#!/bin/bash -e # # Author: Casey DeLorme # # Description: fully automate installation and config after `arch-chroot`, # providing the user with a fully configured desktop environment and many # bells and whistles for developers. # # Dependencies: requires `base` and `base-devel` be installed with `pacstrap`, # and runs as root. Expects `username`, `password`, and `root_password` to be # supplied. # verify required variables while [ -z "$root_password" ]; do read -p "please enter a root password: " -s root_password && echo ""; done while [ -z "$username" ]; do read -p "please enter your username: " username; done while [ -z "$password" ]; do read -p "please enter your password: " -s password && echo ""; done # print all that transpires henceforth [ -n "$DEBUG" ] && set -x # initial time configuration ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime hwclock -w --utc # setup locale sed -i "/^en_US.UTF-8/d" /etc/locale.gen sed -i "/^ja_JP.UTF-8/d" /etc/locale.gen echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen echo "ja_JP.UTF-8 UTF-8" >> /etc/locale.gen locale-gen echo "LANG=en_US.UTF-8" > /etc/locale.conf # setup hostname echo "arch" > /etc/hostname echo "127.0.0.1 localhost" > /etc/hosts echo "::1 localhost" >> /etc/hosts echo "127.0.1.1 $(cat /etc/hostname).localdomain $(cat /etc/hostname)" >> /etc/hosts # set default virtualconsole font setfont koi8u_8x16 echo "FONT=koi8u_8x16" > /etc/vconsole.conf # enable multilib sed -i "/\[multilib\]/,/Include/"'s/^#//' /etc/pacman.conf # rebuild gpg keys rm -rf /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux # add sublime text source curl -O https://download.sublimetext.com/sublimehq-pub.gpg && pacman-key --add sublimehq-pub.gpg && pacman-key --lsign-key 8A8F901A && rm sublimehq-pub.gpg [ $(grep -c "sublime-text" /etc/pacman.conf) -eq 0 ] && echo -e "\n[sublime-text]\nServer = https://download.sublimetext.com/arch/stable/x86_64" | tee -a /etc/pacman.conf # put all packages into an environment variable that we can add to export PACKAGES="sudo bash-completion man-db tmux vim linux-firmware linux-headers dkms smartmontools cryptsetup usbutils btrfs-progs gvfs gvfs-mtp gvfs-afc android-udev dmidecode parted pkgfile pkgconf bison gcc gcc-libs cmake ccache ncurses xmlstarlet jq at bc cronie iptables rsync dhcpcd inetutils net-tools openssh sshfs ntp wget curl wireless_tools bluez bluez-utils lzop unzip p7zip xz unrar unace lrzip arj git mercurial subversion bzr postgresql mesa lib32-mesa dbus polkit xorg-server xorg-server-devel xorg-xinit xorg-xinput xorg-xdpyinfo xorg-xprop xdotool xsel patchelf libpng12 lib32-libpng12 pulseaudio libpulse lib32-libpulse openal lib32-openal giflib lib32-giflib mpg123 lib32-mpg123 v4l-utils lib32-v4l-utils opencl-icd-loader lib32-opencl-icd-loader libva lib32-libva gtk3 lib32-gtk3 gst-plugins-base-libs lib32-gst-plugins-base-libs arandr feh hsetroot openbox archlinux-xdg-menu picom xarchiver innoextract pavucontrol pasystray xdg-utils xdg-user-dirs tint2 conky pcmanfm gmrun rxvt-unicode urxvt-perls gnome-themes-extra gnome-icon-theme arc-gtk-theme gtk-engines gtk-engine-murrine lxappearance graphicsmagick imagemagick lame libwebp libid3tag libvorbis vorbis-tools faac x264 x265 libexif ffmpeg ffmpegthumbnailer tumbler joyutils evtest lm_sensors lshw gparted psensor gparted hardinfo fontconfig ttf-bitstream-vera ttf-droid ttf-dejavu ttf-liberation ttf-hanazono mpv openshot gimp krita transmission-cli evince viewnior virtualbox-host-modules-arch virtualbox vagrant python-pip python-setuptools sublime-text stress lxsession yt-dlp firefox obs-studio dia mednafen mame ppsspp lutris wine-staging winetricks steam discord libva-mesa-driver lib32-libva-mesa-driver lib32-mesa-vdpau vulkan-tools vulkan-icd-loader lib32-vulkan-icd-loader" # conditionally add wireless networking packages [ -d "/sys/class/net/${active_network_device}/wireless" ] && PACKAGES="$PACKAGES connman wpa_supplicant openvpn ethtool iwd pptpclient" # add CPU unicode package based on model [ $(grep -c "Intel" /proc/cpuinfo) -gt 0 ] && PACKAGES="$PACKAGES intel-ucode" [ $(grep -c "AMD" /proc/cpuinfo) -gt 0 ] && PACKAGES="$PACKAGES amd-ucode" # add appropriate GPU related packages if [ $(lspci | grep -i "vga" | grep -ci "amd") -gt 0 ]; then PACKAGES="$PACKAGES xf86-video-amdgpu vulkan-radeon lib32-vulkan-radeon mesa-vdpau" # update modules to load [ $(grep -c "amd" /etc/mkinitcpio.conf) -eq 0 ] && sed -i 's/MODULES=(\(.*\))/MODULES=(\1 amdgpu radeon)/' /etc/mkinitcpio.conf elif [ $(lspci | grep -i "vga" | grep -ci "intel") -gt 0 ]; then PACKAGES="$PACKAGES xf86-video-intel vulkan-intel lib32-vulkan-intel mesa-vdpau" # update modules to load [ $(grep -c "amd" /etc/mkinitcpio.conf) -eq 0 ] && sed -i 's/MODULES=(\(.*\))/MODULES=(\1 i915)/' /etc/mkinitcpio.conf elif [ $(lspci | grep -i "vga" | grep -ci "nvidia") -gt 0 ]; then PACKAGES="$PACKAGES nvidia-dkms libglvnd lib32-libglvnd opencl-nvidia lib32-opencl-nvidia xf86-video-nouveau nvidia-utils lib32-nvidia-utils mesa-vdpau nvidia-settings" # update modules to load [ $(grep -c "nvidia" /etc/mkinitcpio.conf) -eq 0 ] && sed -i 's/MODULES=(\(.*\))/MODULES=(\1 nvidia nvidia_modeset nvidia_uvm nvidia_drm)/' /etc/mkinitcpio.conf # automatic mkinitcpio updates in pacman.d echo -e "[Trigger]\nOperation=Install\nOperation=Upgrade\nOperation=Remove\nType=Package\nTarget=nvidia\n\n[Action]\nDepends=mkinitcpio\nWhen=PostTransaction\nExec=/usr/bin/mkinitcpio -P" > /etc/pacman.d/hooks/nvidia.hook fi # conditionally install laptop packages if [ -e /sys/class/power_supply/BAT0 ]; then PACKAGES="$PACKAGES xf86-input-synaptics acpid acpilight tlp" sed "s/panel_items = LTSC/panel_items = LTSBC/g" /srv/arch-desktop/install/etc/skel/.config/tint2/tint2rc > /srv/arch-desktop/install/etc/skel/.config/tint2/tint2rc fi # install all packages pacman -Syu --noconfirm "$PACKAGES" # install base configuration files from repository [ -d /srv/arch-desktop/install ] || git clone https://git.caseydelorme.com/cdelorme/arch-desktop /srv/arch-desktop rsync -Pav /srv/arch-desktop/install/ / mkdir -p /etc/skel/.config/pulse mkdir -p /etc/skel/{desktop,downloads,public,public/templates,documents,music,pictures,videos,git} sed "/module-suspend-on-idle/d" /etc/pulse/default.pa > /etc/skel/.config/pulse/default.pa # @note: we may want to avoid disabling this on laptops sed -i "/module-switch-on-port-available/d" /etc/skel/.config/pulse/default.pa rsync -Pav /etc/skel/ "$(getent passwd root | cut -d: -f6)/" sed -i "/ssh-add/d" "$(getent passwd root | cut -d: -f6)/.bashrc" # install protontricks python3 -m pip install protontricks # enable ccache and optimize cores for AUR sed -i 's/!ccache/ccache/' /etc/makepkg.conf sed -i 's/^#MAKEFLAGS.*/MAKEFLAGS="-j$(($(nproc) + 1)) -l$(nproc)"/' /etc/makepkg.conf # create a user to install aur packages export aur_username=$(head /dev/urandom | tr -dc a-z | head -c 13 ; echo '') useradd -r -m -s /bin/bash $aur_username echo "${aur_username} ALL= NOPASSWD: /usr/bin/pacman" > /etc/sudoers.d/${aur_username} # install xcursor-chameleon-skyblue sudo -u $aur_username git clone https://aur.archlinux.org/xcursor-chameleon-skyblue.git /home/${aur_username}/xcursor-chameleon-skyblue (cd /home/${aur_username}/xcursor-chameleon-skyblue && sudo -u ${aur_username} makepkg -rcsi --noconfirm) # install numix-icon-theme sudo -u $aur_username git clone https://aur.archlinux.org/numix-icon-theme-git.git /home/${aur_username}/numix-icon-theme-git (cd /home/${aur_username}/numix-icon-theme-git && sudo -u ${aur_username} makepkg -rcsi --noconfirm) # cleanup aur user rm -rf /etc/sudoers.d/${aur_username} userdel -fr $aur_username unset $aur_username # install gifduration if ! which gifduration &> /dev/null; then curl -Lfs https://raw.githubusercontent.com/alimony/gifduration-script/master/gifduration.py > /usr/local/bin/gifduration chmod a+rx /usr/local/bin/gifduration fi # install packer if ! which packer &> /dev/null; then curl -Lfs "https://releases.hashicorp.com/packer/1.3.5/packer_1.3.5_linux_amd64.zip" > /tmp/packer.zip unzip /tmp/packer.zip -d /usr/local/bin/ fi # install 64bit flash projector if ! which flashplayer &> /dev/null; then curl -Lfs "https://fpdownload.macromedia.com/pub/flashplayer/updaters/32/flash_player_sa_linux.x86_64.tar.gz" > /tmp/flash.tar.gz tar -xf /tmp/flash.tar.gz -C /usr/local/bin flashplayer fi # install urxvt perl enhancement for font resize support [ ! -f /usr/lib/urxvt/perl/font ] && curl -Lfs "https://raw.githubusercontent.com/noah/urxvt-font/master/font" > /usr/lib/urxvt/perl/font # create sudo group and add to sudoers groupadd -fr sudo [ ! -f /etc/sudoers.d/sudo ] && echo '%sudo ALL=(ALL) ALL' > /etc/sudoers.d/sudo # update font cache fc-cache -fr # secure ssh by disabling root access and only accepting ssh keys sed -i "/^#\?PermitRootLogin/d" /etc/ssh/sshd_config sed -i "/^#\?PasswordAuthentication/d" /etc/ssh/sshd_config sed -i "/^#\?X11Forwarding/d" /etc/ssh/sshd_config echo "PermitRootLogin no" >> /etc/ssh/sshd_config echo "PasswordAuthentication no" >> /etc/ssh/sshd_config echo "X11Forwarding yes" >> /etc/ssh/sshd_config # set journald size sed -i '/^SystemMaxUse/d' /etc/systemd/journald.conf echo "SystemMaxUse=2G" >> /etc/systemd/journald.conf # set root password printf "${root_password}\n${root_password}\n" | passwd # initialize postgres database su - postgres -c "initdb --locale en_US.UTF-8 -D '/var/lib/postgres/data'" # create configuration to fix transmission errors echo "net.core.rmem_max = 4194304" > /etc/sysctl.d/transmission.conf echo "net.core.wmem_max = 1048576" >> /etc/sysctl.d/transmission.conf # check whether username and password are not empty if [[ -n "$username" && -n "$password" ]]; then # create user if not exists, else (re)-install dot-files if ! id $username &> /dev/null; then useradd -m -s /bin/bash $username echo "${username}:${password}" | chpasswd -c SHA256 else [ $EUID -ne 0 ] && rsync -Pav /etc/skel/ "$(getent passwd $username | cut -d: -f6)/" fi # add user to standard groups usermod -aG users,sudo,adm,input,audio,video,disk,storage,lp,vboxusers $username # generate postgres user and user database systemctl start postgresql su postgres -c "cd && createuser -ds $username" 2> /dev/null && su $username -c "cd && createdb" # load xdg-user-dirs su $username -c "cd && xdg-user-dirs-update" update-desktop-database # generate default (passwordless) ed25519 ssh key if none exists su $username -c "cd; if [ ! -f ~/.ssh/id_ed25519 ]; then ssh-keygen -q -t ed25519 -N '' -f ~/.ssh/id_ed25519 && cd && chmod 600 ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519.pub; fi" # install gvm loading from ~/.bash_profile, and the latest go version su $username -c "if [ ! -d ~/.gvm ]; then GVM_NO_UPDATE_PROFILE=1 bash < <(curl -Ls https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer 2> /dev/null); fi" su $username -c 'grep "gvm" ~/.bash_profile &> /dev/null || echo -e "\n# load gvm\n! which gvm &> /dev/null && . ~/.gvm/scripts/gvm" >> ~/.bash_profile' su $username -c ". ~/.gvm/scripts/gvm && gvm install go1.17.3 -B && gvm use go1.17.3 --default" # setup user-space transmission if [ ! -f "/etc/systemd/system/transmission.service.d/local.conf" ]; then su $username -c "cd && mkdir -p ~/transmission/{done,incomplete}" su $username -c 'cd && tmp=$(mktemp) && jq ".[\"download-dir\"] = \"${HOME}/transmission/done\"" $HOME/.config/transmission-daemon/settings.json | jq ".[\"incomplete-dir\"] = \"${HOME}/transmission/incomplete\"" | jq ".[\"watch-dir\"] = \"$(xdg-user-dir DOWNLOAD)\"" > $tmp && mv $tmp $HOME/.config/transmission-daemon/settings.json' mkdir -p /etc/systemd/system/transmission.service.d echo "[Service]" > "/etc/systemd/system/transmission.service.d/local.conf" echo "User=${username}" >> "/etc/systemd/system/transmission.service.d/local.conf" systemctl daemon-reload fi fi # symlink shceduled maintenance tasks ln -sf /usr/local/bin/system-updates /etc/cron.daily/system-updates ln -sf /usr/local/bin/disk-maintenance /etc/cron.weekly/disk-maintenance # symlink override vi to vim ln -sf /usr/bin/vim /usr/local/bin/vi # enable services for next reboot systemctl enable iptables systemctl enable ntpd systemctl enable sshd systemctl enable bluetooth systemctl enable transmission systemctl enable postgresql systemctl enable cronie which tlp &> /dev/null && systemctl enable tlp which connman &> /dev/null && systemctl enable connman which acpid &> /dev/null && systemctl enable acpid # attempt to enable dhcp on active network devices on reboot export active_network_device=$(ip addr | awk '/state UP/ {print $2}' | sed 's/.$//') [ ! -d "/sys/class/net/${active_network_device}/wireless" ] && (systemctl enable dhcpcd@${active_network_device} || echo "failed to enable dhcp service") # build the init module mkinitcpio -p linux || echo "mkinitcpio failed?" # install the bootloader bootctl install # create boot loader entry echo "title arch" > /boot/loader/entries/arch.conf echo "linux vmlinuz-linux" >> /boot/loader/entries/arch.conf [ -f /boot/intel-ucode.img ] && echo "initrd /intel-ucode.img" >> /boot/loader/entries/arch.conf [ -f /boot/amd-ucode.img ] && echo "initrd /amd-ucode.img" >> /boot/loader/entries/arch.conf echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf echo "options root=PARTUUID=$(blkid -s PARTUUID -o value $(mount | grep ' / '|cut -d' ' -f 1)) rw quiet loglevel=3" >> /boot/loader/entries/arch.conf [[ $(lspci | grep -i " vga" | grep -ci " nvidia") -gt 0 && $(grep -c "nvidia" /boot/loader/entires/arch.conf) -eq 0 ]] && sed -i 's/rw/rw nvidia-dkm.modeset=1/' /boot/loader/entires/arch.conf # set boot loader entry as default sed -i '/^default/d' /boot/loader/loader.conf echo "default arch" >> /boot/loader/loader.conf # check boot loader configuration bootctl status