From c6fd8e754fe5dbd70da1e9f579e5187455e4ba82 Mon Sep 17 00:00:00 2001 From: TuDatTr Date: Sat, 23 May 2020 15:00:17 +0200 Subject: [PATCH] First draft of the installation script --- etc/X11/xorg.conf.d/30-touchpad.conf | 8 ++++ etc/iptables/iptables.rules | 49 ++++++++++++++++++++++ etc/systemd/system/march.service | 8 ++++ etc/systemd/system/suspend@.service | 14 +++++++ install.sh | 62 ++++++++++++++++++++++++++++ root/march-chroot.sh | 42 +++++++++++++++++++ root/march-reboot.sh | 32 ++++++++++++++ 7 files changed, 215 insertions(+) create mode 100644 etc/X11/xorg.conf.d/30-touchpad.conf create mode 100644 etc/iptables/iptables.rules create mode 100644 etc/systemd/system/march.service create mode 100644 etc/systemd/system/suspend@.service create mode 100755 install.sh create mode 100644 root/march-chroot.sh create mode 100644 root/march-reboot.sh diff --git a/etc/X11/xorg.conf.d/30-touchpad.conf b/etc/X11/xorg.conf.d/30-touchpad.conf new file mode 100644 index 0000000..9834793 --- /dev/null +++ b/etc/X11/xorg.conf.d/30-touchpad.conf @@ -0,0 +1,8 @@ +Section "InputClass" + Identifier "touchpad" + Driver "libinput" + MatchIsTouchpad "on" + Option "Tapping" "on" + Option "ClickMethod" "clickfinger" + Option "NaturalScrolling" "true" +EndSection diff --git a/etc/iptables/iptables.rules b/etc/iptables/iptables.rules new file mode 100644 index 0000000..d355d8c --- /dev/null +++ b/etc/iptables/iptables.rules @@ -0,0 +1,49 @@ +# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020 +*security +:INPUT ACCEPT [484:209329] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [586:99971] +COMMIT +# Completed on Wed May 20 18:14:58 2020 +# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020 +*raw +:PREROUTING ACCEPT [511:211250] +:OUTPUT ACCEPT [586:99971] +COMMIT +# Completed on Wed May 20 18:14:58 2020 +# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020 +*mangle +:PREROUTING ACCEPT [511:211250] +:INPUT ACCEPT [511:211250] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [586:99971] +:POSTROUTING ACCEPT [586:99971] +COMMIT +# Completed on Wed May 20 18:14:58 2020 +# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020 +*filter +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [15:932] +:TCP - [0:0] +:UDP - [0:0] +-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -m conntrack --ctstate INVALID -j DROP +-A INPUT -p udp -m conntrack --ctstate NEW -j UDP +-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP +-A INPUT -p tcp -m recent --set --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset +-A INPUT -p udp -m recent --set --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable +-A INPUT -j REJECT --reject-with icmp-proto-unreachable +-A TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset +-A UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable +COMMIT +# Completed on Wed May 20 18:14:58 2020 +# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020 +*nat +:PREROUTING ACCEPT [4:239] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [74:6294] +:POSTROUTING ACCEPT [74:6294] +COMMIT +# Completed on Wed May 20 18:14:58 2020 diff --git a/etc/systemd/system/march.service b/etc/systemd/system/march.service new file mode 100644 index 0000000..94200a0 --- /dev/null +++ b/etc/systemd/system/march.service @@ -0,0 +1,8 @@ +[Unit] +Description=March Reboot Service + +[Service] +ExecStart=/root/arch-reboot.sh + +[Install] +WantedBy=multi-user.target diff --git a/etc/systemd/system/suspend@.service b/etc/systemd/system/suspend@.service new file mode 100644 index 0000000..bb6946b --- /dev/null +++ b/etc/systemd/system/suspend@.service @@ -0,0 +1,14 @@ +[Unit] +Description=User suspend actions +Before=sleep.target + +[Service] +User=%I +Type=forking +Environment=DISPLAY=:0 +ExecStartPre= +ExecStart= /home/tuan/.scripts/i3lock.py +ExecStartPost=/usr/bin/sleep 1 + +[Install] +WantedBy=sleep.target diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..2d7fdb7 --- /dev/null +++ b/install.sh @@ -0,0 +1,62 @@ +#!/bin/bash + +device="CHANGEME" # Device that shoud be partitioned e.g. "/dev/sda" +timezone="CHANGEME" # Your timezone according to /usr/share/zoneinfo/ e.g. "/usr/share/zoneinfo/EUROPE/Berlin" +locale="CHANGEME" # Your locale according to /etc/locale.gen e.g. "en_US.UTF-8 UTF-8" +hostname="CHANGEME" # Name for your machine e.g. "ArchLinux" +username="CHANGEME" # Your username e.g. "foo" +sudogrp="CHANGEME" # Name of the sudogrp + +CWD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + +# partition 1: 1MiB -> 500MiB FAT32 +# partition 2: 500MiB -> 3GiB swap +# partition 3: 3GiB -> .. ext4 +parted $device mklabel gpt mkpart primary fat32 1MiB 512 mkpart primary linux-swap 500MiB 3GiB mkpart primary ext4 3GiB 100% set 1 esp on -s + +if [ -b "$device\p1" ]; then + bootpart=$device\p1 + swappart=$device\p2 + rootpart=$device\p3 +else + bootpart=$device\1 + swappart=$device\2 + rootpart=$device\3 +fi + +mkfs.vfat $bootpart +mkswap $swappart +swapon $swappart + +# LUKS +cryptsetup -y luksFormat --type luks2 $rootpart +cryptsetup open $rootpart cryptroot + +cryptroot=/dev/mapper/cryptroot + +mkfs.ext4 $cryptroot + +mount $cryptroot /mnt +mkdir /mnt/boot +mount $bootpart /mnt/boot + +pacstrap /mnt base base-devel linux linux-firmware + +genfstab -U /mnt >> /mnt/etc/fstab + + +cp $CWD/etc/systemd/system/march.service /mnt/etc/systemd/system/march.service +cp $CWD/root/march-chroot.sh /mnt/root/arch-chroot.sh +cp $CWD/root/march-reboot.sh /mnt/root/arch-reboot.sh +chmod +x /mnt/root/arch-chroot.sh +chmod +x /mnt/root/arch-reboot.sh + +arch-chroot /mnt /root/march-chroot.sh -t $timezone -l $locale -h $hostname -u $username -s $sudogrp +sed -i "s/arch-reboot.sh/\0 -u $username -s $sudogrp/" /mnt/etc/systemd/system/march.service + +umount $bootpart +swapoff $swappart +umount $cryptroot +cryptsetup close $cryptroot + +shutdown -r now diff --git a/root/march-chroot.sh b/root/march-chroot.sh new file mode 100644 index 0000000..4513273 --- /dev/null +++ b/root/march-chroot.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +timezone="CHANGEME" # specified in ./arch-chroot.sh +locale="CHANGEME" +hostname="CHANGEME" +username="CHANGEME" +sudogrp="CHANGEME" + +arch-chroot /mnt root/march-chroot.sh -t timezone -l locale -h hostname -u username -s sudogrp + +ln -sf $timezone /etc/localtime + +hwclock --systohc + +echo $locale >> /etc/locale.gen +if [ $locale != "en_US.UTF-8 UTF-8"]; then + echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen +fi + +locale-gen + +echo "LANG=en_US.UTF-8" > /etc/locale.conf + +echo $hostname > /etc/hostname + +sed -i "s/^HOOKS=([[:alnum:][:space:]]\+)/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)/" /etc/mkinitcpio.conf +mkinitcpio -p linux + +passwd + +bootctl install +echo "timeout 3 +default arch" > /boot/loader/loader.conf +echo "title ArchLinux +linux /vmlinuz-linux +initrd /initramfs-linux.img +options rw cryptdevice=$(blkid $rootpart | cut -d" " -f2 | tr -d \"):cryptroot root=$cryptroot i8042.noloop i8042.nomux i8042.nopnp i8042.reset" > /boot/loader/entries/arch.conf + +sed -i "s/" + +systemctl enable march.service +systemctl enable dhcpcd.service diff --git a/root/march-reboot.sh b/root/march-reboot.sh new file mode 100644 index 0000000..b3fba45 --- /dev/null +++ b/root/march-reboot.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +sudogrp="CHANGEME" +username="CHANGEME" + +pacman -S --noconfirm git zsh gvim wget arch-audit lightdm lightdm-webkit2-greeter xorg-server xf86-video-intel i3-gaps xorg-xbacklight xorg-xrandr i3lock-color alsa-utils pulseaudio pulseaudio-alsa pulseaudio-bluetooth playerctl pavucontrol exfat-utils udiskie blueman acpi acpid tlp compton conky rxvt-unicode networkmanager network-manager-applet networkmanager-openconnect networkmanager-openvpn stow maim openssh xdotool xclip thunderbird firefox veracrypt keepassxc texlive-most evince pandoc pdfgrep adobe-source-han-sans-otc-fonts python3 python3-pip ranger atool elinks ffmpegthumbnailer highlight libcaca lynx mediainfo odt2txt perl-image-exiftool poppler python-chardet transmission-cli w3m + +echo "%$sudogrp ALL=(ALL) ALL" >> /etc/sudoers +groupadd $sudogrp +useradd -m -G $sudogrp -s $username + +systemctl enable lightdm +sed -i "s/#user-session.*/user-session=i3/g" /etc/lightdm/lightdm.conf +sed -i "s/#greeter-session.*/greeter-session=lightdm-webkit2-greeter/g" /etc/lightdm/lightdm.conf + +cp $CWD/etc/systemd/system/suspend@.service /etc/systemd/system/suspend@.service +cp $CWD/etc/X11/xorg.conf.d/30-touchpad.conf /etc/X11/xorg.conf.d/30-touchpad.conf +cp $CWD/etc/iptables/iptables.rules /etc/iptables/iptables.rules + +# From this on we need need to be $username +su $username sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" & +cp -r /usr/share/zsh-theme-powerlevel9k $HOME/.oh-my-zsh/themes/powerlevel9k + +su $username sh -c "git clone https://github.com/powerline/fonts.git --depth=1 /home/$username/fonts" +su $username sh -c "chmod +x /home/$username/fonts/install.sh" +su $username sh -c "/home/$username/fonts/install.sh" +su $username sh -c "rm -rf /home/$username/fonts/" + +su $username sh -c "git clone git@gitlab.com:TuDatTr/dotfiles.git /home/$username/.dotfiles" +su $username sh -c "cd /home/$username/.dotfiles & stow vim" +su $username sh -c "cd /home/$username/.dotfiles & stow zsh" +su $username sh -c "cd /home/$username/.dotfiles & stow config"