#!/bin/bash function header () { tput setaf 1 tput bold echo $@ tput sgr0 return } function help() { echo Usage: ${0} '[OPTIONS]' echo '\-A -- Audio optimizations from the Arch Wiki' echo '\-d DISK -- Use the disk.' echo '\-e -- Encrypt the root partition' echo '\-g -- GUI packages and setup' echo '\-h -- This helptext' echo '\-k -- Kali Linux-like package additions' echo '\-l FILE -- Log to a file' echo '\-p -- Productivity package additions' echo '\-P -- Power saving for laptops' echo '\-s -- Create a layout for an AniNIX/Spartacus' echo '\-m -- Skip disk operations and assume storage is mounted on /mnt' echo '\-v -- Verbose output.' echo '\-z -- Try to add all the packages on AniNIX/Core' exit 1; } # Partition controls efipart=2; bootpart=3; rootpart=4; partpoint=1; partedcmd='mklabel gpt\nmkpart primary ext2 0 1MiB\nset 1 bios_grub on\n'; function addNextPartition() { partsize="$1" parttype="$2" partfs="$3" nextpartpoint=$(( $partpoint + $partsize )) partedcmd="${partedcmd}mkpart $parttype $partfs ${partpoint}MiB ${nextpartpoint}MiB"'\n' partpoint=$nextpartpoint } disk="/dev/sda" bootsize=500; # Size in MB for /boot # TODO Add LVM as an argument while getopts "d:egkl:pmsvz" OPTION do case $OPTION in A) audio=1 ;; d) disk=${OPTARG} ;; e) encrypt=1 ;; g) gui=1 ;; k) kali=1 ;; l) exec script -e -f -c "/bin/bash $0 $(echo $@ | sed "s#-l ${OPTARG}##")" "${OPTARG}" ;; p) productivity=1; gui=1 ;; P) powersave=1 ;; m) nodiskbuild=1 ;; s) spartacus=1 ;; v) set -x ;; z) kitchensink=1 ;; *) help esac done header Confirm options: echo Spartacus set to: $spartacus echo Encryption set to: $encrypt echo GUI: $gui echo Productivity: $productivity echo Kali tools: $kali echo All Core packages: $kitchensink echo Disk to use: $disk \(Skip disk building? $nodiskbuild \) printf "Is this OK? Type YES to continue: " read answer if [ "$answer" != "YES" ]; then echo User did not confirm. exit 1; fi echo >> /etc/pacman.conf > /mnt/etc/fstab header Set time sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /mnt/etc/locale.gen arch-chroot /mnt locale-gen ln -sf /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime arch-chroot /mnt hwclock --systohc --utc header Setup bootloader if [ -z "$nodiskbuild" ]; then export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')" if [ ! -z "$encrypt" ]; then export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')" sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot"#' /mnt/etc/default/grub sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="panic=5 /' /etc/default/grub # Fix for CVE-2016-4484 fi fi arch-chroot /mnt mkinitcpio -p linux if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi if [ -z "$nodiskbuild" ]; then arch-chroot /mnt grub-install --target=x86_64-efi --removable --bootloader-id=grub --efi-directory /boot "$disk" if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi arch-chroot /mnt grub-install --target=i386-pc "$disk" if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi fi arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg if [ $? -ne 0 ]; then header ERROR: Cannot continue; exit 1; fi header Set networking arch-chroot /mnt systemctl enable chronyd arch-chroot /mnt systemctl enable netctl export interface=$(ip link list | grep "state" | cut -f 2 -d ":" | cut -f 2 -d " " | grep -v lo) cp /mnt/etc/netctl/examples/ethernet-dhcp /mnt/etc/netctl/$interface sed -i 's/eth0/'$interface'/' /mnt/etc/netctl/$interface echo 'DNSSearch="aninix.net"' >> /mnt/etc/netctl/$interface arch-chroot /mnt systemctl enable netctl arch-chroot /mnt netctl enable $interface # Vim cleanup for SSH arch-chroot /mnt mkdir -p /usr/share/vim/vimfiles/plugin arch-chroot /mnt printf 'set mouse-=a\n' > /usr/share/vim/vimfiles/plugin/shadowarch.vim ln -sf /etc/skel/.bashrc /mnt/root/.bashrc # Clone ConfigPackags from AniNIX::Foundation arch-chroot /mnt git -C /usr/local/src/ clone https://aninix.net/foundation/ConfigPackages arch-chroot /mnt git -C /usr/local/src/ clone https://aninix.net/foundation/MiscScripts arch-chroot /mnt make -C /usr/local/src/MiscScripts/Shared install arch-chroot /mnt make -C /usr/local/src/MiscScripts/Admin install arch-chroot /mnt make -C /usr/local/src/MiscScripts/ShadowArch install arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/cower.git arch-chroot /mnt groupadd tty-allow arch-chroot /mnt useradd -u 1001 -G tty-allow -m depriv arch-chroot /mnt usermod -G "$(getent group | grep root | cut -f 1 -d ':' | tr '\n' ',')""tty-allow" root arch-chroot /mnt /bin/bash -c 'line="$(grep -E root"[[:space:]]"ALL /etc/sudoers)"; sed -i "s/$line/$line\ndepriv ALL=(ALL) ALL/" /etc/sudoers' # Handle AUR Packages if [ ! -z "$kali" ]; then arch-chroot /mnt git -C /usr/local/src/ clone https://aur.archlinux.org/autopsy.git fi # Optimizations from https://wiki.archlinux.org/index.php/Power_management if [ ! -z "$powersave" ]; then if [ `lspci | grep -i intel | grep -ic audio` -eq 1 ]; then echo 'options snd_hda_intel power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf else echo 'options snd_ac97_codec power_save=1' > /mnt/etc/modprobe.d/audio_powersave.conf fi arch-chroot /mnt pacman -S rfkill cpupower --noconfirm arch-chroot /mnt systemctl enable rfkill-block@.service echo 'kernel.nmi_watchdog = 0' > /mnt/etc/sysctl.d/disable_watchdog.conf echo 'vm.dirty_writeback_centisecs = 6000' > /mnt/etc/sysctl.d/dirty_writes.conf echo 'vm.laptop_mode = 5' > /mnt/etc/sysctl.d/laptop.conf echo 'ACTION=="add", SUBSYSTEM=="net", KERNEL=="wlan*", RUN+="/usr/bin/iw dev %k set power_save on"' > /mnt/etc/udev/rules.d/70-wifi-powersave.rules echo 'blacklist uvcvideo' > /mnt/etc/modprobe.d/no-camera.conf fi # Thanks to https://wiki.archlinux.org/index.php/Professional_audio if [ ! -z "$audio" ]; then sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="#GRUB_CMDLINE_LINUX_DEFAULT="threadirqs #' /mnt/etc/default/grub arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg printf 'vm.swappiness = 10\nfs.inotify.max_user_watches = 524288\n' > /mnt/etc/sysctl.d/99-audio-tuning.conf setpci -v -d *:* latency_timer=b0 for SOUND_CARD_PCI_ID in `lspci | grep -i audio | cut -f 1 -d ' '`; do setpci -v -s $SOUND_CARD_PCI_ID latency_timer=ff; done printf 'echo 2048 > /sys/class/rtc/rtc0/max_user_freq\necho 2048 > /proc/sys/dev/hpet/max-user-freq\n' >> /mnt/etc/rc.local fi # Set password header Set new root passphrase and depriviledged user '(depriv)' password. arch-chroot /mnt passwd arch-chroot /mnt passwd depriv arch-chroot /mnt chown -R depriv:depriv /usr/local/src/ # Set SSH host keys arch-chroot /mnt ssh-keygen -A cp /root/shadowarch /mnt/root/shadowarch.installer."$(date +%F-%R)" if [ ! -z "$gui" ]; then echo "Remember to install your graphics drivers! For NVidia, look at xf86-video-nouveau For AMD, look at xf86-video-amdgpu For Hyper-V, look at xf86-video-fbdev For Virtual Box, look at virtualbox-guest-utils For VMware, look at open-vm-tools" fi # Set hostname header Set hostname printf "What is your fully-qualified hostname? (i.e. host.site.example.com) " read hostname echo "$hostname" > /mnt/etc/hostname hostname "$hostname" header "Installed ShadowArch on $HOSTNAME!" if [ ! -z "$nodiskbuild" ]; then header Remember to run grub-install and set up your bootloader. echo 'https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader' else header Press enter to reboot. read # Reboot shutdown -r now fi