First draft of the installation script

etc/X11/xorg.conf.d/30-touchpad.conf

@@ -0,0 +1,8 @@
+Section "InputClass"
+    Identifier "touchpad"
+    Driver "libinput"
+    MatchIsTouchpad "on"
+    Option "Tapping" "on"
+    Option "ClickMethod" "clickfinger"
+    Option "NaturalScrolling" "true"
+EndSection

etc/iptables/iptables.rules

@@ -0,0 +1,49 @@
+# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020
+*security
+:INPUT ACCEPT [484:209329]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [586:99971]
+COMMIT
+# Completed on Wed May 20 18:14:58 2020
+# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020
+*raw
+:PREROUTING ACCEPT [511:211250]
+:OUTPUT ACCEPT [586:99971]
+COMMIT
+# Completed on Wed May 20 18:14:58 2020
+# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020
+*mangle
+:PREROUTING ACCEPT [511:211250]
+:INPUT ACCEPT [511:211250]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [586:99971]
+:POSTROUTING ACCEPT [586:99971]
+COMMIT
+# Completed on Wed May 20 18:14:58 2020
+# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [15:932]
+:TCP - [0:0]
+:UDP - [0:0]
+-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m conntrack --ctstate INVALID -j DROP
+-A INPUT -p udp -m conntrack --ctstate NEW -j UDP
+-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m conntrack --ctstate NEW -j TCP
+-A INPUT -p tcp -m recent --set --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
+-A INPUT -p udp -m recent --set --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
+-A INPUT -j REJECT --reject-with icmp-proto-unreachable
+-A TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with tcp-reset
+-A UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable
+COMMIT
+# Completed on Wed May 20 18:14:58 2020
+# Generated by iptables-save v1.8.4 on Wed May 20 18:14:58 2020
+*nat
+:PREROUTING ACCEPT [4:239]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [74:6294]
+:POSTROUTING ACCEPT [74:6294]
+COMMIT
+# Completed on Wed May 20 18:14:58 2020

etc/systemd/system/march.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=March Reboot Service
+
+[Service]
+ExecStart=/root/arch-reboot.sh
+
+[Install]
+WantedBy=multi-user.target

etc/systemd/system/suspend@.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=User suspend actions
+Before=sleep.target
+
+[Service]
+User=%I
+Type=forking
+Environment=DISPLAY=:0
+ExecStartPre= 
+ExecStart= /home/tuan/.scripts/i3lock.py
+ExecStartPost=/usr/bin/sleep 1
+
+[Install]
+WantedBy=sleep.target

install.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+
+device="CHANGEME" # Device that shoud be partitioned e.g. "/dev/sda"
+timezone="CHANGEME" # Your timezone according to /usr/share/zoneinfo/ e.g. "/usr/share/zoneinfo/EUROPE/Berlin"
+locale="CHANGEME" # Your locale according to /etc/locale.gen e.g. "en_US.UTF-8 UTF-8"
+hostname="CHANGEME" # Name for your machine e.g. "ArchLinux"
+username="CHANGEME" # Your username e.g. "foo"
+sudogrp="CHANGEME" # Name of the sudogrp
+
+CWD="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+# partition 1: 1MiB -> 500MiB FAT32
+# partition 2: 500MiB -> 3GiB swap
+# partition 3: 3GiB -> ..     ext4
+parted $device mklabel gpt mkpart primary fat32 1MiB 512 mkpart primary linux-swap 500MiB 3GiB mkpart primary ext4 3GiB 100% set 1 esp on -s
+
+if [ -b "$device\p1" ]; then
+    bootpart=$device\p1
+    swappart=$device\p2
+    rootpart=$device\p3
+else
+    bootpart=$device\1
+    swappart=$device\2
+    rootpart=$device\3
+fi
+
+mkfs.vfat $bootpart
+mkswap $swappart
+swapon $swappart
+
+# LUKS
+cryptsetup -y luksFormat --type luks2 $rootpart
+cryptsetup open $rootpart cryptroot
+
+cryptroot=/dev/mapper/cryptroot
+
+mkfs.ext4 $cryptroot
+
+mount  $cryptroot /mnt
+mkdir /mnt/boot
+mount $bootpart /mnt/boot
+
+pacstrap /mnt base base-devel linux linux-firmware
+
+genfstab -U /mnt >> /mnt/etc/fstab
+
+
+cp $CWD/etc/systemd/system/march.service /mnt/etc/systemd/system/march.service
+cp $CWD/root/march-chroot.sh /mnt/root/arch-chroot.sh
+cp $CWD/root/march-reboot.sh /mnt/root/arch-reboot.sh
+chmod +x /mnt/root/arch-chroot.sh
+chmod +x /mnt/root/arch-reboot.sh
+
+arch-chroot /mnt /root/march-chroot.sh -t $timezone -l $locale -h $hostname -u $username -s $sudogrp
+sed -i "s/arch-reboot.sh/\0 -u $username -s $sudogrp/" /mnt/etc/systemd/system/march.service
+
+umount $bootpart
+swapoff $swappart
+umount $cryptroot
+cryptsetup close $cryptroot
+
+shutdown -r now

root/march-chroot.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+timezone="CHANGEME" # specified in ./arch-chroot.sh
+locale="CHANGEME" 
+hostname="CHANGEME"
+username="CHANGEME"
+sudogrp="CHANGEME"
+
+arch-chroot /mnt root/march-chroot.sh -t timezone -l locale -h hostname -u username -s sudogrp
+
+ln -sf $timezone /etc/localtime
+
+hwclock --systohc
+
+echo $locale >> /etc/locale.gen
+if [ $locale != "en_US.UTF-8 UTF-8"]; then
+    echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
+fi
+
+locale-gen
+
+echo "LANG=en_US.UTF-8" > /etc/locale.conf
+
+echo $hostname > /etc/hostname
+
+sed -i "s/^HOOKS=([[:alnum:][:space:]]\+)/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)/" /etc/mkinitcpio.conf
+mkinitcpio -p linux
+
+passwd
+
+bootctl install
+echo "timeout 3
+default arch" > /boot/loader/loader.conf
+echo "title ArchLinux
+linux /vmlinuz-linux
+initrd /initramfs-linux.img
+options rw cryptdevice=$(blkid $rootpart | cut -d" " -f2 | tr -d \"):cryptroot root=$cryptroot i8042.noloop i8042.nomux i8042.nopnp i8042.reset" > /boot/loader/entries/arch.conf
+
+sed -i "s/"
+
+systemctl enable march.service
+systemctl enable dhcpcd.service

root/march-reboot.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+sudogrp="CHANGEME"
+username="CHANGEME"
+
+pacman -S --noconfirm git zsh gvim wget arch-audit lightdm lightdm-webkit2-greeter xorg-server xf86-video-intel i3-gaps xorg-xbacklight xorg-xrandr i3lock-color alsa-utils pulseaudio pulseaudio-alsa pulseaudio-bluetooth playerctl pavucontrol exfat-utils udiskie  blueman acpi acpid tlp compton conky rxvt-unicode  networkmanager network-manager-applet networkmanager-openconnect networkmanager-openvpn stow maim openssh xdotool xclip thunderbird firefox veracrypt keepassxc texlive-most evince pandoc pdfgrep adobe-source-han-sans-otc-fonts python3 python3-pip  ranger atool elinks ffmpegthumbnailer highlight libcaca lynx mediainfo odt2txt perl-image-exiftool poppler python-chardet transmission-cli w3m
+
+echo "%$sudogrp ALL=(ALL) ALL" >> /etc/sudoers
+groupadd $sudogrp
+useradd -m -G $sudogrp -s $username
+
+systemctl enable lightdm
+sed -i "s/#user-session.*/user-session=i3/g" /etc/lightdm/lightdm.conf
+sed -i "s/#greeter-session.*/greeter-session=lightdm-webkit2-greeter/g" /etc/lightdm/lightdm.conf
+
+cp $CWD/etc/systemd/system/suspend@.service /etc/systemd/system/suspend@.service
+cp $CWD/etc/X11/xorg.conf.d/30-touchpad.conf /etc/X11/xorg.conf.d/30-touchpad.conf
+cp $CWD/etc/iptables/iptables.rules /etc/iptables/iptables.rules
+
+# From this on we need need to be $username
+su $username sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" &
+cp -r /usr/share/zsh-theme-powerlevel9k $HOME/.oh-my-zsh/themes/powerlevel9k
+
+su $username sh -c "git clone https://github.com/powerline/fonts.git --depth=1 /home/$username/fonts"
+su $username sh -c "chmod +x /home/$username/fonts/install.sh"
+su $username sh -c "/home/$username/fonts/install.sh"
+su $username sh -c "rm -rf /home/$username/fonts/"
+
+su $username sh -c "git clone git@gitlab.com:TuDatTr/dotfiles.git /home/$username/.dotfiles"
+su $username sh -c "cd /home/$username/.dotfiles & stow vim"
+su $username sh -c "cd /home/$username/.dotfiles & stow zsh"
+su $username sh -c "cd /home/$username/.dotfiles & stow config"