first pass based on archmate.sh (untested)

archxfce.sh

@@ -0,0 +1,520 @@
+#!/bin/bash
+#shellcheck disable=SC2181,SC2086,SC2034
+#
+# archxfce.sh - Arch installation script
+# SPDX-License-Identifier: MIT
+#
+# 1. boot archlinux-<date>-dual.iso
+# 2. curl -o archxfce.sh <url-to-this-script>
+#
+# 3. bash archxfce.sh axprep      (extracts 'axprep.sh')
+# 4. bash archxfce.sh axconf      (extracts 'axconf.sh')
+#
+# 5. vi axprep.sh axconf.sh       (configure)
+# 6. bash axprep.sh               (optional)
+# 7. arch-chroot /mnt
+#
+# 8. cd /root; ./archxfce.sh      (in the chroot)
+#
+# axprep.sh is handy but not required - the idea is you can replace
+# the content with your own setup to save on a lot of typing. The
+# included, commented out code will mount and pacstrap, e.g.
+#
+# axconf.sh will be copied to /mnt/root/ with the provided code
+# in axprep.sh if uncommented. Store your own variable settings in
+# this file to avoid editing this script.
+#
+# archxfce.sh expects everything mounted, pacstrap run and is being
+# executed from the arch-chroot. (axprep.sh helps with those steps)
+
+######################################################################
+### BOCONF - DO NOT REMOVE OR ALTER THIS LINE
+## USER VARS
+
+# These must be changed
+HOSTNAME="myhostname"
+USERNAME="myusername"
+
+# For ${USERNAME} what will be passed to useradd
+#  - 'wheel' will be added to /etc/sudoers
+#  - 'vboxusers' will be added dynamically
+USER_PGRP="users"
+USER_SGRP="wheel,storage,power,wireshark"
+USER_SHLL="/bin/bash"
+
+# Set this to true if this is a Virtualbox guest
+VBOXGUEST=false
+
+# Set this to true if this is a Virtualbox host
+VBOXHOST=false
+
+# Various date/time/locale things
+ARCH_TZ="America/Chicago"
+ARCH_LA="en_US"
+ARCH_CP="UTF-8"
+ARCH_KM="us"
+ARCH_VF="eurlatgr"
+
+# grub mode ('bios' or 'uefi') and boot disk/partitions
+GRUB_MODE="bios"
+GRUB_BIOS_DISK="/dev/sda"
+GRUB_UEFI_PART="/dev/sda1"
+
+# Be careful changing this
+PKG_CORE="grub linux linux-firmware linux-headers linux-lts linux-lts-headers os-prober intel-ucode lvm2 dkms dbus-broker-units"
+
+# Can be tuned - includes all video drivers, etc.
+PKG_XORG="xorg xorg-appres xorg-drivers xorg-xfontsel xorg-xinit xorg-twm xorg-xclock xorg-apps xterm alsa-utils gnu-free-fonts libva-intel-driver mesa ttf-dejavu ttf-liberation xclip"
+
+# If VBOXGUEST=true
+PKG_GVBOX="virtualbox-guest-utils"
+
+# If VBOXHOST=true
+PKG_HVBOX="virtualbox virtualbox-host-dkms"
+
+# CLI stuff
+PKG_CLI="acpi alsa-firmware android-udev base-devel bash-completion bc bind-tools chrony cpio cronie dhclient dmidecode ethtool gdisk git gnu-netcat haveged horst iftop iw kexec-tools lshw lsof mailx mtr mutt net-tools nfs-utils nmap ntfs-3g openssh parted pkgstats pwgen pyalpm rclone rpcbind rsync screen sharutils strace stunnel sudo tcpdump traceroute tmux unrar unzip usb_modeswitch wget whois wireshark-cli zip zsh zsh-completions"
+
+# X Desktop stuff
+PKG_DWIN="accountsservice lightdm-gtk-greeter gnome-keyring gnome-themes-extra gst-libav gst-plugin-pipewire gst-plugins-good gst-plugins-bad gst-plugins-ugly gtk-engine-murrine gtk-engines libgnome-keyring networkmanager networkmanager-openconnect networkmanager-openvpn networkmanager-pptp networkmanager-vpnc network-manager-applet pipewire pipewire-alsa pipewire-pulse pipewire-v4l2 wireplumber xarchiver xdg-user-dirs xfce4 xfce4-goodies xreader"
+
+# GUI stuff
+PKG_XAPP="audacious audacious-plugins chromium dconf-editor firefox galculator geeqie gimp gkrellm gucharmap gvfs-afc gvfs-mtp gvfs-smb gvim hunspell-en_US hyphen-en libreoffice-fresh seahorse vlc x11-ssh-askpass wireshark-qt"
+
+# Non-essential goodies
+PKG_EXTRA="android-tools argyllcms aspell axel blueman bluez cadaver clang cmake cmus coin-or-mp colord colord-gtk cups cups-filters cups-pdf cups-pk-helper datamash dialog dos2unix doxygen easytag elinks exfatprogs expac expect extra-cmake-modules fdupes feh ffmpeg figlet foomatic-db foomatic-db-engine foomatic-db-gutenprint-ppds foomatic-db-ppds freeglut freerdp gdb go graphicsmagick gspell gutenprint hspell hwinfo i7z id3v2 inetutils intel-media-sdk iotop jhead jq ladspa libdvdcss libisoburn libmicrohttpd libmp4v2 libtiger libvoikko links llvm logrotate lua lynx man-pages mcpp meld mercurial mplayer mpv msr-tools namcap nano ncftp netctl nethogs noto-fonts noto-fonts-cjk numactl nuspell ocl-icd onevpl-intel-gpu opusfile p7zip pacman-contrib pacutils perf perl-image-exiftool perl-net-dbus picard qt5-tools qt5-wayland qt5-xmlpatterns restic rtkit rust sdl_image sg3_utils sqlitebrowser subversion syslinux sysstat system-config-printer texlive-bin thunderbird tigervnc time tree tk transmission-gtk ttf-hack ttf-hannom ttf-opensans usbutils vamp-plugin-sdk vi vorbis-tools weechat words xine-lib zig"
+
+# Things that get dragged in by xorg to remove
+PKG_XDEL="xorg-fonts-100dpi xorg-fonts-75dpi xorg-fonts-alias-100dpi xorg-fonts-alias-75dpi mod_dnssd apache"
+
+# Where we'll log all actions (in the chroot)
+ACTLOG="/root/archxfce.log"
+
+# Which file will override all settings (in the chroot)
+AXCONF="/root/axconf.sh"
+
+### EOCONF - DO NOT REMOVE OR ALTER THIS LINE
+######################################################################
+
+######################################################################
+### BOPREP - DO NOT REMOVE OR ALTER THIS LINE ###
+## These are typically done by hand based on partitioning, etc.
+#
+## Helpful Hints
+#  'mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 ...'
+#  'parted /dev/sda set 1 boot on'
+#
+## Common
+# swapon /dev/mapper/vglocal-swap
+# mount /dev/mapper/vglocal-root /mnt
+# mkdir /mnt/{boot,home}
+# mount /dev/mapper/vglocal-home /mnt/home
+#
+## MBR Style
+# mount /dev/sda1 /mnt/boot
+#
+## UEFI Style
+# mount /dev/sda2 /mnt/boot
+# mkdir /mnt/boot/efi
+# mount /dev/sda1 /mnt/boot/efi
+#
+## Pacstrap
+# pacstrap /mnt base linux linux-firmware --noprogressbar 2>&1 | tee -a pacstrap.log
+# genfstab -p -U /mnt >> /mnt/etc/fstab
+# cp archxfce.sh /mnt/root/ && chmod +x /mnt/root/archxfce.sh
+# cp pacstrap.log /mnt/root/
+# [ -f "axprep.sh" ] && cp axprep.sh /mnt/root/
+# [ -f "axconf.sh" ] && cp axconf.sh /mnt/root/
+#
+## arch-chroot /mnt
+### EOPREP - DO NOT REMOVE OR ALTER THIS LINE ###
+######################################################################
+
+######################################################################
+## EXTRACTION
+
+# this will save the top part of this script to "axprep.sh" - handy
+# if you wget this script from a boot ISO and want to save the
+# pre-prepared stuff for use that is not done on purpose
+if [[ "$1" == "axprep" ]] && [[ -f "archxfce.sh" ]]; then
+  echo
+  echo "== Creating axprep.sh and exiting =="
+  echo
+  sed -n '/^### BOPREP/,/^### EOPREP/p' archxfce.sh > axprep.sh
+  exit 2
+fi
+
+# this will save the top part of this script to "axconf.sh" - handy
+# if you want to avoid editing this script
+if [[ "$1" == "axconf" ]] && [[ -f "archxfce.sh" ]]; then
+  echo
+  echo "== Creating axconf.sh and exiting =="
+  echo
+  sed -n '/^### BOCONF/,/^### EOCONF/p' archxfce.sh > axconf.sh
+  exit 2
+fi
+
+######################################################################
+## FUNCTIONS
+
+# if a config exists, read it in
+# shellcheck source=/dev/null
+[ -f "${AXCONF}" ] && source "${AXCONF}"
+
+# trap our signals
+#shellcheck disable=SC2317
+function error_exit {
+  echo "Trapped a kill signal, exiting."
+  exit 99
+}
+trap error_exit SIGHUP SIGINT SIGTERM
+
+# handy exit function
+function myexit() {
+  echo "$1"
+  exit 1
+}
+
+# run action, log output, return exit code
+# - passing in 'sed' should be avoided
+# - functions can only return 0..254
+# -- set a global to check as needed
+_ACTRET=0
+function logact() {
+  local ACTION
+  ACTION="$*"
+  ${ACTION} 2>&1 | tee -a ${ACTLOG}
+  _ACTRET=${PIPESTATUS[0]}
+  return ${_ACTRET}
+}
+
+######################################################################
+## ERROR CHECKING
+
+# this will bypass the safety check for /etc/locale.conf (debugging)
+UNSAFE=false
+
+# did you edit this script?
+if [[ "${HOSTNAME}" == "myhostname" ]] || [[ "${USERNAME}" == "myusername" ]]
+then
+  myexit "Edit HOSTNAME and USERNAME in this script first - exiting."
+fi
+# did you arch-chroot?
+if [[ -f /mnt/etc/fstab ]]; then
+  myexit "Did you arch-chroot? Found /mnt/etc/fstab - exiting."
+fi
+# did you pacstrap?
+if [[ ! -f /etc/arch-release ]]; then
+  myexit "This doesn't look like Arch, no /etc/arch-release - exiting."
+fi
+# is this a live system?
+if [[ -f /etc/locale.conf ]]; then
+  if [[ ! ${UNSAFE} ]]; then
+    myexit "This looks like a live system, found /etc/locale.conf - exiting."
+  fi
+fi
+
+######################################################################
+## MISC SETUP
+
+# we'll store cookies here -- allows this script to run in stages
+[[ ! -d /root/.archxfce ]] && mkdir /root/.archxfce
+
+# cleaner code below ('#' 70 times)
+_BAR=$(printf '#%.0s' {1..70})
+
+######################################################################
+## STAGES
+
+## LOG START ##
+_DTS=$(date)
+logact echo -e "\n${_BAR}\n${_BAR}\n## Started: ${_DTS}\n${_BAR}\n${_BAR}"
+
+## STAGE 1 ##
+logact echo -e "\n${_BAR}\n## Stage 1: Performing initial setup\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-1.done ]]; then
+  # Language etc.
+  export LANG="${ARCH_LA}.${ARCH_CP}"
+  echo "${ARCH_LA}.${ARCH_CP} ${ARCH_CP}" >> /etc/locale.gen
+  logact locale-gen
+  cat << EOF > /etc/locale.conf
+LANG="${ARCH_LA}.${ARCH_CP}"
+LC_COLLATE="C"
+EOF
+
+  cat << EOF > /etc/vconsole.conf
+KEYMAP="${ARCH_KM}"
+FONT="${ARCH_VF}"
+EOF
+
+  # time/date/hostname
+  logact ln -s /usr/share/zoneinfo/${ARCH_TZ} /etc/localtime
+  logact hwclock --systohc --utc
+  echo ${HOSTNAME} > /etc/hostname
+  cat << EOF >> /etc/hosts
+127.0.0.1  localhost
+::1        localhost
+127.0.1.1  ${HOSTNAME}
+EOF
+
+  touch /root/.archxfce/stage-1.done
+else
+  logact echo " - /root/.archxfce/stage-1.done found, skipping."
+fi
+
+## STAGE 2 ##
+logact echo -e "\n${_BAR}\n## Stage 2: Installing core packages\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-2.done ]]; then
+  logact pacman -Sy --noconfirm --noprogressbar
+  [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+  logact pacman -S --noconfirm --noprogressbar ${PKG_CORE}
+  [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+
+  touch /root/.archxfce/stage-2.done
+else
+  logact echo " - /root/.archxfce/stage-2.done found, skipping."
+fi
+
+# Prevent the screen going blank during install
+setterm -powersave off -powerdown 0 -blank 0
+
+## STAGE 3 ##
+logact echo -e "\n${_BAR}\n## Stage 3: Setting up GRUB and kernels\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-3.done ]]; then
+  # add lvm2 hook
+  sed -i.bak -r 's/^HOOKS=(.*)block(.*)/HOOKS=\1block lvm2\2/g' \
+    /etc/mkinitcpio.conf
+  logact mkinitcpio -p linux
+  logact mkinitcpio -p linux-lts
+
+  # GRUB our way
+  sed -i.bak -r -e 's/^GRUB_DEFAULT=(.*)/#GRUB_DEFAULT=\1/g' \
+    -e 's/^GRUB_CMDLINE_LINUX_DEFAULT=(.*)/#GRUB_CMDLINE_LINUX_DEFAULT=\1/g' \
+    -e 's/^GRUB_SAVEDEFAULT=(.*)/#GRUB_SAVEDEFAULT=\1/g' /etc/default/grub
+  cat << 'EOF' >> /etc/default/grub
+GRUB_DEFAULT=saved
+GRUB_CMDLINE_LINUX_DEFAULT=""
+GRUB_SAVEDEFAULT="true"
+GRUB_DISABLE_SUBMENU=y
+EOF
+  if [[ "${GRUB_MODE}" == "bios" ]]; then
+    logact grub-install --target=i386-pc --recheck ${GRUB_BIOS_DISK}
+  elif [[ "${GRUB_MODE}" == "uefi" ]]; then
+    logact pacman -S --noconfirm --noprogressbar dosfstools efibootmgr
+    [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+    logact grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch_grub --recheck --debug
+    logact mkdir -p /boot/efi/EFI/boot
+    logact cp -a /boot/efi/EFI/arch_grub/grubx64.efi /boot/efi/EFI/boot/bootx64.efi
+  fi
+  logact grub-mkconfig -o /boot/grub/grub.cfg
+  ROOT_PART=$(grub-probe --target=device /)
+  ROOT_UUID=$(grub-probe --device ${ROOT_PART} --target=fs_uuid)
+  logact grub-set-default "gnulinux-linux-advanced-${ROOT_UUID}"
+
+  touch /root/.archxfce/stage-3.done
+else
+  logact echo " - /root/.archxfce/stage-3.done found, skipping."
+fi
+
+## STAGE 4 ##
+logact echo -e "\n${_BAR}\n## Stage 4: Installing Xorg and Virtualbox\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-4.done ]]; then
+
+  # base X.org
+  logact pacman -S --noconfirm --noprogressbar ${PKG_XORG}
+  [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+
+  # Virtualbox Host
+  if [[ $VBOXHOST == true ]]; then
+    logact echo "Installing Virtualbox Host..."
+    logact pacman -S --noconfirm --noprogressbar ${PKG_HVBOX}
+    [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+    cat << 'EOF' > /etc/modules-load.d/vboxhost.conf
+vboxdrv
+EOF
+    USER_SGRP="${USER_SGRP},vboxusers"
+    logact systemctl enable dkms.service
+  fi
+
+  # Virtualbox Guest
+  if [[ $VBOXGUEST == true ]]; then
+    logact echo "Installing Virtualbox Guest..."
+    logact pacman -S --noconfirm --noprogressbar ${PKG_GVBOX}
+    [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+    cat << 'EOF' > /etc/modules-load.d/vboxguest.conf
+vboxguest
+vboxsf
+vboxvideo
+EOF
+    logact systemctl enable dkms.service
+    logact systemctl enable vboxservice.service
+  fi
+
+  touch /root/.archxfce/stage-4.done
+else
+  logact echo " - /root/.archxfce/stage-4.done found, skipping."
+fi
+
+## STAGE 5 ##
+logact echo -e "\n${_BAR}\n## Stage 5: Installing all other packages\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-5.done ]]; then
+  logact pacman -S --noconfirm --noprogressbar ${PKG_CLI} ${PKG_DWIN} ${PKG_XAPP}
+  [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+
+  logact pacman -S --noconfirm --noprogressbar ${PKG_EXTRA}
+  [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+
+  logact pacman -Rnu --noconfirm ${PKG_XDEL}
+  [[ $? -ne 0 ]] && myexit "pacman error - exiting."
+
+  # clean up a little
+  logact pacman -Sc --noconfirm
+
+  logact mv /etc/lightdm/lightdm-gtk-greeter.conf{,.bak}
+  cat << 'EOF' > /etc/lightdm/lightdm-gtk-greeter.conf
+[greeter]
+theme-name = Adwaita-dark
+font-name = Sans 12
+user-background = false
+xft-antialias = true
+xft-hintstyle = none
+xft-rgba = rgb
+EOF
+
+  touch /root/.archxfce/stage-5.done
+else
+  logact echo " - /root/.archxfce/stage-5.done found, skipping."
+fi
+
+## STAGE 6 ##
+logact echo -e "\n${_BAR}\n## Stage 6: User Setup\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-6.done ]]; then
+  logact echo -e "\n== Setting root password =="
+  passwd root
+
+  logact echo -e "\n== Adding user ${USERNAME} =="
+  logact useradd -m -g ${USER_PGRP} -G ${USER_SGRP} -s ${USER_SHLL} ${USERNAME}
+  passwd ${USERNAME}
+  echo '%wheel ALL=(ALL) ALL' >> /etc/sudoers
+
+  ## AUR setup as a user later
+  if [[ ! -f "/home/${USERNAME}/aur_setup.sh" ]]; then
+    logact echo -e "\n== Creating /home/${USERNAME}/aur_setup.sh =="
+    cat << 'EOF' > /home/${USERNAME}/aur_setup.sh
+mkdir ~/aurhub
+cd ~/aurhub/
+git clone https://aur.archlinux.org/pikaur.git
+cd pikaur
+sudo pacman -Sy
+makepkg -fsri
+
+## random AUR things - uncomment/edit as desired
+#PKG_AUR="bluez-firmware bvi downgrade gkrellm-themes gnome-icon-theme gnome-icon-theme-symbolic networkmanager-dispatcher-chrony pandoc-bin shellcheck-bin simplescreenrecorder smem"
+#pikaur -S --noconfirm ${PKG_AUR}
+EOF
+    chown ${USERNAME}:users /home/${USERNAME}/aur_setup.sh
+  fi
+  touch /root/.archxfce/stage-6.done
+else
+  logact echo " - /root/.archxfce/stage-6.done found, skipping."
+fi
+
+## STAGE 7 ##
+logact echo -e "\n${_BAR}\n## Stage 7: Enabling system services\n${_BAR}"
+
+if [[ ! -f /root/.archxfce/stage-7.done ]]; then
+
+  # firewall rules, port 22 open by default
+  rm -f /etc/iptables/*.rules
+  cat << 'EOF' > /etc/iptables/iptables.rules
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp-host-prohibited
+-A FORWARD -j REJECT --reject-with icmp-host-prohibited
+COMMIT
+EOF
+  cat << 'EOF' > /etc/iptables/ip6tables.rules
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p ipv6-icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
+-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
+-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
+COMMIT
+EOF
+
+  # keep the journal small
+  mkdir -p /etc/systemd/journald.conf.d
+  cat << 'EOF' > /etc/systemd/journald.conf.d/logtime.conf
+[Journal]
+MaxRetentionSec=1week
+SystemMaxUse=50M
+EOF
+
+  # kill user processes on logout
+  mkdir -p /etc/systemd/logind.conf.d
+  cat << 'EOF' > /etc/systemd/logind.conf.d/killprocs.conf
+[Login]
+KillUserProcesses=yes
+EOF
+
+  # don't save coredumps
+  mkdir -p /etc/systemd/coredump.conf.d
+  cat << 'EOF' > /etc/systemd/coredump.conf.d/storage.conf
+[Coredump]
+Storage=none
+EOF
+  echo 'kernel.core_pattern=' > /etc/sysctl.d/50-coredump.conf
+
+  # allow strace of own processes
+  echo 'kernel.yama.ptrace_scope=0' > /etc/sysctl.d/10-ptrace.conf
+
+  logact systemctl enable lightdm.service
+  logact systemctl enable NetworkManager.service
+  logact systemctl enable bluetooth.service
+  logact systemctl enable cronie.service
+  logact systemctl enable iptables.service
+  logact systemctl enable ip6tables.service
+  logact systemctl enable sshd.service
+  logact systemctl enable chronyd.service
+  logact systemctl enable accounts-daemon.service
+  logact systemctl enable cups.service
+  logact systemctl enable sysstat.service
+  logact systemctl enable haveged.service
+
+  touch /root/.archxfce/stage-7.done
+else
+  logact echo " - /root/.archxfce/stage-7.done found, skipping."
+fi
+
+## LOG FINISH ##
+_DTS=$(date)
+logact echo -e "\n${_BAR}\n${_BAR}\n## Finished: ${_DTS}\n${_BAR}\n${_BAR}"
+
+logact echo -e "Typical next steps:\n"
+logact echo "# alsamixer (change base levels to ~50%)"
+logact echo "# vim /etc/chrony.conf to set offline mode (laptop)"
+logact echo "# vim /etc/mkinitcpio.conf (add resume hook for laptop)"
+logact echo "# vim /etc/fstab (add discard for SSD)"
+logact echo "# systemctl enable fstrim.timer (SSD)"
+logact echo "# systemctl enable cpupower.service (laptop)"
+logact echo -e "\n# exit (the chroot)\n# umount -R /mnt\n# reboot\n"
+
+exit 0
+