Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Replace username with the name for your new user
- export USER=xxx
- # Replace hostname with the name for your host
- export HOST=xxx
- # Replace Europe/London with your Region/City
- export TZ="Europe/Berlin"
- # - set root password
- passwd
- # - set locale
- echo "generating locale"
- echo "de_DE.UTF-8 UTF-8" >> locale.gen
- echo "de_DE ISO-8859-1" >> locale.gen
- echo "de_DE@euro ISO-8859-15" >> locale.gen
- locale-gen
- echo "setting locale and keymap"
- echo "LANG=\"de_DE.UTF-8\"" > /etc/locale.conf
- echo "KEYMAP=de-latin1" > /etc/vconsole.conf
- echo "FONT=lat9w-16" >> /etc/vconsole.conf
- export LANG="de_DE.UTF-8"
- # - set timezone
- echo "setting timezone"
- ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
- hwclock --systohc --utc # or hwclock --systohc --utc
- # - set hostname
- echo "setting hostname"
- echo $HOST > /etc/hostname
- # - add user
- echo "adding new user"
- useradd -mg users -G wheel,input,lp,storage,video,sys,network,power,libvirt,kvm,vboxusers -s /bin/zsh $USER
- passwd $USER
- echo "$USER ALL=(ALL) ALL" >> /etc/sudoers
- echo "Defaults timestamp_timeout=0" >> /etc/sudoers
- # - set hosts
- echo "creating hosts-file"
- cat << EOF >> /etc/hosts
- echo "# <ip-address> <hostname.domain.org> <hostname>"
- echo "127.0.0.1 localhost"
- echo "::1 localhost"
- echo "127.0.1.1 $HOST.localdomain $HOST"
- EOF
- # - Set Network Manager iwd backend
- #echo "[device]" > /etc/NetworkManager/conf.d/nm.conf
- #echo "wifi.backend=iwd" >> /etc/NetworkManager/conf.d/nm.conf
- # - Preventing snapshot slowdowns
- echo 'PRUNENAMES = ".snapshots"' >> /etc/updatedb.conf
- # 6 - fix the mkinitcpio.conf to contain what we actually need.
- # sed -i 's/BINARIES=()/BINARIES=("\/usr\/bin\/btrfs")/' /etc/mkinitcpio.conf
- # If using amdgpu and would like earlykms
- echo "modifying mkinitcpio.conf"
- sed -i 's/MODULES=()/MODULES=(amdgpu)/' /etc/mkinitcpio.conf
- sed -i 's/#COMPRESSION="zstd"/COMPRESSION="zstd"/' mkinitcpio.conf
- #sed -i 's/#COMPRESSION_OPTIONS=()/COMPRESSION_OPTIONS=(-9)/' mkinitcpio.conf
- # if you have more than 1 btrfs drive
- sed -i 's/^HOOKS/HOOKS=(base systemd sd-vconsole autodetect modconf block keyboard sd-encrypt filesystems )/' mkinitcpio.conf
- # else
- # sed -i 's/^HOOKS/HOOKS=(base systemd autodetect modconf block sd-encrypt resume filesystems keyboard fsck)/' mkinitcpio.conf
- echo "running mkinitcpio"
- mkinitcpio -p linux
- # 10 Bootloader
- #su $USER
- #cd ~
- #git clone https://aur.archlinux.org/yay.git && cd yay
- #makepkg -si
- #cd .. && sudo rm -dR yay
- #yay -S shim-signed pamac-aur
- # If you use a bare git to store dotfiles install them now
- # git clone --bare https://github.com/user/repo.git $HOME/.repo
- #exit
- echo "installing refind"
- refind-install
- #refind-install --shim /usr/share/shim-signed/shimx64.efi --localkeys
- #sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux
- echo "creating some pacman hooks"
- mkdir -p /etc/pacman.d/hooks
- # cat << EOF > /etc/pacman.d/hooks/999-sign_kernel_for_secureboot.hook
- # """
- # [Trigger]
- # Operation = Install
- # Operation = Upgrade
- # Type = Package
- # Target = linux
- # Target = linux-lts
- # Target = linux-hardened
- # Target = linux-zen
- # [Action]
- # Description = Signing kernel with Machine Owner Key for Secure Boot
- # When = PostTransaction
- # Exec = /usr/bin/find /boot/ -maxdepth 1 -name 'vmlinuz-*' -exec /usr/bin/sh -c '/usr/bin/sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output {} {}'
- # Depends = sbsigntools
- # Depends = findutils
- # Depends = grep
- # EOF
- cat << EOF > /etc/pacman.d/hooks/refind.hook
- [Trigger]
- Operation=Upgrade
- Type=Package
- Target=refind
- [Action]
- Description = Updating rEFInd on ESP
- When=PostTransaction
- Exec=/usr/bin/refind-install
- EOF
- cat << EOF > /etc/pacman.d/hooks/zsh.hook
- [Trigger]
- Operation = Install
- Operation = Upgrade
- Operation = Remove
- Type = Path
- Target = usr/bin/*
- [Action]
- Depends = zsh
- When = PostTransaction
- Exec = /usr/bin/install -Dm644 /dev/null /var/cache/zsh/pacman
- EOF
- cat << EOF > /etc/pacman.d/hooks/mirrorupgrade.hook
- [Trigger]
- Operation = Upgrade
- Type = Package
- Target = pacman-mirrorlist
- [Action]
- Description = Updating pacman-mirrorlist with reflector and removing pacnew...
- When = PostTransaction
- Depends = reflector
- Exec = /bin/sh -c 'systemctl start reflector.service; if [ -f /etc/pacman.d/mirrorlist.pacnew ]; then rm /etc/pacman.d/mirrorlist.pacnew; fi'
- EOF
- echo "setting schedulers for nvme, ssd and hdd"
- mkdir -p /etc/udev/rules.d
- cat << EOF > /etc/udev/rules.d/60-ioschedulers.rules
- # set scheduler for NVMe
- ACTION=="add|change", KERNEL=="nvme[0-9]*", ATTR{queue/scheduler}="none"
- # set scheduler for SSD and eMMC
- ACTION=="add|change", KERNEL=="sd[a-z]|mmcblk[0-9]*", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline"
- # set scheduler for rotating disks
- ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="bfq"
- EOF
- echo "creating reflector.conf"
- mkdir -p /etc/xdg/reflector
- cat << EOF > /etc/xdg/reflector/reflector.conf
- # Set the output path where the mirrorlist will be saved (--save).
- --save /etc/pacman.d/mirrorlist
- # Select the transfer protocol (--protocol).
- --protocol https
- # Use only the most recently synchronized mirrors (--latest).
- --latest 100
- # Sort the mirrors by MirrorStatus score
- --sort score
- EOF
- # autologin with SDDM
- echo "creating sddm autologin .conf"
- mkdir -p /etc/sddm.conf.d
- cat << EOF > /etc/sddm.conf.d/kde_settings.conf
- [Autologin]
- Relogin=false
- Session=plasma
- User=$USER
- [General]
- HaltCommand=/usr/bin/systemctl poweroff
- Numlock=on
- RebootCommand=/usr/bin/systemctl reboot
- [Theme]
- Current=breeze
- CursorTheme=breeze_cursors
- Font=Noto Sans,10,-1,5,50,0,0,0,0,0
- [Users]
- MaximumUid=60000
- MinimumUid=1000
- EOF
- # this will help declutter the home directory from zsh-dotfiles
- mkdir -p /etc/zsh
- cat << EOF > /etc/zsh/zshenv
- export ZDOTDIR=$HOME/.config/zsh
- export HISTFILE="$XDG_DATA_HOME"/zsh/history
- EOF
- echo "creating sysctl tweaks"
- mkdir -p /etc/sysctl.d
- cat << EOF >/etc/sysctl.d/99-sysctl-performance-tweaks.conf
- # The swappiness sysctl parameter represents the kernel's preference (or avoidance) of swap space. Swappiness can have a value between 0 and 100, the default value is 60.
- # A low value causes the kernel to avoid swapping, a higher value causes the kernel to try to use swap space. Using a low value on sufficient memory is known to improve responsiveness on many systems.
- vm.swappiness=10
- # The value controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects (VFS cache).
- # Lowering it from the default value of 100 makes the kernel less inclined to reclaim VFS cache (do not set it to 0, this may produce out-of-memory conditions)
- vm.vfs_cache_pressure=50
- # This action will speed up your boot and shutdown, because one less module is loaded. Additionally disabling watchdog timers increases performance and lowers power consumption
- # Disable NMI watchdog
- #kernel.nmi_watchdog = 0
- # Contains, as a percentage of total available memory that contains free pages and reclaimable
- # pages, the number of pages at which a process which is generating disk writes will itself start
- # writing out dirty data (Default is 20).
- vm.dirty_ratio = 5
- # Contains, as a percentage of total available memory that contains free pages and reclaimable
- # pages, the number of pages at which the background kernel flusher threads will start writing out
- # dirty data (Default is 10).
- vm.dirty_background_ratio = 5
- # This tunable is used to define when dirty data is old enough to be eligible for writeout by the
- # kernel flusher threads. It is expressed in 100'ths of a second. Data which has been dirty
- # in-memory for longer than this interval will be written out next time a flusher thread wakes up
- # (Default is 3000).
- #vm.dirty_expire_centisecs = 3000
- # The kernel flusher threads will periodically wake up and write old data out to disk. This
- # tunable expresses the interval between those wakeups, in 100'ths of a second (Default is 500).
- vm.dirty_writeback_centisecs = 1500
- # Enable the sysctl setting kernel.unprivileged_userns_clone to allow normal users to run unprivileged containers.
- kernel.unprivileged_userns_clone=1
- # To hide any kernel messages from the console
- kernel.printk = 3 3 3 3
- # Restricting access to kernel logs
- kernel.dmesg_restrict = 1
- # Restricting access to kernel pointers in the proc filesystem
- kernel.kptr_restrict = 2
- # Disable Kexec, which allows replacing the current running kernel.
- kernel.kexec_load_disabled = 1
- # Increasing the size of the receive queue.
- # The received frames will be stored in this queue after taking them from the ring buffer on the network card.
- # Increasing this value for high speed cards may help prevent losing packets:
- net.core.netdev_max_backlog = 16384
- # Increase the maximum connections
- #The upper limit on how many connections the kernel will accept (default 128):
- net.core.somaxconn = 8192
- # Increase the memory dedicated to the network interfaces
- # The default the Linux network stack is not configured for high speed large file transfer across WAN links (i.e. handle more network packets) and setting the correct values may save memory resources:
- net.core.rmem_default = 1048576
- net.core.rmem_max = 16777216
- net.core.wmem_default = 1048576
- net.core.wmem_max = 16777216
- net.core.optmem_max = 65536
- net.ipv4.tcp_rmem = 4096 1048576 2097152
- net.ipv4.tcp_wmem = 4096 65536 16777216
- net.ipv4.udp_rmem_min = 8192
- net.ipv4.udp_wmem_min = 8192
- # Enable TCP Fast Open
- # TCP Fast Open is an extension to the transmission control protocol (TCP) that helps reduce network latency
- # by enabling data to be exchanged during the sender’s initial TCP SYN [3].
- # Using the value 3 instead of the default 1 allows TCP Fast Open for both incoming and outgoing connections:
- net.ipv4.tcp_fastopen = 3
- # Enable BBR
- # The BBR congestion control algorithm can help achieve higher bandwidths and lower latencies for internet traffic
- net.core.default_qdisc = cake
- net.ipv4.tcp_congestion_control = bbr
- # TCP SYN cookie protection
- # Helps protect against SYN flood attacks. Only kicks in when net.ipv4.tcp_max_syn_backlog is reached:
- net.ipv4.tcp_syncookies = 1
- # Protect against tcp time-wait assassination hazards, drop RST packets for sockets in the time-wait state. Not widely supported outside of Linux, but conforms to RFC:
- net.ipv4.tcp_rfc1337 = 1
- # By enabling reverse path filtering, the kernel will do source validation of the packets received from all the interfaces on the machine. This can protect from attackers that are using IP spoofing methods to do harm.
- net.ipv4.conf.default.rp_filter = 1
- net.ipv4.conf.all.rp_filter = 1
- # Disable ICMP redirects
- net.ipv4.conf.all.accept_redirects = 0
- net.ipv4.conf.default.accept_redirects = 0
- net.ipv4.conf.all.secure_redirects = 0
- net.ipv4.conf.default.secure_redirects = 0
- net.ipv6.conf.all.accept_redirects = 0
- net.ipv6.conf.default.accept_redirects = 0
- net.ipv4.conf.all.send_redirects = 0
- net.ipv4.conf.default.send_redirects = 0
- # To use the new FQ-PIE Queue Discipline (>= Linux 5.6) in systems with systemd (>= 217), will need to replace the default fq_codel.
- net.core.default_qdisc = fq_pie
- EOF
- # Optimize Makepkg
- echo "optimizing makepkg.conf"
- sed -i 's/^CFLAGS/CFLAGS="-march=native -mtune=native -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -fno-plt"/' /etc/makepkg.conf
- sed -i 's/^CXXFLAGS/CXXFLAGS="${CFLAGS}"/' /etc/makepkg.conf
- sed -i 's/^#RUSTFLAGS/RUSTFLAGS="-C opt-level=2 -C target-cpu=native"/' etc/makepkg.conf
- sed -i 's/^#BUILDDIR/BUILDDIR=\/tmp\/makepkg makepkg/' etc/makepkg.conf
- sed -i 's/^#MAKEFLAGS/MAKEFLAGS="-j$(getconf _NPROCESSORS_ONLN) --quiet"/' etc/makepkg.conf
- sed -i 's/^COMPRESSGZ/COMPRESSGZ=(pigz -c -f -n)/' etc/makepkg.conf
- sed -i 's/^COMPRESSBZ2/COMPRESSBZ2=(pbzip2 -c -f)/' etc/makepkg.conf
- sed -i 's/^COMPRESSXZ/COMPRESSXZ=(xz -T "$(getconf _NPROCESSORS_ONLN)" -c -z --best -)/' etc/makepkg.conf
- sed -i 's/^COMPRESSZST/COMPRESSZST=(zstd -c -z -q --ultra -T0 -22 -)/' etc/makepkg.conf
- sed -i 's/^COMPRESSLZ/COMPRESSLZ=(lzip -c -f)/' etc/makepkg.conf
- sed -i 's/^COMPRESSLRZ/COMPRESSLRZ=(lrzip -9 -q)/' etc/makepkg.conf
- sed -i 's/^COMPRESSLZO/COMPRESSLZO=(lzop -q --best)/' etc/makepkg.conf
- sed -i 's/^COMPRESSZ/COMPRESSZ=(compress -c -f)/' etc/makepkg.conf
- sed -i 's/^COMPRESSLZ4/COMPRESSLZ4=(lz4 -q --best)/' etc/makepkg.conf
- # Misc options
- sed -i 's/#UseSyslog/UseSyslog/' etc/pacman.conf
- sed -i 's/#Color/Color\\\nILoveCandy/' etc/pacman.conf
- sed -i 's/#TotalDownload/TotalDownload/' etc/pacman.conf
- sed -i 's/#CheckSpace/CheckSpace/' etc/pacman.conf
- mkdir -p /boot/EFI/refind/themes
- git clone https://github.com/dheishman/refind-dreary.git /boot/EFI/refind/themes/refind-dreary
- mv /boot/EFI/refind/themes/refind-dreary/highres /boot/EFI/refind/themes/refind-dreary-tmp
- rm -dR /boot/EFI/refind/themes/refind-dreary
- mv /boot/EFI/refind/themes/refind-dreary-tmp /boot/EFI/refind/themes/refind-dreary
- # Replace 2560 1440 with your monitors resolution
- sed -i 's/#resolution 3/resolution 2560 1440/' /boot/EFI/refind/refind.conf
- sed -i 's/#use_graphics_for osx,linux/use_graphics_for linux/' /boot/EFI/refind/refind.conf
- sed -i 's/#scanfor internal,external,optical,manual/scanfor manual,external/' /boot/EFI/refind/refind.conf
- # add the UUID to the options (example below)
- echo "creating refind stanza"
- cat << EOF >> /boot/EFI/refind/refind.conf
- menuentry "Arch Linux" {
- icon icon /EFI/refind/themes/refind-dreary/icons/os_arch.png
- volume "Arch Linux"
- loader /vmlinuz-linux
- initrd /initramfs-linux.img
- options "rd.luks.name=UUID=cryptroot rd.luks.options=allow-discards,no-read-workqueue,no-write-workqueue root=/dev/mapper/cryptroot rootflags=subvol=@ rw quiet zswap.enabled=1 zswap.compressor=zstd zswap.max_pool_percent=20 zswap.zpool=z3fold amdgpu.ppfeaturemask=0xffffffff nmi_watchdog=0 initrd=/amd-ucode.img"
- submenuentry "Boot using fallback initramfs" {
- initrd /boot/initramfs-linux-fallback.img
- }
- }
- include themes/refind-dreary/theme.conf
- EOF
- # Laptop Battery Life Improvements
- #echo "vm.dirty_writeback_centisecs = 6000" > /etc/sysctl.d/dirty.conf
- #echo "load-module module-suspend-on-idle" >> /etc/pulse/default.pa
- #if [ $(( $(lspci -k | grep snd_ac97_codec | wc -l) + 1 )) -gt 1 ]; then echo "options snd_ac97_codec power_save=1" > /etc/modprobe.d/audio_powersave.conf; fi
- #if [ $(( $(lspci -k | grep snd_hda_intel | wc -l) + 1 )) -gt 1 ]; then echo "options snd_hda_intel power_save=1" > /etc/modprobe.d/audio_powersave.conf; fi
- #if [ $(lsmod | grep '^iwl.vm' | awk '{print $1}') == "iwlmvm" ]; then echo "options iwlwifi power_save=1" > /etc/modprobe.d/iwlwifi.conf; echo "options iwlmvm power_scheme=3" >> /etc/modprobe.d/iwlwifi.conf; fi
- #if [ $(lsmod | grep '^iwl.vm' | awk '{print $1}') == "iwldvm" ]; then echo "options iwldvm force_cam=0" >> /etc/modprobe.d/iwlwifi.conf; fi
- #echo 'ACTION=="add", SUBSYSTEM=="scsi_host", KERNEL=="host*", ATTR{link_power_management_policy}="med_power_with_dipm"' > /etc/udev/rules.d/hd_power_save.rules
- # 11 - reboot into your new install
- echo "Finished - now we can reboot with:
- exit
- umount -R /mnt
- swapoff -a
- reboot"
- read -p "Do you want to reboot now? " -n 1 -r
- echo # (optional) move to a new line
- if [[ ! $REPLY =~ ^[Yy]$ ]]
- then
- exit 1
- else
- exit
- umount -R /mnt
- swapoff -a
- reboot
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement