--- - name: attach installation iso as virtual media - name: boot from installation iso - name: detect booted ip address - name: configure disks # Specify root disk and part, set to type 23 (linux root x86-64), label root # Specify efi disk and part, set to type 1 (efi system), label efi # format efi partition # mkfs.fat -F32 /dev/mmcblk0p1 # Ecrypt root partition # cryptsetup -y -v luksFormat /dev/sda1 # TODO add keyfile/password automatically # cryptsetup open /dev/sda1 root # mkfs.ext4 /dev/mapper/root # mkdir /mnt/root # mount /dev/mapper/root /mnt/root # mkdir /mnt/root/efi # mount /dev/mmcblk0p1 /mnt/root/efi # Add cryptsetup params to kernel cmdline # cryptdevice=UUID=device-UUID:root root=/dev/mapper/root rw # add efi to /etc/fstab - name: sync ntp # timedatectl set-timezone Australia/Brisbane # timedatectl set-ntp true # run reflector to get a list of mirrors # relfector -c AU --save /etc/pacman.d/mirrorlist # update dbs # pacman -Sy # pacstrap # pacstrap -K /mnt/root base linux-lts linux-firmware nano openssh bind bash efibootmgr reflector screen pv pinentry sudo man-db man-pages texinfo ufw nftables intel-ucode e2fsprogs dosfstools curl cryptsetup # sbctl fwupd fwupd-efi dmidecode udisks2 # gen fstab # genfstab -L /mnt/root >> /mnt/root/etc/fstab # # chroot from here # # set hostname # echo hv00 > /etc/hostname # link timezone # ln -sf /usr/share/zoneinfo/Australia/Brisbane /etc/localtime # enable ntp again # timedatectl set-ntp true # TODO move this post reboot # sync hardware clock # hwclock --systohc # set locale # sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen # locale-gen # echo LANG=en_US.UTF-8 > /etc/locale.conf # uncomment wheel group in /etc/sudoers # sed -i 's/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/g' /etc/sudoers # add user # useradd -u 1000 -U -m -b /home/ -G wheel -s /bin/bash ladmin # set new user password # disable root password # passwd -l root # create /etc/kernel/cmdline file # echo 'cryptdevice=dbbb9fb2-5509-4701-a2bb-5660934a5378:root root=/dev/mapper/root rw' > /etc/kernel/cmdline # echo 'rd.luks.name=dbbb9fb2-5509-4701-a2bb-5660934a5378=root root=/dev/mapper/root rw' > /etc/kernel/cmdline # modify mkinitcpio for encryption # old HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck) # new HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck) # sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf