davemackintosh · June 7, 2019 19:03
diff --git a/arch-install.sh b/arch-install.sh
 #!/bin/env bash

 # EDIT THESE IF YOU WANT #####
 # Locale
 keyboard=us
 encoding="UTF-8"
 locale="en_GB"

 # Time/Date
 zone=Europe
 place=London

 # Drive config.
 volGroupName="vg0"
 drive=$(lsblk -d -p -n -l -o NAME -e 7,11) # This will default to the first disk.

 # Host name
 hostname="ordoabchao"

 # STOP EDITING UNLESS YOU KNOW WHAT YOU'RE DOING #####

 BLUE="\u001b[34m"
 YELLOW="\u001b[33m"
 GREEN="\u001b[32m"
 RED="\u001b[31m"
 BOLD="\u001b[1m"
 UNDERLINE="\u001b[4m"
 SWAP_BG_FG="\u001b[7m"
 WHITE="\u001b[37;1m"
 BG_RED="\u001b[41m"
 RESET="\u001b[0m"

 clear &&

 # Function from https://stackoverflow.com/a/3232082
 # Thanks mate! 
 confirm() {
  # call with a prompt string or use a default
  read -r -p "${1:-Are you sure? [y/N]} " response
  case "$response" in
      [yY][eE][sS]|[yY]) 
          true
          ;;
      *)
          false
          ;;
  esac
 }

 echo -e "Please read everything you see, then read it again and again. If you miss something, it's your fault.\n"
 echo -e "This script is best run on a new SSD or a system which you don't care about."
 echo -e "\n$YELLOW If you have a LUKS/LVM setup already, you'll need to dmsetup info -C and dmsetup remove {name} each one first otherwise this script will erase your hard drive for and then fail due to an in use partition. $RESET\n"
 echo -e "$BLUE I'm going to try and install Arch with:"
 echo -e "* LUKS, (root, home) and a swap drive that re-encrypts on boot"
 echo -e "* LVM (swap, root, home)"
 echo -e "* X-org"
 echo -e "* Awesome WM"
 echo -e "* My dotfiles"
 echo -e "\n"
 echo -e "This$RED $BOLD*will destroy*$RESET $BLUE your hard drive in a fully automated way so you have to be 100% sure this is exactly what you want before agreeing below. $RESET"

 echo -e "$RED $BOLD"

 # Make sure whomever is doing this is super sure they're committing OS suicide and wants to be reborn.
 confirm "Are you sure you want to destroy the world as you know it and start fresh? [yY][eE][sS]|[yY]" || exit
 echo -e "\n"
 confirm "Seriously? Are you sure, there's no going back at *any* point in this. Once I start, this thing is dead until I finish. Make sure you have a charger plugged in, you've back everything up (documents, downloads, work folders, dotfiles, ssh/GPG/Public/Private keys, etc) and come back and ask me again. I'm not resposible what you do with this thing. [yY][eE][sS]|[yY]" || exit

 echo -e "$RESET"

 echo -e "$YELLOW Okay, well. As long as you're sure, I'm going to partition and wipe this drive entirely. It will be encrypted using LUKS encryption and then I'll install LVM on top of that to enable snapshots and wayyyyy easier volume management without the sector bullcrap. I'm going to ask you one more time$RESET"

 echo -e "$BG_RED $BOLD $WHITE This is your last chance to kill me where I stand and back yo shit up. You one bad bitch if you haven't backed everything up and you're still here asking me to wipe your hard drive permanently. There's literally no way back after this, I'm going to write your disk clean."

 read -rep $'Please type the phrase "erase all my data please"\n\n$> ' phrase

 if [ "$phrase" != "erase all my data please" ]; then
  echo -e "$RESET $GREEN $BOLD"
  echo -e "Probably wise, make sure everything is backed up and you have a charger plugged in then come back and we'll try this again :)"
  echo -e "$RESET"
  exit -1
 fi
 echo -e "$RESET"

 loadkeys $keyboard &&
 timedatectl set-ntp true &&

 # Taken from https://superuser.com/a/984637
 # Thanks, updated slightly but works all the same.
 # Note that a blank line (commented as "defualt" will send a empty
 # line terminated with a newline to take the fdisk default.
 (
 sed -e 's/\s*\([\+0-9a-zA-Z]*\).*/\1/' << EOF | fdisk $drive
  o # clear the in memory partition table
  n # new partition BOOT
  p # primary partition
  1 # partition number 1
    # default - start at beginning of disk 
  +100M # 100 MB boot partition
  a # make a partition bootable
  t # Change type
  ef # EFI Partition type.

  n # new partition system
  p # It's a primary partition
  2 # Partition number /dev/sda2
    # Start at the end of the last partition
    # Continue to the end of the disk

  w # write the partition table
  q # and we're done
 EOF
 ) &&

 # Time to create our volume groups.
 yes | pvcreate -ff /dev/sda2 &&
 vgcreate "$volGroupName" /dev/sda2 &&
 lvcreate -L 15G -n root "$volGroupName" &&
 lvcreate -L 500M -n swap "$volGroupName" &&
 lvcreate -l 100%FREE -n home "$volGroupName" &&

 # Format and encrypt the "drives"
 yes | mkfs.vfat -F32 /dev/sda1 &&
 echo -e "Enter your desired encryption password. You'll be asked for this again in a moment." &&
 cryptsetup luksFormat -c aes-xts-plain64 -s 512 /dev/mapper/${volGroupName}-root &&
 echo -e "Okay, enter that password again so we can unlock the encryption to write to it." &&
 cryptsetup open /dev/mapper/${volGroupName}-root root &&
 yes | mkfs.ext4 /dev/mapper/root &&

 # Mount drives
 mount /dev/mapper/root /mnt &&
 mkdir /mnt/boot &&
 mount /dev/sda1 /mnt/boot &&

 # Install Arch
 pacstrap /mnt base base-devel &&

 # Update the file system table.
 genfstab -U -p /mnt >> /mnt/etc/fstab &&

 # Chroot to the new system.
 arch-chroot /mnt &

 sleep 20 &&

 # Set locale.
 echo "$locale.$encoding $encoding" >> /etc/locale.gen &&
 locale-gen &&
 export LANG="$locale.$encoding" &&

 # Set time.
 ln -sf "/usr/share/zoneinfo/$zone/$place" /etc/localtime &&
 hwclock --systohc --utc &&

 # Update hosts.
 echo "$hostname" > /etc/hostname &&
 (
 cat << HOSTS
 127.0.0.1 localhost $hostname
 ::1       localhost $hostname
 HOSTS
 ) > /etc/hosts &&

 # Generate a new ramdisk with the hooks we need.
 sed -i 's/^HOOKS=(\(.*\))$/HOOKS=\(\1, keymap, lvm2, encrypt\)/g' /etc/mkinitcpio.conf &&
 cat /etc/mkinitcpio.conf &&
 mkinitcpio -p linux &&

 # Add systemd-boot config.
 diskUUID=$(blkid -s UUID -o value /dev/mapper/root) &&

 (
 cat << ARCHENCRYPTED
 title Arch Linux Encrypted
 linux /vmlinuz-linux
 initrd /initramfs-linux.img
 options cryptdevice=UUID=$diskUUID:$volGroupName root=/dev/mapper/$volGroupName-root quiet rw
 ARCHENCRYPTED
 ) > /boot/loader/entries/arch-encrypted.conf &&
 cat /boot/loader/entries/arch-encrypted.conf &&

 # Creating and encypting logical volumes
 mkdir -m 700 /etc/luks-keys &&
 dd if=/dev/random of=/etc/luks-keys/home bs=1 count=256 status=progress &&
 cryptsetup luksFormat -c aes-xts-plain64 -s 512 "/dev/mapper/$volGroupName-home" &&
 cryptsetup luksAddKey "/dev/mapper/$volGroupName-home" /etc/luks-keys/home &&
 cryptsetup -d /etc/luks-keys/home open "/dev/$volGroupName/home" home &&
 mkfs.ext4 /dev/mapper/home &&
 mount /dev/mapper/home /home &&

 (
 cat << CRYPTTAB
 swap  /dev/$volGroupName/cryptswap  /dev/urandom  swap,cipher=aes-xts-plain64,size=256
 home  /dev/linux/home            /etc/luks-keys/home
 CRYPTTAB
 ) > /etc/crypttab &&

 (
 cat << FSTAB
 /dev/mapper/swap  none   swap  defaults,pri=-2 0 0
 /dev/mapper/home  /home  ext4  defaults 0 2
 FSTAB
 ) > /etc/fstab
	#!/bin/env bash

	# EDIT THESE IF YOU WANT #####
	# Locale
	keyboard=us
	encoding="UTF-8"
	locale="en_GB"

	# Time/Date
	zone=Europe
	place=London

	# Drive config.
	volGroupName="vg0"
	drive=$(lsblk -d -p -n -l -o NAME -e 7,11) # This will default to the first disk.

	# Host name
	hostname="ordoabchao"

	# STOP EDITING UNLESS YOU KNOW WHAT YOU'RE DOING #####

	BLUE="\u001b[34m"
	YELLOW="\u001b[33m"
	GREEN="\u001b[32m"
	RED="\u001b[31m"
	BOLD="\u001b[1m"
	UNDERLINE="\u001b[4m"
	SWAP_BG_FG="\u001b[7m"
	WHITE="\u001b[37;1m"
	BG_RED="\u001b[41m"
	RESET="\u001b[0m"

	clear &&

	# Function from https://stackoverflow.com/a/3232082
	# Thanks mate!
	confirm() {
	# call with a prompt string or use a default
	read -r -p "${1:-Are you sure? [y/N]} " response
	case "$response" in
	[yY][eE][sS]\|[yY])
	true
	;;
	*)
	false
	;;
	esac
	}

	echo -e "Please read everything you see, then read it again and again. If you miss something, it's your fault.\n"
	echo -e "This script is best run on a new SSD or a system which you don't care about."
	echo -e "\n$YELLOW If you have a LUKS/LVM setup already, you'll need to dmsetup info -C and dmsetup remove {name} each one first otherwise this script will erase your hard drive for and then fail due to an in use partition. $RESET\n"
	echo -e "$BLUE I'm going to try and install Arch with:"
	echo -e "* LUKS, (root, home) and a swap drive that re-encrypts on boot"
	echo -e "* LVM (swap, root, home)"
	echo -e "* X-org"
	echo -e "* Awesome WM"
	echo -e "* My dotfiles"
	echo -e "\n"
	echo -e "This$RED $BOLDwill destroy$RESET $BLUE your hard drive in a fully automated way so you have to be 100% sure this is exactly what you want before agreeing below. $RESET"

	echo -e "$RED $BOLD"

	# Make sure whomever is doing this is super sure they're committing OS suicide and wants to be reborn.
	confirm "Are you sure you want to destroy the world as you know it and start fresh? [yY][eE][sS]\|[yY]" \|\| exit
	echo -e "\n"
	confirm "Seriously? Are you sure, there's no going back at any point in this. Once I start, this thing is dead until I finish. Make sure you have a charger plugged in, you've back everything up (documents, downloads, work folders, dotfiles, ssh/GPG/Public/Private keys, etc) and come back and ask me again. I'm not resposible what you do with this thing. [yY][eE][sS]\|[yY]" \|\| exit

	echo -e "$RESET"

	echo -e "$YELLOW Okay, well. As long as you're sure, I'm going to partition and wipe this drive entirely. It will be encrypted using LUKS encryption and then I'll install LVM on top of that to enable snapshots and wayyyyy easier volume management without the sector bullcrap. I'm going to ask you one more time$RESET"

	echo -e "$BG_RED $BOLD $WHITE This is your last chance to kill me where I stand and back yo shit up. You one bad bitch if you haven't backed everything up and you're still here asking me to wipe your hard drive permanently. There's literally no way back after this, I'm going to write your disk clean."

	read -rep $'Please type the phrase "erase all my data please"\n\n$> ' phrase

	if [ "$phrase" != "erase all my data please" ]; then
	echo -e "$RESET $GREEN $BOLD"
	echo -e "Probably wise, make sure everything is backed up and you have a charger plugged in then come back and we'll try this again :)"
	echo -e "$RESET"
	exit -1
	fi
	echo -e "$RESET"

	loadkeys $keyboard &&
	timedatectl set-ntp true &&

	# Taken from https://superuser.com/a/984637
	# Thanks, updated slightly but works all the same.
	# Note that a blank line (commented as "defualt" will send a empty
	# line terminated with a newline to take the fdisk default.
	(
	sed -e 's/\s\([\+0-9a-zA-Z]\).*/\1/' << EOF \| fdisk $drive
	o # clear the in memory partition table
	n # new partition BOOT
	p # primary partition
	1 # partition number 1
	# default - start at beginning of disk
	+100M # 100 MB boot partition
	a # make a partition bootable
	t # Change type
	ef # EFI Partition type.

	n # new partition system
	p # It's a primary partition
	2 # Partition number /dev/sda2
	# Start at the end of the last partition
	# Continue to the end of the disk

	w # write the partition table
	q # and we're done
	EOF
	) &&

	# Time to create our volume groups.
	yes \| pvcreate -ff /dev/sda2 &&
	vgcreate "$volGroupName" /dev/sda2 &&
	lvcreate -L 15G -n root "$volGroupName" &&
	lvcreate -L 500M -n swap "$volGroupName" &&
	lvcreate -l 100%FREE -n home "$volGroupName" &&

	# Format and encrypt the "drives"
	yes \| mkfs.vfat -F32 /dev/sda1 &&
	echo -e "Enter your desired encryption password. You'll be asked for this again in a moment." &&
	cryptsetup luksFormat -c aes-xts-plain64 -s 512 /dev/mapper/${volGroupName}-root &&
	echo -e "Okay, enter that password again so we can unlock the encryption to write to it." &&
	cryptsetup open /dev/mapper/${volGroupName}-root root &&
	yes \| mkfs.ext4 /dev/mapper/root &&

	# Mount drives
	mount /dev/mapper/root /mnt &&
	mkdir /mnt/boot &&
	mount /dev/sda1 /mnt/boot &&

	# Install Arch
	pacstrap /mnt base base-devel &&

	# Update the file system table.
	genfstab -U -p /mnt >> /mnt/etc/fstab &&

	# Chroot to the new system.
	arch-chroot /mnt &

	sleep 20 &&

	# Set locale.
	echo "$locale.$encoding $encoding" >> /etc/locale.gen &&
	locale-gen &&
	export LANG="$locale.$encoding" &&

	# Set time.
	ln -sf "/usr/share/zoneinfo/$zone/$place" /etc/localtime &&
	hwclock --systohc --utc &&

	# Update hosts.
	echo "$hostname" > /etc/hostname &&
	(
	cat << HOSTS
	127.0.0.1 localhost $hostname
	::1 localhost $hostname
	HOSTS
	) > /etc/hosts &&

	# Generate a new ramdisk with the hooks we need.
	sed -i 's/^HOOKS=(\(.*\))$/HOOKS=\(\1, keymap, lvm2, encrypt\)/g' /etc/mkinitcpio.conf &&
	cat /etc/mkinitcpio.conf &&
	mkinitcpio -p linux &&

	# Add systemd-boot config.
	diskUUID=$(blkid -s UUID -o value /dev/mapper/root) &&

	(
	cat << ARCHENCRYPTED
	title Arch Linux Encrypted
	linux /vmlinuz-linux
	initrd /initramfs-linux.img
	options cryptdevice=UUID=$diskUUID:$volGroupName root=/dev/mapper/$volGroupName-root quiet rw
	ARCHENCRYPTED
	) > /boot/loader/entries/arch-encrypted.conf &&
	cat /boot/loader/entries/arch-encrypted.conf &&

	# Creating and encypting logical volumes
	mkdir -m 700 /etc/luks-keys &&
	dd if=/dev/random of=/etc/luks-keys/home bs=1 count=256 status=progress &&
	cryptsetup luksFormat -c aes-xts-plain64 -s 512 "/dev/mapper/$volGroupName-home" &&
	cryptsetup luksAddKey "/dev/mapper/$volGroupName-home" /etc/luks-keys/home &&
	cryptsetup -d /etc/luks-keys/home open "/dev/$volGroupName/home" home &&
	mkfs.ext4 /dev/mapper/home &&
	mount /dev/mapper/home /home &&

	(
	cat << CRYPTTAB
	swap /dev/$volGroupName/cryptswap /dev/urandom swap,cipher=aes-xts-plain64,size=256
	home /dev/linux/home /etc/luks-keys/home
	CRYPTTAB
	) > /etc/crypttab &&

	(
	cat << FSTAB
	/dev/mapper/swap none swap defaults,pri=-2 0 0
	/dev/mapper/home /home ext4 defaults 0 2
	FSTAB
	) > /etc/fstab