Update installation scripts and guide

This commit is contained in:
ItsDrike 2023-12-29 15:07:57 +01:00
parent 2fec62fdd3
commit f16a5c999a
Signed by: ItsDrike
GPG key ID: FA2745890B7048C0
3 changed files with 37 additions and 44 deletions

View file

@ -119,7 +119,7 @@ su -l itsdrike # press q or esc in the default zsh options
Setup user account Setup user account
```bash ```bash
git clone --recursive https://github.com/dotfiles ~/dots git clone --recursive https://github.com/ItsDrike/dotfiles ~/dots
cd ~/dots cd ~/dots
./install_user.sh ./install_user.sh
``` ```
@ -134,18 +134,16 @@ su -l itsdrike
Install astronvim Install astronvim
```bash ```bash
sudo pacman -S --needed luarocks rustup cargo cmake meson npm
rustup default stable
mkdir -p ~/.config/wakatime
git clone https://github.com/AstroNvim/AstroNvim ~/.config/nvim git clone https://github.com/AstroNvim/AstroNvim ~/.config/nvim
git clone https://github.com/ItsDrike/AstroNvimUser ~/.config/nvim/lua/user git clone https://github.com/ItsDrike/AstroNvimUser ~/.config/nvim/lua/user
``` ```
## Auto-mounting encrypted partitions ## Auto-mounting encrypted partitions
We've create a bunch of LUKS encrypted partitions to store our date into, We've created a LUKS encrypted partition to store our date into, however it
however it would be very inconvenient to have to mount them ourselves on each would be very inconvenient to have to mount it ourselves on each boot. Instead,
boot. Instead, we'll probably want to set up a way to mount them automatically. we'll probably want to set up a way to mount them automatically. Leaving only
the root partition that we'll need to enter a password for on boot.
### Key files ### Key files
@ -169,31 +167,20 @@ should prefer this approach if your root partition isn't encrypted, although
know that this can get pretty annoying with more than one encrypted device. If know that this can get pretty annoying with more than one encrypted device. If
you wish to do this, you can skip this section. you wish to do this, you can skip this section.
In this example, we'll be creating a different key for every encrypted
partition, but you could also share the same key file for all of them if you
wish. This is however more secure.
```bash ```bash
exit # Go back to root account
mkdir -p /etc/secrets mkdir -p /etc/secrets
dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-data.bin dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-data.bin
dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-data2.bin chmod -R 400 /etc/secrets
dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-backups.bin chmod 700 /etc/secrets
dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-arch-hyprland.bin
dd if=/dev/random bs=4096 count=1 of=/etc/secrets/keyFile-arch-kde.bin
chmod -R 004 /etc/secrets
chmod 007 /etc/secrets
``` ```
The bs argument signifies a block size (in bits), so this will create 4096-bit keys. The bs argument signifies a block size (in bits), so this will create 4096-bit keys.
Now we can add these keys into our LUKS encrypted partitions: Now we can add this key into our LUKS encrypted data partition:
```bash ```bash
cryptsetup luksAddKey /dev/disk/by-label/DATA --new-keyfile /etc/secrets/keyFile-data.bin cryptsetup luksAddKey /dev/disk/by-label/DATA --new-keyfile /etc/secrets/keyFile-data.bin
cryptsetup luksAddKey /dev/disk/by-label/DATA2 --new-keyfile /etc/secrets/keyFile-data2.bin
cryptsetup luksAddKey /dev/disk/by-label/BACKUPS --new-keyfile /etc/secrets/keyFile-backups.bin
cryptsetup luksAddKey /dev/disk/by-label/ARCH_ROOT1 --new-keyfile /etc/secrets/keyFile-arch-hyprland.bin
cryptsetup luksAddKey /dev/disk/by-label/ARCH_ROOT2 --new-keyfile /etc/secrets/keyFile-arch-kde.bin
``` ```
### /etc/crypttab ### /etc/crypttab
@ -216,9 +203,6 @@ This is the `/etc/crypttab` file that I use:
# <name> <device> <password> <options> # <name> <device> <password> <options>
cryptdata LABEL=DATA /etc/secrets/keyFile-data.bin discard cryptdata LABEL=DATA /etc/secrets/keyFile-data.bin discard
cryptdata2 LABEL=DATA2 /etc/secrets/keyFile-data2.bin discard
cryptbackups LABEL=BACKUPS /etc/secrets/keyFile-backups.bin discard
cryptarch2 LABEL=ARCH_ROOT2 /etc/secrets/keyFile-arch-kde.bin discard
``` ```
<!-- markdownlint-enable MD010 MD013 --> <!-- markdownlint-enable MD010 MD013 -->
@ -245,30 +229,25 @@ interfaces for them, to mount those to a concrete directory, we still use
# region: LUKS encrypted devices (opened from /etc/crypttab, or mounted from initramfs) # region: LUKS encrypted devices (opened from /etc/crypttab, or mounted from initramfs)
/dev/mapper/cryptroot / ext4 rw,relatime,nofail,discard 0 1 /dev/mapper/cryptroot / btrfs rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard 0 1
/dev/mapper/cryptdata /mnt/data ext4 rw,relatime,nofail,discard 0 2 /dev/mapper/cryptdata /mnt/data btrfs rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard 0 2
/dev/mapper/cryptdata2 /mnt/data2 ext4 rw,relatime,nofail,discard 0 2
/dev/mapper/cryptarch2 /mnt/arch-kde ext4 rw,relatime,nofail,discard 0 2 # Or, an example with ext4 filesystem
#/dev/mapper/cryptdata /mnt/data ext4 rw,relatime,nofail,discard 0 2
# endregion # endregion
# region: Physical devices # region: Physical devices
LABEL=BOOT /efi vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2 LABEL=BOOT /efi vfat rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
LABEL=SWAP none swap defaults 0 0 LABEL=SWAP none swap defaults 0 0
# endregion # endregion
# region: Bind mounts # region: Bind mounts
# Write kernel images to /efi/arch-hyprland, not directly to the efi system partition (esp), to avoid conflicts when dual booting # Write kernel images to /efi/arch-1, not directly to the efi system partition (esp), to avoid conflicts when dual booting
/efi/arch-hyprland /boot none rw,bind 0 0 /efi/arch-1 /boot none rw,bind 0 0
# Bind mounts for arch-kde # endregion
/efi /mnt/arch-kde/efi none rw,bind 0 0
/efi/arch-kde /mnt/arch-kde/boot none rw,bind 0 0
/mnt/data /mnt/arch-kde/mnt/data none rw,bind 0 0
/mnt/data2 /mnt/arch-kde/mnt/data2 none rw,bind 0 0
/mnt/backups /mnt/arch-kde/mnt/backups none rw,bind 0 0
/ /mnt/arch-kde/mnt/arch-hyprland none rw,bind 0 0
``` ```
<!-- markdownlint-enable MD010 MD013 --> <!-- markdownlint-enable MD010 MD013 -->
@ -299,7 +278,7 @@ environment.
If you wish, you can also follow the instructions below to auto-enable numlock: If you wish, you can also follow the instructions below to auto-enable numlock:
```bash ```bash
yay -S mkinitcpio-numlock sudo -u itsdrike yay -S mkinitcpio-numlock
# Go to HOOKS and add `numlock` after `keyboard` in: # Go to HOOKS and add `numlock` after `keyboard` in:
sudo nvim /etc/mkinitcpio.conf sudo nvim /etc/mkinitcpio.conf
``` ```
@ -328,10 +307,10 @@ Create a new file - `/efi/loader/entries/arch-hyprland.conf`, with:
```bash ```bash
title Arch Linux (Hyprland) title Arch Linux (Hyprland)
sort-key 0 sort-key 0
linux /arch-hyprland/vmlinuz-linux linux /arch-1/vmlinuz-linux
initrd /arch-hyprland/amd-ucode.img initrd /arch-1/amd-ucode.img
initrd /arch-hyprland/initramfs-linux.img initrd /arch-1/initramfs-linux.img
options cryptdevice=LABEL=ARCH_ROOT1:cryptroot:allow-discards options cryptdevice=LABEL=LINUXROOT:cryptroot:allow-discards
options root=/dev/mapper/cryptroot options root=/dev/mapper/cryptroot
options rw loglevel=3 options rw loglevel=3
``` ```
@ -347,6 +326,13 @@ auto-firmware yes
beep no beep no
``` ```
**Reboot**
```bash
exit # go back to live iso (exit chroot)
reboot
```
## Post-setup ## Post-setup
Enable Network Time Protocol (time synchronization) Enable Network Time Protocol (time synchronization)

View file

@ -60,7 +60,9 @@ install -m 700 -d ~/.local/share/gnupg
# Enable some basic services # Enable some basic services
systemctl enable systemd-resolved systemctl enable systemd-resolved
systemctl enable systemd-timesyncd
systemctl enable NetworkManager systemctl enable NetworkManager
systemctl mask systemd-networkd # We have NetworkManager for this
systemctl enable paccache.timer systemctl enable paccache.timer
systemctl enable reflector.timer systemctl enable reflector.timer
systemctl enable pkgfile-update.timer systemctl enable pkgfile-update.timer

View file

@ -44,6 +44,9 @@ yay -S --noconfirm --needed \
yay -Y --gendb yay -Y --gendb
yay -Y --devel --save yay -Y --devel --save
# Install stable channel default rust toolchain
rustup default stable
# Copy over zsh configuration # Copy over zsh configuration
# Note that this assumes you've ran install_root.sh, whcih created /etc/zsh/zshenv # Note that this assumes you've ran install_root.sh, whcih created /etc/zsh/zshenv
# with $ZOOTDIR exported. If you haven't done that, you'll want to symlink the # with $ZOOTDIR exported. If you haven't done that, you'll want to symlink the
@ -77,10 +80,12 @@ cp -ra home/.config/gtk-3.0 ~/.config
cp -ra home/.config/lf ~/.config cp -ra home/.config/lf ~/.config
cp -ra home/.local/share/gnupg/gpg.conf ~/.local/share/gnupg cp -ra home/.local/share/gnupg/gpg.conf ~/.local/share/gnupg
chmod 600 ~/.local/share/gnupg/gpg.conf chmod 600 ~/.local/share/gnupg/gpg.conf
mkdir ~/.config/wakatime
# Install various python versions with pyenv # Install various python versions with pyenv
# This might take a while # This might take a while
# (note: if you don't need pyenv, remove ~/.config/shell/py-alias, and commment these lines) # (note: if you don't need pyenv, remove ~/.config/shell/py-alias, and commment these lines)
pyenv install -l | cut -d' ' -f3 | grep -E '^3\.12\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {}
pyenv install -l | cut -d' ' -f3 | grep -E '^3\.11\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {} pyenv install -l | cut -d' ' -f3 | grep -E '^3\.11\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {}
pyenv install -l | cut -d' ' -f3 | grep -E '^3\.10\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {} pyenv install -l | cut -d' ' -f3 | grep -E '^3\.10\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {}
pyenv install -l | cut -d' ' -f3 | grep -E '^3\.9\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {} pyenv install -l | cut -d' ' -f3 | grep -E '^3\.9\.[0-9]+$' | tail -n 1 | xargs -I {} pyenv install {}