Merge branch 'main' of https://github.com/ChrisTitusTech/ArchTitus
Conflicts: 0-preinstall.sh 1-setup.sh 3-post-setup.sh
This commit is contained in:
commit
ede10531a2
|
|
@ -19,7 +19,7 @@ timedatectl set-ntp true
|
|||
pacman -S --noconfirm pacman-contrib terminus-font
|
||||
setfont ter-v22b
|
||||
sed -i 's/^#Para/Para/' /etc/pacman.conf
|
||||
pacman -S --noconfirm reflector rsync
|
||||
pacman -S --noconfirm reflector rsync grub
|
||||
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
|
||||
echo -e " - -----------------------------------------------------------------------------------"
|
||||
echo -e " ▀███▀▀▀██▄ ██ ██ ██ ███ "
|
||||
|
|
@ -54,31 +54,26 @@ echo "--------------------------------------"
|
|||
|
||||
# disk prep
|
||||
sgdisk -Z ${DISK} # zap all on disk
|
||||
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
|
||||
sgdisk -a 2048 -o ${DISK} # new gpt disk 2048 alignment
|
||||
|
||||
# create partitions
|
||||
sgdisk -n 1:0:+1000M ${DISK} # partition 1 (UEFI SYS), default start block, 512MB
|
||||
sgdisk -n 2:0:0 ${DISK} # partition 2 (Root), default start, remaining
|
||||
|
||||
# set partition types
|
||||
sgdisk -t 1:ef00 ${DISK}
|
||||
sgdisk -t 2:8300 ${DISK}
|
||||
|
||||
# label partitions
|
||||
sgdisk -c 1:"UEFISYS" ${DISK}
|
||||
sgdisk -c 2:"ROOT" ${DISK}
|
||||
sgdisk -n 1::+1M --typecode=1:ef02 --change-name=1:'BIOSBOOT' ${DISK} # partition 1 (BIOS Boot Partition)
|
||||
sgdisk -n 2::+100M --typecode=2:ef00 --change-name=2:'EFIBOOT' ${DISK} # partition 2 (UEFI Boot Partition)
|
||||
sgdisk -n 3::-0 --typecode=3:8300 --change-name=3:'ROOT' ${DISK} # partition 3 (Root), default start, remaining
|
||||
if [[ ! -d "/sys/firmware/efi" ]]; then
|
||||
sgdisk -A 1:set:2 ${DISK}
|
||||
fi
|
||||
|
||||
# make filesystems
|
||||
echo -e "\nCreating Filesystems...\n$HR"
|
||||
if [[ ${DISK} =~ "nvme" ]]; then
|
||||
mkfs.vfat -F32 -n "UEFISYS" "${DISK}p1"
|
||||
mkfs.btrfs -L "ROOT" "${DISK}p2" -f
|
||||
mount -t btrfs "${DISK}p2" /mnt
|
||||
mkfs.vfat -F32 -n "EFIBOOT" "${DISK}p2"
|
||||
mkfs.btrfs -L "ROOT" "${DISK}p3" -f
|
||||
mount -t btrfs "${DISK}p3" /mnt
|
||||
else
|
||||
mkfs.vfat -F32 -n "UEFISYS" "${DISK}1"
|
||||
mkfs.btrfs -L "ROOT" "${DISK}2" -f
|
||||
mount -t btrfs "${DISK}2" /mnt
|
||||
mkfs.vfat -F32 -n "EFIBOOT" "${DISK}2"
|
||||
mkfs.btrfs -L "ROOT" "${DISK}3" -f
|
||||
mount -t btrfs "${DISK}3" /mnt
|
||||
fi
|
||||
ls /mnt | xargs btrfs subvolume delete
|
||||
btrfs subvolume create /mnt/@
|
||||
|
|
@ -96,7 +91,7 @@ esac
|
|||
mount -t btrfs -o subvol=@ -L ROOT /mnt
|
||||
mkdir /mnt/boot
|
||||
mkdir /mnt/boot/efi
|
||||
mount -t vfat -L UEFISYS /mnt/boot/
|
||||
mount -t vfat -L EFIBOOT /mnt/boot/
|
||||
|
||||
if ! grep -qs '/mnt' /proc/mounts; then
|
||||
echo "Drive is not mounted can not continue"
|
||||
|
|
@ -113,20 +108,13 @@ pacstrap /mnt base base-devel linux-hardened linux-firmware vim nano sudo archli
|
|||
genfstab -U /mnt >> /mnt/etc/fstab
|
||||
echo "keyserver hkp://keyserver.ubuntu.com" >> /mnt/etc/pacman.d/gnupg/gpg.conf
|
||||
echo "--------------------------------------"
|
||||
echo "-- Bootloader Systemd Installation --"
|
||||
echo "-- GRUB Bootloader Installation --"
|
||||
echo "--------------------------------------"
|
||||
bootctl install --esp-path=/mnt/boot
|
||||
sudo cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-hardened.conf
|
||||
sudo sed -i 's|Arch Linux|Arch Linux Hardened Kernel|g' /boot/loader/entries/arch-hardened.conf
|
||||
sudo sed -i 's|vmlinuz-linux-hardened|vmlinuz-linux-lts|g' /boot/loader/entries/arch-hardened.conf
|
||||
sudo sed -i 's|initramfs-linux.img|initramfs-linux-hardened.img|g' /boot/loader/entries/arch-hardened.conf
|
||||
#[ ! -d "/mnt/boot/loader/entries" ] && mkdir -p /mnt/boot/loader/entries
|
||||
#cat <<EOF > /mnt/boot/loader/entries/arch.conf
|
||||
#title Arch Linux
|
||||
#linux /vmlinuz-linux-hardened
|
||||
#initrd /initramfs-linux-hardened.img
|
||||
#options root=LABEL=ROOT rw rootflags=subvol=@
|
||||
#EOF
|
||||
if [[ ! -d "/sys/firmware/efi" ]]; then
|
||||
grub-install --boot-directory=/mnt/boot ${DISK}
|
||||
else
|
||||
grub-install --efi-directory=/mnt/boot ${DISK}
|
||||
fi
|
||||
cp -R ${SCRIPT_DIR} /mnt/root/BetterArch
|
||||
cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist
|
||||
echo "--------------------------------------"
|
||||
|
|
|
|||
25
1-setup.sh
25
1-setup.sh
|
|
@ -32,7 +32,6 @@ sudo sed -i 's/#MAKEFLAGS="-j2"/MAKEFLAGS="-j$nc"/g' /etc/makepkg.conf
|
|||
echo "Changing the compression settings for "$nc" cores."
|
||||
sudo sed -i 's/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g' /etc/makepkg.conf
|
||||
fi
|
||||
|
||||
echo "-------------------------------------------------"
|
||||
echo " Setup Language to US and set locale "
|
||||
echo "-------------------------------------------------"
|
||||
|
|
@ -84,6 +83,7 @@ PKGS=(
|
|||
'bluedevil'
|
||||
'bluez'
|
||||
'bluez-libs'
|
||||
'bluez-utils'
|
||||
'breeze'
|
||||
'breeze-gtk'
|
||||
'bridge-utils'
|
||||
|
|
@ -97,12 +97,14 @@ PKGS=(
|
|||
'discover'
|
||||
'dolphin'
|
||||
'dosfstools'
|
||||
'dtc'
|
||||
'efibootmgr' # EFI boot
|
||||
'egl-wayland'
|
||||
'element-desktop-git' # Matrix client
|
||||
'exfat-utils'
|
||||
'fail2ban' # Intrusion prevention
|
||||
'flameshot'
|
||||
'extra-cmake-modules'
|
||||
'filelight'
|
||||
'flex'
|
||||
'fuse2'
|
||||
'fuse3'
|
||||
|
|
@ -121,16 +123,24 @@ PKGS=(
|
|||
'gst-libav'
|
||||
'gst-plugins-good'
|
||||
'gst-plugins-ugly'
|
||||
'gwenview'
|
||||
'haveged'
|
||||
'htop'
|
||||
'iptables-nft'
|
||||
'jdk-openjdk' # Java 17
|
||||
'kate'
|
||||
'kcodecs'
|
||||
'kcoreaddons'
|
||||
'kde-plasma-addons'
|
||||
'kinfocenter'
|
||||
'kscreen'
|
||||
'kvantum-qt5'
|
||||
'kde-gtk-config'
|
||||
'kitty'
|
||||
'konsole'
|
||||
'kscreen'
|
||||
'layer-shell-qt'
|
||||
'libdvdcss'
|
||||
'libnewt'
|
||||
'libtool'
|
||||
'linux-firmware'
|
||||
|
|
@ -158,11 +168,16 @@ PKGS=(
|
|||
'patch'
|
||||
'picom'
|
||||
'pkgconf'
|
||||
'plasma-nm'
|
||||
'powerdevil'
|
||||
'powerline-fonts'
|
||||
'print-manager'
|
||||
'pulseaudio'
|
||||
'pulseaudio-alsa'
|
||||
'pulseaudio-bluetooth'
|
||||
'python-notify2'
|
||||
'python-psutil'
|
||||
'python-pyqt5'
|
||||
'python-pip'
|
||||
'protonvpn'
|
||||
'qemu'
|
||||
|
|
@ -236,14 +251,14 @@ fi
|
|||
echo -e "\nDone!\n"
|
||||
if ! source install.conf; then
|
||||
read -p "Please enter username:" username
|
||||
echo "username=$username" >> ${HOME}/BetterArch/install.conf
|
||||
echo "username=$username" >> ${HOME}/ArchTitus/install.conf
|
||||
fi
|
||||
if [ $(whoami) = "root" ];
|
||||
then
|
||||
useradd -m -G wheel,libvirt -s /bin/bash $username
|
||||
passwd $username
|
||||
cp -R /root/BetterArch /home/$username/
|
||||
chown -R $username: /home/$username/BetterArch
|
||||
cp -R /root/ArchTitus /home/$username/
|
||||
chown -R $username: /home/$username/ArchTitus
|
||||
read -p "Please name your machine:" nameofmachine
|
||||
echo $nameofmachine > /etc/hostname
|
||||
else
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ PKGS=(
|
|||
'github-desktop-bin' # Github Desktop sync
|
||||
'intellij-idea-community-edition'
|
||||
'lightly-git'
|
||||
'lightlyshaders-git'
|
||||
'mangohud' # Gaming FPS Counter
|
||||
'mangohud-common'
|
||||
'nerd-fonts-fira-code'
|
||||
|
|
|
|||
|
|
@ -12,32 +12,31 @@
|
|||
#------------------------------------------------------------------------------------
|
||||
echo -e "\nFINAL SETUP AND CONFIGURATION"
|
||||
|
||||
grub-mkconfig -o /boot/grub/grub.cfg
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
echo -e "\nEnabling Login Display Manager"
|
||||
|
||||
sudo systemctl enable sddm.service
|
||||
|
||||
systemctl enable sddm.service
|
||||
echo -e "\nSetup SDDM Theme"
|
||||
|
||||
sudo cat <<EOF > /etc/sddm.conf
|
||||
cat <<EOF > /etc/sddm.conf
|
||||
[Theme]
|
||||
Current=Nordic
|
||||
EOF
|
||||
|
||||
# ------------------------------------------------------------------------
|
||||
|
||||
sudo ufw limit 22/tcp
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default allow outgoing
|
||||
ufw limit 22/tcp
|
||||
ufw default deny incoming
|
||||
ufw default allow outgoing
|
||||
|
||||
# --- Harden /etc/sysctl.conf
|
||||
sudo sysctl kernel.modules_disabled=1
|
||||
sudo sysctl -a
|
||||
sudo sysctl -A
|
||||
sudo sysctl mib
|
||||
sudo sysctl net.ipv4.conf.all.rp_filter
|
||||
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
||||
sysctl kernel.modules_disabled=1
|
||||
sysctl -a
|
||||
sysctl -A
|
||||
sysctl mib
|
||||
sysctl net.ipv4.conf.all.rp_filter
|
||||
sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
||||
|
||||
# --- PREVENT IP SPOOFS
|
||||
cat <<EOF > /etc/host.conf
|
||||
|
|
@ -54,13 +53,12 @@ sudo cp fail2ban.local /etc/fail2ban/
|
|||
echo -e "\nEnabling essential services"
|
||||
|
||||
systemctl enable cups.service
|
||||
sudo ntpd -qg
|
||||
sudo systemctl enable ntpd.service
|
||||
sudo systemctl disable dhcpcd.service
|
||||
sudo systemctl stop dhcpcd.service
|
||||
sudo systemctl enable NetworkManager.service
|
||||
sudo systemctl enable bluetooth
|
||||
sudo systemctl enable ufw
|
||||
sudo systemctl enable fail2ban
|
||||
sudo systemctl start fail2ban
|
||||
#sudo systemctl enable --now portmaster
|
||||
ntpd -qg
|
||||
systemctl enable ntpd.service
|
||||
systemctl disable dhcpcd.service
|
||||
systemctl stop dhcpcd.service
|
||||
systemctl enable NetworkManager.service
|
||||
systemctl enable bluetooth
|
||||
systemctl enable ufw
|
||||
systemctl enable fail2ban
|
||||
systemctl start fail2ban
|
||||
|
|
|
|||
Loading…
Reference in New Issue