kneesox/easy-arch
1
0
Fork 0
mirror of https://github.com/classy-giraffe/easy-arch.git synced 2025-11-17 19:40:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update easy-arch.sh

Browse source
This commit is contained in:
Tommaso Chiti 2021-05-08 08:33:51 +02:00 committed by GitHub
parent b16e67bd6e
commit 4eaa2ae55c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

22
easy-arch.sh
View file

@ -60,9 +60,9 @@ fi
echo "Creating new partition scheme on $DISK." echo "Creating new partition scheme on $DISK."
parted -s "$DISK" \ parted -s "$DISK" \
mklabel gpt \ mklabel gpt \
mkpart ESP fat32 1MiB 101MiB \ mkpart ESP fat32 1MiB 513MiB \
set 1 esp on \ set 1 esp on \
mkpart Cryptroot 101MiB 100% \ mkpart Cryptroot 513MiB 100% \
ESP="/dev/disk/by-partlabel/ESP" ESP="/dev/disk/by-partlabel/ESP"
Cryptroot="/dev/disk/by-partlabel/Cryptroot" Cryptroot="/dev/disk/by-partlabel/Cryptroot"
@ -77,7 +77,7 @@ mkfs.fat -F 32 $ESP &>/dev/null
# Creating a LUKS Container for the root partition. # Creating a LUKS Container for the root partition.
echo "Creating LUKS Container for the root partition" echo "Creating LUKS Container for the root partition"
cryptsetup --type luks1 luksFormat $Cryptroot cryptsetup luksFormat $Cryptroot
echo "Opening the newly created LUKS Container." echo "Opening the newly created LUKS Container."
cryptsetup open $Cryptroot cryptroot cryptsetup open $Cryptroot cryptroot
BTRFS="/dev/mapper/cryptroot" BTRFS="/dev/mapper/cryptroot"
@ -90,7 +90,6 @@ mount $BTRFS /mnt
# Creating BTRFS subvolumes. # Creating BTRFS subvolumes.
echo "Creating BTRFS subvolumes." echo "Creating BTRFS subvolumes."
btrfs su cr /mnt/@ &>/dev/null btrfs su cr /mnt/@ &>/dev/null
btrfs su cr /mnt/@boot &>/dev/null
btrfs su cr /mnt/@home &>/dev/null btrfs su cr /mnt/@home &>/dev/null
btrfs su cr /mnt/@snapshots &>/dev/null btrfs su cr /mnt/@snapshots &>/dev/null
btrfs su cr /mnt/@var_log &>/dev/null btrfs su cr /mnt/@var_log &>/dev/null
@ -100,13 +99,11 @@ umount /mnt
echo "Mounting the newly created subvolumes." echo "Mounting the newly created subvolumes."
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@ $BTRFS /mnt mount -o ssd,noatime,space_cache,compress=zstd,subvol=@ $BTRFS /mnt
mkdir -p /mnt/{home,.snapshots,/var/log,boot} mkdir -p /mnt/{home,.snapshots,/var/log,boot}
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@boot $BTRFS /mnt/boot
mount -o ssd,noatime,space_cache.compress=zstd,subvol=@home $BTRFS /mnt/home mount -o ssd,noatime,space_cache.compress=zstd,subvol=@home $BTRFS /mnt/home
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@snapshots $BTRFS /mnt/.snapshots mount -o ssd,noatime,space_cache,compress=zstd,subvol=@snapshots $BTRFS /mnt/.snapshots
mount -o ssd,noatime,space_cache,compress=zstd,subvol=@var_log $BTRFS /mnt/var/log mount -o ssd,noatime,space_cache,compress=zstd,subvol=@var_log $BTRFS /mnt/var/log
chattr +C /mnt/var/log chattr +C /mnt/var/log
mkdir /mnt/boot/efi mount $ESP /mnt/boot/
mount $ESP /mnt/boot/efi
kernel_selector kernel_selector
@ -145,13 +142,7 @@ sed -i -e 's,modconf block filesystems keyboard,keyboard keymap modconf block en
# Setting up LUKS Keyfile, BTRFS Booting and encryption in GRUB and initramfs. # Setting up LUKS Keyfile, BTRFS Booting and encryption in GRUB and initramfs.
UUID=$(blkid $Cryptroot | cut -f2 -d'"') UUID=$(blkid $Cryptroot | cut -f2 -d'"')
sed -i -e "s/#\(GRUB_ENABLE_CRYPTODISK=y\)/\1/" /mnt/etc/default/grub sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS,g" /mnt/etc/default/grub
echo -e "\n# Booting with BTRFS subvolume\nGRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true" >> /mnt/etc/default/grub
dd bs=512 count=4 if=/dev/random of=/mnt/root/cryptroot.keyfile iflag=fullblock &>/dev/null
chmod 000 /mnt/root/cryptroot.keyfile &>/dev/null
cryptsetup -v luksAddKey /dev/disk/by-partlabel/Cryptroot /mnt/root/cryptroot.keyfile
sed -i "s,quiet,quiet cryptdevice=UUID=$UUID:cryptroot root=$BTRFS cryptkey=rootfs:/root/cryptroot.keyfile,g" /mnt/etc/default/grub
sed -i "s,FILES=(),FILES=(/root/cryptroot.keyfile)," /mnt/etc/mkinitcpio.conf
# Security kernel settings. # Security kernel settings.
echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf echo "kernel.kptr_restrict = 2" > /mnt/etc/sysctl.d/51-kptr-restrict.conf
@ -178,7 +169,6 @@ arch-chroot /mnt /bin/bash -e <<EOF
# Generating a new initramfs. # Generating a new initramfs.
echo "Creating a new initramfs." echo "Creating a new initramfs."
chmod 600 /boot/initramfs-linux* &>/dev/null
mkinitcpio -P &>/dev/null mkinitcpio -P &>/dev/null
# Snapper configuration # Snapper configuration
@ -192,7 +182,7 @@ arch-chroot /mnt /bin/bash -e <<EOF
# Installing GRUB. # Installing GRUB.
echo "Installing GRUB on /boot." echo "Installing GRUB on /boot."
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB &>/dev/null grub-install --target=x86_64-efi --efi-directory=/boot/ --bootloader-id=GRUB &>/dev/null
# Creating grub config file. # Creating grub config file.
echo "Creating GRUB config file." echo "Creating GRUB config file."