Merge branch 'main' of https://github.com/ChrisTitusTech/ArchTitus
Conflicts: 0-preinstall.sh 1-setup.sh 3-post-setup.sh
This commit is contained in:
commit
ede10531a2
|
|
@ -19,7 +19,7 @@ timedatectl set-ntp true
|
||||||
pacman -S --noconfirm pacman-contrib terminus-font
|
pacman -S --noconfirm pacman-contrib terminus-font
|
||||||
setfont ter-v22b
|
setfont ter-v22b
|
||||||
sed -i 's/^#Para/Para/' /etc/pacman.conf
|
sed -i 's/^#Para/Para/' /etc/pacman.conf
|
||||||
pacman -S --noconfirm reflector rsync
|
pacman -S --noconfirm reflector rsync grub
|
||||||
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
|
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
|
||||||
echo -e " - -----------------------------------------------------------------------------------"
|
echo -e " - -----------------------------------------------------------------------------------"
|
||||||
echo -e " ▀███▀▀▀██▄ ██ ██ ██ ███ "
|
echo -e " ▀███▀▀▀██▄ ██ ██ ██ ███ "
|
||||||
|
|
@ -54,31 +54,26 @@ echo "--------------------------------------"
|
||||||
|
|
||||||
# disk prep
|
# disk prep
|
||||||
sgdisk -Z ${DISK} # zap all on disk
|
sgdisk -Z ${DISK} # zap all on disk
|
||||||
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
|
|
||||||
sgdisk -a 2048 -o ${DISK} # new gpt disk 2048 alignment
|
sgdisk -a 2048 -o ${DISK} # new gpt disk 2048 alignment
|
||||||
|
|
||||||
# create partitions
|
# create partitions
|
||||||
sgdisk -n 1:0:+1000M ${DISK} # partition 1 (UEFI SYS), default start block, 512MB
|
sgdisk -n 1::+1M --typecode=1:ef02 --change-name=1:'BIOSBOOT' ${DISK} # partition 1 (BIOS Boot Partition)
|
||||||
sgdisk -n 2:0:0 ${DISK} # partition 2 (Root), default start, remaining
|
sgdisk -n 2::+100M --typecode=2:ef00 --change-name=2:'EFIBOOT' ${DISK} # partition 2 (UEFI Boot Partition)
|
||||||
|
sgdisk -n 3::-0 --typecode=3:8300 --change-name=3:'ROOT' ${DISK} # partition 3 (Root), default start, remaining
|
||||||
# set partition types
|
if [[ ! -d "/sys/firmware/efi" ]]; then
|
||||||
sgdisk -t 1:ef00 ${DISK}
|
sgdisk -A 1:set:2 ${DISK}
|
||||||
sgdisk -t 2:8300 ${DISK}
|
fi
|
||||||
|
|
||||||
# label partitions
|
|
||||||
sgdisk -c 1:"UEFISYS" ${DISK}
|
|
||||||
sgdisk -c 2:"ROOT" ${DISK}
|
|
||||||
|
|
||||||
# make filesystems
|
# make filesystems
|
||||||
echo -e "\nCreating Filesystems...\n$HR"
|
echo -e "\nCreating Filesystems...\n$HR"
|
||||||
if [[ ${DISK} =~ "nvme" ]]; then
|
if [[ ${DISK} =~ "nvme" ]]; then
|
||||||
mkfs.vfat -F32 -n "UEFISYS" "${DISK}p1"
|
mkfs.vfat -F32 -n "EFIBOOT" "${DISK}p2"
|
||||||
mkfs.btrfs -L "ROOT" "${DISK}p2" -f
|
mkfs.btrfs -L "ROOT" "${DISK}p3" -f
|
||||||
mount -t btrfs "${DISK}p2" /mnt
|
mount -t btrfs "${DISK}p3" /mnt
|
||||||
else
|
else
|
||||||
mkfs.vfat -F32 -n "UEFISYS" "${DISK}1"
|
mkfs.vfat -F32 -n "EFIBOOT" "${DISK}2"
|
||||||
mkfs.btrfs -L "ROOT" "${DISK}2" -f
|
mkfs.btrfs -L "ROOT" "${DISK}3" -f
|
||||||
mount -t btrfs "${DISK}2" /mnt
|
mount -t btrfs "${DISK}3" /mnt
|
||||||
fi
|
fi
|
||||||
ls /mnt | xargs btrfs subvolume delete
|
ls /mnt | xargs btrfs subvolume delete
|
||||||
btrfs subvolume create /mnt/@
|
btrfs subvolume create /mnt/@
|
||||||
|
|
@ -96,7 +91,7 @@ esac
|
||||||
mount -t btrfs -o subvol=@ -L ROOT /mnt
|
mount -t btrfs -o subvol=@ -L ROOT /mnt
|
||||||
mkdir /mnt/boot
|
mkdir /mnt/boot
|
||||||
mkdir /mnt/boot/efi
|
mkdir /mnt/boot/efi
|
||||||
mount -t vfat -L UEFISYS /mnt/boot/
|
mount -t vfat -L EFIBOOT /mnt/boot/
|
||||||
|
|
||||||
if ! grep -qs '/mnt' /proc/mounts; then
|
if ! grep -qs '/mnt' /proc/mounts; then
|
||||||
echo "Drive is not mounted can not continue"
|
echo "Drive is not mounted can not continue"
|
||||||
|
|
@ -113,20 +108,13 @@ pacstrap /mnt base base-devel linux-hardened linux-firmware vim nano sudo archli
|
||||||
genfstab -U /mnt >> /mnt/etc/fstab
|
genfstab -U /mnt >> /mnt/etc/fstab
|
||||||
echo "keyserver hkp://keyserver.ubuntu.com" >> /mnt/etc/pacman.d/gnupg/gpg.conf
|
echo "keyserver hkp://keyserver.ubuntu.com" >> /mnt/etc/pacman.d/gnupg/gpg.conf
|
||||||
echo "--------------------------------------"
|
echo "--------------------------------------"
|
||||||
echo "-- Bootloader Systemd Installation --"
|
echo "-- GRUB Bootloader Installation --"
|
||||||
echo "--------------------------------------"
|
echo "--------------------------------------"
|
||||||
bootctl install --esp-path=/mnt/boot
|
if [[ ! -d "/sys/firmware/efi" ]]; then
|
||||||
sudo cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-hardened.conf
|
grub-install --boot-directory=/mnt/boot ${DISK}
|
||||||
sudo sed -i 's|Arch Linux|Arch Linux Hardened Kernel|g' /boot/loader/entries/arch-hardened.conf
|
else
|
||||||
sudo sed -i 's|vmlinuz-linux-hardened|vmlinuz-linux-lts|g' /boot/loader/entries/arch-hardened.conf
|
grub-install --efi-directory=/mnt/boot ${DISK}
|
||||||
sudo sed -i 's|initramfs-linux.img|initramfs-linux-hardened.img|g' /boot/loader/entries/arch-hardened.conf
|
fi
|
||||||
#[ ! -d "/mnt/boot/loader/entries" ] && mkdir -p /mnt/boot/loader/entries
|
|
||||||
#cat <<EOF > /mnt/boot/loader/entries/arch.conf
|
|
||||||
#title Arch Linux
|
|
||||||
#linux /vmlinuz-linux-hardened
|
|
||||||
#initrd /initramfs-linux-hardened.img
|
|
||||||
#options root=LABEL=ROOT rw rootflags=subvol=@
|
|
||||||
#EOF
|
|
||||||
cp -R ${SCRIPT_DIR} /mnt/root/BetterArch
|
cp -R ${SCRIPT_DIR} /mnt/root/BetterArch
|
||||||
cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist
|
cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist
|
||||||
echo "--------------------------------------"
|
echo "--------------------------------------"
|
||||||
|
|
|
||||||
25
1-setup.sh
25
1-setup.sh
|
|
@ -32,7 +32,6 @@ sudo sed -i 's/#MAKEFLAGS="-j2"/MAKEFLAGS="-j$nc"/g' /etc/makepkg.conf
|
||||||
echo "Changing the compression settings for "$nc" cores."
|
echo "Changing the compression settings for "$nc" cores."
|
||||||
sudo sed -i 's/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g' /etc/makepkg.conf
|
sudo sed -i 's/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g' /etc/makepkg.conf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "-------------------------------------------------"
|
echo "-------------------------------------------------"
|
||||||
echo " Setup Language to US and set locale "
|
echo " Setup Language to US and set locale "
|
||||||
echo "-------------------------------------------------"
|
echo "-------------------------------------------------"
|
||||||
|
|
@ -84,6 +83,7 @@ PKGS=(
|
||||||
'bluedevil'
|
'bluedevil'
|
||||||
'bluez'
|
'bluez'
|
||||||
'bluez-libs'
|
'bluez-libs'
|
||||||
|
'bluez-utils'
|
||||||
'breeze'
|
'breeze'
|
||||||
'breeze-gtk'
|
'breeze-gtk'
|
||||||
'bridge-utils'
|
'bridge-utils'
|
||||||
|
|
@ -97,12 +97,14 @@ PKGS=(
|
||||||
'discover'
|
'discover'
|
||||||
'dolphin'
|
'dolphin'
|
||||||
'dosfstools'
|
'dosfstools'
|
||||||
|
'dtc'
|
||||||
'efibootmgr' # EFI boot
|
'efibootmgr' # EFI boot
|
||||||
'egl-wayland'
|
'egl-wayland'
|
||||||
'element-desktop-git' # Matrix client
|
|
||||||
'exfat-utils'
|
'exfat-utils'
|
||||||
'fail2ban' # Intrusion prevention
|
'fail2ban' # Intrusion prevention
|
||||||
'flameshot'
|
'flameshot'
|
||||||
|
'extra-cmake-modules'
|
||||||
|
'filelight'
|
||||||
'flex'
|
'flex'
|
||||||
'fuse2'
|
'fuse2'
|
||||||
'fuse3'
|
'fuse3'
|
||||||
|
|
@ -121,16 +123,24 @@ PKGS=(
|
||||||
'gst-libav'
|
'gst-libav'
|
||||||
'gst-plugins-good'
|
'gst-plugins-good'
|
||||||
'gst-plugins-ugly'
|
'gst-plugins-ugly'
|
||||||
|
'gwenview'
|
||||||
'haveged'
|
'haveged'
|
||||||
'htop'
|
'htop'
|
||||||
'iptables-nft'
|
'iptables-nft'
|
||||||
'jdk-openjdk' # Java 17
|
'jdk-openjdk' # Java 17
|
||||||
'kate'
|
'kate'
|
||||||
|
'kcodecs'
|
||||||
|
'kcoreaddons'
|
||||||
|
'kde-plasma-addons'
|
||||||
|
'kinfocenter'
|
||||||
|
'kscreen'
|
||||||
'kvantum-qt5'
|
'kvantum-qt5'
|
||||||
'kde-gtk-config'
|
'kde-gtk-config'
|
||||||
'kitty'
|
'kitty'
|
||||||
'konsole'
|
'konsole'
|
||||||
|
'kscreen'
|
||||||
'layer-shell-qt'
|
'layer-shell-qt'
|
||||||
|
'libdvdcss'
|
||||||
'libnewt'
|
'libnewt'
|
||||||
'libtool'
|
'libtool'
|
||||||
'linux-firmware'
|
'linux-firmware'
|
||||||
|
|
@ -158,11 +168,16 @@ PKGS=(
|
||||||
'patch'
|
'patch'
|
||||||
'picom'
|
'picom'
|
||||||
'pkgconf'
|
'pkgconf'
|
||||||
|
'plasma-nm'
|
||||||
|
'powerdevil'
|
||||||
'powerline-fonts'
|
'powerline-fonts'
|
||||||
'print-manager'
|
'print-manager'
|
||||||
'pulseaudio'
|
'pulseaudio'
|
||||||
'pulseaudio-alsa'
|
'pulseaudio-alsa'
|
||||||
'pulseaudio-bluetooth'
|
'pulseaudio-bluetooth'
|
||||||
|
'python-notify2'
|
||||||
|
'python-psutil'
|
||||||
|
'python-pyqt5'
|
||||||
'python-pip'
|
'python-pip'
|
||||||
'protonvpn'
|
'protonvpn'
|
||||||
'qemu'
|
'qemu'
|
||||||
|
|
@ -236,14 +251,14 @@ fi
|
||||||
echo -e "\nDone!\n"
|
echo -e "\nDone!\n"
|
||||||
if ! source install.conf; then
|
if ! source install.conf; then
|
||||||
read -p "Please enter username:" username
|
read -p "Please enter username:" username
|
||||||
echo "username=$username" >> ${HOME}/BetterArch/install.conf
|
echo "username=$username" >> ${HOME}/ArchTitus/install.conf
|
||||||
fi
|
fi
|
||||||
if [ $(whoami) = "root" ];
|
if [ $(whoami) = "root" ];
|
||||||
then
|
then
|
||||||
useradd -m -G wheel,libvirt -s /bin/bash $username
|
useradd -m -G wheel,libvirt -s /bin/bash $username
|
||||||
passwd $username
|
passwd $username
|
||||||
cp -R /root/BetterArch /home/$username/
|
cp -R /root/ArchTitus /home/$username/
|
||||||
chown -R $username: /home/$username/BetterArch
|
chown -R $username: /home/$username/ArchTitus
|
||||||
read -p "Please name your machine:" nameofmachine
|
read -p "Please name your machine:" nameofmachine
|
||||||
echo $nameofmachine > /etc/hostname
|
echo $nameofmachine > /etc/hostname
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ PKGS=(
|
||||||
'github-desktop-bin' # Github Desktop sync
|
'github-desktop-bin' # Github Desktop sync
|
||||||
'intellij-idea-community-edition'
|
'intellij-idea-community-edition'
|
||||||
'lightly-git'
|
'lightly-git'
|
||||||
|
'lightlyshaders-git'
|
||||||
'mangohud' # Gaming FPS Counter
|
'mangohud' # Gaming FPS Counter
|
||||||
'mangohud-common'
|
'mangohud-common'
|
||||||
'nerd-fonts-fira-code'
|
'nerd-fonts-fira-code'
|
||||||
|
|
|
||||||
|
|
@ -12,32 +12,31 @@
|
||||||
#------------------------------------------------------------------------------------
|
#------------------------------------------------------------------------------------
|
||||||
echo -e "\nFINAL SETUP AND CONFIGURATION"
|
echo -e "\nFINAL SETUP AND CONFIGURATION"
|
||||||
|
|
||||||
|
grub-mkconfig -o /boot/grub/grub.cfg
|
||||||
|
|
||||||
# ------------------------------------------------------------------------
|
# ------------------------------------------------------------------------
|
||||||
|
|
||||||
echo -e "\nEnabling Login Display Manager"
|
echo -e "\nEnabling Login Display Manager"
|
||||||
|
systemctl enable sddm.service
|
||||||
sudo systemctl enable sddm.service
|
|
||||||
|
|
||||||
echo -e "\nSetup SDDM Theme"
|
echo -e "\nSetup SDDM Theme"
|
||||||
|
cat <<EOF > /etc/sddm.conf
|
||||||
sudo cat <<EOF > /etc/sddm.conf
|
|
||||||
[Theme]
|
[Theme]
|
||||||
Current=Nordic
|
Current=Nordic
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# ------------------------------------------------------------------------
|
# ------------------------------------------------------------------------
|
||||||
|
|
||||||
sudo ufw limit 22/tcp
|
ufw limit 22/tcp
|
||||||
sudo ufw default deny incoming
|
ufw default deny incoming
|
||||||
sudo ufw default allow outgoing
|
ufw default allow outgoing
|
||||||
|
|
||||||
# --- Harden /etc/sysctl.conf
|
# --- Harden /etc/sysctl.conf
|
||||||
sudo sysctl kernel.modules_disabled=1
|
sysctl kernel.modules_disabled=1
|
||||||
sudo sysctl -a
|
sysctl -a
|
||||||
sudo sysctl -A
|
sysctl -A
|
||||||
sudo sysctl mib
|
sysctl mib
|
||||||
sudo sysctl net.ipv4.conf.all.rp_filter
|
sysctl net.ipv4.conf.all.rp_filter
|
||||||
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
|
||||||
|
|
||||||
# --- PREVENT IP SPOOFS
|
# --- PREVENT IP SPOOFS
|
||||||
cat <<EOF > /etc/host.conf
|
cat <<EOF > /etc/host.conf
|
||||||
|
|
@ -54,13 +53,12 @@ sudo cp fail2ban.local /etc/fail2ban/
|
||||||
echo -e "\nEnabling essential services"
|
echo -e "\nEnabling essential services"
|
||||||
|
|
||||||
systemctl enable cups.service
|
systemctl enable cups.service
|
||||||
sudo ntpd -qg
|
ntpd -qg
|
||||||
sudo systemctl enable ntpd.service
|
systemctl enable ntpd.service
|
||||||
sudo systemctl disable dhcpcd.service
|
systemctl disable dhcpcd.service
|
||||||
sudo systemctl stop dhcpcd.service
|
systemctl stop dhcpcd.service
|
||||||
sudo systemctl enable NetworkManager.service
|
systemctl enable NetworkManager.service
|
||||||
sudo systemctl enable bluetooth
|
systemctl enable bluetooth
|
||||||
sudo systemctl enable ufw
|
systemctl enable ufw
|
||||||
sudo systemctl enable fail2ban
|
systemctl enable fail2ban
|
||||||
sudo systemctl start fail2ban
|
systemctl start fail2ban
|
||||||
#sudo systemctl enable --now portmaster
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue