bump: 202510

README.md

@@ -7,7 +7,7 @@ and run the `install.sh` script.
 
 ```bash
 pacman -Sy git
-git clone https://git.maby.dev/ange/archinstall.git
+git clone https://git.gmoker.com/ange/archinstall.git
 cd archinstall
 $EDITOR config
 ./install.sh
@@ -15,5 +15,4 @@ $EDITOR config
 
 ## Extend
 If you want to extend this script, simply place your own commands in a `.sh`
-file in `modules/{prechroot,chroot,chroot/user}` respectively depending on when
-you need it to be executed.
+file in `modules/**/` depending on when you need it to be executed.

config

@@ -16,31 +16,30 @@ shell=bash
 
 hostname="$username-pc"
 
-tz=UTC        # Europe/Paris
-locales=en_US # en_US,fr_FR
-lang=en_US
+tz=UTC # Europe/Paris
+locales=(en_US)
+lang=C
 
 pkg=(
-    7zip
     bash-completion
     detox
     dosfstools exfatprogs
-    fastfetch
     fzf
+    gcc make fakeroot man-{db,pages} patch tldr
     git
     inotify-tools
-    iwd iptables-nft wireguard-tools gnu-netcat
+    iproute2 iptables-nft iputils systemd-resolvconf wireguard-tools
+    iwd qrencode
     jq
-    lf
-    make man-{db,pages} patch texinfo tldr
     neovim-lspconfig python-{pynvim,black} ripgrep bash-language-server pyright
-    opendoas
     openssh
     podman docker-compose
     reflector
     renameutils perl-rename
-    rsync
+    systemd-sysvinit psmisc
+    tar rsync 7zip
     terminus-font awesome-terminal-fonts
+    which
 )
 
 # vim: ft=sh

install.sh

@@ -1,7 +1,14 @@
 #!/bin/bash
 
-echo 'If you want Secure Boot support, you need to put your system in Setup Mode'
-read -r
+if ! sbctl status | grep -q '^Setup Mode:.*Enabled$'; then
+    printf '%s\n' \
+        'If you want Secure Boot support, you need to put your system in Setup Mode' \
+        'See https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot'
+    read -rp "Reboot into the firmware setup interface? [Y/n] " ANS
+    if ! [[ "${ANS,}" =~ ^$|^y ]]; then
+        systemctl reboot --firmware-setup
+    fi
+fi
 
 exec &> >(tee logs.out)
 

modules/00-prechroot/10-disk.sh

@@ -11,29 +11,32 @@ root=/dev/disk/by-partlabel/root
 
 if [ -n "$disk_passwd" ]; then
     echo -n "$disk_passwd" | cryptsetup luksFormat "$root" -
-    cryptsetup open "$root" cryptroot - <<< "$disk_passwd"
-    root=/dev/mapper/cryptroot
+    cryptsetup open "$root" root - <<< "$disk_passwd"
+    root=/dev/mapper/root
 fi
 
-sleep 5 # wait /dev/disk/by-partlabel/
+while ! [ -e "$root" ] || ! [ -e "$esp" ]; do
+    echo 'waiting for /dev/disk/by-partlabel/ to be populated' >&2
+    sleep 1
+done
 
 mkfs.vfat -F32 "$esp"
 mkfs.ext4 -F "$root"
 mount "$root" /mnt/
+mount -m "$esp" /mnt/efi/
+
+mkdir -p /mnt/etc/ /mnt/efi/EFI/Linux/
 
 cat <<EOF > /mnt/etc/fstab
 UUID=$(blkid "$root" -ovalue -sUUID)	/	ext4	rw,relatime	0 1
-UUID=$(blkid "$esp" -ovalue -sUUID)	/efi	vfat	rw,fmask=0077,dmask=0077,noauto	0 2
+UUID=$(blkid "$esp" -ovalue -sUUID)	/efi	vfat	rw,fmask=0077,dmask=0077	0 2
 EOF
 
 if [ -n "$swapfile" ]; then
     dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress
     chmod 600 /mnt/swapfile
     mkswap /mnt/swapfile
-    swapon /mnt/swapfile
     echo "/swapfile	none	swap	defaults	0 0" >> /mnt/etc/fstab
 fi
 
 cp -rfTv rootfs/ /mnt/
-
-swapoff /mnt/swapfile

modules/00-prechroot/20-pkg.sh

@@ -2,17 +2,16 @@
 #shellcheck disable=SC2154
 
 case "$(lscpu)" in
-    *AMD*)   echo amd-ucode   >> pkglist.txt ;;
-    *Intel*) echo intel-ucode >> pkglist.txt ;;
-    *) ;;
+    *AMD*)   printf '%s\n' amd-ucode   >> pkglist.txt ;;
+    *Intel*) printf '%s\n' intel-ucode >> pkglist.txt ;;
 esac
 
 if [ -d /sys/class/power_supply/BAT0 ]; then
-    echo tlp >> pkglist.txt
+    printf '%s\n' tlp >> pkglist.txt
 fi
 
-echo "$shell" >> pkglist.txt
+printf '%s\n' "$shell" >> pkglist.txt
 pacstrap -C rootfs/etc/pacman.conf -K /mnt \
-    base linux{,-lts,-firmware} efibootmgr sbctl - < pkglist.txt
+    linux{,-lts,-firmware} efibootmgr sbctl pacman archlinux-keyring - < pkglist.txt
 
 find /mnt/etc/ -name '*.pacnew' -delete

modules/10-chroot/00-bootstrap.sh

@@ -4,11 +4,8 @@
 ln -sf "/usr/share/zoneinfo/$tz" /etc/localtime
 hwclock --systohc
 
-while read -r l; do
-    sed -i "/^#\s*$l.UTF-8/s/^#\s*//" /etc/locale.gen
-done <<< "${locales//,/$'\n'}"
+(IFS='|'; sed -Ei "/^#(${locales[*]})\.UTF-8/s/#//" /etc/locale.gen)
 locale-gen
-
 echo "LANG=$lang.UTF-8" > /etc/locale.conf
 
 echo "$hostname" > /etc/hostname

modules/10-chroot/10-bootloader.sh

@@ -1,8 +1,7 @@
 #!/bin/bash
-#shellcheck disable=SC2154
 
 root="$(findmnt -n -osource /)"
-boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)"
+esp="$(lsblk -ls -opath /dev/disk/by-partlabel/esp | tail -n1)"
 
 cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')"
 if [ -n "$cryptdev" ]; then
@@ -15,8 +14,8 @@ options="${options}root=$root rw"
 sbctl create-keys
 sbctl enroll-keys
 
-for l in arch{,-lts-fallback}; do
+for l in arch-linux{,-lts-fallback}; do
     efibootmgr --create --unicode --label "$l" \
-        --disk "$boot" --part 1 --loader "\\EFI\\Linux\\arch-linux$l.efi"
+        --disk "$esp" --part 1 --loader "\\EFI\\Linux\\$l.efi"
 done
 echo "$options" > /etc/cmdline.d/root.conf

modules/10-chroot/30-services.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-#shellcheck disable=SC2154
 
 systemctl enable iwd.service
 systemctl enable nftables.service

modules/10-chroot/50-dwm.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-#shellcheck disable=SC2154
-
-git clone --depth 1 https://git.maby.dev/ange/.dotfiles.git /tmp/dotfiles
-/tmp/dotfiles/.config/suckless/update.sh

modules/10-chroot/50-dwm.sh.dwm

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+git clone --depth 1 https://git.gmoker.com/ange/dotfiles.git /tmp/dotfiles
+/tmp/dotfiles/.config/suckless/install.sh

modules/10-chroot/user/10-dotfiles.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-#shellcheck disable=SC2154
 
 config=(git --git-dir "$HOME/.dotfiles" --work-tree "$HOME")
 repo='https://git.gmoker.com/ange/dotfiles.git'

modules/20-postchroot/99-done.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-#shellcheck disable=SC2154
 
 BOLD=$'\e[1m'
 GREEN=$'\e[32m'

modules/base.sh

@@ -1,22 +1,18 @@
 #!/bin/bash
 #shellcheck disable=SC2154
 
-for i in modules/00-prechroot/*.sh; do
-    bash -x "$i"
+for f in modules/00-prechroot/*.sh; do
+    bash -x "$f"
 done
 
-cp -r modules/chroot/ /mnt/
-
-for i in modules/10-chroot/*.sh; do
-    arch-chroot /mnt bash -x "${i/modules/}"
+for f in modules/10-chroot/*.sh; do
+    arch-chroot /mnt bash -x < "$f"
 done
 
-for i in modules/10-chroot/user/*.sh; do
-    arch-chroot /mnt su - "$username" -c "bash -x '${i/modules/}'"
+for f in modules/10-chroot/user/*.sh; do
+    arch-chroot /mnt su - "$username" -c "bash -x" < "$f"
 done
 
 for i in modules/20-postchroot/*.sh; do
     bash -x "$i"
 done
-
-rm -rf /mnt/chroot/

modules/desktop.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-#shellcheck disable=SC2154
 
 #newsraft
 printf '%s\n' \
@@ -15,20 +14,18 @@ printf '%s\n' \
     mpv \
     noto-fonts{,-cjk,-emoji} otf-font-awesome \
     pass-otp gcr \
-    pipewire{-pulse,-jack} playerctl \
-    polkit-gnome \
+    pipewire-jack playerctl rtkit \
     qemu-{base,audio-pipewire,hw-usb-host,hw-display-virtio-{gpu,vga},ui-gtk} dnsmasq usbutils \
     udisks2 \
     xdg-utils xdg-user-dirs \
     yt-dlp \
     zathura-pdf-poppler \
-    zenity \
         >> pkglist.txt
 
 case "$(lspci | grep 'VGA\|3D')" in
-    *AMD*)    echo vulkan-radeon mesa >> pkglist.txt ;;
-    *Intel*)  echo vulkan-intel intel-media-driver >> pkglist.txt ;;
-    *NVIDIA*) echo vulkan-nouveau mesa >> pkglist.txt ;;
+    *AMD*)    printf '%s\n' vulkan-radeon mesa >> pkglist.txt ;;
+    *Intel*)  printf '%s\n' vulkan-intel intel-media-driver >> pkglist.txt ;;
+    *NVIDIA*) printf '%s\n' vulkan-nouveau mesa >> pkglist.txt ;;
     *) ;;
 esac
 

modules/dwm.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-#shellcheck disable=SC2154
 
 printf '%s\n' \
     i3lock xss-lock \
@@ -8,17 +7,13 @@ printf '%s\n' \
         >> pkglist.txt
 
 case "$(lsmod)" in
-    *amdgpu*) echo xf86-video-amdgpu >> pkglist.txt ;;
-    *i915*)
-        # https://wiki.archlinux.org/title/Intel_graphics#Installation
-        #echo xf86-video-intel >> pkglist.txt
-        ;;
-    *nouveau*)
-        # https://bugs.freedesktop.org/show_bug.cgi?id=94844#c3
-        #echo xf86-video-nouveau >> pkglist.txt
-        ;;
-    *)
-        ;;
+    *amdgpu*) printf '%s\n' xf86-video-amdgpu >> pkglist.txt ;;
+
+    # https://wiki.archlinux.org/title/Intel_graphics#Installation
+    #*i915*) printf '%s\n' xf86-video-intel >> pkglist.txt ;;
+
+    # https://bugs.freedesktop.org/show_bug.cgi?id=94844#c3
+    #*nouveau*) printf '%s\n' xf86-video-nouveau >> pkglist.txt ;;
 esac
 
 find ./modules/ -name '*.sh.dwm' -exec rename '.dwm' '' '{}' +

rootfs/etc/doas.conf

@@ -1,2 +0,0 @@
-permit root
-permit persist :wheel

rootfs/etc/iwd/main.conf

@@ -1,2 +1,5 @@
 [General]
 AddressRandomization=once
+
+[Scan]
+DisablePeriodicScan=true

rootfs/etc/makepkg.conf

@@ -95,7 +95,7 @@ BUILDENV=(!distcc color !ccache check !sign)
 #-- lto:        Add compile flags for building with link time optimization
 #-- autodeps:   Automatically add depends/provides
 #
-OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto)
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto)
 
 #-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
 INTEGRITY_CHECK=(sha256)
@@ -161,5 +161,5 @@ SRCEXT='.src.tar.gz'
 #########################################################################
 #
 #-- Command used to run pacman as root, instead of trying sudo and su
-PACMAN_AUTH=(doas)
+PACMAN_AUTH=(run0 --background=)
 # vim: set ft=sh ts=2 sw=2 et:

rootfs/etc/systemd/network/20-wwan.network

@@ -1,19 +0,0 @@
-[Match]
-Name=ww*
-
-[Link]
-RequiredForOnline=routable
-
-[Network]
-DHCP=yes
-
-# systemd-networkd does not set per-interface-type default route metrics
-# https://github.com/systemd/systemd/issues/17698
-# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband.
-# Use values from NetworkManager. From nm_device_get_route_metric_default in
-# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c
-[DHCPv4]
-RouteMetric=700
-
-[IPv6AcceptRA]
-RouteMetric=700

rootfs/etc/systemd/resolved.conf

@@ -21,8 +21,15 @@
 # Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
 # Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
 # Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
-DNS=9.9.9.9#dns.quad9.net
-#FallbackDNS=1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google
+# DNS0:       193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu
+#
+# Using DNS= configures global DNS servers and does not suppress link-specific
+# configuration. Parallel requests will be sent to per-link DNS servers
+# configured automatically by systemd-networkd.service(8), NetworkManager(8), or
+# similar management services, or configured manually via resolvectl(1). See
+# resolved.conf(5) and systemd-resolved(8) for more details.
+DNS=1.1.1.1#cloudflare-dns.com
+#FallbackDNS=9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google
 Domains=~.
 #DNSSEC=no
 DNSOverTLS=yes
@@ -35,3 +42,4 @@ DNSOverTLS=yes
 #ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
 #StaleRetentionSec=0
+#RefuseRecordTypes=