From f16a5c999a630eca78b3bf182165aa4ebfd45d96 Mon Sep 17 00:00:00 2001 From: ItsDrike Date: Fri, 29 Dec 2023 15:07:57 +0100 Subject: [PATCH] Update installation scripts and guide --- guides/installation.md | 74 +++++++++++++++++------------------------- install_root.sh | 2 ++ install_user.sh | 5 +++ 3 files changed, 37 insertions(+), 44 deletions(-) diff --git a/guides/installation.md b/guides/installation.md index 167158d..4216660 100644 --- a/guides/installation.md +++ b/guides/installation.md @@ -119,7 +119,7 @@ su -l itsdrike # press q or esc in the default zsh options Setup user account ```bash -git clone --recursive https://github.com/dotfiles ~/dots +git clone --recursive https://github.com/ItsDrike/dotfiles ~/dots cd ~/dots ./install_user.sh ``` @@ -134,18 +134,16 @@ su -l itsdrike Install astronvim ```bash -sudo pacman -S --needed luarocks rustup cargo cmake meson npm -rustup default stable -mkdir -p ~/.config/wakatime git clone https://github.com/AstroNvim/AstroNvim ~/.config/nvim git clone https://github.com/ItsDrike/AstroNvimUser ~/.config/nvim/lua/user ``` ## Auto-mounting encrypted partitions -We've create a bunch of LUKS encrypted partitions to store our date into, -however it would be very inconvenient to have to mount them ourselves on each -boot. Instead, we'll probably want to set up a way to mount them automatically. +We've created a LUKS encrypted partition to store our date into, however it +would be very inconvenient to have to mount it ourselves on each boot. Instead, +we'll probably want to set up a way to mount them automatically. Leaving only +the root partition that we'll need to enter a password for on boot. ### Key files @@ -169,31 +167,20 @@ should prefer this approach if your root partition isn't encrypted, although know that this can get pretty annoying with more than one encrypted device. If you wish to do this, you can skip this section. -In this example, we'll be creating a different key for every encrypted -partition, but you could also share the same key file for all of them if you -wish. This is however more secure. - ```bash +exit # Go back to root account mkdir -p /etc/secrets dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-data.bin -dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-data2.bin -dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-backups.bin -dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-arch-hyprland.bin -dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-arch-kde.bin -chmod -R 004 /etc/secrets -chmod 007 /etc/secrets +chmod -R 400 /etc/secrets +chmod 700 /etc/secrets ``` The bs argument signifies a block size (in bits), so this will create 4096-bit keys. -Now we can add these keys into our LUKS encrypted partitions: +Now we can add this key into our LUKS encrypted data partition: ```bash cryptsetup luksAddKey /dev/disk/by-label/DATA --new-keyfile /etc/secrets/keyFile-data.bin -cryptsetup luksAddKey /dev/disk/by-label/DATA2 --new-keyfile /etc/secrets/keyFile-data2.bin -cryptsetup luksAddKey /dev/disk/by-label/BACKUPS --new-keyfile /etc/secrets/keyFile-backups.bin -cryptsetup luksAddKey /dev/disk/by-label/ARCH_ROOT1 --new-keyfile /etc/secrets/keyFile-arch-hyprland.bin -cryptsetup luksAddKey /dev/disk/by-label/ARCH_ROOT2 --new-keyfile /etc/secrets/keyFile-arch-kde.bin ``` ### /etc/crypttab @@ -216,9 +203,6 @@ This is the `/etc/crypttab` file that I use: # cryptdata LABEL=DATA /etc/secrets/keyFile-data.bin discard -cryptdata2 LABEL=DATA2 /etc/secrets/keyFile-data2.bin discard -cryptbackups LABEL=BACKUPS /etc/secrets/keyFile-backups.bin discard -cryptarch2 LABEL=ARCH_ROOT2 /etc/secrets/keyFile-arch-kde.bin discard ``` @@ -245,30 +229,25 @@ interfaces for them, to mount those to a concrete directory, we still use # region: LUKS encrypted devices (opened from /etc/crypttab, or mounted from initramfs) -/dev/mapper/cryptroot / ext4 rw,relatime,nofail,discard 0 1 -/dev/mapper/cryptdata /mnt/data ext4 rw,relatime,nofail,discard 0 2 -/dev/mapper/cryptdata2 /mnt/data2 ext4 rw,relatime,nofail,discard 0 2 -/dev/mapper/cryptarch2 /mnt/arch-kde ext4 rw,relatime,nofail,discard 0 2 +/dev/mapper/cryptroot / btrfs rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard 0 1 +/dev/mapper/cryptdata /mnt/data btrfs rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard 0 2 + +# Or, an example with ext4 filesystem +#/dev/mapper/cryptdata /mnt/data ext4 rw,relatime,nofail,discard 0 2 # endregion # region: Physical devices -LABEL=BOOT /efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2 +LABEL=BOOT /efi vfat rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2 LABEL=SWAP none swap defaults 0 0 # endregion # region: Bind mounts -# Write kernel images to /efi/arch-hyprland, not directly to the efi system partition (esp), to avoid conflicts when dual booting -/efi/arch-hyprland /boot none rw,bind 0 0 +# Write kernel images to /efi/arch-1, not directly to the efi system partition (esp), to avoid conflicts when dual booting +/efi/arch-1 /boot none rw,bind 0 0 -# Bind mounts for arch-kde -/efi /mnt/arch-kde/efi none rw,bind 0 0 -/efi/arch-kde /mnt/arch-kde/boot none rw,bind 0 0 -/mnt/data /mnt/arch-kde/mnt/data none rw,bind 0 0 -/mnt/data2 /mnt/arch-kde/mnt/data2 none rw,bind 0 0 -/mnt/backups /mnt/arch-kde/mnt/backups none rw,bind 0 0 -/ /mnt/arch-kde/mnt/arch-hyprland none rw,bind 0 0 +# endregion ``` @@ -299,7 +278,7 @@ environment. If you wish, you can also follow the instructions below to auto-enable numlock: ```bash -yay -S mkinitcpio-numlock +sudo -u itsdrike yay -S mkinitcpio-numlock # Go to HOOKS and add `numlock` after `keyboard` in: sudo nvim /etc/mkinitcpio.conf ``` @@ -328,10 +307,10 @@ Create a new file - `/efi/loader/entries/arch-hyprland.conf`, with: ```bash title Arch Linux (Hyprland) sort-key 0 -linux /arch-hyprland/vmlinuz-linux -initrd /arch-hyprland/amd-ucode.img -initrd /arch-hyprland/initramfs-linux.img -options cryptdevice=LABEL=ARCH_ROOT1:cryptroot:allow-discards +linux /arch-1/vmlinuz-linux +initrd /arch-1/amd-ucode.img +initrd /arch-1/initramfs-linux.img +options cryptdevice=LABEL=LINUXROOT:cryptroot:allow-discards options root=/dev/mapper/cryptroot options rw loglevel=3 ``` @@ -347,6 +326,13 @@ auto-firmware yes beep no ``` +**Reboot** + +```bash +exit # go back to live iso (exit chroot) +reboot +``` + ## Post-setup Enable Network Time Protocol (time synchronization) diff --git a/install_root.sh b/install_root.sh index 7362a02..c74474b 100755 --- a/install_root.sh +++ b/install_root.sh @@ -60,7 +60,9 @@ install -m 700 -d ~/.local/share/gnupg # Enable some basic services systemctl enable systemd-resolved +systemctl enable systemd-timesyncd systemctl enable NetworkManager +systemctl mask systemd-networkd # We have NetworkManager for this systemctl enable paccache.timer systemctl enable reflector.timer systemctl enable pkgfile-update.timer diff --git a/install_user.sh b/install_user.sh index 054e054..983f284 100755 --- a/install_user.sh +++ b/install_user.sh @@ -44,6 +44,9 @@ yay -S --noconfirm --needed \ yay -Y --gendb yay -Y --devel --save +# Install stable channel default rust toolchain +rustup default stable + # Copy over zsh configuration # Note that this assumes you've ran install_root.sh, whcih created /etc/zsh/zshenv # with $ZOOTDIR exported. If you haven't done that, you'll want to symlink the @@ -77,10 +80,12 @@ cp -ra home/.config/gtk-3.0 ~/.config cp -ra home/.config/lf ~/.config cp -ra home/.local/share/gnupg/gpg.conf ~/.local/share/gnupg chmod 600 ~/.local/share/gnupg/gpg.conf +mkdir ~/.config/wakatime # Install various python versions with pyenv # This might take a while # (note: if you don't need pyenv, remove ~/.config/shell/py-alias, and commment these lines) +pyenv install -l | cut -d' ' -f3 | grep -E '^3\.12\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {} pyenv install -l | cut -d' ' -f3 | grep -E '^3\.11\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {} pyenv install -l | cut -d' ' -f3 | grep -E '^3\.10\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {} pyenv install -l | cut -d' ' -f3 | grep -E '^3\.9\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {}