#!/bin/sh set -e if [ "$#" != "2" ]; then echo "incorrect number of arguments" echo "arg1 target device" echo "arg2 luks pass" exit 1 fi DEV_ID=$1 PASS=$2 DEV_CAPACITY=500 NUM_DISTROS=5 PART_ID_EFI=1 PART_ID_EFI_SIZE=2 PART_ID_LUKS=3 PART_ID_LUKS_SIZE=32 # set keyboard console layout #ls -R /usr/share/kbd/keymaps sudo loadkeys us # verify uefi mode ls -R /sys/firmware/efi/efivars # connect to internet #ip link ping -c 3 kernel.org # if target device partitioned, destroy if [ -e "/dev/${DEV_ID}1" ]; then #sudo umount -R /mnt #sudo cryptsetup luksClose cryptroot sudo wipefs -a "/dev/${DEV_ID}" #sudo sfdisk --delete /dev/${DEV_ID} sudo shred --verbose --random-source=/dev/urandom -n1 --zero "/dev/${DEV_ID}" fi partition_disk () { # partition disk # For gpt partition table: # Partition 1 should be EFI System Partition of about 128MB # Partition 2 should be the boot partition of about 128MB # Partition 3 should be the root partition. Give it the rest of the free space. # For dos/bios partition table: # Partition 1 should be the boot partition of about 128MB. # Partition 2 should be the root partition. Give it the rest of the free space. # dos|#1 boot 128MB|#2 root free space #echo -e "n\np\n1\n2048\n+128M\nn\np\n2\n\n\n\n\nw" | sudo fdisk /dev/${DEV_ID} # EFI Partition echo "1 $PART_ID_EFI_SIZE" CMD='g\nn\np\n1\n2048\n+'$PART_ID_EFI_SIZE'G\nt\n1\n' total_part_size=0 i=2 while [ "$i" -le $((NUM_DISTROS + 1)) ]; do size=0 if [ "$i" -eq "2" ]; then size=128 CMD=${CMD}'n\np\n'$i'\n\n+'$size'G\n' elif [ "$i" -eq "3" ]; then size=128 CMD=${CMD}'n\np\n'$i'\n\n+'$size'G\n' elif [ "$i" -eq "4" ]; then size=32 CMD=${CMD}'n\np\n'$i'\n\n+'$size'G\n' elif [ "$i" -eq "5" ]; then size=64 CMD=${CMD}'n\np\n'$i'\n\n+'$size'G\n' elif [ "$i" -eq "6" ]; then size=32 CMD=${CMD}'n\np\n'$i'\n\n+'$size'G\n' fi echo "$i $size" total_part_size=$((total_part_size + size)) i=$((i + 1)) done echo "1-$((NUM_DISTROS + 1)) $total_part_size for distros" # remaining space for data partition CMD=${CMD}'n\np\n\n\n\n\nw' echo "$((NUM_DISTROS + 2)) $((DEV_CAPACITY - total_part_size)) for data" echo 'echo -e "'"$CMD"'" | sudo fdisk /dev/'"$DEV_ID" eval 'echo -e "'"$CMD"'" | sudo fdisk /dev/'"$DEV_ID" } # end partition_disk partition_disk encrypt_root () { # LUKS encryption sudo modprobe dm-crypt sudo modprobe dm-mod # luks1 #printf "%b" "$PASS" | sudo cryptsetup luksFormat --type luks1 --use-urandom --key-size 512 --hash sha512 --iter-time 3000 "/dev/${DEV_ID}${PART_ID_LUKS}" - # luks2 printf "%b" "$PASS" | sudo cryptsetup --type luks2 --verify-passphrase --sector-size 4096 --verbose luksFormat "/dev/${DEV_ID}${PART_ID_LUKS}" - # open root partition printf "%b" "${PASS}" | sudo cryptsetup open "/dev/${DEV_ID}${PART_ID_LUKS}" cryptroot - } # end encrypt_root encrypt_root # format partitions format_partitions () { sudo mkfs.fat -F32 -n "EFI" "/dev/${DEV_ID}${PART_ID_EFI}" #sudo mkfs.ext4 -L BOOT /dev/${DEV_ID}${PART_ID_LUKS} #sudo mkfs.ext4 -L ROOT /dev/mapper/cryptroot sudo mkfs.btrfs -L ROOT /dev/mapper/cryptroot # gpt: create btrfs subvolumes sudo mount /dev/mapper/cryptroot /mnt sudo btrfs subvolume create /mnt/@ sudo btrfs subvolume create /mnt/@home sudo btrfs subvolume create /mnt/@snapshots sudo btrfs subvolume create /mnt/@var_cache_pacman_pkg #sudo btrfs subvolume create /mnt/@var_log sudo mkdir /mnt/@/home sudo mkdir -p /mnt/@/.btrfs/snapshots #sudo mkdir -p /mnt/@/var/log sudo mkdir -p /mnt/@/var/cache/pacman/pkg sudo umount -R /mnt } # end format_partitions format_partitions create_swap () { # swap file 512MB sudo dd if=/dev/zero of=/mnt/swapfile bs=1M count=512 sudo chmod 0600 /mnt/swapfile sudo mkswap /mnt/swapfile sudo swapon } # end create_swap mount_partitions () { # dos: mount partitions #sudo mount /dev/${DEV_ID}${PART_ID_LUKS} /mnt #sudo mkdir /mnt/boot #sudo mount /dev/${DEV_ID}1 /mnt/boot # gpt: mount btrfs root partitions sudo mount -o ssd,noatime,compress=zstd:1,space_cache=v2,autodefrag,subvol=@ /dev/mapper/cryptroot /mnt sudo mount -o ssd,noatime,compress=zstd:1,space_cache=v2,autodefrag,subvol=@home /dev/mapper/cryptroot /mnt/home sudo mount -o ssd,noatime,compress=zstd:1,space_cache=v2,autodefrag,subvol=@snapshots /dev/mapper/cryptroot /mnt/.btrfs/snapshots sudo mount -o ssd,noatime,compress=zstd:1,space_cache=v2,autodefrag,subvol=@var_cache_pacman_pkg /dev/mapper/cryptroot /mnt/var/cache/pacman/pkg #sudo mount -o ssd,noatime,compress=zstd:1,space_cache=v2,autodefrag,subvol=@var_log /dev/mapper/cryptroot /mnt/var/log create_swap # gpt: mount EFI system partitions #sudo mount /dev/mapper/cryptroot /mnt #sudo mkdir /mnt/boot #sudo mount /dev/${DEV_ID}1 /mnt/boot sudo mkdir /mnt/efi sudo mount "/dev/${DEV_ID}${PART_ID_EFI}" /mnt/efi } # end mount_partitions mount_partitions # install kernel - linux{-lts,-zen,-hardened} amd-ucode basestrap /mnt linux linux-firmware amd-ucode # install base packages #basestrap /mnt base base-devel cryptsetup openrc elogind-openrc #basestrap /mnt base base-devel cryptsetup runit elogind-runit basestrap /mnt base base-devel cryptsetup dinit elogind-dinit # generate fstab sudo fstabgen -U /mnt | sudo tee -a /mnt/etc/fstab # remove btrfs subvolid sudo sed -i 's/subvolid=[0-9]*,//g' /mnt/etc/fstab