fresh/bootstrap.sh

#!/bin/bash
# Author: Philip Gaber <phga@posteo.de>

############################################################################
# NOTE: While testing with a VM make sure to enable EFI boot in VM options #
############################################################################

while getopts "p:n:d:" opt;
do case $opt in
       p) PASSWD=${OPTARG} ;;
       n) NAME=${OPTARG} ;;
       d) DEV=${OPTARG} ;;
       e) ENC=${OPTARG} ;;
       s) SWAP_SIZE=${OPTARG} ;;
       k) KERNEL=${OPTARG} ;;
       \?) echo "-$OPTARG is not valid" >&2 && exit ;;
   esac
done

init() {
    sleep 1
    echo ""
    echo "+---------------------------+"
    echo "| Just Some Short Questions |"
    echo "+---------------------------+"
    echo ""
    [ -z "$NAME" ] && read -p "Hostname: " NAME
    while [ -z "$PASSWD" ] || [ ! "$PASSWD" == "$CHECK" ]; do
        read -sp "Root password: " PASSWD
        echo
        read -sp "Repeat: " CHECK
    done
    # Show some possible disks
    [ -z "$DEV" ] && lsblk -nrpo "name,size,model" &&
        read -p "Provide installation medium (e.g. sda, nvme0n1): " DEV
    [[ "$DEV" =~ sd[a-z] ]] && SUF="1-3" && MODE="SATA"
    [[ "$DEV" =~ nvme[0-9]n[0-9] ]] && SUF="p1-3" && MODE="NVME"
    [ -z "$SWAP_SIZE" ] && read -p "Specify the size for the SWAP partition (16G, 1M, ...): " SWAP_SIZE
    [ -z "$ENC" ] && read -p "Do you want the root partition to be encrypted (y/n)? " ENC
    [ -z "$KERNEL" ] && read -p "Which kernel? [1: linux, 2: linux-zen]" KERNEL
    [ "$KERNEL" == "1" ] && KERNEL="linux" || KERNEL="linux-zen"
    [ "$ENC" == "y" ] && ENC=true || ENC=false

    echo "+---------------------+"
    echo "| Archlinux Bootstrap |"
    echo "+---------------------+"
    echo    "HOSTNAME    = $NAME"
    echo    "ROOTPASSWD  = ${PASSWD:0:1}***${PASSWD: -1}"
    echo    "DEVICEPARTS = $DEV$SUF"
    echo    "SWAP_SIZE   = $SWAP_SIZE"
    echo    "ENCRYPTION  = $ENC"
    echo    "KERNEL      = $KERNEL"
    read -p "Do you want to continue with these values (y/n)? " cont
    [ ! "$cont" == "y" ] && unset NAME PASSWD DEV ENC SWAP_SIZE KERNEL && init
    echo "Let's GOOOO"
}

crypt_prepare_disk() {
    set +e
    cryptsetup open --type plain -d /dev/urandom $1 wipe_me
    dd if=/dev/zero of=/dev/mapper/wipe_me bs=1M status=progress
    cryptsetup close wipe_me
    set -e
}

crypt_create_fs() {
    cryptsetup -y -v luksFormat $1
    cryptsetup open $1 root
    mkfs.ext4 /dev/mapper/root
}

# stop on error
set -e

# initialize important values
init

[ "$ENC" == true ] && crypt_prepare_disk "/dev/$DEV"

# All values set, start bootstrapping
gdisk /dev/$DEV <<EOF
o
y
n


+1G
ef00
n


+${SWAP_SIZE}
8200
n



8304
w
y

EOF

[ $MODE == "NVME" ] && suffix="p" || suffix=""

if [ "$ENC" == true ]; then
    echo "MAKING CHANGES ON /dev/${DEV}${suffix}1-3"
    mkfs.fat -I -F 32 -n P_EFI "/dev/${DEV}${suffix}1" # -I bc of virtual mappings
    crypt_create_fs "/dev/${DEV}${suffix}3"
    mkfs.ext2 -L cryptswap "/dev/${DEV}${suffix}2" 1M # Otherwise label will be lost after reboot
else
    echo "MAKING CHANGES ON /dev/${DEV}${suffix}1-3"
    mkfs.fat -F 32 -n P_EFI "/dev/${DEV}${suffix}1" # -I bc of virtual mappings
    mkfs.ext4 -L P_ROOT "/dev/${DEV}${suffix}3"
    mkswap -L P_SWAP "/dev/${DEV}${suffix}2"
fi

ROOT_UUID=$(blkid | grep -Po '/dev/'"${DEV}${suffix}"'3.* UUID="\K[0-9a-f-]+')

if [ "$ENC" == true ]; then
    mount /dev/mapper/root /mnt
    KERNEL_OPTIONS='cryptdevice=UUID='"$ROOT_UUID"':root root=/dev/mapper/root'
else
    mount -L P_ROOT /mnt
    KERNEL_OPTIONS='root=LABEL=P_ROOT rw resume=LABEL=P_SWAP'
fi

mkdir -p /mnt/boot
mount -L P_EFI /mnt/boot   # EFI

[ "$ENC" == false ] && swapon -L P_SWAP # swap

# MAYB: Obsolete bc of reflector in achiso?
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak
sed -i '/.*\.de\/.*/!d' /etc/pacman.d/mirrorlist

# for server dhcpcd and other programs are not required -> see good2know
pacstrap /mnt base base-devel "$KERNEL" linux-firmware vi dhcpcd wpa_supplicant dialog git netctl curl
genfstab -p /mnt > /mnt/etc/fstab

cat <<EOF > /mnt/root/bootstrap2.sh
#!/bin/bash

if [ $ENC == true ]; then
    sed -i 's/\(^HOOKS.*block\)/\1 encrypt/' /etc/mkinitcpio.conf
    echo "swap LABEL=cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=512" >> /etc/crypttab
    echo "/dev/mapper/swap none swap defaults 0 0" >> /etc/fstab
fi

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen

echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo $NAME > /etc/hostname

mkinitcpio -p $KERNEL

pacman -Sy --noconfirm efibootmgr dosfstools gptfdisk

bootctl install
# MAYBE: add intel-ucode images, check for amd
cat <<EEE > /boot/loader/entries/arch-uefi.conf
title	Arch
linux	/vmlinuz-$KERNEL
initrd	/initramfs-$KERNEL.img
options $KERNEL_OPTIONS
EEE

cat <<EEE > /boot/loader/entries/arch-uefi-fallback.conf
title    Arch Linux Fallback
linux    /vmlinuz-$KERNEL
initrd   /initramfs-$KERNEL-fallback.img
options $KERNEL_OPTIONS
EEE

cat <<EEE > /boot/loader/loader.conf
default   arch-uefi
timeout   1
EEE

pacman --noconfirm -Sy reflector
reflector --country 'Germany' --sort rate --protocol https --save /etc/pacman.d/mirrorlist

printf "${PASSWD}\n${PASSWD}\n" | passwd root

cd && curl -L https://g.phga.de/phga/fresh/archive/master.tar.gz -o fresh.tar.gz && tar -xzf fresh.tar.gz
# basically a shitty one time job, which does not work, seems like root does not source .bashrc
echo '/root/fresh/fresh.sh' > .bash_profile

exit
EOF

chmod u+x /mnt/root/bootstrap2.sh

arch-chroot /mnt /root/bootstrap2.sh
rm /mnt/root/bootstrap2.sh

reboot