feat: UKI

modules/00-prechroot/10-disk.sh

@@ -2,11 +2,11 @@
 #shellcheck disable=SC2154
 
 sgdisk -Z \
-    -n '0:0:+512M' -t '0:ef00' -c '0:boot' \
+    -n '0:0:+512M' -t '0:ef00' -c '0:esp' \
     -n '0:0:0'     -t '0:8300' -c '0:root' \
     "$disk"
 
-boot=/dev/disk/by-partlabel/boot
+esp=/dev/disk/by-partlabel/esp
 root=/dev/disk/by-partlabel/root
 
 [ -n "$disk_passwd" ] && {
@@ -15,21 +15,26 @@ root=/dev/disk/by-partlabel/root
     root=/dev/mapper/cryptroot
 }
 
-sleep 2 # wait for /dev/disk/by-partlabel/ to be populated
+sleep 5 # wait /dev/disk/by-partlabel/
 
-mkfs.fat -F32 "$boot"
+mkfs.vfat -F32 "$esp"
 mkfs.ext4 -F "$root"
 mount "$root" /mnt/
-mount -m -o fmask=0077,dmask=0077 /dev/disk/by-partlabel/boot /mnt/boot/
+
+cat <<EOF > /mnt/etc/fstab
+UUID=$(blkid "$root" -ovalue -sUUID)	/	ext4	rw,relatime	0 1
+UUID=$(blkid "$esp" -ovalue -sUUID)	/efi	vfat	rw,fmask=0077,dmask=0077,noauto	0 2
+
+EOF
 
 [ -n "$swapfile" ] && {
     dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress
     chmod 600 /mnt/swapfile
     mkswap /mnt/swapfile
     swapon /mnt/swapfile
+    echo "/swapfile	none	swap	defaults	0 0" >> /mnt/etc/fstab
 }
 
 cp -rfTv rootfs/ /mnt/
 
-genfstab -U /mnt/ >> /mnt/etc/fstab
 swapoff /mnt/swapfile

modules/00-prechroot/20-pkg.sh

@@ -13,6 +13,6 @@ esac
 [ -d /sys/class/power_supply/BAT0 ] && echo tlp >> pkglist.txt
 
 pacstrap -C rootfs/etc/pacman.conf -K /mnt \
-    base linux{,-lts,-firmware} "$shell" - < pkglist.txt
+    base linux{,-lts,-firmware} "$shell" efibootmgr sbctl - < pkglist.txt
 
 find /mnt/etc/ -name '*.pacnew' -delete

modules/10-chroot/10-bootloader.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+#shellcheck disable=SC2154
+
+root="$(findmnt -n -osource /)"
+boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)"
+
+cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')"
+[ -n "$cryptdev" ] && {
+    uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')"
+    options="cryptdevice=$uuid:${root##*/} "
+}
+
+options="${options}root=$root rw"
+
+sbctl create-keys
+sbctl enroll-keys
+
+for l in arch{,-lts-fallback}; do
+    efibootmgr --create --unicode --label "$l" \
+        --disk "$boot" --part 1 --loader "\EFI\Linux\arch-linux$l.efi"
+done
+echo "$options" > /etc/cmdline.d/root.conf

modules/10-chroot/20-users.sh

@@ -4,5 +4,5 @@
 shell="$(sed -n "/$shell/{p;q}" /etc/shells)"
 useradd -mG wheel,video "$username" -s "${shell:-/bin/bash}"
 
-echo "root:$rootpasswd"      | chpasswd
+[ -n "$rootpasswd" ] && echo "root:$rootpasswd" | chpasswd
 echo "$username:$userpasswd" | chpasswd

modules/10-chroot/50-dwm.sh

@@ -1,4 +1,5 @@
 #!/bin/bash
+#shellcheck disable=SC2154
 
 git clone --depth 1 https://git.maby.dev/ange/.dotfiles.git /tmp/dotfiles
 /tmp/dotfiles/.config/suckless/update.sh

modules/base.sh

@@ -1,21 +1,21 @@
 #!/bin/bash
 #shellcheck disable=SC2154
 
-for i in modules/prechroot/*.sh; do
+for i in modules/00-prechroot/*.sh; do
     bash -x "$i"
 done
 
 cp -r modules/chroot/ /mnt/
 
-for i in modules/chroot/*.sh; do
+for i in modules/10-chroot/*.sh; do
     arch-chroot /mnt bash -x "${i/modules/}"
 done
 
-for i in modules/chroot/user/*.sh; do
+for i in modules/10-chroot/user/*.sh; do
     arch-chroot /mnt su - "$username" -c "bash -x '${i/modules/}'"
 done
 
-for i in modules/postchroot/*.sh; do
+for i in modules/20-postchroot/*.sh; do
     bash -x "$i"
 done
 

modules/chroot/10-bootloader.sh

@@ -1,20 +0,0 @@
-#!/bin/bash
-#shellcheck disable=SC2154
-
-bootctl install
-
-root="$(findmnt -nr -o source /)"
-
-cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')"
-[ -n "$cryptdev" ] && {
-    uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')"
-    options="cryptdevice=$uuid:$(basename "$root") "
-}
-
-options="${options}root=$root"
-
-for f in /boot/loader/entries/*.conf; do
-    cat << EOF >> "$f"
-options $options rw
-EOF
-done

modules/desktop.sh

@@ -6,7 +6,6 @@ printf '%s\n' \
     aerc w3m \
     alacritty \
     bluez{,-utils} \
-    dunst libnotify \
     feh \
     gammastep \
     graphicsmagick ghostscript \