Skip to content

Instantly share code, notes, and snippets.

@shurizzle

shurizzle/install.sh

Last active October 1, 2023 16:09
Show Gist options
  • Save shurizzle/34dd07cd0f937928dbf66384b7e2cde9 to your computer and use it in GitHub Desktop.
Save shurizzle/34dd07cd0f937928dbf66384b7e2cde9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install.sh
#!/usr/bin/env bash
set -ex
declare -a TO_DELETE=()
cleanup() {
rm -rf "${TO_DELETE[@]}"
}
trap cleanup EXIT
sudo=
if [ "$(id -g)" != 0 ]; then
sudo=sudo
fi
install_paru() {
$sudo pacman -Syu
$sudo pacman -S archlinux-keyring autoconf automake binutils bison debugedit \
fakeroot file findutils flex gawk gcc gettext grep groff libtool m4 \
make patch pkgconf sed texinfo which git sudo gzip
if ! which paru >/dev/null 2>&1; then
PARUBUILD="$(mktemp -d)"
TO_DELETE+=("$PARUBUILD")
pushd "$PARUBUILD"
git clone https://aur.archlinux.org/paru.git
cd paru
makepkg -s
$sudo pacman -U paru-*.pkg.tar.zst
popd
fi
}
essentials() {
paru -S adobe-source-code-pro-fonts cantarell-fonts noto-fonts \
noto-fonts-cjk noto-fonts-emoji otf-ipafont ttf-baekmuk \
otf-commit-mono ttf-liberation ttf-nerd-fonts-symbols-common
paru -S git neovim ripgrep git-delta eza bat bfs fzf jq bottom gping \
openssh man-db man-pages zsh topgrade pigz-gzip-symlink
paru -Rs vim vi
paru -S neovim-vim-compat
$sudo ln -s "$(which nvim)" /sbin/vi
$sudo systemctl enable sshd
if pacman -Qi sudo >/dev/null 2>&1; then
if ! pacman -Qi pleaser >/dev/null 2>&1; then
paru -S pleaser
cat <<'EOF' | $sudo tee /etc/please.d/wheel.ini >/dev/null
[wheel_group_run]
exact_name=wheel
group=true
type=run
permit=true
require_pass=true
rule=.*
EOF
cat <<'EOF' | $sudo tee /etc/please.d/sudo.ini >/dev/null
[sudo_group_run]
exact_name=sudo
group=true
type=run
permit=true
require_pass=true
rule=.*
EOF
cat <<'EOF' | $sudo tee /etc/please.d/admin.ini >/dev/null
[admin_group_run]
exact_name=admin
group=true
type=run
permit=true
require_pass=true
rule=.*
EOF
cat <<'EOF' | $sudo tee /etc/please.d/root.ini >/dev/null
[root_user_run]
exact_name=root
group=false
type=run
permit=true
require_pass=false
rule=.*
EOF
$sudo chmod 0600 /etc/please.d/{wheel,sudo,admin,root}.ini
fi
$sudo pacman -Rs sudo
please ln -s "$(which please)" /usr/bin/sudo
please ln -s "$(which pleaseedit)" /usr/bin/sudoedit
$sudo rm -f /etc/sudoers.pacsave
fi
}
config_neovim() {
mkdir -p ~/.config
rm -rf ~/.config/nvim
git clone [email protected]:shurizzle/neovimmizzle.git ~/.config/nvim
}
config_zsh() {
git clone --recursive [email protected]:shurizzle/zshrc.git ~/.zsh
ln -s ~/.zsh/zshrc ~/.zshrc
}
config_fonts() {
cat <<'EOF' >~/.config/fontconfig/fonts.conf
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<alias>
<family>sans-serif</family>
<prefer>
<family>Noto Sans</family>
</prefer>
</alias>
<alias>
<family>system-ui</family>
<prefer>
<family>Noto Sans</family>
</prefer>
</alias>
<alias>
<family>monospace</family>
<prefer>
<family>CommitMono</family>
<family>Hack Nerd Font Mono</family>
</prefer>
</alias>
<alias>
<family>emoji</family>
<prefer>
<family>Noto Color Emoji</family>
</prefer>
</alias>
</fontconfig>
EOF
fc-cache -r
}
install_system() {
paru -S acpid wezterm btrfs-progs celluloid cronie cups docker docker-compose dog efibootmgr feh firefox foomatic-db-engine foomatic-db-nonfree-ppds foomatic-db-ppds gdm git github-cli gnome-control-center mutter-dynamic-buffering gnome-shell gnome-themes-extra xdg-desktop-portal xdg-desktop-portal-gnome pop-launcher-git extension-manager gnome-shell-extension-forge gnome-shell-extension-appindicator gnome-tweaks ibus intel-ucode irqbalance mpv neofetch networkmanager nss-mdns ntfs-3g ntp nvidia pavucontrol pipewire-pulse pkgconf quickemu rustup sl strace tmux tokei touche touchegg traceroute ufw usbutils v4l2loopback-dkms wget which xclip xdg-user-dirs xdg-utils xsel yt-dlp zip zsh tlp tlp-rdw sbctl zathura zathura-cb zathura-pdf-mupdf rar sshfs alsa-scarlett-gui alsa-utils adwaita-qt5 adwaita-qt6 qpwgraph linux-zen linux-zen-headers gnome-browser-connector
paru -S speech-dispatcher espeak-ng
paru -Rs linux linux-headers
echo '/dev/mapper/secure /usr/share/secureboot ext4 rw,relatime,noauto 0 0' | $sudo tee -a /etc/fstab >/dev/null
$sudo mkdir -p /etc/pacman.d/hooks /etc/initcpio/post
$sudo ln -s /dev/null /etc/pacman.d/hooks/zz-sbctl.hook
cat <<'EOF' | $sudo tee /etc/pacman.d/hooks/90-mkinitcpio-dkms-linux.hook >/dev/null
[Trigger]
Operation = Install
Operation = Upgrade
Operation = Remove
Type = Package
Target = nvidia
Target = nvidia-beta
Target = nvidia-open
Target = nvidia-lts
Target = nvidia-340xx
Target = nvidia-340xx-lts
Target = nvidia-dkms
Target = nvidia-*-dkms
Target = linux
Target = linux-zen
Target = intel-ucode
Target = amd-ucode
Target = v4l2loopback-dkms
Target = broadcom-wl-dkms
[Action]
Description = Update dkms modules in Linux initcpio
Depends = mkinitcpio
When = PostTransaction
NeedsTargets
Exec = /bin/sh -c 'while read -r trg; do case $trg in linux) exit 0;; linux-zen) exit 0;; esac; done; /usr/bin/mkinitcpio -P'
EOF
cat <<'EOF' | $sudo tee /etc/initcpio/post/uki-sbsign >/dev/null
#!/bin/sh
set -eu
if ! test -e /dev/mapper/secure; then
echo -e \\a
(tput cnorm cvvis; cryptsetup luksOpen /boot/secure.img secure; tput civis) < /dev/tty >/dev/tty 2>/dev/tty
if ! test -e /dev/mapper/secure; then
exit 1
fi
fi
if ! mountpoint /usr/share/secureboot > /dev/null 2> /dev/null; then
mount /usr/share/secureboot
fi
sbctl generate-bundles -s
EOF
$sudo chmod +x /etc/initcpio/post/uki-sbsign
$sudo fallocate -l 100M /boot/secure.img
local LOOPDEV
LOOPDEV="$(losetup -f)"
losetup "$LOOPDEV" /boot/secure.img
$sudo cryptsetup luksFormat "$LOOPDEV"
$sudo cryptsetup luksOpen "$LOOPDEV" secure
$sudo mkfs.ext4 -L secureboot /dev/mapper/secure
$sudo mount /usr/share/secureboot
if ! test -f /etc/kernel/cmdline; then
cat /proc/cmdline >/etc/kernel/cmdline
fi
$sudo sbctl create-keys
$sudo sbctl enroll-keys -m
# sudo sbctl bundle -s -i /boot/intel-ucode.img \
# -l /usr/share/systemd/bootctl/splash-arch.bmp \
# -k /boot/vmlinuz-linux \
# -f /boot/initramfs-linux.img \
# -c /etc/kernel/cmdline \
# -o /usr/lib/os-release \
# /efi/linux.efi
#
# sudo sbctl bundle -s -i /boot/intel-ucode.img \
# -l /usr/share/systemd/bootctl/splash-arch.bmp \
# -k /boot/vmlinuz-linux \
# -f /boot/initramfs-linux-fallback.img \
# -c /etc/kernel/cmdline \
# -o /usr/lib/os-release \
# /efi/linux-fallback.efi
$sudo sbctl bundle -s -i /boot/intel-ucode.img \
-l /usr/share/systemd/bootctl/splash-arch.bmp \
-k /boot/vmlinuz-linux-zen \
-f /boot/initramfs-linux-zen.img \
-c /etc/kernel/cmdline \
-o /usr/lib/os-release \
/efi/linux.efi
$sudo sbctl bundle -s -i /boot/intel-ucode.img \
-l /usr/share/systemd/bootctl/splash-arch.bmp \
-k /boot/vmlinuz-linux-zen \
-f /boot/initramfs-linux-zen-fallback.img \
-c /etc/kernel/cmdline \
-o /usr/lib/os-release \
/efi/linux-fallback.efi
$sudo sbctl sign-all -g
$sudo umount /usr/share/secureboot
$sudo cryptsetup luksClose secure
$sudo losetup -d "$LOOPDEV"
$sudo pacman -Rs linux linux-headers
printf 'QT_STYLE_OVERRIDE=adwaita-dark\nexport QT_STYLE_OVERRIDE\n' | $sudo tee -a /etc/profile.d/qt.sh
$sudo chmod 0644 /etc/profile.d/qt.sh
}
install_gnome_exts() {
local i VERSION_TAG
for i in \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected]; do
VERSION_TAG="$(curl -Lfs "https://extensions.gnome.org/extension-query/?search=${i}" | jq '.extensions[0] | .shell_version_map | map(.pk) | max')"
wget -O "${i}.zip" "https://extensions.gnome.org/download-extension/${i}.shell-extension.zip?version_tag=$VERSION_TAG"
gnome-extensions install --force "${i}.zip"
if ! gnome-extensions list | grep --quiet "${i}"; then
busctl --user call org.gnome.Shell.Extensions /org/gnome/Shell/Extensions org.gnome.Shell.Extensions InstallRemoteExtension s "${i}"
fi
gnome-extensions enable "${i}"
rm -f "${i}.zip"
done
if ! gnome-extensions list | grep --quiet [email protected]; then
busctl --user call org.gnome.Shell.Extensions /org/gnome/Shell/Extensions org.gnome.Shell.Extensions InstallRemoteExtension s [email protected]
fi
gnome-extensions enable [email protected]
}
configure_system() {
$sudo mv /etc/nsswitch.conf /etc/nsswitch.conf.bak
cat <<'EOF' | $sudo tee /etc/nsswitch.conf >/dev/null
# Name Service Switch configuration file.
# See nsswitch.conf(5) for details.
passwd: files systemd
group: files [SUCCESS=merge] systemd
shadow: files systemd
gshadow: files systemd
publickey: files
hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns
networks: files
protocols: files
services: files
ethers: files
rpc: files
netgroup: files
EOF
cat <<'EOF' | $sudo tee /etc/modprobe.d/scarlett.conf >/dev/null
options snd_usb_audio vid=0x1235 pid=0x8203 device_setup=1
EOF
cat <<'EOF' | $sudo tee /etc/ufw/applications.d/ufw-kdeconnect >/dev/null
[KDEConnect]
title=KDEConnect
description=KDE Connect protocol
ports=1714:1764/udp|1714:1764/tcp
EOF
cat <<'EOF' | $sudo tee /etc/ufw/applications.d/ufw-avahi >/dev/null
[Avahi]
title=Avahi
description=Avahi protocol
ports=5353/udp
EOF
cat <<'EOF' | $sudo tee /etc/ufw/applications.d/ufw-spotify >/dev/null
[Spotify]
title=Spotify
description=Spotify P2P communication
ports=57621/udp
EOF
cat <<'EOF' | $sudo tee /etc/profile.d/ibus.sh
export GTK_IM_MODULE=ibus
export XMODIFIERS=@im=ibus
export QT_IM_MODULE=ibus
export SDL_IM_MODULE=ibus
export GLFW_IM_MODULE=ibus
EOF
$sudo systemctl disable systemd-resolved
$sudo systemctl enable avahi-daemon
$sudo systemctl enable avahi-dnsconfd
$sudo systemctl enable acpid
$sudo systemctl enable ntpd
$sudo systemctl enable cups
$sudo systemctl enable gdm
$sudo systemctl enable NetworkManager
$sudo systemctl enable bluetooth
$sudo systemctl enable ufw
$sudo systemctl enable nvidia-hibernate
$sudo systemctl enable nvidia-persistenced
$sudo systemctl enable nvidia-resume
$sudo systemctl enable nvidia-suspend
$sudo systemctl enable irqbalance
$sudo systemctl enable lm_sensors
$sudo systemctl enable touchegg
$sudo systemctl enable tlp
$sudo systemctl enable NetworkManager-dispatcher
$sudo systemctl enable alsa-restore
$sudo systemctl enable alsa-state
$sudo systemctl mask systemd-rfkill.service systemd-rfkill.socket
$sudo ufw default deny
$sudo ufw limit SSH
$sudo ufw allow Avahi
$sudo ufw allow Spotify
$sudo ufw allow KDEConnect
$sudo ufw enable
}
systemd_user() {
mkdir -p "${HOME}/.config/systemd/user"
cat <<'EOF' >"$HOME"/.config/systemd/user/lemonade.service
[Unit]
Description=Lemonade server
[Service]
ExecStart=/sbin/lemonade server
[Install]
WantedBy=graphical-session.target
EOF
cat <<'EOF' >"$HOME"/.config/systemd/user/ibus.service
[Unit]
Description=IBus Daemon
[Service]
ExecStart=/sbin/ibus-daemon -x
[Install]
WantedBy=graphical-session.target
EOF
cat <<'EOF' >"$HOME"/.config/systemd/user/pop-launcher.service
[Unit]
Description=Pop!_OS Launcher
[Service]
ExecStart=/sbin/pop-launcher
[Install]
WantedBy=graphical-session.target
EOF
systemctl --user enable ibus
systemctl --user enable lemonade
systemctl --user enable pop-launcher
systemctl --user enable wireplumber
$sudo usermod -a -G log,proc,games,lock,dbus,network,power,cups,docker,avahi,video,uucp,storage,kvm,input,disk,audio,wheel shura
gh extension install mislav/gh-license
gh extension install dlvhdr/gh-dash
git config --global alias.co checkout
}
add_guest() {
sudo groupadd guest
sudo useradd -g guest -d /home/guest -p "$(openssl passwd '')" guest
echo 'tmpfs /home/guest tmpfs rw,relatime,noauto 0 0' | \
$sudo tee -a /etc/fstab >/dev/null
cat <<'EOF' | $sudo tee /etc/gdm/PostLogin/Default >/dev/null
#!/bin/sh
if [ "$USER" = guest ]; then
umount /home/guest >/dev/null 2>/dev/null
mkdir /home/guest
mount /home/guest
cp /etc/skel/.* /home/guest
chown -R guest:guest /home/guest
fi
exit 0
EOF
cat <<'EOF' | $sudo tee /etc/gdm/PostSession/Default >/dev/null
#!/bin/sh
if [ "$USER" = guest ]; then
umount /home/guest
fi
exit 0
EOF
$sudo chmod 755 /etc/gdm/Post{Login,Session}/Default
local pam
pam="$(
head -1 /etc/pam.d/gdm-password;
echo;
echo "auth sufficient pam_succeed_if.so user ingroup guest";
tail -n+2 /etc/pam.d/gdm-password
)"
printf '%s' "$pam" | $sudo tee /etc/pam.d/gdm-password >/dev/null
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment