fdisk /dev/nvme0n1
# 1gb efi, 32gb swap, 150gb root, rest home
cryptsetup luksFormat /dev/nvme0n1p3
cryptsetup luksFormat /dev/nvme0n1p4
systemd-cryptsetup attach root /dev/nvme0n1p3
systemd-cryptsetup attach home /dev/nvme0n1p4
mkfs.ext4 /dev/mapper/root
mkfs.ext4 /dev/mapper/home
mkfs.fat -F 32 /dev/nvme0n1p1
mount /dev/mapper/root /mnt
mount --mkdir /dev/nvme0n1p1 /mnt/efi
mount --mkdir /dev/mapper/home /mnt/home
reflector --save /etc/pacman.d/mirrorlist -c mk
pacstrap -K /mnt base linux linux-firmware bash-completion vim sbctl iwd uv openssh \
k9s kubectl podman \
kde-applications plasma zed firefox tuned-ppd \
man-pages man-db \
sof-firmware intel-ucode fwupd
timedatectl set-timezone Europe/Skopje
systemctl enable systemd-resolved systemd-networkd NetworkManager sddm bluetooth
cat <<EOF > /etc/mkinitcpio.conf.d/systemd-initrd.conf
HOOKS=(base systemd autodetect microcode modconf keyboard block sd-encrypt filesystems fsck)
EOF
cat <<EOF > /etc/cmdline.d/root.conf
rw
EOF
cat <<EOF > /etc/cmdline.d/quiet.conf
audit=0 quiet udev.log_priority=3 loglevel=3 vt.global_cursor_default=0
EOF
cat <<EOF > /etc/cmdline.d/lockdown.conf
lockdown=confidentiality
EOF
bootctl install
mkinitcpio -P
cat <<EOF > /etc/NetworkManager/conf.d/iwd.conf
[device]
wifi.backend=iwd
wifi.iwd.autoconnect=yes
EOF
cat <<EOF > /etc/NetworkManager/conf.d/mdns.conf
[connection]
connection.mdns=2
EOF
umount -R /mnt
reboot
