Add version with UEFI support

author: Blake Romero <blake@blkrom.com> 2023-05-24 01:53:25 +0100
committer: Blake Romero <blake@blkrom.com> 2023-05-24 01:53:25 +0100
commit: 5f375e2ab40f74688572b00b11ff6edacb0f8c87 (patch)
tree: 3f582030c250f5f161bae5a57d5d0debe28526b9 /install-artix.sh
parent: c910fae4eb5731ecaef5fc7a0592620daf30c8a2 (diff)
1 files changed, 226 insertions, 0 deletions
diff --git a/install-artix.sh b/install-artix.sh
new file mode 100755
index 0000000..6f7fabf
--- /dev/null
+++ b/install-artix.sh
@@ -0,0 +1,226 @@
+#!/bin/bash
+# ==========================================================
+# Artix Linux Installation with LUKS Root Encryption & BTRFS
+# ==========================================================
+# IMPORTANT! set drive and options in CONFIG before running!
+#
+# NOTE:
+# - ROOT password is 'artix'
+# - USER password is the same as the decryption password
+#
+# EXAMPLE LAYOUT:
+# /dev/sda
+# ├─/dev/sda1              BOOT    /boot              1G
+# ├─/dev/sda2              SWAP    [SWAP]            16G
+# └─/dev/sda3              LUKS
+#   └─/dev/mapper/root     ROOT
+#     └─@                          /
+#     └─@home                      /home
+#     └─@snapshots                 /.snapshots
+#
+# TODO LIST:
+# - FIXME: BIOS installation not booting
+# - FIXME: user password not begin set
+# - TODO: add arch mirrors support option
+#
+# CONFIG
+# ==========================================================
+drive=/dev/DRIVE
+boot="${drive}1"
+swap="${drive}2"
+root="${drive}3"
+swap_size="16G"
+
+timezone=Europe/London
+locale=en_GB
+hostname=artix
+user=blake
+user_groups=wheel,video,audio
+
+# INSTALLATION
+# ==========================================================
+# Ensure nothing mounted
+swapoff -a &> /dev/null
+cryptsetup close root &> /dev/null
+umount -R /mnt &> /dev/null
+
+# Init shell environment
+set -e
+
+# Checks
+[[ "${drive}" == "/dev/DRIVE" ]] \
+    && { echo "You forgot to set the DRIVE option!"; exit; }
+echo "Checking for internet connection..."
+ping -c 3 artixlinux.org &> /dev/null \
+    || { echo "No internet connection found"; exit; }
+
+# Read password
+echo "ENTER A PASSWORD
+(NOTE: password is used for drive decryption & user login)"
+while true; do
+    read -sr -p "Password: " password
+    printf "\n"
+    read -sr -p "Confirm password: " password2
+    printf "\n"
+    if [[ "${password}" != "${password2}" ]]; then
+        printf "Incorrect password! Press ENTER to try again...";
+        read -rn 1 ;
+    else
+        break
+    fi
+done
+
+# Create partitions
+boot_type="BIOS Boot"
+[ -d /sys/firmware/efi/efivars/ ] && boot_type=U
+printf ',512M,"%s",*\n,%s,S\n,+,L\n' \
+       "${boot_type}" "${swap_size}" | sfdisk -qf -X gpt ${drive}
+
+# Create encrypted drive
+echo "${password}" | cryptsetup --type luks2 \
+                                   --label LUKS \
+                                   --cipher aes-xts-plain64 \
+                                   --hash sha512 \
+                                   --use-random \
+                                   luksFormat "${root}"
+
+# Open encrypted drive
+echo "${password}" | cryptsetup luksOpen ${root} root
+
+# enable SWAP partition
+mkswap -L SWAP ${swap}
+swapon ${swap}
+
+# Make BOOT filesystem
+if [ -d /sys/firmware/efi/efivars/ ]; then
+    mkfs.fat -n BOOT -F 32 ${boot}
+else
+    mkfs.ext4 -L BOOT ${boot}
+fi
+
+# Make BTRFS ROOT filesystem
+mkfs.btrfs -L ROOT /dev/mapper/root
+
+# Mount btrfs ROOT drive
+mount /dev/mapper/root /mnt
+
+# Create BTRFS subvolumes
+btrfs subvolume create /mnt/@
+btrfs subvolume create /mnt/@home
+btrfs subvolume create /mnt/@snapshots
+
+# Mount BTRFS subvolumes
+umount /mnt
+options=noatime,space_cache=v2,compress=zstd,ssd,discard=async
+mount -o ${options},subvol=@ /dev/mapper/root /mnt
+mkdir /mnt/{boot,home,.snapshots}
+mount -o ${options},subvol=@home /dev/mapper/root /mnt/home
+mount -o ${options},subvol=@snapshots /dev/mapper/root /mnt/.snapshots
+chmod 750 /mnt/.snapshots
+
+# Mount boot partition.
+mount ${boot} /mnt/boot
+
+# Sync packages
+pacman -Syy
+
+# Get CPU type & install microcode
+ucode=amd-ucode
+[[ $(grep "vendor_id" /proc/cpuinfo) == *Intel* ]] && ucode=intel-ucode
+
+# Install base packages
+basestrap /mnt base base-devel runit elogind-runit
+basestrap /mnt linux linux-firmware
+basestrap /mnt \
+          grub efibootmgr os-prober \
+          btrfs-progs mkinitcpio-nfs-utils \
+          git vim man-db man-pages ${ucode}
+# Install services
+basestrap /mnt \
+          cryptsetup-runit glibc-runit device-mapper-runit \
+          iwd-runit dhcpcd-runit openntpd-runit \
+          cronie-runit openssh-runit ufw-runit
+# Extra packages
+basestrap /mnt runit-bash-completions
+
+# Enable runit services
+services="iwd dhcpcd openntpd cronie openssh ufw dmeventd"
+for service in ${services}; do
+    artix-chroot /mnt bash -c \
+      "ln -sf /etc/runit/sv/${service} /etc/runit/runsvdir/default/"
+done
+
+# Generate file-system table
+fstabgen -U /mnt >> /mnt/etc/fstab
+
+# Set swappiness levels
+[ -d /mnt/etc/sysctl.d/ ] || mkdir -p /mnt/etc/sysctl.d/
+echo vm.swappiness=10 > /mnt/etc/sysctl.d/99-swappiness.conf
+
+# SETUP SYSTEM
+# Set locale
+echo "${locale}.UTF-8 UTF-8
+${locale} ISO-8859-1" >> /mnt/etc/locale.gen
+echo "LANG=${locale}.UTF-8
+export LC_COLLATE=C" > /mnt/etc/locale.conf
+artix-chroot /mnt bash -c "locale-gen"
+
+# Set timezone
+artix-chroot /mnt bash -c \
+             "ln -sf /usr/share/zoneinfo/${timezone} /etc/localtime"
+artix-chroot /mnt bash -c "hwclock -w"
+
+# Set default text editor
+echo "export EDITOR=vim" >> /mnt/etc/profile
+
+# Set hostname
+echo ${hostname} > /mnt/etc/hostname
+
+# Set root password
+artix-chroot /mnt bash -c "echo root:artix | chpasswd"
+
+# add new user
+artix-chroot /mnt bash -c "useradd -mG ${user_groups} ${user}"
+artix-chroot /mnt bash -c "echo \"${user}:${password}\" | chpasswd"
+
+# set user privileges
+echo "
+Cmnd_Alias STAT = /usr/bin/sv status,/usr/bin/ufw status
+Cmnd_Alias PACMAN = /usr/bin/checkupdates
+Cmnd_Alias REBOOT = /sbin/halt,/sbin/reboot
+Defaults pwfeedback
+%wheel ALL=(ALL) ALL
+${user} ALL=(ALL) NOPASSWD: PACMAN,REBOOT,STAT
+" >> /mnt/etc/sudoers
+
+# Configure mkinitcpio.conf
+modules="btrfs"
+hooks="base udev autodetect modconf kms keyboard keymap block encrypt resume filesystems fsck"
+sed "s/^MODULES=(.*)/MODULES=(${modules})/" -i /mnt/etc/mkinitcpio.conf
+sed "s/^HOOKS=(.*)/HOOKS=(${hooks})/" -i /mnt/etc/mkinitcpio.conf
+
+# Rebuild ram-disk environment for Linux kernel
+artix-chroot /mnt bash -c "mkinitcpio -p linux"
+
+# CONFIGURE GRUB
+devices="resume=LABEL=SWAP cryptdevice=LABEL=LUKS:root"
+grub_cmds="loglevel=3 net.iframes=0 quiet splash ${devices}"
+
+sed "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*$/GRUB_CMDLINE_LINUX_DEFAULT=\"${grub_cmds}\"/" \
+    -i /mnt/etc/default/grub
+
+# install grub
+if [ -d /sys/firmware/efi/efivars/ ]; then
+    grub_options="--target=x86_64-efi --efi-directory=/boot --bootloader-id=artix"
+else
+    grub_options="--recheck ${drive}"
+fi
+artix-chroot /mnt bash -c "grub-install ${grub_options}"
+artix-chroot /mnt bash -c "grub-mkconfig -o /boot/grub/grub.cfg"
+
+# FINISH
+umount -R /mnt
+cryptsetup close root
+swapoff -a
+set +x
+echo "Installation complete!"
author	Blake Romero <blake@blkrom.com>	2023-05-24 01:53:25 +0100
committer	Blake Romero <blake@blkrom.com>	2023-05-24 01:53:25 +0100
commit	5f375e2ab40f74688572b00b11ff6edacb0f8c87 (patch)
tree	3f582030c250f5f161bae5a57d5d0debe28526b9 /install-artix.sh
parent	c910fae4eb5731ecaef5fc7a0592620daf30c8a2 (diff)