ange/archinstall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: UKI

Browse Source
This commit is contained in:
ange 2024-10-02 12:40:34 +07:00
parent bfbd034ce3
commit dd265819a0
Signed by: ange
GPG Key ID: 9E0C4157BB7BEB1D
26 changed files with 55 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
config
View File

@ -1,5 +1,4 @@
# User Variables # User Variables
# Comment to disable
# shellcheck disable=SC2034 # shellcheck disable=SC2034
install_type=dwm # base|desktop|dwm install_type=dwm # base|desktop|dwm
@ -7,25 +6,24 @@ install_type=dwm # base|desktop|dwm
disk=/dev/nvme0n1 disk=/dev/nvme0n1
disk_passwd=cryptroot disk_passwd=cryptroot
swapfile=1024 # MiB swapfile=1024 # MiB, Comment to disable
username=ange username=ange
userpasswd=ange userpasswd=ange
rootpasswd=root rootpasswd=root # Comment to disable
shell=bash shell=bash
hostname="$username-pc" hostname="$username-pc"
tz=Europe/Paris tz=Europe/Paris
locales=en_US # 'en_US,fr_FR' locales=en_US # en_US,fr_FR
lang=en_US lang=en_US
pkg=( pkg=(
base-devel man-{db,pages} tldr base-devel man-{db,pages} tldr
bash-completion fzf bash-completion fzf
dosfstools exfatprogs dosfstools exfatprogs
efibootmgr
fastfetch fastfetch
git git
iwd iptables-nft wireguard-tools bind gnu-netcat iwd iptables-nft wireguard-tools bind gnu-netcat

3
install.sh
View File

@ -1,5 +1,8 @@
#!/bin/bash #!/bin/bash
echo 'If you want Secure Boot support, you need to put your system in Setup Mode'
read -r
exec &> >(tee logs.out) exec &> >(tee logs.out)
set -a set -a

17
modules/prechroot/10-disk.sh → modules/00-prechroot/10-disk.sh
View File

@ -2,11 +2,11 @@
#shellcheck disable=SC2154 #shellcheck disable=SC2154
sgdisk -Z \ sgdisk -Z \
-n '0:0:+512M' -t '0:ef00' -c '0:boot' \ -n '0:0:+512M' -t '0:ef00' -c '0:esp' \
-n '0:0:0' -t '0:8300' -c '0:root' \ -n '0:0:0' -t '0:8300' -c '0:root' \
"$disk" "$disk"
boot=/dev/disk/by-partlabel/boot esp=/dev/disk/by-partlabel/esp
root=/dev/disk/by-partlabel/root root=/dev/disk/by-partlabel/root
[ -n "$disk_passwd" ] && { [ -n "$disk_passwd" ] && {
@ -15,21 +15,26 @@ root=/dev/disk/by-partlabel/root
root=/dev/mapper/cryptroot root=/dev/mapper/cryptroot
} }
sleep 2 # wait for /dev/disk/by-partlabel/ to be populated sleep 5 # wait /dev/disk/by-partlabel/
mkfs.fat -F32 "$boot" mkfs.vfat -F32 "$esp"
mkfs.ext4 -F "$root" mkfs.ext4 -F "$root"
mount "$root" /mnt/ mount "$root" /mnt/
mount -m -o fmask=0077,dmask=0077 /dev/disk/by-partlabel/boot /mnt/boot/
cat <<EOF > /mnt/etc/fstab
UUID=$(blkid "$root" -ovalue -sUUID) / ext4 rw,relatime 0 1
UUID=$(blkid "$esp" -ovalue -sUUID) /efi vfat rw,fmask=0077,dmask=0077,noauto 0 2
EOF
[ -n "$swapfile" ] && { [ -n "$swapfile" ] && {
dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress dd if=/dev/zero of=/mnt/swapfile bs=1M count="$swapfile" status=progress
chmod 600 /mnt/swapfile chmod 600 /mnt/swapfile
mkswap /mnt/swapfile mkswap /mnt/swapfile
swapon /mnt/swapfile swapon /mnt/swapfile
echo "/swapfile none swap defaults 0 0" >> /mnt/etc/fstab
} }
cp -rfTv rootfs/ /mnt/ cp -rfTv rootfs/ /mnt/
genfstab -U /mnt/ >> /mnt/etc/fstab
swapoff /mnt/swapfile swapoff /mnt/swapfile

2
modules/prechroot/20-pkg.sh → modules/00-prechroot/20-pkg.sh
View File

@ -13,6 +13,6 @@ esac
[ -d /sys/class/power_supply/BAT0 ] && echo tlp >> pkglist.txt [ -d /sys/class/power_supply/BAT0 ] && echo tlp >> pkglist.txt
pacstrap -C rootfs/etc/pacman.conf -K /mnt \ pacstrap -C rootfs/etc/pacman.conf -K /mnt \
base linux{,-lts,-firmware} "$shell" - < pkglist.txt base linux{,-lts,-firmware} "$shell" efibootmgr sbctl - < pkglist.txt
find /mnt/etc/ -name '*.pacnew' -delete find /mnt/etc/ -name '*.pacnew' -delete

0
modules/chroot/00-bootstrap.sh → modules/10-chroot/00-bootstrap.sh
View File

22
modules/10-chroot/10-bootloader.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
#shellcheck disable=SC2154
root="$(findmnt -n -osource /)"
boot="$(lsblk -ls -oname /dev/disk/by-partlabel/boot | tail -n1)"
cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')"
[ -n "$cryptdev" ] && {
uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')"
options="cryptdevice=$uuid:${root##*/} "
}
options="${options}root=$root rw"
sbctl create-keys
sbctl enroll-keys
for l in arch{,-lts-fallback}; do
efibootmgr --create --unicode --label "$l" \
--disk "$boot" --part 1 --loader "\EFI\Linux\arch-linux$l.efi"
done
echo "$options" > /etc/cmdline.d/root.conf

2
modules/chroot/20-users.sh → modules/10-chroot/20-users.sh
View File

@ -4,5 +4,5 @@
shell="$(sed -n "/$shell/{p;q}" /etc/shells)" shell="$(sed -n "/$shell/{p;q}" /etc/shells)"
useradd -mG wheel,video "$username" -s "${shell:-/bin/bash}" useradd -mG wheel,video "$username" -s "${shell:-/bin/bash}"
echo "root:$rootpasswd" | chpasswd [ -n "$rootpasswd" ] && echo "root:$rootpasswd" | chpasswd
echo "$username:$userpasswd" | chpasswd echo "$username:$userpasswd" | chpasswd

0
modules/chroot/30-services.sh → modules/10-chroot/30-services.sh
View File

0
modules/chroot/40-flatpak.sh → modules/10-chroot/40-flatpak.sh
View File

1
modules/chroot/50-dwm.sh.dwm → modules/10-chroot/50-dwm.sh
View File

@ -1,4 +1,5 @@
#!/bin/bash #!/bin/bash
#shellcheck disable=SC2154
git clone --depth 1 https://git.maby.dev/ange/.dotfiles.git /tmp/dotfiles git clone --depth 1 https://git.maby.dev/ange/.dotfiles.git /tmp/dotfiles
/tmp/dotfiles/.config/suckless/update.sh /tmp/dotfiles/.config/suckless/update.sh

0
modules/chroot/user/10-services.sh → modules/10-chroot/user/10-services.sh
View File

0
modules/chroot/user/20-dotfiles.sh → modules/10-chroot/user/20-dotfiles.sh
View File

0
modules/postchroot/99-done.sh → modules/20-postchroot/99-done.sh
View File

8
modules/base.sh
View File

@ -1,21 +1,21 @@
#!/bin/bash #!/bin/bash
#shellcheck disable=SC2154 #shellcheck disable=SC2154
for i in modules/prechroot/*.sh; do for i in modules/00-prechroot/*.sh; do
bash -x "$i" bash -x "$i"
done done
cp -r modules/chroot/ /mnt/ cp -r modules/chroot/ /mnt/
for i in modules/chroot/*.sh; do for i in modules/10-chroot/*.sh; do
arch-chroot /mnt bash -x "${i/modules/}" arch-chroot /mnt bash -x "${i/modules/}"
done done
for i in modules/chroot/user/*.sh; do for i in modules/10-chroot/user/*.sh; do
arch-chroot /mnt su - "$username" -c "bash -x '${i/modules/}'" arch-chroot /mnt su - "$username" -c "bash -x '${i/modules/}'"
done done
for i in modules/postchroot/*.sh; do for i in modules/20-postchroot/*.sh; do
bash -x "$i" bash -x "$i"
done done

20
modules/chroot/10-bootloader.sh
View File

@ -1,20 +0,0 @@
#!/bin/bash
#shellcheck disable=SC2154
bootctl install
root="$(findmnt -nr -o source /)"
cryptdev="$(cryptsetup status "$root" | awk '/device/ {print $2}')"
[ -n "$cryptdev" ] && {
uuid="$(blkid | grep "$cryptdev" | awk '{print $2}')"
options="cryptdevice=$uuid:$(basename "$root") "
}
options="${options}root=$root"
for f in /boot/loader/entries/*.conf; do
cat << EOF >> "$f"
options $options rw
EOF
done

1
modules/desktop.sh
View File

@ -6,7 +6,6 @@ printf '%s\n' \
aerc w3m \ aerc w3m \
alacritty \ alacritty \
bluez{,-utils} \ bluez{,-utils} \
dunst libnotify \
feh \ feh \
gammastep \ gammastep \
graphicsmagick ghostscript \ graphicsmagick ghostscript \

3
rootfs/boot/loader/entries/arch-lts.conf
View File

@ -1,3 +0,0 @@
title Arch Linux LTS
linux /vmlinuz-linux-lts
initrd /initramfs-linux-lts.img

3
rootfs/boot/loader/entries/arch.conf
View File

@ -1,3 +0,0 @@
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img

1
rootfs/boot/loader/loader.conf
View File

@ -1 +0,0 @@
default arch

0
rootfs/etc/cmdline.d/root.conf Normal file
View File

3
rootfs/etc/mkinitcpio.d/linux-lts.preset Normal file
View File

@ -0,0 +1,3 @@
ALL_kver='/boot/vmlinuz-linux-lts'
PRESETS=('fallback')
fallback_uki='/efi/EFI/Linux/arch-linux-lts-fallback.efi'

3
rootfs/etc/mkinitcpio.d/linux.preset Normal file
View File

@ -0,0 +1,3 @@
ALL_kver="/boot/vmlinuz-linux"
PRESETS=('default')
default_uki="/efi/EFI/Linux/arch-linux.efi"

1
rootfs/etc/modprobe.d/nobeep.conf
View File

@ -1,2 +1 @@
blacklist pcspkr blacklist pcspkr
blacklist snd_pcsp

2
rootfs/etc/nftables.conf
View File

@ -7,7 +7,7 @@ table inet filter {
chain input { chain input {
type filter hook input priority filter; policy drop; type filter hook input priority filter; policy drop;
#tcp dport 32768-40960 counter meta nftrace set 1 accept comment "WoW VoiceError:17" #tcp dport 32768-65535 counter meta nftrace set 1 accept comment "WoW VoiceError:17"
ct state invalid counter drop ct state invalid counter drop
ct state {established,related} counter accept ct state {established,related} counter accept

2
rootfs/etc/pacman.conf
View File

@ -35,6 +35,8 @@ Color
CheckSpace CheckSpace
VerbosePkgLists VerbosePkgLists
ParallelDownloads = 8 ParallelDownloads = 8
DownloadUser = alpm
#DisableSandbox
ILoveCandy ILoveCandy
# By default, pacman accepts packages signed by keys that its local keyring # By default, pacman accepts packages signed by keys that its local keyring

9
rootfs/etc/pacman.d/hooks/10-systemd-boot.hook
View File

@ -1,9 +0,0 @@
[Trigger]
Type = Package
Operation = Upgrade
Target = systemd
[Action]
Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service