arch-desktop/arch.sh

#!/bin/bash -e
#
# Author: Casey DeLorme
#
# Description: fully automate installation and config after `arch-chroot`,
# providing the user with a fully configured desktop environment and many
# bells and whistles for developers.
#
# Dependencies: requires `base` and `base-devel` be installed with `pacstrap`,
# and runs as root.  Expects `username`, `password`, and `root_password` to be
# supplied.

# verify required variables
while [ -z "$root_password" ]; do read -p "please enter a root password: " -s root_password && echo ""; done
while [ -z "$username" ]; do read -p "please enter your username: " username; done
while [ -z "$password" ]; do read -p "please enter your password: " -s password && echo ""; done

# print all that transpires henceforth
[ -n "$DEBUG" ] && set -x

# initial time configuration
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
hwclock -w --utc

# setup locale
sed -i "/^en_US.UTF-8/d" /etc/locale.gen
sed -i "/^ja_JP.UTF-8/d" /etc/locale.gen
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
echo "ja_JP.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf

# setup hostname
echo "arch" > /etc/hostname
echo "127.0.0.1 localhost" > /etc/hosts
echo "::1 localhost" >> /etc/hosts
echo "127.0.1.1 $(cat /etc/hostname).localdomain $(cat /etc/hostname)" >> /etc/hosts

# set default virtualconsole font
setfont koi8u_8x16
echo "FONT=koi8u_8x16" > /etc/vconsole.conf

# enable multilib
sed -i "/\[multilib\]/,/Include/"'s/^#//' /etc/pacman.conf

# rebuild gpg keys
rm -rf /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux

# add sublime text source
curl -O https://download.sublimetext.com/sublimehq-pub.gpg && pacman-key --add sublimehq-pub.gpg && pacman-key --lsign-key 8A8F901A && rm sublimehq-pub.gpg
[ $(grep -c "sublime-text" /etc/pacman.conf) -eq 0 ] && echo -e "\n[sublime-text]\nServer = https://download.sublimetext.com/arch/stable/x86_64" | tee -a /etc/pacman.conf

# update and install all packages
pacman -Syu --noconfirm sudo bash-completion man-db tmux vim linux-firmware linux-headers dkms smartmontools cryptsetup usbutils btrfs-progs gvfs gvfs-mtp gvfs-afc android-udev dmidecode parted pkgfile pkgconf bison gcc gcc-libs cmake ccache ncurses xmlstarlet jq at bc cronie iptables rsync dhcpcd net-tools openssh sshfs ntp wget curl wireless_tools bluez bluez-utils lzop unzip p7zip xz unrar unace lrzip arj git mercurial subversion bzr postgresql mesa lib32-mesa dbus polkit xorg-server xorg-server-devel xorg-xinit xorg-xinput xorg-xdpyinfo xorg-xprop xdotool xsel pulseaudio libpulse lib32-libpulse openal lib32-openal giflib lib32-giflib mpg123 lib32-mpg123 v4l-utils lib32-v4l-utils opencl-icd-loader lib32-opencl-icd-loader libva lib32-libva gtk3 lib32-gtk3 gst-plugins-base-libs lib32-gst-plugins-base-libs vulkan-tools vulkan-icd-loader lib32-vulkan-icd-loader arandr feh hsetroot openbox archlinux-xdg-menu picom xarchiver innoextract pavucontrol pasystray python2-xdg xdg-utils xdg-user-dirs tint2 conky pcmanfm gmrun rxvt-unicode urxvt-perls gnome-themes-extra gnome-icon-theme arc-gtk-theme gtk-engines gtk-engine-murrine lxappearance graphicsmagick imagemagick lame libwebp libid3tag libvorbis vorbis-tools faac x264 x265 libexif ffmpeg ffmpegthumbnailer tumbler joyutils evtest lm_sensors lshw gparted psensor gparted hardinfo fontconfig ttf-bitstream-vera ttf-droid ttf-dejavu ttf-liberation ttf-hanazono mpv openshot gimp krita transmission-cli discord evince viewnior virtualbox-host-modules-arch virtualbox vagrant obs-studio dia mednafen mame ppsspp lutris steam wine-staging python-pip python-setuptools winetricks sublime-text

# if the active network device is wireless install connman
[ -d "/sys/class/net/${active_network_device}/wireless" ] && pacman -Syu connman wpa_supplicant openvpn ethtool iwd pptpclient && systemctl enable connman

# install protontricks
python3 -m pip install protontricks

# enable ccache and optimize cores for AUR
sed -i 's/!ccache/ccache/' /etc/makepkg.conf
sed -i 's/^#MAKEFLAGS.*/MAKEFLAGS="-j$(($(nproc) + 1)) -l$(nproc)"/' /etc/makepkg.conf

# install CPU unicode based on model
[ $(grep -c "Intel" /proc/cpuinfo) -gt 0 ] && pacman -Syu --noconfirm intel-ucode
[ $(grep -c "AMD" /proc/cpuinfo) -gt 0 ] && pacman -Syu --noconfirm amd-ucode

# install nvidia related packages
if [ $(lspci | grep -i " vga" | grep -ci " nvidia") -gt 0 ]; then
	pacman -Syu --noconfirm nvidia-dkms libglvnd nvidia-utils opencl-nvidia lib32-libglvnd lib32-nvidia-utils lib32-opencl-nvidia nvidia-settings

	# update modules to load
	[ $(grep -c "nvidia" /etc/mkinitcpio.conf) -eq 0 ] && sed -i 's/MODULES=(\(.*\))/MODULES=(\1 nvidia nvidia_modeset nvidia_uvm nvidia_drm)/' /etc/mkinitcpio.conf

	# automatic updates in pacman.d
	echo -e "[Trigger]\nOperation=Install\nOperation=Upgrade\nOperation=Remove\nType=Package\nTarget=nvidia\n\n[Action]\nDepends=mkinitcpio\nWhen=PostTransaction\nExec=/usr/bin/mkinitcpio -P" > /etc/pacman.d/hooks/nvidia.hook
fi

# install AMD/Radeon related packages
if [ $(lspci | grep -i "vga" | grep -ci "amd") -gt 0 ]; then
	pacman -Syu --noconfirm xf86-video-amdgpu vulkan-radeon lib32-vulkan-radeon libva-mesa-driver lib32-libva-mesa-driver mesa-vdpau lib32-mesa-vdpau amdvlk lib32-amdvlk

	# update modules to load
	[ $(grep -c "amd" /etc/mkinitcpio.conf) -eq 0 ] && sed -i 's/MODULES=(\(.*\))/MODULES=(\1 amdgpu radeon)/' /etc/mkinitcpio.conf
fi

# create a user to install aur packages
export aur_username=$(head /dev/urandom | tr -dc a-z | head -c 13 ; echo '')
useradd -r -m -s /bin/bash $aur_username
echo "${aur_username} ALL= NOPASSWD: /usr/bin/pacman" > /etc/sudoers.d/${aur_username}

# install laptop packages and optimize system configuration
export chassistype=$(dmidecode --string chassis-type)
if [[ "$chassistype" = "Laptop" || "$chassistype" = "Portable" || "$chassistype" = "Notebook" || "$chassistype" = "Sub Notebook" ]]; then
	pacman -Syu --noconfirm xf86-input-synaptics acpid hdparm sdparm acpilight connman wpa_supplicant openvpn ethtool iwd pptpclient tlp
	systemctl enable connman
	systemctl enable acpid
fi

# install xcursor-chameleon-skyblue
sudo -u $aur_username git clone https://aur.archlinux.org/xcursor-chameleon-skyblue.git /home/${aur_username}/xcursor-chameleon-skyblue
(cd /home/${aur_username}/xcursor-chameleon-skyblue && sudo -u ${aur_username} makepkg -rcsi --noconfirm)

# install numix-icon-theme
sudo -u $aur_username git clone https://aur.archlinux.org/numix-icon-theme-git.git /home/${aur_username}/numix-icon-theme-git
(cd /home/${aur_username}/numix-icon-theme-git && sudo -u ${aur_username} makepkg -rcsi --noconfirm)

# install google-chrome (google-chrome-stable)
sudo -u $aur_username git clone https://aur.archlinux.org/google-chrome.git /home/${aur_username}/google-chrome
(cd /home/${aur_username}/google-chrome && sudo -u ${aur_username} makepkg -rcsi --noconfirm)

# cleanup aur user
rm -rf /etc/sudoers.d/${aur_username}
userdel -fr $aur_username
unset $aur_username

# install youtube-dl
if ! which youtube-dl &> /dev/null; then
	curl -Lfs https://yt-dl.org/latest/youtube-dl > /usr/local/bin/youtube-dl
	chmod a+rx /usr/local/bin/youtube-dl
fi

# install gifduration
if ! which gifduration &> /dev/null; then
	curl -Lfs https://raw.githubusercontent.com/alimony/gifduration-script/master/gifduration.py > /usr/local/bin/gifduration
	chmod a+rx /usr/local/bin/gifduration
fi

# install prime95
if ! which mprime &> /dev/null; then
	curl -Lfs "http://www.mersenne.org/ftp_root/gimps/p95v294b8.linux64.tar.gz" > /tmp/prime.tar.gz
	mkdir -p /usr/local/src/prime/
	tar -xf /tmp/prime.tar.gz -C /usr/local/src/prime
	ln -sf /usr/local/src/prime/mprime /usr/local/bin/
fi

# install packer
if ! which packer &> /dev/null; then
	curl -Lfs "https://releases.hashicorp.com/packer/1.3.5/packer_1.3.5_linux_amd64.zip" > /tmp/packer.zip
	unzip /tmp/packer.zip -d /usr/local/bin/
fi

# install 64bit flash projector
if ! which flashplayer &> /dev/null; then
	curl -Lfs "https://fpdownload.macromedia.com/pub/flashplayer/updaters/32/flash_player_sa_linux.x86_64.tar.gz" > /tmp/flash.tar.gz
	tar -xf /tmp/flash.tar.gz -C /usr/local/bin flashplayer
fi

# install urxvt perl enhancement for font resize support
[ ! -f /usr/lib/urxvt/perl/font ] && curl -Lfs "https://raw.githubusercontent.com/noah/urxvt-font/master/font" > /usr/lib/urxvt/perl/font

# create sudo group and add to sudoers
groupadd -fr sudo
[ ! -f /etc/sudoers.d/sudo ] && echo '%sudo ALL=(ALL) ALL' > /etc/sudoers.d/sudo

# install base configuration files from repository
[ -d /srv/arch-desktop/install ] || git clone https://git.caseydelorme.com/cdelorme/arch-desktop /srv/arch-desktop
rsync -Pav /srv/arch-desktop/install/ /
ln -sf .Xdefaults /etc/skel/.Xresources
mkdir -p /etc/skel/.config/pulse
sed "/module-suspend-on-idle/d" /etc/pulse/default.pa > /etc/skel/.config/pulse/default.pa
# @note: we may want to avoid disabling this on laptops
sed "/module-switch-on-port-available/d" /etc/pulse/default.pa > /etc/skel/.config/pulse/default.pa
rsync -Pav /etc/skel/ $(getent passwd root | cut -d: -f6)/

# update font cache
fc-cache -fr

# secure ssh by disabling root access and only accepting ssh keys
sed -i "/^#\?PermitRootLogin/d" /etc/ssh/sshd_config
sed -i "/^#\?PasswordAuthentication/d" /etc/ssh/sshd_config
sed -i "/^#\?X11Forwarding/d" /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "X11Forwarding yes" >> /etc/ssh/sshd_config

# set journald size
sed -i '/^SystemMaxUse/d' /etc/systemd/journald.conf
echo "SystemMaxUse=2G" >> /etc/systemd/journald.conf

# set root password
printf "${root_password}\n${root_password}\n" | passwd

# after 4 bad logins lock an account for 10 minutes; or one minute for root
sed -i -re 's/^(auth\s*required\s*pam_tally2.so).*/\1 deny=4 even_deny_root unlock_time=600 root_unlock_time=60 onerr=fail file=\/var\/log\/tallylog/g' /etc/pam.d/system-login

# initialize postgres database
su - postgres -c "initdb --locale en_US.UTF-8 -D '/var/lib/postgres/data'"

# create configuration to fix transmission errors
echo "net.core.rmem_max = 4194304" > /etc/sysctl.d/transmission.conf
echo "net.core.wmem_max = 1048576" >> /etc/sysctl.d/transmission.conf

# check whether username and password are not empty
if [[ -n "$username" && -n "$password" ]]; then

	# create user if not exists, else (re)-install dot-files
	if ! id $username &> /dev/null; then
		useradd -m -s /bin/bash $username
		echo "${username}:${password}" | chpasswd -c SHA256
	else
		[ $EUID -ne 0 ] && rsync -Pav /etc/skel/ $(getent passwd $username | cut -d: -f6)/
	fi

	# add user to standard groups
	usermod -aG users,sudo,adm,input,audio,video,disk,storage,lp,vboxusers $username

	# generate postgres user and user database
	systemctl start postgresql
	su postgres -c "cd && createuser -ds $username" 2> /dev/null && su $username -c "cd && createdb"

	# configure and generate xdg-user-dirs
	su $username -c "cd && mkdir -p ~/{desktop,downloads,public,documents,music,pictures,videos,git} && xdg-user-dirs-update"
	update-desktop-database

	# generate default (passwordless) ed25519 ssh key if none exists
	su $username -c "cd; if [ ! -f ~/.ssh/id_ed25519 ]; then ssh-keygen -q -t ed25519 -N '' -f ~/.ssh/id_ed25519 && cd && chmod 600 ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519.pub; fi"

	# @note: during arch installation systemd will ignore chroot start for user
	# so we have to take the manual route of generating the target symlink.
	su $username -c 'cd; mkdir $HOME/.config/systemd/user/default.target.wants; ln -fs $HOME/.config/systemd/user/ssh-agent.service $HOME/.config/systemd/user/default.target.wants/ssh-agent.service'

	# install gvm loading from ~/.bash_profile, and the latest go version
	su $username -c "if [ ! -d ~/.gvm ]; then GVM_NO_UPDATE_PROFILE=1 bash < <(curl -Ls https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer 2> /dev/null); fi"
	su $username -c 'grep "gvm" ~/.bash_profile &> /dev/null || echo -e "\n# load gvm\n! which gvm &> /dev/null && . ~/.gvm/scripts/gvm" >> ~/.bash_profile'
	su $username -c ". ~/.gvm/scripts/gvm && gvm install go1.12 -B && gvm use go1.12 --default"

	# setup user-space transmission
	if [ ! -f "/etc/systemd/system/transmission.service.d/local.conf" ]; then
		su $username -c "cd && mkdir -p ~/transmission/{done,incomplete}"
		su $username -c 'cd && tmp=$(mktemp) && jq ".[\"download-dir\"] = \"${HOME}/transmission/done\"" $HOME/.config/transmission-daemon/settings.json | jq ".[\"incomplete-dir\"] = \"${HOME}/transmission/incomplete\"" | jq ".[\"watch-dir\"] = \"$(xdg-user-dir DOWNLOAD)\"" > $tmp && mv $tmp $HOME/.config/transmission-daemon/settings.json'
		mkdir -p /etc/systemd/system/transmission.service.d
		echo "[Service]" > "/etc/systemd/system/transmission.service.d/local.conf"
		echo "User=${username}" >> "/etc/systemd/system/transmission.service.d/local.conf"
		systemctl daemon-reload
	fi
fi

# symlink shceduled maintenance tasks
ln -sf /usr/local/bin/system-updates /etc/cron.daily/
ln -sf /usr/local/bin/disk-maintenance /etc/cron.weekly/

# symlink override vi to vim
ln -sf /usr/bin/vim /usr/local/bin/vi

# enable services for next reboot
systemctl enable iptables
systemctl enable ntpd
systemctl enable sshd
systemctl enable bluetooth
systemctl enable transmission
systemctl enable postgresql
systemctl enable cronie

# try to enable wired connections on reboot
export active_network_device=$(ip addr | awk '/state UP/ {print $2}' | sed 's/.$//')
[ ! -d "/sys/class/net/${active_network_device}/wireless" ] && (systemctl enable dhcpcd@${active_network_device} || echo "failed to enable dhcp service")

# build the init module
mkinitcpio -p linux || echo "mkinitcpio failed?"

# install the bootloader
bootctl install

# create boot loader entry
echo "title arch" > /boot/loader/entries/arch.conf
echo "linux vmlinuz-linux" >> /boot/loader/entries/arch.conf
[ -f /boot/intel-ucode.img ] && echo "initrd /intel-ucode.img" >> /boot/loader/entries/arch.conf
[ -f /boot/amd-ucode.img ] && echo "initrd /amd-ucode.img" >> /boot/loader/entries/arch.conf
echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf
echo "options root=PARTUUID=$(blkid -s PARTUUID -o value $(mount | grep ' / '|cut -d' ' -f 1)) rw" >> /boot/loader/entries/arch.conf
[[ $(lspci | grep -i " vga" | grep -ci " nvidia") -gt 0 && $(grep -c "nvidia" /boot/loader/entires/arch.conf) -eq 0 ]] && sed -i 's/rw/rw nvidia-dkm.modeset=1/' /boot/loader/entires/arch.conf

# set boot loader entry as default
sed -i '/^default/d' /boot/loader/loader.conf
echo "default arch" >> /boot/loader/loader.conf

# check boot loader configuration
bootctl status

echo "instalation complete, please exit, umount -R /mnt, and reboot..."