install.sh

#!/usr/bin/env bash

set -euxo pipefail

BLOCK_DEVICE="${BLOCK_DEVICE:-/dev/nvme0n1}"

EFI_SYSTEM_PARTITION_NAME="${EFI_SYSTEM_PARTITION_NAME:-esp}"
EFI_SYSTEM_PARTITION_SIZE="${EFI_SYSTEM_PARTITION_SIZE:-550MiB}"

LINUX_ROOT_PARTITION_NAME="${LINUX_ROOT_PARTITION_NAME:-root}"
BTRFS_MOUNT_OPTIONS="${BTRFS_MOUNT_OPTIONS:-defaults,noatime,compress=zstd:1,space_cache=v2,X-mount.mkdir}"

LOCALE="${LOCALE:-ru_RU}"
TIME_ZONE="${TIME_ZONE:-Asia/Omsk}"
HOST_NAME="${HOST_NAME:-core}"
USER_NAME="${USER_NAME:-andrey}"

# TODO: форматировать NVMe SSD в 4Kn (https://wiki.archlinux.org/title/Advanced_Format#NVMe)
# TODO: полностью стирать SSD (https://wiki.archlinux.org/title/Solid_state_drive/Memory_cell_clearing)
wipefs --all --force "${BLOCK_DEVICE}"
sgdisk --clear --zap-all "${BLOCK_DEVICE}"

sgdisk \
  --align-end \
  --new=1:0:+"${EFI_SYSTEM_PARTITION_SIZE}" \
  --change-name=1:"${EFI_SYSTEM_PARTITION_NAME}" \
  --typecode=1:ef00 \
  --largest-new=2 \
  --change-name=2:"${LINUX_ROOT_PARTITION_NAME}" \
  --typecode=2:8304 \
  "${BLOCK_DEVICE}"
# TODO: вынести ожидание устройства в функцию
until [[ -e "/dev/disk/by-partlabel/${LINUX_ROOT_PARTITION_NAME}" && -e "/dev/disk/by-partlabel/${EFI_SYSTEM_PARTITION_NAME}" ]]; do sleep 1; done

cryptsetup \
  --type luks2 \
  --hash sha512 \
  --cipher aes-xts-plain64 \
  --verify-passphrase \
  --key-size 512 \
  --use-urandom \
  --iter-time 5000 \
  --sector-size 4096 \
  --align-payload 2048 \
  --pbkdf argon2id \
  luksFormat /dev/disk/by-partlabel/"${LINUX_ROOT_PARTITION_NAME}"
cryptsetup \
  --allow-discards \
  --perf-no_read_workqueue \
  --perf-no_write_workqueue \
  --persistent \
  open /dev/disk/by-partlabel/"${LINUX_ROOT_PARTITION_NAME}" "${LINUX_ROOT_PARTITION_NAME}"
# TODO: вынести ожидание устройства в функцию 
until [ -e "/dev/mapper/${LINUX_ROOT_PARTITION_NAME}" ]; do sleep 1; done

mkfs.fat \
  -n "${EFI_SYSTEM_PARTITION_NAME}" \
  -F 32 -s 1 -S 4096 /dev/disk/by-partlabel/"${EFI_SYSTEM_PARTITION_NAME}"

mkfs.btrfs \
  --checksum xxhash \
  --label "${LINUX_ROOT_PARTITION_NAME}" \
  --force /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}"

mount --options "${BTRFS_MOUNT_OPTIONS}" /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/

btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@/.snapshots
mkdir /mnt/@/.snapshots/1/
btrfs subvolume create /mnt/@/.snapshots/1/snapshot

cat << EOF > /mnt/@/.snapshots/1/info.xml
<?xml version="1.0"?>
<snapshot>
  <type>single</type>
  <num>1</num>
  <date>$(date +"%Y-%m-%d %H:%M:%S")</date>
  <description>first root filesystem</description>
</snapshot>
EOF
default_subvolume_id=$(btrfs subvolume list /mnt/ | grep "@/.snapshots/1/snapshot" | grep --only-matching --perl-regexp "(?<=ID )[0-9]+")
btrfs subvolume set-default "${default_subvolume_id}" /mnt/

btrfs subvolume create /mnt/@/home
btrfs subvolume create /mnt/@/opt
btrfs subvolume create /mnt/@/srv

mkdir /mnt/@/usr/
btrfs subvolume create /mnt/@/usr/local

mkdir --parents /mnt/@/var/lib/libvirt/
btrfs subvolume create /mnt/@/var/lib/libvirt/images
btrfs subvolume create /mnt/@/var/log
btrfs subvolume create /mnt/@/var/cache
btrfs subvolume create /mnt/@/var/tmp
btrfs subvolume create /mnt/@/var/crash
btrfs subvolume create /mnt/@/var/opt
btrfs subvolume create /mnt/@/var/spool
chattr +C /mnt/@/var/{log,cache,tmp,crash,spool}

btrfs subvolume create /mnt/@/var/lib/docker
btrfs subvolume create /mnt/@/var/lib/containers
btrfs subvolume create /mnt/@/var/lib/machines
btrfs subvolume create /mnt/@/var/lib/portables
chattr +C /mnt/@/var/lib/{libvirt/images,docker,containers,machines,portables}

umount /mnt/
mount --options "${BTRFS_MOUNT_OPTIONS}" /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/

mkdir /mnt/{.snapshots,home,opt,srv}/
mount --options "${BTRFS_MOUNT_OPTIONS}",subvol=@/.snapshots /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/.snapshots/
mount --options "${BTRFS_MOUNT_OPTIONS}",subvol=@/home /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/home/
mount --options "${BTRFS_MOUNT_OPTIONS}",subvol=@/opt /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/opt/
mount --options "${BTRFS_MOUNT_OPTIONS}",users,nodatacow,subvol=@/srv /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/srv/

mkdir --parents /mnt/usr/local/
mount --options "${BTRFS_MOUNT_OPTIONS}",subvol=@/usr/local /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/usr/local/

mkdir --parents /mnt/var/{log,cache,tmp,crash,opt,spool}
mount --options "${BTRFS_MOUNT_OPTIONS}",subvol=@/var/opt /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/opt/
mount --options "${BTRFS_MOUNT_OPTIONS}",users,subvol=@/var/log /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/log/
mount --options "${BTRFS_MOUNT_OPTIONS}",users,subvol=@/var/cache /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/cache/
mount --options "${BTRFS_MOUNT_OPTIONS}",users,subvol=@/var/tmp /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/tmp/
mount --options "${BTRFS_MOUNT_OPTIONS}",users,subvol=@/var/crash /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/crash/
mount --options "${BTRFS_MOUNT_OPTIONS}",users,subvol=@/var/spool /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/spool/

mkdir --parents /mnt/var/lib/{libvirt/images,docker,containers,machines,portables}
mount --options "${BTRFS_MOUNT_OPTIONS}",nodatacow,subvol=@/var/lib/libvirt/images /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/lib/libvirt/images/
mount --options "${BTRFS_MOUNT_OPTIONS}",nodatacow,subvol=@/var/lib/docker /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/lib/docker/
mount --options "${BTRFS_MOUNT_OPTIONS}",nodatacow,subvol=@/var/lib/containers /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/lib/containers/
mount --options "${BTRFS_MOUNT_OPTIONS}",nodatacow,subvol=@/var/lib/machines /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/lib/machines/
mount --options "${BTRFS_MOUNT_OPTIONS}",nodatacow,subvol=@/var/lib/portables /dev/mapper/"${LINUX_ROOT_PARTITION_NAME}" /mnt/var/lib/portables/

mkdir --parents /mnt/efi/EFI/
mount --options defaults,noatime /dev/disk/by-partlabel/"${EFI_SYSTEM_PARTITION_NAME}" /mnt/efi/

pacman --sync --refresh --refresh
reflector --latest 5 --sort rate --protocol https --save /etc/pacman.d/mirrorlist
# XXX: Работает только с микрокодом Intel и ядром Zen
# TODO: snap-pac
pacstrap -K /mnt/ \
  base \
  base-devel \
  bluez \
  bluez-utils \
  booster \
  btrfs-progs \
  busybox \
  edk2-shell \
  efibootmgr \
  fwupd \
  git \
  jq \
  intel-ucode \
  iwd \
  libinput \
  linux-firmware \
  linux-zen \
  man-db \
  man-pages \
  micro \
  ntfs-3g \
  opendoas \
  pipewire \
  reflector \
  rustup \
  sbctl \
  snapper \
  terminus-font \
  texinfo \
  tlp \
  wireguard-tools \
  wireplumber \
  xdg-user-dirs

genfstab -t UUID /mnt/ >> /mnt/etc/fstab

cat << EOF > /mnt/etc/doas.conf
permit persist :wheel

EOF

# XXX: Работает только для UTF-8 локалей
echo "${LOCALE}.UTF-8 UTF-8" > /mnt/etc/locale.gen
echo "LANG=${LOCALE}.UTF-8" > /mnt/etc/locale.conf

# XXX: Хардкод русского языка
cat << EOF > /mnt/etc/vconsole.conf
KEYMAP=ruwin_cplk-UTF-8
FONT=ter-v32b
EOF

echo "${HOST_NAME}" > /mnt/etc/hostname
cat << EOF > /mnt/etc/hosts
127.0.0.1 localhost
::1 localhost
127.0.1.1 ${HOST_NAME}.localdomain ${HOST_NAME}
EOF

cat << EOF > /mnt/etc/booster.yaml
universal: false
compression: zstd
modules_force_load: i915
mount_timeout: 1m30s
strip: true
extra_files: micro,busybox
vconsole: true
EOF

cat << EOF > /mnt/etc/iwd/main.conf
[General]
EnableNetworkConfiguration=true
AddressRandomization=once
EOF

# cat << EOF | arch-chroot /mnt/
# ln --symbolic --force /usr/share/zoneinfo/${TIME_ZONE} /etc/localtime
# hwclock --systohc

# systemctl enable tlp.service
# systemctl enable iwd.service
# systemctl enable systemd-resolved.service
# ln --symbolic --force /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

# booster build

# sbctl create-keys
# sbctl enroll-keys
# touch /etc/kernel/cmdline

# sbctl bundle -s \
#   -f /boot/booster-linux-zen \
#   -i /boot/intel-ucode.img \
#   -k /boot/vmlinuz-linux-zen \
#   -l /usr/share/systemd/bootctl/splash-arch.bmp

# passwd
# EOF