diff --git a/ansible/roles/archinstall/tasks/main.yml b/ansible/roles/archinstall/tasks/main.yml index 701355b..1742528 100644 --- a/ansible/roles/archinstall/tasks/main.yml +++ b/ansible/roles/archinstall/tasks/main.yml @@ -6,6 +6,80 @@ - name: detect booted ip address - name: configure disks +# Specify root disk and part, set to type 23 (linux root x86-64), label root +# Specify efi disk and part, set to type 1 (efi system), label efi +# format efi partition +# mkfs.fat -F32 /dev/mmcblk0p1 +# Ecrypt root partition +# cryptsetup -y -v luksFormat /dev/sda1 # TODO add keyfile/password automatically +# cryptsetup open /dev/sda1 root +# mkfs.ext4 /dev/mapper/root +# mkdir /mnt/root +# mount /dev/mapper/root /mnt/root +# mkdir /mnt/root/efi +# mount /dev/mmcblk0p1 /mnt/root/efi + +# Add cryptsetup params to kernel cmdline +# cryptdevice=UUID=device-UUID:root root=/dev/mapper/root rw + +# add efi to /etc/fstab + + - name: sync ntp +# timedatectl set-timezone Australia/Brisbane +# timedatectl set-ntp true +# run reflector to get a list of mirrors +# relfector -c AU --save /etc/pacman.d/mirrorlist + +# update dbs +# pacman -Sy + + +# pacstrap +# pacstrap -K /mnt/root base linux-lts linux-firmware nano openssh bind bash efibootmgr reflector screen pv pinentry sudo man-db man-pages texinfo ufw nftables intel-ucode e2fsprogs dosfstools curl cryptsetup + +# gen fstab +# genfstab -L /mnt/root >> /mnt/root/etc/fstab + +# +# chroot from here +# + + # set hostname + # echo hv00 > /etc/hostname + + # link timezone + # ln -sf /usr/share/zoneinfo/Australia/Brisbane /etc/localtime + + # enable ntp again + # timedatectl set-ntp true # TODO move this post reboot + + # sync hardware clock + # hwclock --systohc + + # set locale + # sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen + # locale-gen + # echo LANG=en_US.UTF-8 > /etc/locale.conf + + # uncomment wheel group in /etc/sudoers + # sed -i 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/g' /etc/sudoers + + # add user + # useradd -u 1000 -U -m -b /home/ -G wheel -s /bin/bash ladmin + # set new user password + + # disable root password + # passwd -l root + + # create /etc/kernel/cmdline file + # echo 'cryptdevice=dbbb9fb2-5509-4701-a2bb-5660934a5378:root root=/dev/mapper/root rw' > /etc/kernel/cmdline + # echo 'rd.luks.name=dbbb9fb2-5509-4701-a2bb-5660934a5378=root root=/dev/mapper/root rw' > /etc/kernel/cmdline + + + # modify mkinitcpio for encryption + # old HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck) + # new HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck) + # sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf \ No newline at end of file