Skip to content

Instantly share code, notes, and snippets.

@robertbeal
Last active January 4, 2018 14:30
Show Gist options
  • Save robertbeal/2715c8774b1b9fa2430487b459ce1766 to your computer and use it in GitHub Desktop.
Save robertbeal/2715c8774b1b9fa2430487b459ce1766 to your computer and use it in GitHub Desktop.
arch-base-install
#!/bin/bash
# Command for setting up a fully disk encrypted (including /boot) install with EFI partition with crypto_keyfile.bin (so the passphrase only needs to be entered once)
# Not yet automated, I still need to 'sed' some of the comment entries.
USER=foo
HOSTNAME=foo-linux
# Connect to wifi...
wifi-menu
# Create partitions
cgdisk /dev/sda
# 1 100MB EFI partition # Hex code = ef00
# 2 100% / partition # Hex code = 8300
# Format the EFI partition
mkfs.vfat -F32 /dev/sda1
# Create the encrypted partition
cryptsetup --verify-passphrase luksFormat /dev/sda2 -c aes-xts-plain64 -s 512 -h sha512
cryptsetup luksOpen /dev/sda2 arch
# Encryption key (so passphrase isn't prompted twice)
dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=4
chmod 000 /crypto-key.bin
cryptsetup luksAddKey /dev/sda2 /crypto-key.bin
# Logical volumes inside the encrypted partition
pvcreate /dev/mapper/arch
vgcreate vg0 /dev/mapper/arch
lvcreate --size 8G vg0 --name swap
lvcreate -l +100%FREE vg0 --name root
# Create filesystems on encrypted partitions
mkfs.ext4 /dev/mapper/vg0-root
mkswap /dev/mapper/vg0-swap
# Mount the new system
mount /dev/mapper/vg0-root /mnt
swapon /dev/mapper/vg0-swap
mkdir -p /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi
# Install the base system
pacstrap /mnt base base-devel bash dialog efibootmgr gnome-terminal grub-efi-x86_64 sudo vim wpa_supplicant
# install graphics drivers
pacstrap /mnt xorg-server mesa xf86-video-fbdev
# Generate fstab
genfstab -pU /mnt >> /mnt/etc/fstab
# Change relatime on all non-boot partitions to noatime (to reduces wear if using an SSD)
# Enter the new system
arch-chroot /mnt /bin/bash
# Login
pacman -S lightdm lightdm-gtk-greeter
systemctl enable lightdm
# Desktop
pacman -S cinnamon nemo-fileroller nemo-preview
# NetworkManager
pacman -S networkmanager gnome-keyring
systemctl enable NetworkManager
# Sytem clock
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
hwclock --systohc --utc
# Hostname
echo $HOSTNAME > /etc/hostname
# Locale
vim /etc/locale.gen # uncomment any locales needed, ie en_GB.UTF-8
locale-gen
echo LANG=en_GB.UTF-8 > /etc/locale.conf
# Users
useradd --create-home --user-group --group wheel $USER && passwd $USER
# Allow wheel groups in sudoers
sed -i '/%wheel ALL=(ALL) ALL/s/^#//' /etc/sudoers
# Disable root
passwd -l root
# Configure mkinitcpio with modules needed for the initrd image
vim /etc/mkinitcpio.conf
## Add 'keyboard keymap' to HOOKS before block
## Add 'encrypt' and 'lvm2' to HOOKS before filesystems
sed -i 's\^FILES=.*\FILES="/crypto_keyfile.bin"\g' /etc/mkinitcpio.conf
mkinitcpio -p linux
# Grub
vim /etc/default/grub
## GRUB_HIDDEN_TIMEOUT=5
## GRUB_HIDDEN_TIMEOUT_QUIET=true
## GRUB_ENABLE_CRYPTODISK=y
## GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda2:arch root:/dev/mapper/vg0-root"
grub-mkconfig -o /boot/grub/grub.cfg
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub
# Clean up and reboot
exit
umount -R /mnt
swapoff -a
reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment