Conflicts:
	0-preinstall.sh
	1-setup.sh
	3-post-setup.sh
This commit is contained in:
71Zombie 2021-11-01 08:14:35 -04:00
commit ede10531a2
4 changed files with 63 additions and 61 deletions

View File

@ -19,7 +19,7 @@ timedatectl set-ntp true
pacman -S --noconfirm pacman-contrib terminus-font pacman -S --noconfirm pacman-contrib terminus-font
setfont ter-v22b setfont ter-v22b
sed -i 's/^#Para/Para/' /etc/pacman.conf sed -i 's/^#Para/Para/' /etc/pacman.conf
pacman -S --noconfirm reflector rsync pacman -S --noconfirm reflector rsync grub
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
echo -e " - -----------------------------------------------------------------------------------" echo -e " - -----------------------------------------------------------------------------------"
echo -e " ▀███▀▀▀██▄ ██ ██ ██ ███ " echo -e " ▀███▀▀▀██▄ ██ ██ ██ ███ "
@ -54,31 +54,26 @@ echo "--------------------------------------"
# disk prep # disk prep
sgdisk -Z ${DISK} # zap all on disk sgdisk -Z ${DISK} # zap all on disk
#dd if=/dev/zero of=${DISK} bs=1M count=200 conv=fdatasync status=progress
sgdisk -a 2048 -o ${DISK} # new gpt disk 2048 alignment sgdisk -a 2048 -o ${DISK} # new gpt disk 2048 alignment
# create partitions # create partitions
sgdisk -n 1:0:+1000M ${DISK} # partition 1 (UEFI SYS), default start block, 512MB sgdisk -n 1::+1M --typecode=1:ef02 --change-name=1:'BIOSBOOT' ${DISK} # partition 1 (BIOS Boot Partition)
sgdisk -n 2:0:0 ${DISK} # partition 2 (Root), default start, remaining sgdisk -n 2::+100M --typecode=2:ef00 --change-name=2:'EFIBOOT' ${DISK} # partition 2 (UEFI Boot Partition)
sgdisk -n 3::-0 --typecode=3:8300 --change-name=3:'ROOT' ${DISK} # partition 3 (Root), default start, remaining
# set partition types if [[ ! -d "/sys/firmware/efi" ]]; then
sgdisk -t 1:ef00 ${DISK} sgdisk -A 1:set:2 ${DISK}
sgdisk -t 2:8300 ${DISK} fi
# label partitions
sgdisk -c 1:"UEFISYS" ${DISK}
sgdisk -c 2:"ROOT" ${DISK}
# make filesystems # make filesystems
echo -e "\nCreating Filesystems...\n$HR" echo -e "\nCreating Filesystems...\n$HR"
if [[ ${DISK} =~ "nvme" ]]; then if [[ ${DISK} =~ "nvme" ]]; then
mkfs.vfat -F32 -n "UEFISYS" "${DISK}p1" mkfs.vfat -F32 -n "EFIBOOT" "${DISK}p2"
mkfs.btrfs -L "ROOT" "${DISK}p2" -f mkfs.btrfs -L "ROOT" "${DISK}p3" -f
mount -t btrfs "${DISK}p2" /mnt mount -t btrfs "${DISK}p3" /mnt
else else
mkfs.vfat -F32 -n "UEFISYS" "${DISK}1" mkfs.vfat -F32 -n "EFIBOOT" "${DISK}2"
mkfs.btrfs -L "ROOT" "${DISK}2" -f mkfs.btrfs -L "ROOT" "${DISK}3" -f
mount -t btrfs "${DISK}2" /mnt mount -t btrfs "${DISK}3" /mnt
fi fi
ls /mnt | xargs btrfs subvolume delete ls /mnt | xargs btrfs subvolume delete
btrfs subvolume create /mnt/@ btrfs subvolume create /mnt/@
@ -96,7 +91,7 @@ esac
mount -t btrfs -o subvol=@ -L ROOT /mnt mount -t btrfs -o subvol=@ -L ROOT /mnt
mkdir /mnt/boot mkdir /mnt/boot
mkdir /mnt/boot/efi mkdir /mnt/boot/efi
mount -t vfat -L UEFISYS /mnt/boot/ mount -t vfat -L EFIBOOT /mnt/boot/
if ! grep -qs '/mnt' /proc/mounts; then if ! grep -qs '/mnt' /proc/mounts; then
echo "Drive is not mounted can not continue" echo "Drive is not mounted can not continue"
@ -113,20 +108,13 @@ pacstrap /mnt base base-devel linux-hardened linux-firmware vim nano sudo archli
genfstab -U /mnt >> /mnt/etc/fstab genfstab -U /mnt >> /mnt/etc/fstab
echo "keyserver hkp://keyserver.ubuntu.com" >> /mnt/etc/pacman.d/gnupg/gpg.conf echo "keyserver hkp://keyserver.ubuntu.com" >> /mnt/etc/pacman.d/gnupg/gpg.conf
echo "--------------------------------------" echo "--------------------------------------"
echo "-- Bootloader Systemd Installation --" echo "-- GRUB Bootloader Installation --"
echo "--------------------------------------" echo "--------------------------------------"
bootctl install --esp-path=/mnt/boot if [[ ! -d "/sys/firmware/efi" ]]; then
sudo cp /boot/loader/entries/arch.conf /boot/loader/entries/arch-hardened.conf grub-install --boot-directory=/mnt/boot ${DISK}
sudo sed -i 's|Arch Linux|Arch Linux Hardened Kernel|g' /boot/loader/entries/arch-hardened.conf else
sudo sed -i 's|vmlinuz-linux-hardened|vmlinuz-linux-lts|g' /boot/loader/entries/arch-hardened.conf grub-install --efi-directory=/mnt/boot ${DISK}
sudo sed -i 's|initramfs-linux.img|initramfs-linux-hardened.img|g' /boot/loader/entries/arch-hardened.conf fi
#[ ! -d "/mnt/boot/loader/entries" ] && mkdir -p /mnt/boot/loader/entries
#cat <<EOF > /mnt/boot/loader/entries/arch.conf
#title Arch Linux
#linux /vmlinuz-linux-hardened
#initrd /initramfs-linux-hardened.img
#options root=LABEL=ROOT rw rootflags=subvol=@
#EOF
cp -R ${SCRIPT_DIR} /mnt/root/BetterArch cp -R ${SCRIPT_DIR} /mnt/root/BetterArch
cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist
echo "--------------------------------------" echo "--------------------------------------"

View File

@ -32,7 +32,6 @@ sudo sed -i 's/#MAKEFLAGS="-j2"/MAKEFLAGS="-j$nc"/g' /etc/makepkg.conf
echo "Changing the compression settings for "$nc" cores." echo "Changing the compression settings for "$nc" cores."
sudo sed -i 's/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g' /etc/makepkg.conf sudo sed -i 's/COMPRESSXZ=(xz -c -z -)/COMPRESSXZ=(xz -c -T $nc -z -)/g' /etc/makepkg.conf
fi fi
echo "-------------------------------------------------" echo "-------------------------------------------------"
echo " Setup Language to US and set locale " echo " Setup Language to US and set locale "
echo "-------------------------------------------------" echo "-------------------------------------------------"
@ -84,6 +83,7 @@ PKGS=(
'bluedevil' 'bluedevil'
'bluez' 'bluez'
'bluez-libs' 'bluez-libs'
'bluez-utils'
'breeze' 'breeze'
'breeze-gtk' 'breeze-gtk'
'bridge-utils' 'bridge-utils'
@ -97,12 +97,14 @@ PKGS=(
'discover' 'discover'
'dolphin' 'dolphin'
'dosfstools' 'dosfstools'
'dtc'
'efibootmgr' # EFI boot 'efibootmgr' # EFI boot
'egl-wayland' 'egl-wayland'
'element-desktop-git' # Matrix client
'exfat-utils' 'exfat-utils'
'fail2ban' # Intrusion prevention 'fail2ban' # Intrusion prevention
'flameshot' 'flameshot'
'extra-cmake-modules'
'filelight'
'flex' 'flex'
'fuse2' 'fuse2'
'fuse3' 'fuse3'
@ -121,16 +123,24 @@ PKGS=(
'gst-libav' 'gst-libav'
'gst-plugins-good' 'gst-plugins-good'
'gst-plugins-ugly' 'gst-plugins-ugly'
'gwenview'
'haveged' 'haveged'
'htop' 'htop'
'iptables-nft' 'iptables-nft'
'jdk-openjdk' # Java 17 'jdk-openjdk' # Java 17
'kate' 'kate'
'kcodecs'
'kcoreaddons'
'kde-plasma-addons'
'kinfocenter'
'kscreen'
'kvantum-qt5' 'kvantum-qt5'
'kde-gtk-config' 'kde-gtk-config'
'kitty' 'kitty'
'konsole' 'konsole'
'kscreen'
'layer-shell-qt' 'layer-shell-qt'
'libdvdcss'
'libnewt' 'libnewt'
'libtool' 'libtool'
'linux-firmware' 'linux-firmware'
@ -158,11 +168,16 @@ PKGS=(
'patch' 'patch'
'picom' 'picom'
'pkgconf' 'pkgconf'
'plasma-nm'
'powerdevil'
'powerline-fonts' 'powerline-fonts'
'print-manager' 'print-manager'
'pulseaudio' 'pulseaudio'
'pulseaudio-alsa' 'pulseaudio-alsa'
'pulseaudio-bluetooth' 'pulseaudio-bluetooth'
'python-notify2'
'python-psutil'
'python-pyqt5'
'python-pip' 'python-pip'
'protonvpn' 'protonvpn'
'qemu' 'qemu'
@ -236,14 +251,14 @@ fi
echo -e "\nDone!\n" echo -e "\nDone!\n"
if ! source install.conf; then if ! source install.conf; then
read -p "Please enter username:" username read -p "Please enter username:" username
echo "username=$username" >> ${HOME}/BetterArch/install.conf echo "username=$username" >> ${HOME}/ArchTitus/install.conf
fi fi
if [ $(whoami) = "root" ]; if [ $(whoami) = "root" ];
then then
useradd -m -G wheel,libvirt -s /bin/bash $username useradd -m -G wheel,libvirt -s /bin/bash $username
passwd $username passwd $username
cp -R /root/BetterArch /home/$username/ cp -R /root/ArchTitus /home/$username/
chown -R $username: /home/$username/BetterArch chown -R $username: /home/$username/ArchTitus
read -p "Please name your machine:" nameofmachine read -p "Please name your machine:" nameofmachine
echo $nameofmachine > /etc/hostname echo $nameofmachine > /etc/hostname
else else

View File

@ -34,6 +34,7 @@ PKGS=(
'github-desktop-bin' # Github Desktop sync 'github-desktop-bin' # Github Desktop sync
'intellij-idea-community-edition' 'intellij-idea-community-edition'
'lightly-git' 'lightly-git'
'lightlyshaders-git'
'mangohud' # Gaming FPS Counter 'mangohud' # Gaming FPS Counter
'mangohud-common' 'mangohud-common'
'nerd-fonts-fira-code' 'nerd-fonts-fira-code'

View File

@ -12,32 +12,31 @@
#------------------------------------------------------------------------------------ #------------------------------------------------------------------------------------
echo -e "\nFINAL SETUP AND CONFIGURATION" echo -e "\nFINAL SETUP AND CONFIGURATION"
grub-mkconfig -o /boot/grub/grub.cfg
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
echo -e "\nEnabling Login Display Manager" echo -e "\nEnabling Login Display Manager"
systemctl enable sddm.service
sudo systemctl enable sddm.service
echo -e "\nSetup SDDM Theme" echo -e "\nSetup SDDM Theme"
cat <<EOF > /etc/sddm.conf
sudo cat <<EOF > /etc/sddm.conf
[Theme] [Theme]
Current=Nordic Current=Nordic
EOF EOF
# ------------------------------------------------------------------------ # ------------------------------------------------------------------------
sudo ufw limit 22/tcp ufw limit 22/tcp
sudo ufw default deny incoming ufw default deny incoming
sudo ufw default allow outgoing ufw default allow outgoing
# --- Harden /etc/sysctl.conf # --- Harden /etc/sysctl.conf
sudo sysctl kernel.modules_disabled=1 sysctl kernel.modules_disabled=1
sudo sysctl -a sysctl -a
sudo sysctl -A sysctl -A
sudo sysctl mib sysctl mib
sudo sysctl net.ipv4.conf.all.rp_filter sysctl net.ipv4.conf.all.rp_filter
sudo sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp' sysctl -a --pattern 'net.ipv4.conf.(eth|wlan)0.arp'
# --- PREVENT IP SPOOFS # --- PREVENT IP SPOOFS
cat <<EOF > /etc/host.conf cat <<EOF > /etc/host.conf
@ -54,13 +53,12 @@ sudo cp fail2ban.local /etc/fail2ban/
echo -e "\nEnabling essential services" echo -e "\nEnabling essential services"
systemctl enable cups.service systemctl enable cups.service
sudo ntpd -qg ntpd -qg
sudo systemctl enable ntpd.service systemctl enable ntpd.service
sudo systemctl disable dhcpcd.service systemctl disable dhcpcd.service
sudo systemctl stop dhcpcd.service systemctl stop dhcpcd.service
sudo systemctl enable NetworkManager.service systemctl enable NetworkManager.service
sudo systemctl enable bluetooth systemctl enable bluetooth
sudo systemctl enable ufw systemctl enable ufw
sudo systemctl enable fail2ban systemctl enable fail2ban
sudo systemctl start fail2ban systemctl start fail2ban
#sudo systemctl enable --now portmaster