-
Notifications
You must be signed in to change notification settings - Fork 0
/
2_after_pacstrap.sh
executable file
·488 lines (375 loc) · 16.3 KB
/
2_after_pacstrap.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
#!/bin/bash
# READ FILES
SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
CONFIG_FILE=$SCRIPT_DIR/setup.conf
# Source Helper
source "$SCRIPT_DIR/helper.sh"
# Set location and Synchronize hardware clock
echo ""
echo "---------------------------------------------------------------------------------------"
echo "--------------Setting Location and Synchronizing hardware clock...---------------------"
echo "---------------------------------------------------------------------------------------"
echo ""
_distroType=$(sed '$!d' "$CONFIG_FILE")
if [[ "$_distroType" = "arch" ]]; then
TIMEZONE=$(sed -n '2p' <"$CONFIG_FILE")
ln -sf /usr/share/zoneinfo/"$TIMEZONE" /etc/localtime
hwclock --systohc
else
TIMEZONE=$(sed -n '2p' <"$CONFIG_FILE")
ln -sf /usr/share/zoneinfo/"$TIMEZONE" /etc/localtime
install "openntpd-openrc" "pac"
rc-update add ntpd
hwclock --systohc
fi
echo "Done setting location and synchronizing hardware clock!"
# Set Keymap
echo ""
echo "---------------------------------------------------------------------------------------"
echo "--------------Setting Keyboard layout...-----------------------------------------------"
echo "---------------------------------------------------------------------------------------"
echo ""
KEYMAP=$(sed -n '3p' <"$CONFIG_FILE")
echo "KEYMAP=$KEYMAP" >>/etc/vconsole.conf
echo "Keyboard layout set!"
# Optimize makepkg flags
echo ""
echo "--------------------------------------------------------------"
echo "--------------Optimizing makepkg flags...---------------------"
echo "--------------------------------------------------------------"
echo ""
nc=$(grep -c ^processor /proc/cpuinfo)
echo "You have " $nc" cores."
echo "-------------------------------------------------"
echo "Changing the makeflags for "$nc" cores."
TOTALMEM=$(cat /proc/meminfo | grep -i 'memtotal' | grep -o '[[:digit:]]*')
if [[ $TOTALMEM -gt 8000000 ]]; then
sed -i "s/#MAKEFLAGS=\"-j2\"/MAKEFLAGS=\"-j$nc\"/g" /etc/makepkg.conf
echo "Changing the compression settings for "$nc" cores."
sed -i "s/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g" /etc/makepkg.conf
fi
# Set Locale
echo ""
echo "-----------------------------------------------------"
echo "--------------Setting Locales...---------------------"
echo "-----------------------------------------------------"
echo ""
sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" >>/etc/locale.conf
# Add features to pacman.conf
echo ""
echo "----------------------------------------------------------------"
echo "--------------Enabling ParallelDownloads...---------------------"
echo "----------------------------------------------------------------"
echo ""
if [[ "$_distroType" = "artix" ]]; then
sudo sed -i 's/#Color/Color\nILoveCandy/' /etc/pacman.conf
sudo sed -i 's/#ParallelDownloads = 5/ParallelDownloads = 16/' /etc/pacman.conf
sudo pacman -Syyy
sudo pacman -S --noconfirm artix-archlinux-support
sudo tee -a /etc/pacman.conf <<EOF
[extra]
Include = /etc/pacman.d/mirrorlist-arch
[community]
Include = /etc/pacman.d/mirrorlist-arch
EOF
sudo pacman-key --populate archlinux
sudo pacman -Syy
else
sudo sed -i 's/#Color/Color\nILoveCandy/' /etc/pacman.conf
sudo sed -i 's/#ParallelDownloads = 5/ParallelDownloads = 16/' /etc/pacman.conf
sudo pacman -Syyy
fi
# Set Hostname
echo ""
echo "------------------------------------------------------"
echo "--------------Setting hostname...---------------------"
echo "------------------------------------------------------"
echo ""
hostname=$(sed -n '10p' <"$CONFIG_FILE")
echo "$hostname" >>/etc/hostname
echo "127.0.0.1 localhost" >>/etc/hosts
echo "::1 localhost" >>/etc/hosts
echo "127.0.1.1 $hostname.localdomain $hostname" >>/etc/hosts
echo "Done setting hostname!"
# Add User
echo ""
echo "----------------------------------------------"
echo "--------------Adding user...------------------"
echo "----------------------------------------------"
echo ""
uname=$(sed -n '6p' <"$CONFIG_FILE")
fname=$(sed -n '7p' <"$CONFIG_FILE")
useradd -mG wheel $uname
usermod -c "$fname" $uname
echo "$uname ALL=(ALL) ALL" >>/etc/sudoers.d/$uname
echo "Done adding user!"
upass=$(sed -n '8p' <"$CONFIG_FILE")
rpass=$(sed -n '9p' <"$CONFIG_FILE")
echo "$uname:$upass" | chpasswd
echo "root:$rpass" | chpasswd
# Add User to some groups
gpasswd -a "$uname" video
# Install display drivers
echo ""
echo "------------------------------------------------------------------------"
echo "--------------Installing display driver...------------------------------"
echo "------------------------------------------------------------------------"
echo ""
## Install GPU process monitoring software
install "nvtop" "pac"
## Auto detect GPU and install drivers
if lspci | grep -E "NVIDIA|GeForce"; then
echo -e "\e[32mInstalling NVIDIA graphics drivers ...\e[0m"
install "nvidia-dkms nvidia-utils nvidia-settings nvidia-prime" "pac"
elif lspci | grep -E "Radeon"; then
echo -e "\e[31mInstalling AMD Radeon graphics drivers ...\e[0m"
install "xf86-video-amdgpu" "pac"
elif lspci | grep -E "Intel Corporation UHD"; then
echo -e "\e[34mInstalling Intel graphics drivers ...\e[0m"
install "libva-intel-driver libvdpau-va-gl vulkan-intel libva-intel-driver libva-utils" "pac"
elif lspci | grep -E "Intel Corporation HD"; then
echo -e "\e[34mInstalling Intel graphics drivers ...\e[0m"
install "libva-intel-driver libvdpau-va-gl vulkan-intel libva-intel-driver libva-utils" "pac"
elif lspci | grep -E "Integrated Graphics Controller"; then
echo -e "\e[34mInstalling Intel graphics drivers ...\e[0m"
install "libva-intel-driver libvdpau-va-gl vulkan-intel libva-intel-driver libva-utils" "pac"
fi
# Essential Packages
echo ""
echo "---------------------------------------------------------------------"
echo "--------------Installing Essential Packages...-----------------------"
echo "---------------------------------------------------------------------"
echo ""
driveType=$(sed -n '4p' <"$CONFIG_FILE")
install "os-prober grub efibootmgr ntfs-3g" "pac"
install "cracklib pacman-contrib" "pac"
install "networkmanager network-manager-applet wireless_tools wpa_supplicant net-tools dnsutils usbutils gperftools" "pac"
install "dialog mtools dosfstools gptfdisk" "pac"
install "rsync reflector wget" "pac"
install "lsof strace bc" "pac"
install "acpi acpi_call-dkms acpid" "pac"
install "exa bat ripgrep fd bottom sad git-delta tldr duf gping" "pac"
install "tokei hyperfine" "pac"
if [[ "$_distroType" = "artix" ]]; then
install "backlight-openrc" "pac"
fi
# Configuring GRUB and mkinitcpio
echo ""
echo "---------------------------------------------------------------------"
echo "--------------Configuring GRUB and mkinitcpio...---------------------"
echo "---------------------------------------------------------------------"
echo ""
### Add a flag in GRUB config for encrypted disk
encryptStatus=$(sed -n '11p' <"$CONFIG_FILE")
if [[ "$encryptStatus" = "encrypt" ]]; then
install "cryptsetup" "pac"
tee -a /etc/default/grub <<EOF
# Device encryption
GRUB_ENABLE_CRYPTODISK=y
EOF
fi
### Add a flag in GRUB config for enabling logs while booting
rep=$(cat /etc/default/grub | grep "GRUB_CMDLINE_LINUX_DEFAULT" | sed '$ s/.$//' | sed 's/ quiet//' | sed 's/\//\\\//g')
replacewith="${rep}\""
getGrubDefaultArgs=$(cat /etc/default/grub | grep -n "GRUB_CMDLINE_LINUX_DEFAULT")
getLineNumber=$(echo "$getGrubDefaultArgs" | cut -d ":" -f1 | xargs)
sudo sed -i "${getLineNumber}s/.*/${replacewith}/" /etc/default/grub
### Add a flag in GRUB config for setting the resolution of the GRUB menu
rep=$(cat /etc/default/grub | grep "GRUB_GFXMODE=auto" | sed 's/auto/1920x1080/')
getGrubDefaultArgs=$(cat /etc/default/grub | grep -n "GRUB_GFXMODE")
getLineNumber=$(echo "$getGrubDefaultArgs" | cut -d ":" -f1 | xargs)
sudo sed -i "${getLineNumber}s/.*/${rep}/" /etc/default/grub
### Install GRUB and configure Secure Boot
sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --recheck --modules="tpm" --disable-shim-lock
sudo grub-mkconfig -o /boot/grub/grub.cfg
install "sbctl" "pac"
sudo sbctl create-keys
sudo sbctl enroll-keys -m
sudo sbctl sign /boot/vmlinuz-linux-zen
sudo sbctl sign /boot/grub/x86_64-efi/core.efi
sudo sbctl sign /boot/grub/x86_64-efi/grub.efi
sudo sbctl sign /boot/efi/EFI/GRUB/grubx64.efi
### Autosign Kernel and Grub Hook
mkdir /etc/pacman.d/hooks
cat <<EOF >/etc/pacman.d/hooks/999-sign_kernel_for_secureboot.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux
Target = linux-lts
Target = linux-hardened
Target = linux-zen
Target = linux-xanmod
Target = linux-xanmod-cacule
Target = linux-xanmod-git
Target = linux-xanmod-lts
Target = linux-xanmod-rt
Target = linux-xanmod-anbox
[Action]
Description = Signing Kernel and GRUB for Secure Boot
When = PostTransaction
Exec = /usr/bin/sbctl sign /boot/vmlinuz-linux-zen && /usr/bin/sbctl sign /boot/grub/x86_64-efi/core.efi && /usr/bin/sbctl sign /boot/grub/x86_64-efi/grub.efi && /usr/bin/sbctl sign /boot/efi/EFI/GRUB/grubx64.efi
Depends = sbctl
EOF
### Add Modules to load btrfs or gpu hooks
FS=$(sed -n '1p' <"$CONFIG_FILE")
if [[ "$FS" = "btrfs" ]]; then
if lspci | grep -E "NVIDIA|GeForce"; then
sed -i 's/MODULES=()/MODULES=(btrfs nvidia nvidia_modeset nvidia_uvm nvidia_drm)/' /etc/mkinitcpio.conf
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="nvidia-drm.modeset=1"/' /etc/default/grub
elif lspci | grep -E "Radeon"; then
sed -i 's/MODULES=()/MODULES=(btrfs amdgpu)/' /etc/mkinitcpio.conf
else
sed -i 's/MODULES=()/MODULES=(btrfs)/' /etc/mkinitcpio.conf
fi
grub-mkconfig -o /boot/grub/grub.cfg
mkinitcpio -p linux-zen
else
if lspci | grep -E "NVIDIA|GeForce"; then
sed -i 's/MODULES=()/MODULES=(nvidia nvidia_modeset nvidia_uvm nvidia_drm)/' /etc/mkinitcpio.conf
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="nvidia-drm.modeset=1"/' /etc/default/grub
elif lspci | grep -E "Radeon"; then
sed -i 's/MODULES=()/MODULES=(amdgpu)/' /etc/mkinitcpio.conf
fi
grub-mkconfig -o /boot/grub/grub.cfg
mkinitcpio -p linux-zen
fi
### Add more flags in GRUB config for encrypted disk
LUKS_PASSWORD=$(sed -n '12p' <"$CONFIG_FILE")
if [[ "$encryptStatus" = "encrypt" ]]; then
# Add to mkinitcpio
getReq=$(cat /etc/mkinitcpio.conf | grep -En "^HOOKS=(.+)$" | head -1 | xargs)
getLineNumber=$(echo "$getReq" | cut -d":" -f1)
rep=$(echo $getReq | cut -d":" -f2 | sed 's/keymap //g')
sed -i "${getLineNumber}s/.*/${rep}/" /etc/mkinitcpio.conf
getReq=$(cat /etc/mkinitcpio.conf | grep -En "^HOOKS=(.+)$" | head -1 | xargs)
getLineNumber=$(echo "$getReq" | cut -d":" -f1)
rep=$(echo $getReq | cut -d":" -f2 | sed 's/keyboard //g')
sed -i "${getLineNumber}s/.*/${rep}/" /etc/mkinitcpio.conf
getReq=$(cat /etc/mkinitcpio.conf | grep -En "^HOOKS=(.+)$" | head -1 | xargs)
getLineNumber=$(echo "$getReq" | cut -d":" -f1)
rep=$(echo $getReq | cut -d":" -f2 | sed 's/autodetect/autodetect keyboard keymap/g')
sed -i "${getLineNumber}s/.*/${rep}/" /etc/mkinitcpio.conf
getReq=$(cat /etc/mkinitcpio.conf | grep -En "^HOOKS=(.+)$" | head -1 | xargs)
getLineNumber=$(echo "$getReq" | cut -d":" -f1)
rep=$(echo $getReq | cut -d":" -f2 | sed 's/filesystems/encrypt filesystems/g')
sed -i "${getLineNumber}s/.*/${rep}/" /etc/mkinitcpio.conf
DISK=$(sed -n '5p' <"$CONFIG_FILE")
if [[ ${DISK} =~ "nvme" ]]; then
UUID_CRYPT_DEVICE=$(blkid | grep "${DISK}p2" | cut -d" " -f2 | xargs)
# Create a key file
getReq=$(cat /etc/mkinitcpio.conf | grep -En "^FILES=(.+)$" | head -1 | xargs)
getLineNumber=$(echo "$getReq" | cut -d":" -f1)
rep=$(echo "FILES=(\/root\/cryptlvm.keyfile)")
sed -i "${getLineNumber}s/.*/${rep}/" /etc/mkinitcpio.conf
dd bs=512 count=4 if=/dev/random of=/root/cryptlvm.keyfile iflag=fullblock
chmod 000 /root/cryptlvm.keyfile
echo "${LUKS_PASSWORD}" | cryptsetup -v luksAddKey "${DISK}p2" /root/cryptlvm.keyfile
else
UUID_CRYPT_DEVICE=$(blkid | grep "${DISK}2" | cut -d" " -f2 | xargs)
# Create a key file
getReq=$(cat /etc/mkinitcpio.conf | grep -En "^FILES=(.+)$" | head -1 | xargs)
getLineNumber=$(echo "$getReq" | cut -d":" -f1)
rep=$(echo "FILES=(\/root\/cryptlvm.keyfile)")
sed -i "${getLineNumber}s/.*/${rep}/" /etc/mkinitcpio.conf
dd bs=512 count=4 if=/dev/random of=/root/cryptlvm.keyfile iflag=fullblock
chmod 000 /root/cryptlvm.keyfile
echo "${LUKS_PASSWORD}" | cryptsetup -v luksAddKey "${DISK}2" /root/cryptlvm.keyfile
fi
getGrubDefaultArgs=$(cat /etc/default/grub | grep -n "GRUB_CMDLINE_LINUX_DEFAULT")
getLineNumber=$(echo "$getGrubDefaultArgs" | cut -d ":" -f1 | xargs)
getOldArgs=$(echo "$getGrubDefaultArgs" | cut -d ":" -f2 | sed 's/.$//')
if [[ "$driveType" = "ssd" ]]; then
cryptstring="cryptdevice=${UUID_CRYPT_DEVICE}:cryptroot:allow-discards root=\/dev\/mapper\/cryptroot cryptkey=rootfs:\/root\/cryptlvm.keyfile"
else
cryptstring="cryptdevice=${UUID_CRYPT_DEVICE}:cryptroot root=\/dev\/mapper\/cryptroot cryptkey=rootfs:\/root\/cryptlvm.keyfile"
fi
combinedArgsWithcryptstring="${getOldArgs} ${cryptstring}\""
sed -i "${getLineNumber}s/.*/${combinedArgsWithcryptstring}/" /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg
mkinitcpio -p linux-zen
fi
# ADD FEATURES TO sudoers
echo ""
echo "-------------------------------------------------------------------------"
echo "--------------Adding insults on wrong password...------------------------"
echo "-------------------------------------------------------------------------"
echo ""
sudo sed -i '71s/.*/Defaults insults/' /etc/sudoers
echo "Done adding insults!"
# THEMING GRUB
echo ""
echo "------------------------------------------------------------------------"
echo "--------------THEMING GRUB...-------------------------------------------"
echo "------------------------------------------------------------------------"
echo ""
### Theme
mkdir archlinux
cd archlinux
wget https://github.com/AdisonCavani/distro-grub-themes/raw/master/themes/arch-linux.tar
tar -xvf ./arch-linux.tar
rm -rf arch-linux.tar
cd ..
sudo mkdir /boot/grub/themes/
sudo cp -r archlinux /boot/grub/themes/
rm -rf archlinux
cp -r "${SCRIPT_DIR}/storage/grub.png" .
sudo mv grub.png /boot/grub/themes/archlinux/background.png
echo 'GRUB_THEME="/boot/grub/themes/archlinux/theme.txt"' | sudo tee -a /etc/default/grub >/dev/null
sudo sed -i 's/#cccccc/#aaff00/g' /boot/grub/themes/archlinux/theme.txt
sudo grub-mkconfig -o /boot/grub/grub.cfg
# Disable wifi powersaver mode
LOC="/etc/NetworkManager/conf.d/wifi-powersave.conf"
echo -e "[connection]\nwifi.powersave = 2" | sudo tee -a $LOC
# Install Logger
if [[ "$_distroType" = "artix" ]]; then
install "syslog-ng logrotate libdbi librabbitmq-c mongo-c-driver libesmtp hiredis libmaxminddb net-snmp librdkafka python-ply" "pac"
fi
# Enable Services
echo ""
echo "---------------------------------------------------------"
echo "--------------Enabling Services...-----------------------"
echo "---------------------------------------------------------"
echo ""
if [[ "$_distroType" = "artix" ]]; then
sudo rc-update add NetworkManager default
sudo rc-update add acpid default
sudo rc-update add backlight default
sudo rc-update add syslog-ng default
else
systemctl enable NetworkManager
systemctl enable reflector.timer
systemctl enable acpid
fi
# Fix an issue with Timeshift related to BTRFS
sed -i 's/subvolid.*,//' /etc/fstab
# ===================== XORG Dependent ===================================
# Enable Touchpad Features
install "dmidecode" "pac"
checkType=$(sudo dmidecode --string chassis-type)
if [[ "${checkType}" = "Laptop" || "${checkType}" = "Notebook" || "${checkType}" = "Portable" || "${checkType}" = "Sub Notebook" ]]; then
mkdir -p /etc/X11/xorg.conf.d
touch /etc/X11/xorg.conf.d/40-libinput.conf
printf 'Section "InputClass"
Identifier "libinput touchpad catchall"
MatchIsTouchpad "on"
MatchDevicePath "/dev/input/event*"
Driver "libinput"
Option "Tapping" "on"
Option "NaturalScrolling" "true"
EndSection' >/etc/X11/xorg.conf.d/40-libinput.conf
fi
# ===================== END Dependent ====================================
# Regenerate initramfs and update grub
echo ""
echo "--------------------------------------------------------------------------------"
echo "--------------Regenerating initramfs and updating grub...-----------------------"
echo "--------------------------------------------------------------------------------"
echo ""
grub-mkconfig -o /boot/grub/grub.cfg
mkinitcpio -p linux-zen
# Remove setup files
rm -rf setup