From 9c477f20949d9bf6299b63f03aacf694bb2d16d5 Mon Sep 17 00:00:00 2001
From: michael <michael@balsillie.net>
Date: Tue, 26 Sep 2023 02:52:28 +1300
Subject: [PATCH] archinstall

---
 ansible/roles/archinstall/tasks/main.yml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/archinstall/tasks/main.yml b/ansible/roles/archinstall/tasks/main.yml
index 62eae5e..eb391b8 100644
--- a/ansible/roles/archinstall/tasks/main.yml
+++ b/ansible/roles/archinstall/tasks/main.yml
@@ -23,6 +23,8 @@
 # cryptdevice=UUID=device-UUID:root root=/dev/mapper/root rw
 
 # add efi to /etc/fstab
+# mkdir /mnt/mountpoint/etc
+# sudo genfstab -L /mnt/mountpoint >> /mnt/mountpoint/etc/fstab
 
 
 
@@ -39,7 +41,7 @@
 
 # pacstrap
 # pacstrap -K /mnt/root base linux-lts linux-firmware nano openssh bind bash efibootmgr reflector screen pv pinentry sudo man-db man-pages texinfo ufw nftables intel-ucode e2fsprogs dosfstools curl cryptsetup
-# sbctl sbsigntools fwupd fwupd-efi dmidecode udisks2 usbutils inetutils ethtool
+# sbctl sbsigntools fwupd fwupd-efi dmidecode udisks2 usbutils inetutils ethtool qemu-guest-agent arch-install-scripts lsof
 
 # gen fstab
 # genfstab -L /mnt/root >> /mnt/root/etc/fstab
@@ -70,8 +72,6 @@
   # locale-gen
   # echo LANG=en_US.UTF-8 > /etc/locale.conf
 
-  
-
   # uncomment wheel group in /etc/sudoers
   # sed -i 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/g' /etc/sudoers
 
@@ -79,8 +79,9 @@
   # useradd -u 1000 -U -m -b /home/ -G wheel -s /bin/bash ladmin
   # set new user password
 
-  # disable root password
+  # disable root user
   # passwd -l root
+  # usermod -s /sbin/nologin root
 
   # create /etc/kernel/cmdline file
   # echo 'cryptdevice=dbbb9fb2-5509-4701-a2bb-5660934a5378:root root=/dev/mapper/root rw' > /etc/kernel/cmdline
@@ -93,7 +94,11 @@
   # enable ufw firewall
   # create ufw config to allow ssh port 22
 
-  # modify mkinitcpio for encryption
+  # modify mkinitcpio presets
+  # template file?
+  # output to default efi path ESP/efi/boot/bootx64.efi
+
+  # modify mkinitcpio.conf for encryption
   # old HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck)
   # new HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck)
   # sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf