From b0add9b2cd3f5573ce9dcac40127b53df31b9b6e Mon Sep 17 00:00:00 2001 From: ange Date: Fri, 3 Oct 2025 10:10:06 +0000 Subject: [PATCH] bump: 202510 --- README.md | 5 ++--- config | 19 +++++++++---------- install.sh | 11 +++++++++-- modules/00-prechroot/10-disk.sh | 17 ++++++++++------- modules/00-prechroot/20-pkg.sh | 11 +++++------ modules/10-chroot/00-bootstrap.sh | 5 +---- modules/10-chroot/10-bootloader.sh | 7 +++---- modules/10-chroot/30-services.sh | 1 - modules/10-chroot/50-dwm.sh | 5 ----- modules/10-chroot/50-dwm.sh.dwm | 4 ++++ modules/10-chroot/user/10-dotfiles.sh | 1 - modules/20-postchroot/99-done.sh | 1 - modules/base.sh | 16 ++++++---------- modules/desktop.sh | 11 ++++------- modules/dwm.sh | 19 +++++++------------ rootfs/etc/doas.conf | 2 -- rootfs/etc/iwd/main.conf | 3 +++ rootfs/etc/makepkg.conf | 4 ++-- rootfs/etc/systemd/network/20-wwan.network | 19 ------------------- rootfs/etc/systemd/resolved.conf | 12 ++++++++++-- 20 files changed, 75 insertions(+), 98 deletions(-) delete mode 100644 modules/10-chroot/50-dwm.sh create mode 100644 modules/10-chroot/50-dwm.sh.dwm delete mode 100644 rootfs/etc/doas.conf delete mode 100644 rootfs/etc/systemd/network/20-wwan.network diff --git a/README.md b/README.md index a77a5e0..12e3818 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ and run the `install.sh` script. ```bash pacman -Sy git -git clone https://git.maby.dev/ange/archinstall.git +git clone https://git.gmoker.com/ange/archinstall.git cd archinstall $EDITOR config ./install.sh @@ -15,5 +15,4 @@ $EDITOR config ## Extend If you want to extend this script, simply place your own commands in a `.sh` -file in `modules/{prechroot,chroot,chroot/user}` respectively depending on when -you need it to be executed. +file in `modules/**/` depending on when you need it to be executed. diff --git a/config b/config index bbb9755..e2a92a0 100644 --- a/config +++ b/config @@ -16,31 +16,30 @@ shell=bash hostname="$username-pc" -tz=UTC # Europe/Paris -locales=en_US # en_US,fr_FR -lang=en_US +tz=UTC # Europe/Paris +locales=(en_US) +lang=C pkg=( - 7zip bash-completion detox dosfstools exfatprogs - fastfetch fzf + gcc make fakeroot man-{db,pages} patch tldr git inotify-tools - iwd iptables-nft wireguard-tools gnu-netcat + iproute2 iptables-nft iputils systemd-resolvconf wireguard-tools + iwd qrencode jq - lf - make man-{db,pages} patch texinfo tldr neovim-lspconfig python-{pynvim,black} ripgrep bash-language-server pyright - opendoas openssh podman docker-compose reflector renameutils perl-rename - rsync + systemd-sysvinit psmisc + tar rsync 7zip terminus-font awesome-terminal-fonts + which ) # vim: ft=sh diff --git a/install.sh b/install.sh index f407458..7d19444 100755 --- a/install.sh +++ b/install.sh @@ -1,7 +1,14 @@ #!/bin/bash -echo 'If you want Secure Boot support, you need to put your system in Setup Mode' -read -r +if ! sbctl status | grep -q '^Setup Mode:.*Enabled$'; then + printf '%s\n' \ + 'If you want Secure Boot support, you need to put your system in Setup Mode' \ + 'See https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot' + read -rp "Reboot into the firmware setup interface? [Y/n] " ANS + if ! [[ "${ANS,}" =~ ^$|^y ]]; then + systemctl reboot --firmware-setup + fi +fi exec &> >(tee logs.out) diff --git a/modules/00-prechroot/10-disk.sh b/modules/00-prechroot/10-disk.sh index d495678..e6dd4d5 100644 --- a/modules/00-prechroot/10-disk.sh +++ b/modules/00-prechroot/10-disk.sh @@ -11,29 +11,32 @@ root=/dev/disk/by-partlabel/root if [ -n "$disk_passwd" ]; then echo -n "$disk_passwd" | cryptsetup luksFormat "$root" - - cryptsetup open "$root" cryptroot - <<< "$disk_passwd" - root=/dev/mapper/cryptroot + cryptsetup open "$root" root - <<< "$disk_passwd" + root=/dev/mapper/root fi -sleep 5 # wait /dev/disk/by-partlabel/ +while ! [ -e "$root" ] || ! [ -e "$esp" ]; do + echo 'waiting for /dev/disk/by-partlabel/ to be populated' >&2 + sleep 1 +done mkfs.vfat -F32 "$esp" mkfs.ext4 -F "$root" mount "$root" /mnt/ +mount -m "$esp" /mnt/efi/ + +mkdir -p /mnt/etc/ /mnt/efi/EFI/Linux/ cat < /mnt/etc/fstab UUID=$(blkid "$root" -ovalue -sUUID) / ext4 rw,relatime 0 1 -UUID=$(blkid "$esp" -ovalue -sUUID) /efi vfat rw,fmask=0077,dmask=0077,noauto 0 2 +UUID=$(blkid "$esp" -ovalue -sUUID) /efi vfat rw,fmask=0077,dmask=0077 0 2 EOF if [ -n "$swapfile" ]; then dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress chmod 600 /mnt/swapfile mkswap /mnt/swapfile - swapon /mnt/swapfile echo "/swapfile none swap defaults 0 0" >> /mnt/etc/fstab fi cp -rfTv rootfs/ /mnt/ - -swapoff /mnt/swapfile diff --git a/modules/00-prechroot/20-pkg.sh b/modules/00-prechroot/20-pkg.sh index 9581b57..205e8f4 100644 --- a/modules/00-prechroot/20-pkg.sh +++ b/modules/00-prechroot/20-pkg.sh @@ -2,17 +2,16 @@ #shellcheck disable=SC2154 case "$(lscpu)" in - *AMD*) echo amd-ucode >> pkglist.txt ;; - *Intel*) echo intel-ucode >> pkglist.txt ;; - *) ;; + *AMD*) printf '%s\n' amd-ucode >> pkglist.txt ;; + *Intel*) printf '%s\n' intel-ucode >> pkglist.txt ;; esac if [ -d /sys/class/power_supply/BAT0 ]; then - echo tlp >> pkglist.txt + printf '%s\n' tlp >> pkglist.txt fi -echo "$shell" >> pkglist.txt +printf '%s\n' "$shell" >> pkglist.txt pacstrap -C rootfs/etc/pacman.conf -K /mnt \ - base linux{,-lts,-firmware} efibootmgr sbctl - < pkglist.txt + linux{,-lts,-firmware} efibootmgr sbctl pacman archlinux-keyring - < pkglist.txt find /mnt/etc/ -name '*.pacnew' -delete diff --git a/modules/10-chroot/00-bootstrap.sh b/modules/10-chroot/00-bootstrap.sh index 7a0e284..587fc32 100644 --- a/modules/10-chroot/00-bootstrap.sh +++ b/modules/10-chroot/00-bootstrap.sh @@ -4,11 +4,8 @@ ln -sf "/usr/share/zoneinfo/$tz" /etc/localtime hwclock --systohc -while read -r l; do - sed -i "/^#\s*$l.UTF-8/s/^#\s*//" /etc/locale.gen -done <<< "${locales//,/$'\n'}" +(IFS='|'; sed -Ei "/^#(${locales[*]})\.UTF-8/s/#//" /etc/locale.gen) locale-gen - echo "LANG=$lang.UTF-8" > /etc/locale.conf echo "$hostname" > /etc/hostname diff --git a/modules/10-chroot/10-bootloader.sh b/modules/10-chroot/10-bootloader.sh index 0733fc0..526a52a 100644 --- a/modules/10-chroot/10-bootloader.sh +++ b/modules/10-chroot/10-bootloader.sh @@ -1,8 +1,7 @@ #!/bin/bash -#shellcheck disable=SC2154 root="$(findmnt -n -osource /)" -boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)" +esp="$(lsblk -ls -opath /dev/disk/by-partlabel/esp | tail -n1)" cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')" if [ -n "$cryptdev" ]; then @@ -15,8 +14,8 @@ options="${options}root=$root rw" sbctl create-keys sbctl enroll-keys -for l in arch{,-lts-fallback}; do +for l in arch-linux{,-lts-fallback}; do efibootmgr --create --unicode --label "$l" \ - --disk "$boot" --part 1 --loader "\\EFI\\Linux\\arch-linux$l.efi" + --disk "$esp" --part 1 --loader "\\EFI\\Linux\\$l.efi" done echo "$options" > /etc/cmdline.d/root.conf diff --git a/modules/10-chroot/30-services.sh b/modules/10-chroot/30-services.sh index 196724a..2f173da 100644 --- a/modules/10-chroot/30-services.sh +++ b/modules/10-chroot/30-services.sh @@ -1,5 +1,4 @@ #!/bin/bash -#shellcheck disable=SC2154 systemctl enable iwd.service systemctl enable nftables.service diff --git a/modules/10-chroot/50-dwm.sh b/modules/10-chroot/50-dwm.sh deleted file mode 100644 index 91b7b70..0000000 --- a/modules/10-chroot/50-dwm.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -#shellcheck disable=SC2154 - -git clone --depth 1 https://git.maby.dev/ange/.dotfiles.git /tmp/dotfiles -/tmp/dotfiles/.config/suckless/update.sh diff --git a/modules/10-chroot/50-dwm.sh.dwm b/modules/10-chroot/50-dwm.sh.dwm new file mode 100644 index 0000000..452d8a7 --- /dev/null +++ b/modules/10-chroot/50-dwm.sh.dwm @@ -0,0 +1,4 @@ +#!/bin/bash + +git clone --depth 1 https://git.gmoker.com/ange/dotfiles.git /tmp/dotfiles +/tmp/dotfiles/.config/suckless/install.sh diff --git a/modules/10-chroot/user/10-dotfiles.sh b/modules/10-chroot/user/10-dotfiles.sh index 7032ae2..d3bfe88 100644 --- a/modules/10-chroot/user/10-dotfiles.sh +++ b/modules/10-chroot/user/10-dotfiles.sh @@ -1,5 +1,4 @@ #!/bin/bash -#shellcheck disable=SC2154 config=(git --git-dir "$HOME/.dotfiles" --work-tree "$HOME") repo='https://git.gmoker.com/ange/dotfiles.git' diff --git a/modules/20-postchroot/99-done.sh b/modules/20-postchroot/99-done.sh index 92d6f4d..7d36c3f 100644 --- a/modules/20-postchroot/99-done.sh +++ b/modules/20-postchroot/99-done.sh @@ -1,5 +1,4 @@ #!/bin/bash -#shellcheck disable=SC2154 BOLD=$'\e[1m' GREEN=$'\e[32m' diff --git a/modules/base.sh b/modules/base.sh index e6740b9..f4c608f 100644 --- a/modules/base.sh +++ b/modules/base.sh @@ -1,22 +1,18 @@ #!/bin/bash #shellcheck disable=SC2154 -for i in modules/00-prechroot/*.sh; do - bash -x "$i" +for f in modules/00-prechroot/*.sh; do + bash -x "$f" done -cp -r modules/chroot/ /mnt/ - -for i in modules/10-chroot/*.sh; do - arch-chroot /mnt bash -x "${i/modules/}" +for f in modules/10-chroot/*.sh; do + arch-chroot /mnt bash -x < "$f" done -for i in modules/10-chroot/user/*.sh; do - arch-chroot /mnt su - "$username" -c "bash -x '${i/modules/}'" +for f in modules/10-chroot/user/*.sh; do + arch-chroot /mnt su - "$username" -c "bash -x" < "$f" done for i in modules/20-postchroot/*.sh; do bash -x "$i" done - -rm -rf /mnt/chroot/ diff --git a/modules/desktop.sh b/modules/desktop.sh index 4e69e3c..3305967 100644 --- a/modules/desktop.sh +++ b/modules/desktop.sh @@ -1,5 +1,4 @@ #!/bin/bash -#shellcheck disable=SC2154 #newsraft printf '%s\n' \ @@ -15,20 +14,18 @@ printf '%s\n' \ mpv \ noto-fonts{,-cjk,-emoji} otf-font-awesome \ pass-otp gcr \ - pipewire{-pulse,-jack} playerctl \ - polkit-gnome \ + pipewire-jack playerctl rtkit \ qemu-{base,audio-pipewire,hw-usb-host,hw-display-virtio-{gpu,vga},ui-gtk} dnsmasq usbutils \ udisks2 \ xdg-utils xdg-user-dirs \ yt-dlp \ zathura-pdf-poppler \ - zenity \ >> pkglist.txt case "$(lspci | grep 'VGA\|3D')" in - *AMD*) echo vulkan-radeon mesa >> pkglist.txt ;; - *Intel*) echo vulkan-intel intel-media-driver >> pkglist.txt ;; - *NVIDIA*) echo vulkan-nouveau mesa >> pkglist.txt ;; + *AMD*) printf '%s\n' vulkan-radeon mesa >> pkglist.txt ;; + *Intel*) printf '%s\n' vulkan-intel intel-media-driver >> pkglist.txt ;; + *NVIDIA*) printf '%s\n' vulkan-nouveau mesa >> pkglist.txt ;; *) ;; esac diff --git a/modules/dwm.sh b/modules/dwm.sh index 2bbaf07..2cb2645 100644 --- a/modules/dwm.sh +++ b/modules/dwm.sh @@ -1,5 +1,4 @@ #!/bin/bash -#shellcheck disable=SC2154 printf '%s\n' \ i3lock xss-lock \ @@ -8,17 +7,13 @@ printf '%s\n' \ >> pkglist.txt case "$(lsmod)" in - *amdgpu*) echo xf86-video-amdgpu >> pkglist.txt ;; - *i915*) - # https://wiki.archlinux.org/title/Intel_graphics#Installation - #echo xf86-video-intel >> pkglist.txt - ;; - *nouveau*) - # https://bugs.freedesktop.org/show_bug.cgi?id=94844#c3 - #echo xf86-video-nouveau >> pkglist.txt - ;; - *) - ;; + *amdgpu*) printf '%s\n' xf86-video-amdgpu >> pkglist.txt ;; + + # https://wiki.archlinux.org/title/Intel_graphics#Installation + #*i915*) printf '%s\n' xf86-video-intel >> pkglist.txt ;; + + # https://bugs.freedesktop.org/show_bug.cgi?id=94844#c3 + #*nouveau*) printf '%s\n' xf86-video-nouveau >> pkglist.txt ;; esac find ./modules/ -name '*.sh.dwm' -exec rename '.dwm' '' '{}' + diff --git a/rootfs/etc/doas.conf b/rootfs/etc/doas.conf deleted file mode 100644 index fe2bd3b..0000000 --- a/rootfs/etc/doas.conf +++ /dev/null @@ -1,2 +0,0 @@ -permit root -permit persist :wheel diff --git a/rootfs/etc/iwd/main.conf b/rootfs/etc/iwd/main.conf index a13a69f..48b96bd 100644 --- a/rootfs/etc/iwd/main.conf +++ b/rootfs/etc/iwd/main.conf @@ -1,2 +1,5 @@ [General] AddressRandomization=once + +[Scan] +DisablePeriodicScan=true diff --git a/rootfs/etc/makepkg.conf b/rootfs/etc/makepkg.conf index a5821f8..78fc199 100644 --- a/rootfs/etc/makepkg.conf +++ b/rootfs/etc/makepkg.conf @@ -95,7 +95,7 @@ BUILDENV=(!distcc color !ccache check !sign) #-- lto: Add compile flags for building with link time optimization #-- autodeps: Automatically add depends/provides # -OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto) +OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto) #-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2 INTEGRITY_CHECK=(sha256) @@ -161,5 +161,5 @@ SRCEXT='.src.tar.gz' ######################################################################### # #-- Command used to run pacman as root, instead of trying sudo and su -PACMAN_AUTH=(doas) +PACMAN_AUTH=(run0 --background=) # vim: set ft=sh ts=2 sw=2 et: diff --git a/rootfs/etc/systemd/network/20-wwan.network b/rootfs/etc/systemd/network/20-wwan.network deleted file mode 100644 index 6e1c8dd..0000000 --- a/rootfs/etc/systemd/network/20-wwan.network +++ /dev/null @@ -1,19 +0,0 @@ -[Match] -Name=ww* - -[Link] -RequiredForOnline=routable - -[Network] -DHCP=yes - -# systemd-networkd does not set per-interface-type default route metrics -# https://github.com/systemd/systemd/issues/17698 -# Explicitly set route metric, so that Ethernet is preferred over Wi-Fi and Wi-Fi is preferred over mobile broadband. -# Use values from NetworkManager. From nm_device_get_route_metric_default in -# https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/src/core/devices/nm-device.c -[DHCPv4] -RouteMetric=700 - -[IPv6AcceptRA] -RouteMetric=700 diff --git a/rootfs/etc/systemd/resolved.conf b/rootfs/etc/systemd/resolved.conf index a734d7c..7848dec 100644 --- a/rootfs/etc/systemd/resolved.conf +++ b/rootfs/etc/systemd/resolved.conf @@ -21,8 +21,15 @@ # Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com # Google: 8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google # Quad9: 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net -DNS=9.9.9.9#dns.quad9.net -#FallbackDNS=1.1.1.1#cloudflare-dns.com 9.9.9.9#dns.quad9.net 8.8.8.8#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2620:fe::9#dns.quad9.net 2001:4860:4860::8888#dns.google +# DNS0: 193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu +# +# Using DNS= configures global DNS servers and does not suppress link-specific +# configuration. Parallel requests will be sent to per-link DNS servers +# configured automatically by systemd-networkd.service(8), NetworkManager(8), or +# similar management services, or configured manually via resolvectl(1). See +# resolved.conf(5) and systemd-resolved(8) for more details. +DNS=1.1.1.1#cloudflare-dns.com +#FallbackDNS=9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 1.1.1.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 8.8.8.8#dns.google 2001:4860:4860::8888#dns.google Domains=~. #DNSSEC=no DNSOverTLS=yes @@ -35,3 +42,4 @@ DNSOverTLS=yes #ReadEtcHosts=yes #ResolveUnicastSingleLabel=no #StaleRetentionSec=0 +#RefuseRecordTypes=