From b764b8a80dc93287160e91132908ce55a119116e Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Fri, 5 Apr 2024 11:40:42 +0200 Subject: [PATCH 1/8] Update shellcheck.yml Update actions checkout to v4. --- .github/workflows/shellcheck.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index ca21b8a..49971fc 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -17,6 +17,6 @@ jobs: name: Bash syntax checker runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Run ShellCheck uses: ludeeus/action-shellcheck@master From fee315f85122e8ee893eb15dd4bd07c6a25dca20 Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 6 Jun 2024 00:30:32 -0700 Subject: [PATCH 2/8] Use grub-btrfsd.service --- easy-arch.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easy-arch.sh b/easy-arch.sh index a752bdb..e84e4db 100755 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -475,7 +475,7 @@ sed -Ei 's/^#(Color)$/\1\nILoveCandy/;s/^#(ParallelDownloads).*/\1 = 10/' /mnt/e # Enabling various services. info_print "Enabling Reflector, automatic snapshots, BTRFS scrubbing and systemd-oomd." -services=(reflector.timer snapper-timeline.timer snapper-cleanup.timer btrfs-scrub@-.timer btrfs-scrub@home.timer btrfs-scrub@var-log.timer btrfs-scrub@\\x2esnapshots.timer grub-btrfs.path systemd-oomd) +services=(reflector.timer snapper-timeline.timer snapper-cleanup.timer btrfs-scrub@-.timer btrfs-scrub@home.timer btrfs-scrub@var-log.timer btrfs-scrub@\\x2esnapshots.timer grub-btrfsd.service systemd-oomd) for service in "${services[@]}"; do systemctl enable "$service" --root=/mnt &>/dev/null done From 68ae9f69b7b8d94b359b4c1fb33cc08d8025862c Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 6 Jun 2024 12:57:02 -0700 Subject: [PATCH 3/8] Add sbctl --- easy-arch.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easy-arch.sh b/easy-arch.sh index e84e4db..675950e 100755 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -359,7 +359,7 @@ microcode_detector # Pacstrap (setting up a base sytem onto the new root). info_print "Installing the base system (it may take a while)." -pacstrap -K /mnt base "$kernel" "$microcode" linux-firmware "$kernel"-headers btrfs-progs grub grub-btrfs rsync efibootmgr snapper reflector snap-pac zram-generator sudo &>/dev/null +pacstrap -K /mnt base "$kernel" "$microcode" linux-firmware "$kernel"-headers sbctl btrfs-progs grub grub-btrfs rsync efibootmgr snapper reflector snap-pac zram-generator sudo &>/dev/null # Setting up the hostname. echo "$hostname" > /mnt/etc/hostname From d246fd5f0f09f43af32f2034cec37e43c76e520c Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 6 Jun 2024 13:01:03 -0700 Subject: [PATCH 4/8] Generate secureboot keys in arch-chroot --- easy-arch.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/easy-arch.sh b/easy-arch.sh index 675950e..f000e38 100755 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -411,6 +411,10 @@ arch-chroot /mnt /bin/bash -e </dev/null + # Create SecureBoot keys. + # This isn't strictly necessary, linux-hardened preset expects it and mkinitcpio will fail without it. + sbctl create-keys + # Generating a new initramfs. mkinitcpio -P &>/dev/null From f1138ebf86bd48f88b33ffd26d15c10f502eac29 Mon Sep 17 00:00:00 2001 From: Tommy Date: Thu, 6 Jun 2024 13:07:32 -0700 Subject: [PATCH 5/8] Update easy-arch.sh --- easy-arch.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/easy-arch.sh b/easy-arch.sh index f000e38..fc0cdde 100755 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -412,7 +412,7 @@ arch-chroot /mnt /bin/bash -e </dev/null # Create SecureBoot keys. - # This isn't strictly necessary, linux-hardened preset expects it and mkinitcpio will fail without it. + # This isn't strictly necessary, linux-hardened preset expects it and mkinitcpio will fail without it sbctl create-keys # Generating a new initramfs. From afe88b5e2c0be79fcd4d75028c502ba36141b817 Mon Sep 17 00:00:00 2001 From: Tommy Date: Sat, 15 Jun 2024 15:05:26 -0700 Subject: [PATCH 6/8] Update GitHub actions daily --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1230149 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" From e3ad27d40a032155f30c9b6caf27a7f38dc9517b Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 17 Jul 2024 11:38:26 +0200 Subject: [PATCH 7/8] Changed EFI partition size Changed EFI partition size from 512MB to 1GB --- easy-arch.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/easy-arch.sh b/easy-arch.sh index fc0cdde..feb21cc 100755 --- a/easy-arch.sh +++ b/easy-arch.sh @@ -306,9 +306,9 @@ sgdisk -Zo "$DISK" &>/dev/null info_print "Creating the partitions on $DISK." parted -s "$DISK" \ mklabel gpt \ - mkpart ESP fat32 1MiB 513MiB \ + mkpart ESP fat32 1MiB 1025MiB \ set 1 esp on \ - mkpart CRYPTROOT 513MiB 100% \ + mkpart CRYPTROOT 1025MiB 100% \ ESP="/dev/disk/by-partlabel/ESP" CRYPTROOT="/dev/disk/by-partlabel/CRYPTROOT" From e515b26c07e03675d907167aec80f231d24f8132 Mon Sep 17 00:00:00 2001 From: Tommaso Chiti Date: Wed, 17 Jul 2024 11:40:18 +0200 Subject: [PATCH 8/8] Update README.md Updated readme to reflect new partition scheme. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8bdc8eb..8d8e164 100644 --- a/README.md +++ b/README.md @@ -27,12 +27,12 @@ bash easy-arch.sh ## Partitions layout The **partitions layout** is simple and it consists solely of two partitions: -1. A **FAT32** partition (512MiB), mounted at `/boot/` as ESP. +1. A **FAT32** partition (1GiB), mounted at `/boot/` as ESP. 2. A **LUKS2 encrypted container**, which takes the rest of the disk space, mounted at `/` as root. | Partition Number | Label | Size | Mountpoint | Filesystem | |------------------|-----------|-------------------|----------------|-------------------------| -| 1 | ESP | 512 MiB | /boot/ | FAT32 | +| 1 | ESP | 1 GiB | /boot/ | FAT32 | | 2 | Cryptroot | Rest of the disk | / | BTRFS Encrypted (LUKS2) | ## BTRFS subvolumes layout