A fully functional server installation
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

665 lines
17 KiB

#!/bin/bash
#
#######################################################################################################################
#
# Installation script for Arch Linux.
# With LUKS, LVM, KDE and other packages.
#
# Visit https://git.pwoss.xyz/desktop/iso for latest code and other details
#
############################ GPLv2 License
# Copyright (C) 11 Sept 2019 Modified by Daniel Sundermann for https://git.pwoss.xyz/desktop/iso
# Copyright (C) 22 June 2019 Adam Charlton at https://git.pwoss.xyz/server/iso
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with
# this program; if not, see <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>.
############################ GPLv2 License end
############################# Change only between the 2 lines
AUTO_REBOOT=true # Disable auto reboot 'false'
# Mirror
REFLECTOR="reflector --country Australia --age 12 --protocol https --sort rate --save /etc/pacman.d/mirrorlist" # Change country
# Defaults
## User
USERNAME="pwoss"
PASSWORD="pwoss"
## Root user
PASSWORDROOT="pwoss"
## LUKS password
CRYPTPWDROOT="pwoss" # Root partition
CRYPTPWDHOME="pwoss" # Home partition (Also gets a LUKS key.)
## Quantity of hard drives
QDISKS="" # Select the number "1" OR "2". If you have more than 2 hard drives, select 2.
## Choose encryption
ENCRYPTION="" # Select "YES" OR "NO" whether you want encryption or not.
## Timezone
TIMEZONE="Pacific/Auckland" # Your timezone (Command='timedatectl list-timezones')
## Microcode # More info at https://wiki.archlinux.org/index.php/Microcode
#MICROCODE="amd-ucode" # AMD CPU (choose amd OR intel)
#MICROCODE="intel-ucode" # Intel CPU (choose amd OR intel)
## Packages
PACKAGES="base base-devel grub efibootmgr linux-headers openssh sudo git ufw $MICROCODE bash-completion archiso cronie mariadb nginx php reflector" # Add or delete only pkgs after '$MICROCODE'
## Enable services
SERVICES="sshd ufw mariadb nginx php"
############################# Change only between the 2 lines
# Don't change anything further down. Only if you know what you are doing.
## Disk/s
### HDD / SSD
HARDDISK="/dev/sda" # Boot (+efi) & root disk
HARDDISK2="/dev/sdb" # Home disk
### LUKS
CRYPTDISKROOT="/dev/mapper/root" # Root LUKS partition
CRYPTDISKHOME="/dev/mapper/home" # Home LUKS partition
### LVM
LVMDISKROOT="/dev/vg0/root" # Root LVM logical volume
LVMSWAP="/dev/vg0/swap" # Swap LVM logical volume
LVMDISKHOME="/dev/vg1/home" # Home LVM logical volume
### /dev/sda & /dev/sdb
EFI="${HARDDISK}1" # /dev/sda1
BOOT="${HARDDISK}1" # /dev/sda1
ROOT="${HARDDISK}2" # /dev/sda2
HOME="${HARDDISK2}1" # /dev/sdb1
## UEFI or BIOS
MODE="" # It gets automatically detected.
## CHROOT variable
CHROOT="arch-chroot /mnt"
## Command when we need to handle a verbose executed command that prompts for arguments
CMD="sed -e 's/\s*\([\+0-9a-zA-Z]*\).*/\1/'"
# Detect the system boot mode
[ -d /sys/firmware/efi ] && MODE="UEFI" || MODE="BIOS"
function usage() {
cat <<EOF
Usage:
pwoss <[options]> -u [<username>]
pwoss <[options]> --username=[<username>]
Options:
-h --help show this message
-u --username set username e.g. $USERNAME
-p --password set user password e.g. $PASSWORD
-r --root-password set root password e.g. $PASSWORDROOT
-e --encryption set encryption e.g. $ENCRYPTION
-cr --crypt-root set root password e.g. $CRYPTPWDROOT
-ch --crypt-home set home password e.g. $CRYPTPWDHOME
-t --timezone set timezine e.g. $TIMEZONE
-q --quantity-disks set numbers of hd e.g. $QDISKS
-d --disk set install disk e.g. $HARDDISK
-d2 --disk2 set home disk e.g. $HARDDISK2
EOF
}
# Handle user provided arguments
while getopts u:p:t:d:h- option
do
case "${option}"
in
u) USERNAME=${OPTARG};;
p) PASSWORD=${OPTARG};;
r) PASSWORDROOT=${OPTARG};;
e) ENCRYPTION=${OPTARG};;
cr) CRYPTPWDROOT=${OPTARG};;
ch) CRYPTPWDHOME==${OPTARG};;
q) QDISKS==${OPTARG};;
d) HARDDISK=${OPTARG};;
d2) HARDDISK2=${OPTARG};;
t) TIMEZONE=${OPTARG};;
h) usage; exit;;
-) [ $OPTIND -ge 1 ] && optind=$(expr $OPTIND - 1 ) || optind=$OPTIND
eval option="\$$optind"
if [[ $option == *['=']* ]]
then
case ${option%=*} in
--username) USERNAME=${option##*=};;
--password) PASSWORD=${option##*=};;
--root-password) PASSWORDROOT=${option##*=};;
--encryption) ENCRYPTION=${option##*=};;
--crypt-root) CRYPTPWDROOT=${option##*=};;
--crypt-home) CRYPTPWDHOME=${option##*=};;
--timezone) TIMEZONE=${option##*=};;
--quantity-disks) QDISKS=${option##*=};;
--disk) HARDDISK=${option##*=};;
--disk2) HARDDISK2=${option##*=};;
--help) usage; exit;;
*) usage; exit;;
esac
else
echo "Invalid Syntax"
usage
exit
fi
OPTIND=1
shift
;;
esac
done
# Prompt user to run script
while true; do
cat << EOF
Account Details:
Username $USERNAME
Password $PASSWORD
Root password $PASSWORDROOT
Encryption Details:
Set up encryption $ENCRYPTION
Password root partition $CRYPTPWDROOT
Password home partition $CRYPTPWDHOME
Install Options:
Timezone $TIMEZONE
Desktop ENV $DESKTOP
Microcode $MICROCODE
Quantity Disks $QDISKS
Disk $HARDDISK
Disk2 $HARDDISK2
Mode $MODE
Note:
Customize additional files in the ~/etc directory. All files are
be copied to the new system after the base install is completed
WARNING!!!
Operation will erase all contents on $HARDDISK and $HARDDISK2
EOF
read -p ":: Proceed with installation? [y/N]" yn
case $yn in
[Yy]*) break;;
*) exit;;
esac
done
###
### Do not edit anything below this line
###
# Update the system clock
timedatectl set-ntp true
# Create partitions for UEFI/BIOS mode and 1/2 harddrive/s
## EFI Mode & 2 Disk Installation
if [[ $MODE == "UEFI" && $QDISKS == "2" ]]
then
### EFI & root partition
eval $CMD << FDISK_CMDS | sudo fdisk $HARDDISK
g # create new GPT partition
n # add new partition
1 # partition number
# default - first sector
+256MiB # partition size
n # add new partition
2 # partition number
# default first sector
# partition size
t # change partition type
1 # partition number
1 # EFI partition code
w # write partition table and exit
FDISK_CMDS
### Home partition
eval $CMD << FDISK_CMDS | sudo fdisk $HARDDISK2
g # create new GPT partition
n # add new partition
1 # partition number
# default - first sector
# default - last sector
w # write partition table and exit
FDISK_CMDS
### EFI Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.fat -F32 $EFI
y
MKFS_FAT_CMDS
## BIOS Mode & 2 Disk Installation
elif [[ $MODE == "BIOS" && $QDISKS == "2" ]]
then
### BOOT & root partition
eval $CMD << FDISK_CMDS | sudo fdisk $HARDDISK
o # create new DOS partition
n # add new partition
p # make primary partition
1 # partition number
# default - first sector
+512MiB # partition size
n # add new partition
p # make primary partition
2 # partition number
# default - first sector
# default - last sector
t # change partition type
1 # partition number
a # BOOT partition code
w # write partition table and exit
FDISK_CMDS
### Home partition
eval $CMD << FDISK_CMDS | sudo fdisk $HARDDISK2
o # create new DOS partition
n # add new partition
p # make primary partition
1 # partition number
# default - first sector
# default - last sector
w # write partition table and exit
FDISK_CMDS
### Boot Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $BOOT
y
MKFS_FAT_CMDS
## EFI Mode & 1 Disk Installation
elif [[ $MODE == "UEFI" && $QDISKS == "1" ]]
then
### EFI & root partition
eval $CMD << FDISK_CMDS | sudo fdisk $HARDDISK
g # create new GPT partition
n # add new partition
1 # partition number
# default - first sector
+256MiB # partition size
n # add new partition
2 # partition number
# default first sector
# partition size
t # change partition type
1 # partition number
1 # EFI partition code
w # write partition table and exit
FDISK_CMDS
### EFI Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.fat -F32 $EFI
y
MKFS_FAT_CMDS
## BIOS Mode & 1 Disk Installation
elif [[ $MODE == "BIOS" && $QDISKS == "1" ]]
then
### BOOT & root partition
eval $CMD << FDISK_CMDS | sudo fdisk $HARDDISK
o # create new DOS partition
n # add new partition
p # make primary partition
1 # partition number
# default - first sector
+512MiB # partition size
n # add new partition
p # make primary partition
2 # partition number
# default - first sector
# default - last sector
t # change partition type
1 # partition number
a # BOOT partition code
w # write partition table and exit
FDISK_CMDS
### Boot Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $BOOT
y
MKFS_FAT_CMDS
else
echo "Unknown mode selected or disk/s stopping installation"
exit
fi
# Set up encryption, LVM and mount partitions
if [[ $ENCRYPTION == "YES" && $QDISKS == "2" ]]
then
## LUKS Encryption
### Root Partition
#### Encryption
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksFormat --type luks2 $ROOT
$CRYPTPWDROOT
CRYPTSETUP_CMDS
#### LUKS Open
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksOpen $ROOT root
$CRYPTPWDROOT
CRYPTSETUP_CMDS
### Home Partition
#### Encryption
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksFormat --type luks2 $HOME
$CRYPTPWDHOME
CRYPTSETUP_CMDS
#### LUKS Open
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksOpen $HOME home
$CRYPTPWDHOME
CRYPTSETUP_CMDS
## LVM
### Root Partition
#### Create Phisical Volume
pvcreate $CRYPTDISKROOT
#### Create Volume Group
vgcreate vg0 $CRYPTDISKROOT
#### Create logical Volume
lvcreate -L 4G vg0 -n swap
lvcreate -l 100%FREE vg0 -n root
#### Format root LVM logical volume
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $LVMDISKROOT
y
MKFS_FAT_CMDS
#### Make swap
mkswap $LVMSWAP
### Home Partition
#### Create Phisical Volume
pvcreate $CRYPTDISKHOME
#### Create Volume Group
vgcreate vg1 $CRYPTDISKHOME
#### Create logical Volume
lvcreate -l 100%FREE vg1 -n home
#### Format home LVM logical volume
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $LVMDISKHOME
y
MKFS_FAT_CMDS
## Mount partitions
### root and swap
mount $LVMDISKROOT /mnt
swapon $LVMSWAP
### boot
mkdir /mnt/boot
mount $BOOT /mnt/boot
### home
mkdir /mnt/home
mount $LVMDISKHOME /mnt/home
### Bind lvm
mkdir /mnt/hostlvm
mount --bind /run/lvm /mnt/hostlvm
eval $CHROOT ln -s /hostlvm /run/lvm
## Create LUKS key for home disk
mkdir -p /mnt/etc/luks-keys/
dd bs=512 count=4 if=/dev/urandom of=/mnt/etc/luks-keys/home.bin
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksAddKey /dev/sdb1 /mnt/etc/luks-keys/home.bin
$CRYPTPWDHOME
CRYPTSETUP_CMDS
chmod 000 /mnt/etc/luks-keys/home.bin
elif [[ $ENCRYPTION == "YES" && $QDISKS == "1" ]]
then
## LUKS Encryption
### Root Partition
#### Encryption
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksFormat --type luks2 $ROOT
$CRYPTPWDROOT
CRYPTSETUP_CMDS
#### LUKS Open
eval $CMD << CRYPTSETUP_CMDS | cryptsetup luksOpen $ROOT root
$CRYPTPWDROOT
CRYPTSETUP_CMDS
## LVM
### Root Partition
#### Create Phisical Volume
pvcreate $CRYPTDISKROOT
#### Create Volume Group
vgcreate vg0 $CRYPTDISKROOT
#### Create logical Volume
lvcreate -L 4G vg0 -n swap
lvcreate -l 100%FREE vg0 -n root
#### Format root LVM logical volume
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $LVMDISKROOT
y
MKFS_FAT_CMDS
#### Make swap
mkswap $LVMSWAP
## Mount partitions
### root and swap
mount $LVMDISKROOT /mnt
swapon $LVMSWAP
### boot
mkdir /mnt/boot
mount $BOOT /mnt/boot
### Bind lvm
mkdir /mnt/hostlvm
mount --bind /run/lvm /mnt/hostlvm
eval $CHROOT ln -s /hostlvm /run/lvm
elif [[ $ENCRYPTION == "NO" && $QDISKS == "2" ]]
then
## Format root Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $ROOT
y
MKFS_FAT_CMDS
## Format home Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $HOME
y
MKFS_FAT_CMDS
## Mount partitions
### root
mount $ROOT /mnt
### boot
mkdir /mnt/boot
mount $BOOT /mnt/boot
### home
mkdir /mnt/home
mount $HOME /mnt/home
elif [[ $ENCRYPTION == "NO" && $QDISKS == "1" ]]
then
## Boot Partition
eval $CMD << MKFS_FAT_CMDS | mkfs.ext4 $ROOT
y
MKFS_FAT_CMDS
## Mount partitions
### root
mount $ROOT /mnt
### boot
mkdir /mnt/boot
mount $BOOT /mnt/boot
else
echo "Unknown encryption selected or disk/s stopping installation"
exit
fi
# Show Changes
fdisk -l
# Show Mount
lsblk
# Install Arch
eval $CMD << PACSTRAP_CMDS | pacstrap -i /mnt $PACKAGES
# default install packages base
# default install packages base-devel
#
y # confirm installation of packages
PACSTRAP_CMDS
# Configure the filesystem for boot
genfstab -U /mnt >> /mnt/etc/fstab
# Copy modified files for the installation
cp -f etc/locale.gen /mnt/etc/locale.gen # en_US.UTF-8 UTF-8
cp -f etc/locale.conf /mnt/etc/locale.conf # LANG=en_US.UTF-8
cp -f etc/hostname /mnt/etc/hostname # pwoss-server
cp -f etc/hosts /mnt/etc/hosts # 127.0.0.1 pwoss-server.localdomain pwoss-server
cp -f etc/sudoers /mnt/etc/sudoers # %wheel ALL=(ALL) ALL
# Copy GRUB and crypttab config files
if [[ $ENCRYPTION == "YES" && $QDISKS == "2" ]]
then
cp -f etc/default/grub-luks /mnt/etc/default/grub # GRUB encryption boot loader configuration
cp -f etc/mkinitcpio.conf /mnt/etc/mkinitcpio.conf # mkinitcpio.conf
cp -f etc/crypttab /mnt/etc/crypttab # Add luks key to home encryption
elif [[ $ENCRYPTION == "YES" && $QDISKS == "1" ]]
then
cp -f etc/default/grub-luks /mnt/etc/default/grub # GRUB encryption boot loader configuration
cp -f etc/mkinitcpio.conf /mnt/etc/mkinitcpio.conf # mkinitcpio.conf
elif [[ $ENCRYPTION == "NO" && $QDISKS == "2" ]] || [[ $ENCRYPTION == "NO" && $QDISKS == "1" ]]
then
cp -f etc/default/grub /mnt/etc/default/grub # GRUB boot loader configuration
else
echo "Unknown encryption selected or disk/s stopping installation"
exit
fi
# Setup time
eval $CHROOT ln -sf /usr/share/zoneinfo/$TIMEZONE /etc/localtime
eval $CHROOT hwclock --systohc
# Generate system locale
eval $CHROOT locale-gen
# Init ram file system
eval $CHROOT mkinitcpio -p linux
# Give root password
eval $CMD << PASSWD_CMDS | arch-chroot /mnt passwd
$PASSWORDROOT # enter password
$PASSWORDROOT # retype password
PASSWD_CMDS
# Install and init GRUB
if [ $MODE == "UEFI" ]
then
cp -f boot/startup.nsh /mnt/boot/ # EFI Shell
eval $CHROOT grub-install --target=x86_64-efi --efi-directory=/boot # GRUB EFI
elif [ $MODE == "BIOS" ]
then
eval $CHROOT grub-install --target=i386-pc $HARDDISK # GRUB BIOS
else
echo "Unknown MODE selected"
exit
fi
mkdir /mnt/boot/grub/locale/
eval $CHROOT cp /usr/share/locale/en@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
eval $CHROOT grub-mkconfig -o /boot/grub/grub.cfg
# Enable services
eval $CHROOT systemctl enable $SERVICES
# Add admin default user (pwoss:pwoss)
eval $CHROOT useradd -m -U -G wheel -s /bin/bash $USERNAME
eval $CMD << PASSWD_CMDS | arch-chroot /mnt passwd $USERNAME
$PASSWORD # enter password
$PASSWORD # retype password
PASSWD_CMDS
# User configs
## Copy PwOSS script to home for further installations
mkdir /mnt/home/$USERNAME/Desktop/
cp -f home/user/pwoss-desktop-env.sh /mnt/home/$USERNAME/Desktop/
chmod u+x /mnt/home/$USERNAME/Desktop/pwoss-desktop-env.sh
eval $CHROOT chown -R $USERNAME:$USERNAME /home/$USERNAME/Desktop
# Unmount the hdds
if [[ $ENCRYPTION == "YES" && $QDISKS == "2" ]]
then
swapoff -a
umount /mnt/hostlvm
umount $BOOT
umount $LVMDISKHOME
umount $LVMDISKROOT
elif [[ $ENCRYPTION == "YES" && $QDISKS == "1" ]]
then
swapoff -a
umount /mnt/hostlvm
umount $BOOT
umount $LVMDISKROOT
elif [[ $ENCRYPTION == "NO" && $QDISKS == "2" ]]
then
umount /mnt/hostlvm
umount $BOOT
umount $HOME
umount $ROOT
elif [[ $ENCRYPTION == "NO" && $QDISKS == "1" ]]
then
umount $BOOT
umount $ROOT
else
echo "Unknown encryption selected or disk/s stopping installation"
exit
fi
# Reboot
if [ $AUTO_REBOOT = true ]
then
echo "Installation complete, rebooting system"
reboot
else
echo "Installation complete, you can now reboot the system"
fi
exit