Last active
January 4, 2018 14:30
-
-
Save robertbeal/2715c8774b1b9fa2430487b459ce1766 to your computer and use it in GitHub Desktop.
arch-base-install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Command for setting up a fully disk encrypted (including /boot) install with EFI partition with crypto_keyfile.bin (so the passphrase only needs to be entered once) | |
# Not yet automated, I still need to 'sed' some of the comment entries. | |
USER=foo | |
HOSTNAME=foo-linux | |
# Connect to wifi... | |
wifi-menu | |
# Create partitions | |
cgdisk /dev/sda | |
# 1 100MB EFI partition # Hex code = ef00 | |
# 2 100% / partition # Hex code = 8300 | |
# Format the EFI partition | |
mkfs.vfat -F32 /dev/sda1 | |
# Create the encrypted partition | |
cryptsetup --verify-passphrase luksFormat /dev/sda2 -c aes-xts-plain64 -s 512 -h sha512 | |
cryptsetup luksOpen /dev/sda2 arch | |
# Encryption key (so passphrase isn't prompted twice) | |
dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=4 | |
chmod 000 /crypto-key.bin | |
cryptsetup luksAddKey /dev/sda2 /crypto-key.bin | |
# Logical volumes inside the encrypted partition | |
pvcreate /dev/mapper/arch | |
vgcreate vg0 /dev/mapper/arch | |
lvcreate --size 8G vg0 --name swap | |
lvcreate -l +100%FREE vg0 --name root | |
# Create filesystems on encrypted partitions | |
mkfs.ext4 /dev/mapper/vg0-root | |
mkswap /dev/mapper/vg0-swap | |
# Mount the new system | |
mount /dev/mapper/vg0-root /mnt | |
swapon /dev/mapper/vg0-swap | |
mkdir -p /mnt/boot/efi | |
mount /dev/sda1 /mnt/boot/efi | |
# Install the base system | |
pacstrap /mnt base base-devel bash dialog efibootmgr gnome-terminal grub-efi-x86_64 sudo vim wpa_supplicant | |
# install graphics drivers | |
pacstrap /mnt xorg-server mesa xf86-video-fbdev | |
# Generate fstab | |
genfstab -pU /mnt >> /mnt/etc/fstab | |
# Change relatime on all non-boot partitions to noatime (to reduces wear if using an SSD) | |
# Enter the new system | |
arch-chroot /mnt /bin/bash | |
# Login | |
pacman -S lightdm lightdm-gtk-greeter | |
systemctl enable lightdm | |
# Desktop | |
pacman -S cinnamon nemo-fileroller nemo-preview | |
# NetworkManager | |
pacman -S networkmanager gnome-keyring | |
systemctl enable NetworkManager | |
# Sytem clock | |
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime | |
hwclock --systohc --utc | |
# Hostname | |
echo $HOSTNAME > /etc/hostname | |
# Locale | |
vim /etc/locale.gen # uncomment any locales needed, ie en_GB.UTF-8 | |
locale-gen | |
echo LANG=en_GB.UTF-8 > /etc/locale.conf | |
# Users | |
useradd --create-home --user-group --group wheel $USER && passwd $USER | |
# Allow wheel groups in sudoers | |
sed -i '/%wheel ALL=(ALL) ALL/s/^#//' /etc/sudoers | |
# Disable root | |
passwd -l root | |
# Configure mkinitcpio with modules needed for the initrd image | |
vim /etc/mkinitcpio.conf | |
## Add 'keyboard keymap' to HOOKS before block | |
## Add 'encrypt' and 'lvm2' to HOOKS before filesystems | |
sed -i 's\^FILES=.*\FILES="/crypto_keyfile.bin"\g' /etc/mkinitcpio.conf | |
mkinitcpio -p linux | |
# Grub | |
vim /etc/default/grub | |
## GRUB_HIDDEN_TIMEOUT=5 | |
## GRUB_HIDDEN_TIMEOUT_QUIET=true | |
## GRUB_ENABLE_CRYPTODISK=y | |
## GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda2:arch root:/dev/mapper/vg0-root" | |
grub-mkconfig -o /boot/grub/grub.cfg | |
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub | |
# Clean up and reboot | |
exit | |
umount -R /mnt | |
swapoff -a | |
reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment