlinuz-linux
	initrd /initramfs-linux.img
	options root=/dev/mapper/cryptroot cryptdevice=UUID=${UUID}:cryptroot rw
	EOT

	# User setup
	useradd -m -s /bin/zsh -U mh
	echo 'mh ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/mh
	passwd mh
	#!/usr/bin/env bash
	set -e -u -o pipefail -x

	umount -R /mnt
	sync