SHARE
TWEET

Untitled

a guest Apr 24th, 2019 48 in 126 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. # Set timezone, hostname...
  4. ln -sf /usr/share/zoneinfo/Europe/Rome /etc/localtime
  5. hwclock --systohc --utc
  6. echo red5 > /etc/hostname
  7.  
  8. # Configure locales
  9. vi /etc/locale.gen
  10. locale-gen
  11. echo LANG=de_DE.UTF-8 >> /etc/locale.conf
  12.  
  13. # Set root password
  14. passwd
  15.  
  16. # Open this file
  17. vi /etc/mkinitcpio.conf
  18. # and replace HOOKS="..." with HOOKS="base udev autodetect modconf block keymap encrypt lvm2 resume filesystems keyboard fsck"
  19. # use "i" key to edit (insert something), ESC and ":wq" to write changes and quit
  20.  
  21. # Regenerate initrd image
  22. mkinitcpio -p linux
  23.  
  24. # If you got warnings about missing firmware for wd719x and aic94xx, you can ignore it, with high probability you don't even have this hardware
  25. # But you can install it from AUR if you actually use it
  26.  
  27. # Change grub config
  28. vi /etc/default/grub
  29. sed -i "s#^GRUB_CMDLINE_LINUX=.*#GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$(blkid /dev/nvme0n1p3 -s UUID -o value):lvm resume=/dev/mapper/vg0-swap\"#g" /etc/default/grub
  30. grub-mkconfig -o /boot/grub/grub.cfg
  31.  
  32. # If you got errors "/run/lvm/lvmetad.socket: connect failed: No such file or directory", that's OK
  33. # you can get rid of this errors with some workarounds, but this is not really necessary
  34. # but in any case DO NOT disable lvmetad! This installation will not work without it
  35.  
  36. # Install grub
  37. grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=win
  38.  
  39. # It is necessary for mounting /boot without password request
  40. dd bs=512 count=8 if=/dev/urandom of=/etc/key
  41. chmod 400 /etc/key
  42. cryptsetup luksAddKey /dev/nvme0n1p2 /etc/key
  43. echo "cryptboot /dev/nvme0n1p2 /etc/key luks" >> /etc/crypttab
  44.  
  45. # Same thing: open LVM without password prompt
  46. dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
  47. chmod 000 /crypto_keyfile.bin
  48. cryptsetup luksAddKey /dev/nvme0n1p3 /crypto_keyfile.bin
  49. sed -i 's\^FILES=.*\FILES="/crypto_keyfile.bin"\g' /etc/mkinitcpio.conf
  50. mkinitcpio -p linux
  51. chmod 600 /boot/initramfs-linux*
  52.  
  53. # Enable Intel microcode CPU updates (if you use Intel processor, of course)
  54. pacman -S intel-ucode
  55. grub-mkconfig -o /boot/grub/grub.cfg
  56.  
  57. # Some additional security
  58. chmod 700 /boot
  59. chmod 700 /etc/iptables
  60.  
  61. # Create non-root user, set password
  62. useradd -m -g users -G wheel ben
  63. passwd ben
  64.  
  65. # Open file
  66. vi /etc/sudoers
  67. # and uncomment string %wheel ALL=(ALL) ALL
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top