ShadowArch/EtcFiles/shadowarch

#!/bin/bash

function header () {
    tput setaf 1
    tput bold
    echo $@
    tput sgr0
    return
}
function help() {
    cat <<EOM
Usage: ${0} [OPTIONS]
-A      -- Audio optimizations from the Arch Wiki
-d DISK -- Use the disk.
-D diskspacer -- the disk spacer character, usually p for nvme
-e      -- Encrypt the root partition
-h      -- This helptext
-l FILE -- Log to a file
-m      -- Skip disk operations and assume storage is mounted on /mnt. Use this to lay out LVM RAID.
-M      -- Tell pacman to use your local AniNIX/Maat caching
-P      -- Power saving for laptops
-s      -- Increase the boot size to be able to accept ISOs
-v      -- Verbose output.

Example default build for nvme local node:
$0 -M -d /dev/nvme0n1 -D p [ -e ]
EOM
    exit 1;
}

disk="/dev/sda"
unset diskspacer
bootsize=500; # Size in MB for /boot
while getopts "Ad:D:el:pmMsv" OPTION
do
    case $OPTION in
        A) audio=1 ;;
        d) disk=${OPTARG} ;;
        D) diskspacer=${OPTARG} ;;
        e) encrypt=1 ;;
        l) exec script -e -f -c "/bin/bash $0 $(echo $@ | sed "s#-l ${OPTARG}##")" "${OPTARG}" ;;
        m) nodiskbuild=1 ;;
        P) powersave=1 ;;
        M) echo "Server = http://Maat.MSN0.AniNIX.net:9129/repo/archlinux/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist ;;
        s) bootsize=10000 ;;
        v) set -x ;;
        *) help
    esac
done

header Confirm options:
cat <<EOM
Boot size as ${bootsize}
Encryption set to: $encrypt
Disk to use: $disk \(Skip disk building? $nodiskbuild \)
EOM
read -p "Is this OK? Type YES to continue: " answer
if [ "$answer" != "YES" ]; then
    echo User did not confirm.
    exit 1;
fi

umount /mnt/boot; umount /mnt

pacman -Syy
if [ -z "$nodiskbuild" ]; then
    header Allocating space
    dd if=/dev/zero of="$disk" bs=1M count=1000

    parted -s "$disk" mklabel gpt
    parted -s "$disk" mkpart 1 fat32 1MiB ${bootsize}MiB
    parted -s "$disk" toggle 1 boot
    parted -s "$disk" mkpart 2 ext4 ${bootsize}MiB 100%FREE

    header Making fat esp partition on "$disk""$diskspacer""1"
    mkfs.fat -F32 "$disk""$diskspacer""1"

    header Making root and mountpoints

    header Making rootvg on "$disk""$diskspacer""2"
    pvcreate "$disk""$diskspacer""2"
    vgcreate rootvg "$disk""$diskspacer""2"
    lvcreate -n rootlv -L5G rootvg
    if [ ! -z "$encrypt" ]; then
        header Making encrypted root on /dev/rootvg/rootlv
        modprobe dm-crypt
        modprobe serpent_generic
        header Formatting root -- make sure to enter YES followed by a strong passphrase.
        cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 /dev/rootvg/rootlv
        header Unlocking root
        cryptsetup luksOpen /dev/rootvg/rootlv cryptroot
        mkfs.ext4 /dev/mapper/cryptroot
	#mkfs.xfs -f /dev/mapper/cryptroot
        #xfs_admin -L ROOT /dev/mapper/cryptroot
        mount /dev/mapper/cryptroot /mnt
        if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
    else
        header Making root on /dev/rootvg/rootlv
        mkfs.ext4 /dev/rootvg/rootlv
	#mkfs.xfs -f /dev/mapper/cryptroot
        #xfs_admin -L ROOT "$disk""$diskspacer""2"
        mount /dev/rootvg/rootlv /mnt
        if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
    fi

    mkdir /mnt/boot
    mount "$disk""$diskspacer""1" /mnt/boot
    if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi

# Backup the installer
mkdir -p /mnt/root
cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)"

# Install ArchLinux with basic clients for the AniNIX Services.
# * git for Foundation
# * elinks for WebServer and Wiki
# * openssh for SSH/SFTP
# * weechat for IRC
# * make for source packages
header Installing ArchLinux to device\(s\) on /mnt
yes "" | pacstrap -K -i /mnt base base-devel linux linux-firmware parted net-tools bind-tools git openssh rsync make elinks weechat vim wget grub os-prober tmux efibootmgr xfsprogs chrony less lvm2 dmraid netctl dhcpcd openresolv python3 vim
if [ $? -ne 0 ]; then header ERROR: Cannot continue -- pacstrap failed; exit 1; fi

header Create FSTAB
genfstab -U /mnt >> /mnt/etc/fstab

header Set time
sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /mnt/etc/locale.gen
arch-chroot /mnt locale-gen
ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime
arch-chroot /mnt hwclock --systohc --utc

header Setup bootloader
if [ -z "$nodiskbuild" ]; then
    export rootuuid="$(blkid "$disk""$diskspacer""2" | cut -f 2 -d '"')"
    export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')"
    if [ ! -z "$encrypt" ]; then
        sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block lvm2 dmraid encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf
        sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub
    else
        sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block lvm2 dmraid filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf
    fi
    sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484
    arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk"
    if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi
fi

# Remake initramfs for new changes.
arch-chroot /mnt mkinitcpio -P
arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi

header Set networking
arch-chroot /mnt systemctl enable chronyd

# This part may fail if there are multiple NICs. Given our hardware posture, this is rare.
export interface=$(ip link list | grep "state" | cut -f 2 -d ":" | cut -f 2 -d " " | grep -vE lo\|wlan)
cp /mnt/etc/netctl/examples/ethernet-dhcp /mnt/etc/netctl/$interface
sed -i 's/eth0/'$interface'/' /mnt/etc/netctl/$interface
echo 'DNSSearch="aninix.net"' >> /mnt/etc/netctl/$interface
arch-chroot /mnt systemctl enable netctl
arch-chroot /mnt netctl enable $interface

# Optimizations from https://wiki.archlinux.org/index.php/Power_management
if [ ! -z "$powersave" ]; then
    if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then
        echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf
    else
        echo 'options snd_ac97_codec power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf
    fi
    arch-chroot /mnt pacman -S rfkill cpupower --noconfirm
    arch-chroot /mnt systemctl enable rfkill-block@.service
    echo 'kernel.nmi_watchdog = 0' > /mnt/etc/sysctl.d/disable_watchdog.conf
    echo 'vm.dirty_writeback_centisecs = 6000' > /mnt/etc/sysctl.d/dirty_writes.conf
    echo 'vm.laptop_mode = 5' > /mnt/etc/sysctl.d/laptop.conf
    echo 'ACTION=="add", SUBSYSTEM=="net", KERNEL=="wlan*", RUN+="/usr/bin/iw dev %k set power_save on"' > /mnt/etc/udev/rules.d/70-wifi-powersave.rules
    echo 'blacklist uvcvideo' > /mnt/etc/modprobe.d/no-camera.conf
fi

# Thanks to https://wiki.archlinux.org/index.php/Professional_audio
if [ ! -z "$audio" ]; then
    sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub
    arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
    printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf
    setpci -v -d *:* latency_timer=b0
    for SOUND_CARD_PCI_ID in `lspci | grep -i audio | cut -f 1 -d ' '`; do
        setpci -v -s $SOUND_CARD_PCI_ID latency_timer=ff;
    done
    printf 'echo 2048 > /sys/class/rtc/rtc0/max_user_freq\necho 2048 > /proc/sys/dev/hpet/max-user-freq\n' >> /mnt/etc/rc.local
fi

# Set password
header Set new root passphrase and depriviledged user '(depriv)' password.
arch-chroot /mnt useradd depriv
arch-chroot /mnt passwd
arch-chroot /mnt passwd depriv

# Set SSH host keys
arch-chroot /mnt ssh-keygen -A

# Set hostname
header Set hostname
printf "What is your fully-qualified hostname? (i.e. host.site.example.com) "
read hostname
echo "$hostname" > /mnt/etc/hostname

header "Installed ShadowArch on $HOSTNAME!"
if [ ! -z "$nodiskbuild" ]; then
    header Remember to run grub-install and set up your bootloader.
    echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader'
else
    header Press enter to reboot.
    read

    # Reboot
    shutdown -r now
fi
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`#!/bin/bash`

			`function header () {`
			`tput setaf 1`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`tput bold`
			`echo $@`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`tput sgr0`
			`return`
			`}`
			`function help() {`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`cat <<EOM`
			`Usage: ${0} [OPTIONS]`
			`-A -- Audio optimizations from the Arch Wiki`
			`-d DISK -- Use the disk.`
			`-D diskspacer -- the disk spacer character, usually p for nvme`
			`-e -- Encrypt the root partition`
			`-h -- This helptext`
			`-l FILE -- Log to a file`
			`-m -- Skip disk operations and assume storage is mounted on /mnt. Use this to lay out LVM RAID.`
			`-M -- Tell pacman to use your local AniNIX/Maat caching`
			`-P -- Power saving for laptops`
			`-s -- Increase the boot size to be able to accept ISOs`
			`-v -- Verbose output.`

			`Example default build for nvme local node:`
			`$0 -M -d /dev/nvme0n1 -D p [ -e ]`
			`EOM`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`exit 1;`
			`}`

			`disk="/dev/sda"`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`unset diskspacer`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`bootsize=500; # Size in MB for /boot`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`while getopts "Ad:D:el:pmMsv" OPTION`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`do`
			`case $OPTION in`
Adding powersave, audio, and screenlock options 2017-10-26 01:11:53 -05:00			`A) audio=1 ;;`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`d) disk=${OPTARG} ;;`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`D) diskspacer=${OPTARG} ;;`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`e) encrypt=1 ;;`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`l) exec script -e -f -c "/bin/bash $0 $(echo $@ \| sed "s#-l ${OPTARG}##")" "${OPTARG}" ;;`
Moving away from customization tarball to git -- files don't change enough.; Updates to ShadowArch install and script dependencies 2017-03-29 17:45:16 -05:00			`m) nodiskbuild=1 ;;`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`P) powersave=1 ;;`
			`M) echo "Server = http://Maat.MSN0.AniNIX.net:9129/repo/archlinux/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist ;;`
			`s) bootsize=10000 ;;`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`v) set -x ;;`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`*) help`
			`esac`
			`done`

			`header Confirm options:`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`cat <<EOM`
			`Boot size as ${bootsize}`
			`Encryption set to: $encrypt`
			`Disk to use: $disk \(Skip disk building? $nodiskbuild \)`
			`EOM`
			`read -p "Is this OK? Type YES to continue: " answer`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`if [ "$answer" != "YES" ]; then`
			`echo User did not confirm.`
			`exit 1;`
			`fi`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00
			`umount /mnt/boot; umount /mnt`
Updating install methodology 2020-06-15 17:14:56 -05:00
Fixes for tar generation 2016-08-30 14:20:55 -05:00			`pacman -Syy`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ -z "$nodiskbuild" ]; then`
Fixes 2016-11-29 15:00:15 -06:00			`header Allocating space`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`dd if=/dev/zero of="$disk" bs=1M count=1000`

Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`parted -s "$disk" mklabel gpt`
			`parted -s "$disk" mkpart 1 fat32 1MiB ${bootsize}MiB`
			`parted -s "$disk" toggle 1 boot`
			`parted -s "$disk" mkpart 2 ext4 ${bootsize}MiB 100%FREE`
ShadowArch updates 2018-02-14 03:20:12 -06:00
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`header Making fat esp partition on "$disk""$diskspacer""1"`
			`mkfs.fat -F32 "$disk""$diskspacer""1"`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00
Fixes 2016-11-29 15:00:15 -06:00			`header Making root and mountpoints`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00
			`header Making rootvg on "$disk""$diskspacer""2"`
			`pvcreate "$disk""$diskspacer""2"`
			`vgcreate rootvg "$disk""$diskspacer""2"`
			`lvcreate -n rootlv -L5G rootvg`
			`if [ ! -z "$encrypt" ]; then`
			`header Making encrypted root on /dev/rootvg/rootlv`
Fixes 2016-11-29 15:00:15 -06:00			`modprobe dm-crypt`
			`modprobe serpent_generic`
			`header Formatting root -- make sure to enter YES followed by a strong passphrase.`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 /dev/rootvg/rootlv`
Fixes 2016-11-29 15:00:15 -06:00			`header Unlocking root`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`cryptsetup luksOpen /dev/rootvg/rootlv cryptroot`
			`mkfs.ext4 /dev/mapper/cryptroot`
			`#mkfs.xfs -f /dev/mapper/cryptroot`
			`#xfs_admin -L ROOT /dev/mapper/cryptroot`
Fixes 2016-11-29 15:00:15 -06:00			`mount /dev/mapper/cryptroot /mnt`
			`if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`else`
			`header Making root on /dev/rootvg/rootlv`
			`mkfs.ext4 /dev/rootvg/rootlv`
			`#mkfs.xfs -f /dev/mapper/cryptroot`
			`#xfs_admin -L ROOT "$disk""$diskspacer""2"`
			`mount /dev/rootvg/rootlv /mnt`
Fixes 2016-11-29 15:00:15 -06:00			`if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi`
			`fi`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00
Fixes 2016-11-29 15:00:15 -06:00			`mkdir /mnt/boot`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`mount "$disk""$diskspacer""1" /mnt/boot`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ "$?" -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi`
Fixes 2016-11-29 15:00:15 -06:00			`fi`
CVE-2016-4484 2016-11-16 16:23:52 -06:00
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`# Backup the installer`
			`mkdir -p /mnt/root`
			`cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)"`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00
			`# Install ArchLinux with basic clients for the AniNIX Services.`
Fixes for tar generation 2016-08-30 14:20:55 -05:00			`# * git for Foundation`
Renaming package to ShadowArch to follow /wiki/Design_Principles; improved packing; development sync to current state -- massive overhaul 2019-05-06 02:04:19 -05:00			`# * elinks for WebServer and Wiki`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`# * openssh for SSH/SFTP`
Renaming package to ShadowArch to follow /wiki/Design_Principles; improved packing; development sync to current state -- massive overhaul 2019-05-06 02:04:19 -05:00			`# * weechat for IRC`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`# * make for source packages`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`header Installing ArchLinux to device\(s\) on /mnt`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`yes "" \| pacstrap -K -i /mnt base base-devel linux linux-firmware parted net-tools bind-tools git openssh rsync make elinks weechat vim wget grub os-prober tmux efibootmgr xfsprogs chrony less lvm2 dmraid netctl dhcpcd openresolv python3 vim`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`if [ $? -ne 0 ]; then header ERROR: Cannot continue -- pacstrap failed; exit 1; fi`
Fixes 2016-11-29 15:00:15 -06:00
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`header Create FSTAB`
			`genfstab -U /mnt >> /mnt/etc/fstab`

			`header Set time`
			`sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /mnt/etc/locale.gen`
			`arch-chroot /mnt locale-gen`
ShadowArch and other fixes 2017-07-27 15:30:48 -05:00			`ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`arch-chroot /mnt hwclock --systohc --utc`

			`header Setup bootloader`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ -z "$nodiskbuild" ]; then`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`export rootuuid="$(blkid "$disk""$diskspacer""2" \| cut -f 2 -d '"')"`
			`export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf \| grep -v '#')"`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ ! -z "$encrypt" ]; then`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block lvm2 dmraid encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf`
Fixes 2016-11-29 15:00:15 -06:00			`sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`else`
			`sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block lvm2 dmraid filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf`
Fixes 2016-11-29 15:00:15 -06:00			`fi`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk"`
			`if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`fi`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00
			`# Remake initramfs for new changes.`
			`arch-chroot /mnt mkinitcpio -P`
Fixes for tar generation 2016-08-30 14:20:55 -05:00			`arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg`
			`if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00
			`header Set networking`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`arch-chroot /mnt systemctl enable chronyd`

			`# This part may fail if there are multiple NICs. Given our hardware posture, this is rare.`
			`export interface=$(ip link list \| grep "state" \| cut -f 2 -d ":" \| cut -f 2 -d " " \| grep -vE lo\\|wlan)`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`cp /mnt/etc/netctl/examples/ethernet-dhcp /mnt/etc/netctl/$interface`
			`sed -i 's/eth0/'$interface'/' /mnt/etc/netctl/$interface`
			`echo 'DNSSearch="aninix.net"' >> /mnt/etc/netctl/$interface`
			`arch-chroot /mnt systemctl enable netctl`
			`arch-chroot /mnt netctl enable $interface`

Adding powersave, audio, and screenlock options 2017-10-26 01:11:53 -05:00			`# Optimizations from https://wiki.archlinux.org/index.php/Power_management`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ ! -z "$powersave" ]; then`
Adding powersave, audio, and screenlock options 2017-10-26 01:11:53 -05:00			if [ `lspci \| grep -i intel \| grep -ic audio` -eq 1 ]; then
			`echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`else`
Adding powersave, audio, and screenlock options 2017-10-26 01:11:53 -05:00			`echo 'options snd_ac97_codec power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf`
			`fi`
			`arch-chroot /mnt pacman -S rfkill cpupower --noconfirm`
			`arch-chroot /mnt systemctl enable rfkill-block@.service`
			`echo 'kernel.nmi_watchdog = 0' > /mnt/etc/sysctl.d/disable_watchdog.conf`
			`echo 'vm.dirty_writeback_centisecs = 6000' > /mnt/etc/sysctl.d/dirty_writes.conf`
			`echo 'vm.laptop_mode = 5' > /mnt/etc/sysctl.d/laptop.conf`
			`echo 'ACTION=="add", SUBSYSTEM=="net", KERNEL=="wlan*", RUN+="/usr/bin/iw dev %k set power_save on"' > /mnt/etc/udev/rules.d/70-wifi-powersave.rules`
			`echo 'blacklist uvcvideo' > /mnt/etc/modprobe.d/no-camera.conf`
			`fi`

			`# Thanks to https://wiki.archlinux.org/index.php/Professional_audio`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ ! -z "$audio" ]; then`
Adding powersave, audio, and screenlock options 2017-10-26 01:11:53 -05:00			`sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub`
			`arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg`
			`printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf`
			`setpci -v -d : latency_timer=b0`
			for SOUND_CARD_PCI_ID in `lspci \| grep -i audio \| cut -f 1 -d ' '`; do
			`setpci -v -s $SOUND_CARD_PCI_ID latency_timer=ff;`
			`done`
			`printf 'echo 2048 > /sys/class/rtc/rtc0/max_user_freq\necho 2048 > /proc/sys/dev/hpet/max-user-freq\n' >> /mnt/etc/rc.local`
			`fi`

Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`# Set password`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`header Set new root passphrase and depriviledged user '(depriv)' password.`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`arch-chroot /mnt useradd depriv`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00			`arch-chroot /mnt passwd`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`arch-chroot /mnt passwd depriv`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00
Moving away from customization tarball to git -- files don't change enough.; Updates to ShadowArch install and script dependencies 2017-03-29 17:45:16 -05:00			`# Set SSH host keys`
			`arch-chroot /mnt ssh-keygen -A`

			`# Set hostname`
			`header Set hostname`
Updating install methodology 2020-06-15 17:14:56 -05:00			`printf "What is your fully-qualified hostname? (i.e. host.site.example.com) "`
Moving away from customization tarball to git -- files don't change enough.; Updates to ShadowArch install and script dependencies 2017-03-29 17:45:16 -05:00			`read hostname`
			`echo "$hostname" > /mnt/etc/hostname`

Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`header "Installed ShadowArch on $HOSTNAME!"`
ShadowArch updates 2018-02-14 03:20:12 -06:00			`if [ ! -z "$nodiskbuild" ]; then`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`header Remember to run grub-install and set up your bootloader.`
			`echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader'`
Updating ShadowArch installer to default to UEFI for modern firmware & LVM by default 2023-11-30 05:07:36 -06:00			`else`
Fixes 2016-11-29 15:00:15 -06:00			`header Press enter to reboot.`
			`read`
Seeding some initial scripts 2016-08-04 12:30:21 -05:00
Fixes 2016-11-29 15:00:15 -06:00			`# Reboot`
			`shutdown -r now`
CVE-2016-4484 2016-11-16 16:23:52 -06:00			`fi`