diff --git a/_machines/dionysus.yml b/_machines/dionysus.yml new file mode 100644 index 0000000..0bcd472 --- /dev/null +++ b/_machines/dionysus.yml @@ -0,0 +1,62 @@ +font_size: 11 + +gpu: intel +cpu: intel + +users: +- name: hannes + vt: 1 + firefox_profiles: + default: + extensions: + - ublock-origin + - passff + - privacy-badger17 + - tree-style-tab + - i-dont-care-about-cookies + - floccus + manage_css: true + media: + extensions: + - ublock-origin + - passff + - privacy-badger17 + - tree-style-tab + - i-dont-care-about-cookies + manage_css: true + bigger_font: true + mail: hannes@hkoerber.de + ssh_agent: false + gpg_agent: true + gpg_agent_for_ssh: true + gpg_key: + email: hannes@hkoerber.de + id: "0xB5C002530C6A2053" + fingerprint: "973AE48D71B76735C4712B5BB5C002530C6A2053" + environment: + MACHINE_HAS_NEXTCLOUD: "true" + +screen: + 1: HDMI-1 + 2: HDMI-1 + 3: HDMI-1 + 4: HDMI-1 + 5: HDMI-1 + 6: HDMI-1 + 7: HDMI-1 + 8: HDMI-1 + 9: HDMI-1 + 0: HDMI-1 + +workspace: + 1: "" + 2: "" + 3: "" + +environment: + MACHINE_TYPE: "tv" + MACHINE_HAS_KEEPASSXC: "false" + MACHINE_HAS_NEXTCLOUD: "true" + MACHINE_HAS_STEAM: "false" + MACHINE_RESOLUTION_X: "1920" + MACHINE_RESOLUTION_Y: "1080" diff --git a/install_scripts/dionysus.sh b/install_scripts/dionysus.sh new file mode 100755 index 0000000..15266c4 --- /dev/null +++ b/install_scripts/dionysus.sh @@ -0,0 +1,137 @@ +#!/usr/bin/env bash + +set -o xtrace +set -o nounset +set -o errexit + +DEVICE="/dev/nvme0n1" + +if [[ ! -b "${DEVICE}" ]] ; then + printf '%s does not look like a device\n' "${DEVICE}" + exit 1 +fi + +if [[ ! -d /sys/firmware/efi/efivars ]] ; then + printf 'efivars does not exist, looks like the system is not booted in EFI mode\n' + exit 1 +fi + +loadkeys de-latin1 + +timedatectl set-ntp true + +sed -e 's/\s*\([^#]*\).*/\1/' << EOF | sfdisk ${DEVICE} + label: gpt + device: ${DEVICE} + + ${DEVICE}p1 : name=uefi , size=512M , type=uefi + ${DEVICE}p2 : name=boot , size=512M , type=linux + ${DEVICE}p3 : name=cryptpart , type=linux +EOF + +# might take a bit for the new partion table to be updated in-kernel +sleep 1 + +while : ; do + cryptsetup --batch-mode luksFormat --iter-time 1000 ${DEVICE}p3 + cryptsetup --batch-mode open --tries 1 ${DEVICE}p3 cryptpart && break +done + +pvcreate /dev/mapper/cryptpart +vgcreate vgbase /dev/mapper/cryptpart + +lvcreate -L 16G vgbase -n swap +lvcreate -l 100%FREE vgbase -n root + +yes | mkfs.fat -F32 ${DEVICE}p1 +yes | mkfs.ext4 ${DEVICE}p2 +yes | mkfs.ext4 /dev/vgbase/swap +yes | mkfs.ext4 /dev/vgbase/root + +mount /dev/vgbase/root /mnt + +mkdir /mnt/efi +mount ${DEVICE}p1 /mnt/efi + +mkdir /mnt/boot +mount ${DEVICE}p2 /mnt/boot + +mkswap /dev/vgbase/swap +swapon /dev/vgbase/swap + +pacstrap /mnt base linux-zen linux-firmware networkmanager intel-ucode lvm2 grub efibootmgr + +genfstab -U /mnt >> /mnt/etc/fstab + +cat << CHROOTSCRIPT > /mnt/chroot-script.sh + +set -o xtrace +set -o errexit +set -o nounset + +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime +hwclock --systohc + +sed -i 's/^#de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen +sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen + +locale-gen + +printf 'LANG=en_US.UTF-8\n' > /etc/locale.conf + +printf 'KEYMAP=de-latin1\nFONT=lat2-16\n' > /etc/vconsole.conf + +printf 'dionysus\n' > /etc/hostname + +cat < /etc/hosts +127.0.0.1 localhost +::1 localhost +127.0.1.1 dionysus +EOF + +sed -i 's/^HOOKS=.*$/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems resume fsck)/' /etc/mkinitcpio.conf + +mkinitcpio -P + +grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB + +sed -i "s/^GRUB_CMDLINE_LINUX=.*$/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=\$(blkid -s UUID -o value ${DEVICE}p3):cryptpart root=UUID=\$(blkid -s UUID -o value /dev/vgbase/root)\"/" /etc/default/grub +sed -i "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*$/GRUB_CMDLINE_LINUX_DEFAULT=\"resume=UUID=\$(blkid -s UUID -o value /dev/vgbase/swap)\"/" /etc/default/grub +sed -i 's/^GRUB_DISABLE_RECOVERY=.*$/GRUB_DISABLE_RECOVERY=/' /etc/default/grub + +grub-mkconfig -o /boot/grub/grub.cfg + +systemctl enable NetworkManager + +passwd + +# enable root autologin on first boot + +mkdir /etc/systemd/system/getty@tty1.service.d/ +cat << EOF > /etc/systemd/system/getty@tty1.service.d/autologin.conf +[Service] +ExecStart= +ExecStart=-/sbin/agetty -o '-p -f -- \\u' --noclear --autologin root %I $TERM +EOF +# ExecStartPost=/bin/rm /etc/systemd/system/getty@tty1.service.d/autologin.conf +# ExecStartPost=/bin/rmdir /etc/systemd/system/getty@tty1.service.d/ + +# Run +cat << 'EOF' > /root/.bash_profile + if [[ "\$(tty)" == "/dev/tty1" ]] ; then + while ! ping -w 3 -c 3 8.8.8.8 ; do + nmtui + sleep 5 + done + rm -rf /etc/systemd/system/getty@tty1.service.d/ + if /var/lib/dotfiles/install.sh ; then + rm -f /root/.bash_profile + reboot + fi + fi +EOF +CHROOTSCRIPT + +chmod +x /mnt/chroot-script.sh +arch-chroot /mnt /chroot-script.sh +rm -f /mnt/chroot-script.sh diff --git a/test.sh b/test.sh index bc4171b..9c58e4f 100755 --- a/test.sh +++ b/test.sh @@ -241,7 +241,7 @@ configure_new_system() { wait } -machines=(ares neptune) +machines=(ares neptune dionysus) if (($# > 0)); then machines=("${@}") fi @@ -264,6 +264,13 @@ for hostname in "${machines[@]}"; do "-drive" "if=pflash,format=raw,file=${tmpdir}/efivars.fd" ) ;; + dionysus) + hostqemuopts=( + "-device" "nvme,serial=rootnvme,drive=root" + "-drive" "if=pflash,format=raw,readonly=true,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd" + "-drive" "if=pflash,format=raw,file=${tmpdir}/efivars.fd" + ) + ;; *) printf "unknown hostname: %s\n" "${hostname}" >&2 exit 1