ange/archinstall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: cleanup

Browse Source
This commit is contained in:
ange 2025-06-21 06:30:06 +00:00
parent 92f562a03e
commit 649806d52d
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
11 changed files with 212 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config
View File

@ -6,11 +6,11 @@ install_type=dwm # base|desktop|dwm
disk=/dev/nvme0n1 disk=/dev/nvme0n1
disk_passwd=cryptroot disk_passwd=cryptroot
swapfile=1024 # MiB, Comment to disable swapfile=1024 # MiB, comment to disable
username=ange username=ange
userpasswd=ange userpasswd=ange
rootpasswd=root # Comment to disable rootpasswd=root # comment to disable
shell=bash shell=bash
@ -21,18 +21,19 @@ locales=en_US # en_US,fr_FR
lang=en_US lang=en_US
pkg=( pkg=(
7zip unrar 7zip
base-devel man-{db,pages} tldr
bash-completion bash-completion
detox detox
dosfstools exfatprogs dosfstools exfatprogs
fastfetch fastfetch
fzf fzf
git git
inotify-tools
iwd iptables-nft wireguard-tools gnu-netcat iwd iptables-nft wireguard-tools gnu-netcat
jq jq
lf lf
neovim{,-lspconfig} python-{pynvim,black} ripgrep bash-language-server pyright make man-{db,pages} patch texinfo tldr
neovim-lspconfig python-{pynvim,black} ripgrep bash-language-server pyright
opendoas opendoas
openssh openssh
podman docker-compose podman docker-compose

8
modules/00-prechroot/10-disk.sh
View File

@ -9,11 +9,11 @@ sgdisk -Z \
esp=/dev/disk/by-partlabel/esp esp=/dev/disk/by-partlabel/esp
root=/dev/disk/by-partlabel/root root=/dev/disk/by-partlabel/root
[ -n "$disk_passwd" ] && { if [ -n "$disk_passwd" ]; then
echo -n "$disk_passwd" | cryptsetup luksFormat "$root" - echo -n "$disk_passwd" | cryptsetup luksFormat "$root" -
cryptsetup open "$root" cryptroot - <<< "$disk_passwd" cryptsetup open "$root" cryptroot - <<< "$disk_passwd"
root=/dev/mapper/cryptroot root=/dev/mapper/cryptroot
} fi
sleep 5 # wait /dev/disk/by-partlabel/ sleep 5 # wait /dev/disk/by-partlabel/
@ -26,13 +26,13 @@ UUID=$(blkid "$root" -ovalue -sUUID) / ext4 rw,relatime 0 1
UUID=$(blkid "$esp" -ovalue -sUUID) /efi vfat rw,fmask=0077,dmask=0077,noauto 0 2 UUID=$(blkid "$esp" -ovalue -sUUID) /efi vfat rw,fmask=0077,dmask=0077,noauto 0 2
EOF EOF
[ -n "$swapfile" ] && { if [ -n "$swapfile" ]; then
dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress
chmod 600 /mnt/swapfile chmod 600 /mnt/swapfile
mkswap /mnt/swapfile mkswap /mnt/swapfile
swapon /mnt/swapfile swapon /mnt/swapfile
echo "/swapfile none swap defaults 0 0" >> /mnt/etc/fstab echo "/swapfile none swap defaults 0 0" >> /mnt/etc/fstab
} fi
cp -rfTv rootfs/ /mnt/ cp -rfTv rootfs/ /mnt/

7
modules/00-prechroot/20-pkg.sh
View File

@ -7,10 +7,9 @@ case "$(lscpu)" in
*) ;; *) ;;
esac esac
[ -s modules/chroot/flatpak.txt ] \ if [ -d /sys/class/power_supply/BAT0 ]; then
&& printf '%s\n' flatpak xdg-desktop-portal-gtk >> pkglist.txt echo tlp >> pkglist.txt
fi
[ -d /sys/class/power_supply/BAT0 ] && echo tlp >> pkglist.txt
echo "$shell" >> pkglist.txt echo "$shell" >> pkglist.txt
pacstrap -C rootfs/etc/pacman.conf -K /mnt \ pacstrap -C rootfs/etc/pacman.conf -K /mnt \

4
modules/10-chroot/10-bootloader.sh
View File

@ -5,10 +5,10 @@ root="$(findmnt -n -osource /)"
boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)" boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)"
cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')" cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')"
[ -n "$cryptdev" ] && { if [ -n "$cryptdev" ]; then
uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')" uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')"
options="cryptdevice=$uuid:${root##*/} " options="cryptdevice=$uuid:${root##*/} "
} fi
options="${options}root=$root rw" options="${options}root=$root rw"

4
modules/10-chroot/20-users.sh
View File

@ -4,5 +4,7 @@
shell="$(sed -n "/$shell/{p;q}" /etc/shells)" shell="$(sed -n "/$shell/{p;q}" /etc/shells)"
useradd -mG wheel,video "$username" -s "${shell:-/bin/bash}" useradd -mG wheel,video "$username" -s "${shell:-/bin/bash}"
[ -n "$rootpasswd" ] && echo "root:$rootpasswd" | chpasswd if [ -n "$rootpasswd" ]; then
echo "root:$rootpasswd" | chpasswd
fi
echo "$username:$userpasswd" | chpasswd echo "$username:$userpasswd" | chpasswd

5
modules/10-chroot/40-flatpak.sh
View File

@ -1,5 +0,0 @@
#!/bin/bash
#shellcheck disable=SC2154
[ -s /chroot/flatpak.txt ] \
&& xargs flatpak install -y --noninteractive < /chroot/flatpak.txt

9
modules/20-postchroot/99-done.sh
View File

@ -5,10 +5,9 @@ BOLD=$'\e[1m'
GREEN=$'\e[32m' GREEN=$'\e[32m'
NORMAL=$'\e[0m' NORMAL=$'\e[0m'
echo "${BOLD}${GREEN}DONE. Umount? [Y/n]${NORMAL} " && read -r ANS read -rp "${BOLD}${GREEN}DONE. Umount? [Y/n]${NORMAL} " ANS
case "$ANS" in if ! [[ "${ANS,}" =~ ^$|^y ]]; then
''|[Yy]*) ;; exit
*) exit ;; fi
esac
umount -R /mnt/ umount -R /mnt/

21
modules/desktop.sh
View File

@ -7,31 +7,24 @@ printf '%s\n' \
alacritty \ alacritty \
bluez{,-utils} \ bluez{,-utils} \
feh \ feh \
firefox{,-ublock-origin} \
gammastep \ gammastep \
imagemagick ghostscript \ imagemagick ghostscript \
materia-gtk-theme papirus-icon-theme \ materia-gtk-theme \
monero \ monero \
mpv \ mpv \
noto-fonts{,-cjk,-emoji} otf-font-awesome \ noto-fonts{,-cjk,-emoji} otf-font-awesome \
pass{,-otp} gcr \ pass-otp gcr \
pcmanfm-gtk3 \ pipewire{-pulse,-jack} playerctl \
pipewire{,-pulse,-jack} pavucontrol playerctl \
polkit-gnome \ polkit-gnome \
qemu-{base,audio-pipewire,hw-usb-host,hw-display-virtio-{gpu,vga},ui-gtk} dnsmasq \ qemu-{base,audio-pipewire,hw-usb-host,hw-display-virtio-{gpu,vga},ui-gtk} dnsmasq usbutils \
udisks2 \ udisks2 \
xdg-user-dirs \ xdg-utils xdg-user-dirs \
yt-dlp \ yt-dlp \
zathura{,-pdf-poppler} \ zathura-pdf-poppler \
zenity \ zenity \
>> pkglist.txt >> pkglist.txt
printf '%s\n' \
com.valvesoftware.Steam \
org.gimp.GIMP \
org.gtk.Gtk3theme.Materia-dark \
org.mozilla.firefox \
>> modules/chroot/flatpak.txt
case "$(lspci | grep 'VGA\|3D')" in case "$(lspci | grep 'VGA\|3D')" in
*AMD*) echo vulkan-radeon mesa >> pkglist.txt ;; *AMD*) echo vulkan-radeon mesa >> pkglist.txt ;;
*Intel*) echo vulkan-intel intel-media-driver >> pkglist.txt ;; *Intel*) echo vulkan-intel intel-media-driver >> pkglist.txt ;;

2
rootfs/etc/iwd/main.conf Normal file
View File

@ -0,0 +1,2 @@
[General]
AddressRandomization=once

165
rootfs/etc/makepkg.conf Normal file
View File

@ -0,0 +1,165 @@
#!/hint/bash
# shellcheck disable=2034
#
# /etc/makepkg.conf
#
#########################################################################
# SOURCE ACQUISITION
#########################################################################
#
#-- The download utilities that makepkg should use to acquire sources
# Format: 'protocol::agent'
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
'rsync::/usr/bin/rsync --no-motd -z %u %o'
'scp::/usr/bin/scp -C %u %o')
# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
# /usr/bin/wget
#-- The package required by makepkg to download VCS sources
# Format: 'protocol::package'
VCSCLIENTS=('bzr::breezy'
'fossil::fossil'
'git::git'
'hg::mercurial'
'svn::subversion')
#########################################################################
# ARCHITECTURE, COMPILE FLAGS
#########################################################################
#
CARCH="x86_64"
CHOST="x86_64-pc-linux-gnu"
#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
-Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
-fstack-clash-protection -fcf-protection \
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
-Wl,-z,pack-relative-relocs"
LTOFLAGS="-flto=auto"
#-- Make Flags: change this for DistCC/SMP systems
#MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
#########################################################################
# BUILD ENVIRONMENT
#########################################################################
#
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
# A negated environment option will do the opposite of the comments below.
#
#-- distcc: Use the Distributed C/C++/ObjC compiler
#-- color: Colorize output messages
#-- ccache: Use ccache to cache compilation
#-- check: Run the check() function if present in the PKGBUILD
#-- sign: Generate PGP signature file
#
BUILDENV=(!distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#-- Specify a directory for package building.
#BUILDDIR=/tmp/makepkg
#########################################################################
# GLOBAL PACKAGE OPTIONS
# These are default values for the options=() settings
#########################################################################
#
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto !autodeps)
# A negated option will do the opposite of the comments below.
#
#-- strip: Strip symbols from binaries/libraries
#-- docs: Save doc directories specified by DOC_DIRS
#-- libtool: Leave libtool (.la) files in packages
#-- staticlibs: Leave static library (.a) files in packages
#-- emptydirs: Leave empty directories in packages
#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge: Remove files specified by PURGE_TARGETS
#-- debug: Add debugging flags as specified in DEBUG_* variables
#-- lto: Add compile flags for building with link time optimization
#-- autodeps: Automatically add depends/provides
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto)
#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
INTEGRITY_CHECK=(sha256)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#-- Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#-- Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#-- Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#-- Directory to store source code in for debug packages
DBGSRCDIR="/usr/src/debug"
#-- Prefix and directories for library autodeps
LIB_DIRS=('lib:usr/lib' 'lib32:usr/lib32')
#########################################################################
# PACKAGE OUTPUT
#########################################################################
#
# Default: put built package and cached source in build directory
#
#-- Destination: specify a fixed directory where all packages will be placed
#PKGDEST=/home/packages
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
#SRCPKGDEST=/home/srcpackages
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
#-- Specify a key to use for package signing
#GPGKEY=""
#########################################################################
# COMPRESSION DEFAULTS
#########################################################################
#
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -T0 -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -c -f)
#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
PKGEXT='.pkg.tar.zst'
SRCEXT='.src.tar.gz'
#########################################################################
# OTHER
#########################################################################
#
#-- Command used to run pacman as root, instead of trying sudo and su
PACMAN_AUTH=(doas)
# vim: set ft=sh ts=2 sw=2 et:

40
rootfs/etc/nftables.conf
View File

@ -1,36 +1,28 @@
#!/usr/bin/nft -f #!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:
destroy table inet filter; destroy table inet filter;
table inet filter { table inet filter {
chain input { chain input {
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
#tcp dport 32768-65535 counter meta nftrace set 1 accept comment "WoW VoiceError:17" ct state invalid counter drop
ct state {established, related} counter accept
ct state invalid counter drop iif "lo" counter accept
ct state {established, related} counter accept ip protocol {icmp,icmpv6} counter accept
iif "lo" counter accept counter meta nftrace set 1 comment "dropped"
ip protocol {icmp,icmpv6} counter accept }
iifname "waydroid0" meta l4proto {tcp, udp} th dport {53, 67} counter accept chain forward {
type filter hook forward priority filter; policy drop;
counter meta nftrace set 1 comment "dropped" counter meta nftrace set 1 comment "dropped"
} }
chain forward { chain output {
type filter hook forward priority filter; policy drop; type filter hook output priority filter; policy accept;
iifname "waydroid0" counter accept counter comment "accepted"
oifname "waydroid0" counter accept }
counter meta nftrace set 1 comment "dropped"
}
chain output {
type filter hook output priority filter; policy accept;
counter comment "accepted"
}
} }