Conflicts:
	0-preinstall.sh
	1-setup.sh
	3-post-setup.sh
This commit is contained in:
71Zombie 2021-11-01 08:14:35 -04:00
commit ede10531a2
4 changed files with 63 additions and 61 deletions

View File

@ -19,7 +19,7 @@ timedatectl set-ntp true
pacman -S --noconfirm pacman-contrib terminus-font
setfont ter-v22b
sed -i 's/^#Para/Para/' /etc/pacman.conf
pacman -S --noconfirm reflector rsync
pacman -S --noconfirm reflector rsync grub
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
echo -e " - -----------------------------------------------------------------------------------"
echo -e " ▀███▀▀▀██▄ ██ ██ ██ ███ "
@ -54,31 +54,26 @@ echo "--------------------------------------"
# disk prep
sgdisk -Z ${DISK} # zap all on disk
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
sgdisk -a 2048 -o ${DISK} # new gpt disk 2048 alignment
# create partitions
sgdisk -n 1:0:+1000M ${DISK} # partition 1 (UEFI SYS), default start block, 512MB
sgdisk -n 2:0:0 ${DISK} # partition 2 (Root), default start, remaining
# set partition types
sgdisk -t 1:ef00 ${DISK}
sgdisk -t 2:8300 ${DISK}
# label partitions
sgdisk -c 1:"UEFISYS" ${DISK}
sgdisk -c 2:"ROOT" ${DISK}
sgdisk -n 1::+1M --typecode=1:ef02 --change-name=1:'BIOSBOOT' ${DISK} # partition 1 (BIOS Boot Partition)
sgdisk -n 2::+100M --typecode=2:ef00 --change-name=2:'EFIBOOT' ${DISK} # partition 2 (UEFI Boot Partition)
sgdisk -n 3::-0 --typecode=3:8300 --change-name=3:'ROOT' ${DISK} # partition 3 (Root), default start, remaining
if [[ ! -d "/sys/firmware/efi" ]]; then
sgdisk -A 1:set:2 ${DISK}
fi
# make filesystems
echo -e "\nCreating Filesystems...\n$HR"
if [[ ${DISK} =~ "nvme" ]]; then
mkfs.vfat -F32 -n "UEFISYS" "${DISK}p1"
mkfs.btrfs -L "ROOT" "${DISK}p2" -f
mount -t btrfs "${DISK}p2" /mnt
mkfs.vfat -F32 -n "EFIBOOT" "${DISK}p2"
mkfs.btrfs -L "ROOT" "${DISK}p3" -f
mount -t btrfs "${DISK}p3" /mnt
else
mkfs.vfat -F32 -n "UEFISYS" "${DISK}1"
mkfs.btrfs -L "ROOT" "${DISK}2" -f
mount -t btrfs "${DISK}2" /mnt
mkfs.vfat -F32 -n "EFIBOOT" "${DISK}2"
mkfs.btrfs -L "ROOT" "${DISK}3" -f
mount -t btrfs "${DISK}3" /mnt
fi
ls /mnt | xargs btrfs subvolume delete
btrfs subvolume create /mnt/@
@ -96,7 +91,7 @@ esac
mount -t btrfs -o subvol=@ -L ROOT /mnt
mkdir /mnt/boot
mkdir /mnt/boot/efi
mount -t vfat -L UEFISYS /mnt/boot/
mount -t vfat -L EFIBOOT /mnt/boot/
if ! grep -qs '/mnt' /proc/mounts; then
echo "Drive is not mounted can not continue"
@ -113,20 +108,13 @@ pacstrap /mnt base base-devel linux-hardened linux-firmware vim nano sudo archli
genfstab -U /mnt >> /mnt/etc/fstab
echo "keyserver hkp://keyserver.ubuntu.com" >> /mnt/etc/pacman.d/gnupg/gpg.conf
echo "--------------------------------------"
echo "-- Bootloader Systemd Installation --"
echo "-- GRUB Bootloader Installation --"
echo "--------------------------------------"
bootctl install --esp-path=/mnt/boot
sudo cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-hardened.conf
sudo sed -i 's|Arch Linux|Arch Linux Hardened Kernel|g' /boot/loader/entries/arch-hardened.conf
sudo sed -i 's|vmlinuz-linux-hardened|vmlinuz-linux-lts|g' /boot/loader/entries/arch-hardened.conf
sudo sed -i 's|initramfs-linux.img|initramfs-linux-hardened.img|g' /boot/loader/entries/arch-hardened.conf
#[ ! -d "/mnt/boot/loader/entries" ] && mkdir -p /mnt/boot/loader/entries
#cat <<EOF > /mnt/boot/loader/entries/arch.conf
#title Arch Linux
#linux /vmlinuz-linux-hardened
#initrd /initramfs-linux-hardened.img
#options root=LABEL=ROOT rw rootflags=subvol=@
#EOF
if [[ ! -d "/sys/firmware/efi" ]]; then
grub-install --boot-directory=/mnt/boot ${DISK}
else
grub-install --efi-directory=/mnt/boot ${DISK}
fi
cp -R ${SCRIPT_DIR} /mnt/root/BetterArch
cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist
echo "--------------------------------------"

View File

@ -32,7 +32,6 @@ sudo sed -i 's/#MAKEFLAGS="-j2"/MAKEFLAGS="-j$nc"/g' /etc/makepkg.conf
echo "Changing the compression settings for "$nc" cores."
sudo sed -i 's/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g' /etc/makepkg.conf
fi
echo "-------------------------------------------------"
echo " Setup Language to US and set locale "
echo "-------------------------------------------------"
@ -84,6 +83,7 @@ PKGS=(
'bluedevil'
'bluez'
'bluez-libs'
'bluez-utils'
'breeze'
'breeze-gtk'
'bridge-utils'
@ -97,12 +97,14 @@ PKGS=(
'discover'
'dolphin'
'dosfstools'
'dtc'
'efibootmgr' # EFI boot
'egl-wayland'
'element-desktop-git' # Matrix client
'exfat-utils'
'fail2ban' # Intrusion prevention
'flameshot'
'extra-cmake-modules'
'filelight'
'flex'
'fuse2'
'fuse3'
@ -121,16 +123,24 @@ PKGS=(
'gst-libav'
'gst-plugins-good'
'gst-plugins-ugly'
'gwenview'
'haveged'
'htop'
'iptables-nft'
'jdk-openjdk' # Java 17
'kate'
'kcodecs'
'kcoreaddons'
'kde-plasma-addons'
'kinfocenter'
'kscreen'
'kvantum-qt5'
'kde-gtk-config'
'kitty'
'konsole'
'kscreen'
'layer-shell-qt'
'libdvdcss'
'libnewt'
'libtool'
'linux-firmware'
@ -158,11 +168,16 @@ PKGS=(
'patch'
'picom'
'pkgconf'
'plasma-nm'
'powerdevil'
'powerline-fonts'
'print-manager'
'pulseaudio'
'pulseaudio-alsa'
'pulseaudio-bluetooth'
'python-notify2'
'python-psutil'
'python-pyqt5'
'python-pip'
'protonvpn'
'qemu'
@ -236,14 +251,14 @@ fi
echo -e "\nDone!\n"
if ! source install.conf; then
read -p "Please enter username:" username
echo "username=$username" >> ${HOME}/BetterArch/install.conf
echo "username=$username" >> ${HOME}/ArchTitus/install.conf
fi
if [ $(whoami) = "root" ];
then
useradd -m -G wheel,libvirt -s /bin/bash $username
passwd $username
cp -R /root/BetterArch /home/$username/
chown -R $username: /home/$username/BetterArch
cp -R /root/ArchTitus /home/$username/
chown -R $username: /home/$username/ArchTitus
read -p "Please name your machine:" nameofmachine
echo $nameofmachine > /etc/hostname
else

View File

@ -34,6 +34,7 @@ PKGS=(
'github-desktop-bin' # Github Desktop sync
'intellij-idea-community-edition'
'lightly-git'
'lightlyshaders-git'
'mangohud' # Gaming FPS Counter
'mangohud-common'
'nerd-fonts-fira-code'

View File

@ -12,32 +12,31 @@
#------------------------------------------------------------------------------------
echo -e "\nFINAL SETUP AND CONFIGURATION"
grub-mkconfig -o /boot/grub/grub.cfg
# ------------------------------------------------------------------------
echo -e "\nEnabling Login Display Manager"
sudo systemctl enable sddm.service
systemctl enable sddm.service
echo -e "\nSetup SDDM Theme"
sudo cat <<EOF > /etc/sddm.conf
cat <<EOF > /etc/sddm.conf
[Theme]
Current=Nordic
EOF
# ------------------------------------------------------------------------
sudo ufw limit 22/tcp
sudo ufw default deny incoming
sudo ufw default allow outgoing
ufw limit 22/tcp
ufw default deny incoming
ufw default allow outgoing
# --- Harden /etc/sysctl.conf
sudo sysctl kernel.modules_disabled=1
sudo sysctl -a
sudo sysctl -A
sudo sysctl mib
sudo sysctl net.ipv4.conf.all.rp_filter
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
sysctl kernel.modules_disabled=1
sysctl -a
sysctl -A
sysctl mib
sysctl net.ipv4.conf.all.rp_filter
sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
# --- PREVENT IP SPOOFS
cat <<EOF > /etc/host.conf
@ -54,13 +53,12 @@ sudo cp fail2ban.local /etc/fail2ban/
echo -e "\nEnabling essential services"
systemctl enable cups.service
sudo ntpd -qg
sudo systemctl enable ntpd.service
sudo systemctl disable dhcpcd.service
sudo systemctl stop dhcpcd.service
sudo systemctl enable NetworkManager.service
sudo systemctl enable bluetooth
sudo systemctl enable ufw
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
#sudo systemctl enable --now portmaster
ntpd -qg
systemctl enable ntpd.service
systemctl disable dhcpcd.service
systemctl stop dhcpcd.service
systemctl enable NetworkManager.service
systemctl enable bluetooth
systemctl enable ufw
systemctl enable fail2ban
systemctl start fail2ban