mhutter · October 3, 2021 14:35
diff --git a/0-pre-chroot.sh b/0-pre-chroot.sh
 #!/usr/bin/env bash
 set -e -u -o pipefail -x

 # General setup
 timedatectl set-ntp true


 # Partitioning
 sgdisk /dev/sda \
  --new=1:0:+512M \
  --largest-new=2 \
  --typecode=1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B \
  --typecode=2:CA7D7CCB-63ED-4C53-861C-1742536059CC \
  --print
  
 cryptsetup luksFormat /dev/sda2
 cryptsetup open /dev/sda2 cryptroot
 mkfs.ext4 -m1 /dev/mapper/cryptroot
 mkfs.fat -F32 /dev/sda1

 mount /dev/mapper/cryptroot /mnt
 mkdir /mnt/boot
 mount /dev/sda1 /mnt/boot

 # Base setup
 pacstrap /mnt base linux linux-firmware vim sudo zsh ansible git
 genfstab -U /mnt >> /mnt/etc/fstab
diff --git a/1-chroot.sh b/1-chroot.sh
 #!/usr/bin/env bash
 set -e -u -o pipefail -x

 # Language/TZ config
 ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
 hwclock --systohc

 sed -Ei 's/^#(en_US.UTF-8)/\1/' /etc/locale.gen
 locale-gen
 echo 'LANG=en_US.UTF-8' > /etc/locale.conf

 # Network setup
 cat > /etc/hosts <<EOT
 127.0.0.1   localhost
 ::1         localhost
 127.0.1.1   arch.localdomain arch
 EOT
 hostnamectl set-hostname arch
 systemctl enable systemd-networkd
 systemctl enable systemd-resolved
 ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
 cat > /etc/systemd/network/20-wired.network <<EOT
 [Match]
 Name=enp0s3
 [Network]
 DHCP=yes
 EOT

 # Partitioning/encryption
 sed -Ei 's/^HOOKS=.+$/HOOKS=(base udev autodetect keyboard consolefont modconf block encrypt filesystems fsck)/' /etc/mkinitcpio.conf
 source <(lsblk /dev/sda2 -o UUID -P -d)
 echo "cryptroot UUID=${UUID} none luks2,discard" > /etc/crypttab.initramfs
 mkinitcpio -p linux

 # Bootloader
 bootctl install
 cat > /boot/loader/entries/arch.conf <<EOT
 title   Arch Linux
 linux   /vmlinuz-linux
 initrd  /initramfs-linux.img
 options root=/dev/mapper/cryptroot cryptdevice=UUID=${UUID}:cryptroot rw
 EOT

 # User setup
 useradd -m -s /bin/zsh -U mh
 echo 'mh ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/mh
 passwd mh
diff --git a/2-post-chroot.sh b/2-post-chroot.sh
 #!/usr/bin/env bash
 set -e -u -o pipefail -x

 umount -R /mnt
 sync
	#!/usr/bin/env bash
	set -e -u -o pipefail -x

	# General setup
	timedatectl set-ntp true


	# Partitioning
	sgdisk /dev/sda \
	--new=1:0:+512M \
	--largest-new=2 \
	--typecode=1:C12A7328-F81F-11D2-BA4B-00A0C93EC93B \
	--typecode=2:CA7D7CCB-63ED-4C53-861C-1742536059CC \
	--print

	cryptsetup luksFormat /dev/sda2
	cryptsetup open /dev/sda2 cryptroot
	mkfs.ext4 -m1 /dev/mapper/cryptroot
	mkfs.fat -F32 /dev/sda1

	mount /dev/mapper/cryptroot /mnt
	mkdir /mnt/boot
	mount /dev/sda1 /mnt/boot

	# Base setup
	pacstrap /mnt base linux linux-firmware vim sudo zsh ansible git
	genfstab -U /mnt >> /mnt/etc/fstab
	#!/usr/bin/env bash
	set -e -u -o pipefail -x

	# Language/TZ config
	ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
	hwclock --systohc

	sed -Ei 's/^#(en_US.UTF-8)/\1/' /etc/locale.gen
	locale-gen
	echo 'LANG=en_US.UTF-8' > /etc/locale.conf

	# Network setup
	cat > /etc/hosts <<EOT
	127.0.0.1 localhost
	::1 localhost
	127.0.1.1 arch.localdomain arch
	EOT
	hostnamectl set-hostname arch
	systemctl enable systemd-networkd
	systemctl enable systemd-resolved
	ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
	cat > /etc/systemd/network/20-wired.network <<EOT
	[Match]
	Name=enp0s3
	[Network]
	DHCP=yes
	EOT

	# Partitioning/encryption
	sed -Ei 's/^HOOKS=.+$/HOOKS=(base udev autodetect keyboard consolefont modconf block encrypt filesystems fsck)/' /etc/mkinitcpio.conf
	source <(lsblk /dev/sda2 -o UUID -P -d)
	echo "cryptroot UUID=${UUID} none luks2,discard" > /etc/crypttab.initramfs
	mkinitcpio -p linux

	# Bootloader
	bootctl install
	cat > /boot/loader/entries/arch.conf <<EOT
	title Arch Linux
	linux /vmlinuz-linux
	initrd /initramfs-linux.img
	options root=/dev/mapper/cryptroot cryptdevice=UUID=${UUID}:cryptroot rw
	EOT

	# User setup
	useradd -m -s /bin/zsh -U mh
	echo 'mh ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/mh
	passwd mh
	#!/usr/bin/env bash
	set -e -u -o pipefail -x

	umount -R /mnt
	sync