path: root/mkcryptuefi

#! /bin/bash

set -e

function get_cmdline {
	sed -r 's/[[:alnum:]]+=/\n&/g' /proc/cmdline | awk -F= "\$1==\"$1\"{print \$2}" | sed 's/.\{1\}$//'
}

# cmdline options
TIMEZONE=$(get_cmdline tz)
KEYMAP=$(get_cmdline keytable)

DRIVE=$1
PART_PREFIX=$2

if [[ -z "${DRIVE}" ]] | [[ -z "${PART_PREFIX}" ]]; then
	echo -e "\e[1m\e[1;31mUsage: mkcryptuefi <drive> <partition prefix>\e[0m"
	exit 1
fi

ln -sf "/usr/share/zoneinfo/${TIMEZONE}" /etc/localtime
hwclock --systohc

sed -i "s/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/" /etc/locale.gen
locale-gen

cat <<EOT > /etc/locale.conf
export LANG="en_US.UTF-8"
export LC_COLLATE="C"
EOT

sed -i "s/keymap=\"us\"/keymap=\"${KEYMAP}\"/" /etc/conf.d/keymaps
echo "KEYMAP=${KEYMAP}" > /etc/vconsole.conf

sed -i 's/^HOOKS=(\(.*\)block filesystems\(.*\))/HOOKS=(\1block encrypt filesystems\2)/g' /etc/mkinitcpio.conf

pacman -S --needed --noconfirm btrfs-progs efibootmgr device-mapper-openrc cryptsetup-openrc

UUID_CRYPT=$(blkid -s UUID -o value ${PART_PREFIX}2)
UUID_INNER=$(blkid -s UUID -o value /dev/mapper/data_crypt)

mkdir -p /etc/kernel
echo "loglevel=3 quiet root=UUID=${UUID_INNER} ro rootflags=subvol=root cryptdevice=UUID=${UUID_CRYPT}:data_crypt" > /etc/kernel/cmdline

sed -i 's/#default_uki="\/efi\/EFI\/Linux\/arch-linux-hardened\.efi"/default_uki="\/boot\/efi\/EFI\/artix\/artix-linux-hardened.efi"/' /etc/mkinitcpio.d/linux-hardened.preset
sed -i 's/#fallback_uki="\/efi\/EFI\/Linux\/arch-linux-hardened-fallback\.efi"/fallback_uki="\/boot\/efi\/EFI\/artix\/artix-linux-hardened-fallback.efi"/' /etc/mkinitcpio.d/linux-hardened.preset
sed -i 's/#default_uki="\/efi\/EFI\/Linux\/arch-linux-lts\.efi"/default_uki="\/boot\/efi\/EFI\/artix\/artix-linux-lts.efi"/' /etc/mkinitcpio.d/linux-lts.preset
sed -i 's/#fallback_uki="\/efi\/EFI\/Linux\/arch-linux-lts-fallback\.efi"/fallback_uki="\/boot\/efi\/EFI\/artix\/artix-linux-lts-fallback.efi"/' /etc/mkinitcpio.d/linux-lts.preset

mkdir -p /boot/efi/EFI/artix

pacman -S --needed --noconfirm fakeroot

useradd -m aur
(cd /home/aur && su aur -c 'git clone https://aur.archlinux.org/efistub-standalone.git')
(cd /home/aur/efistub-standalone && su aur -c 'makepkg -rc')
pacman -U --noconfirm /home/aur/efistub-standalone/efistub-standalone-*.pkg.tar.zst
userdel -r aur

pacman -Rns --noconfirm fakeroot

mkinitcpio -p linux-hardened
mkinitcpio -p linux-lts

efibootmgr --create --disk ${DRIVE} --part 1 --label "Artix Linux LTS (fallback initramfs)" --loader '\EFI\artix\artix-linux-lts-fallback.efi' --unicode
efibootmgr --create --disk ${DRIVE} --part 1 --label "Artix Linux LTS" --loader '\EFI\artix\artix-linux-lts.efi' --unicode
efibootmgr --create --disk ${DRIVE} --part 1 --label "Artix Linux (fallback initramfs)" --loader '\EFI\artix\artix-linux-hardened-fallback.efi' --unicode
efibootmgr --create --disk ${DRIVE} --part 1 --label "Artix Linux" --loader '\EFI\artix\artix-linux-hardened.efi' --unicode

echo -en 'artix\nartix' | passwd

# Network
## Hostname
echo artix > /etc/hostname

cat <<EOT > /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.

127.0.0.1	localhost
127.0.1.1	artix.local	artix

# IPv6
::1		localhost	ip6-localhost	ip6-loopback
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
EOT

sed -i 's/hostname="localhost"/hostname="artix"/' /etc/conf.d/hostname

## Networking essentials
pacman -S --noconfirm dhcpcd wpa_supplicant

# Repositories
## Arch
pacman -Sy --needed --noconfirm artix-archlinux-support

cat <<EOT >> /etc/pacman.conf

# Arch

#[testing]
#Include = /etc/pacman.d/mirrorlist-arch

[extra]
Include = /etc/pacman.d/mirrorlist-arch

#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist-arch

#[multilib]
#Include = /etc/pacman.d/mirrorlist-arch
EOT

pacman-key --populate archlinux
pacman -Sy

rc-update add ntpd default

exit 0