Anri/confOS
1
0
Fork 0
Code Issues 10 Pull requests Projects Releases Wiki Activity
confOS/arch.sh
Mylloon d86ce3c683
Update arch.sh
2025-06-21 09:56:36 +02:00

171 lines
5.4 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/env bash
set -o errexit # crash the script when a command crash
set -o pipefail # same as above for piped command
set -o nounset # crash when a variable doesnt exist
# TRACE=1 for debug
if [[ "${TRACE-0}" == "1" ]]; then
set -o xtrace
fi
cd "$(dirname "$0")" # change script directory
function main {
# === Variables ==
local repo
repo=$1
# === Assure that keyring is installed ==
pacman -D --asexplicit archlinux-keyring # keep this package
# === Global OS configuration set-up ==
curl "$repo"/meta.sh -s | bash -s -- "$repo"
# === Add pacman hooks ==
sudo mkdir -p /etc/pacman.d/hooks
local hooks
hooks=("stop-wine-associations")
for hook in "${hooks[@]}"
do
sudo wget -q --show-progress "$repo"/pacman.d/hooks/"$hook".hook \
-O /etc/pacman.d/hooks/"$hook".hook
done
# === Normal packages ==
sudo pacman -S --noconfirm \
bat base-devel make signal-desktop micro git-lfs firefox fish python-virtualenv eza ufw fzf \
man-pages man-pages-fr s-tui uwufetch python-pip vlc pacman-contrib rebuild-detector zed \
rustup jq cups fwupd mdcat bitwarden libreoffice-fresh trash-cli jdk-openjdk clamav difftastic \
spotify-launcher bottom qpdf typst zip unzip sbctl asciiquarium mission-center obsidian
# === AUR packages ==
paru -S --noconfirm \
vscodium-bin vscodium-bin-features vscodium-bin-marketplace heroic-games-launcher-bin \
vesktop-bin clamav-unofficial-sigs epson-inkjet-printer-stylus-photo-px810fw-series \
youtube-music-bin input-remapper-bin
# === Locales ==
sudo sed -i "s/fr_FR.UTF-8.UTF-8 UTF-8/fr_FR.UTF8 UTF-8/g" /etc/locale.gen
sudo locale-gen
localectl set-locale fr_FR.UTF-8
# === Fish ==
# Custom Arch configuration
curl -s "$repo"/.config/fish/conf.d/abbr_arch.fish >> "$HOME"/.config/fish/conf.d/abbr.fish
curl -s "$repo"/.config/fish/conf.d/alias_arch.fish >> "$HOME"/.config/fish/conf.d/alias.fish
# === Spotify ==
# is `spotify-launcher --force-update` needed before patching?
bash <(curl -sSL https://spotx-official.github.io/run.sh) -ce
# === UBW (pare-feu) ==
ufw enable
# === Firefox ==
firefox &
sleep 2
pkill firefox
wget -q --show-progress "$repo"/.mozilla/firefox/user.js \
-P "$HOME"/.mozilla/firefox/*.default-release
curl -s "$repo"/.mozilla/firefox/user-arch.js >> "$HOME"/.mozilla/firefox/*.default-release/user.js
# Hardware acceleration
echo "export MOZ_DRM_DEVICE=/dev/dri/renderD128" >> "$HOME"/.profile
# Download extension configuration (TODO: Check Download Folder's Name)
#wget -q --show-progress "$repo"/.mozilla/firefox/extensions/Dark-Reader-Settings.json -O "$HOME"/Téléchargements/Dark-Reader-Settings.json
#wget -q --show-progress "$repo"/.mozilla/firefox/extensions/SponsorBlockConfig.json -O "$HOME"/Téléchargements/SponsorBlockConfig.json
#wget -q --show-progress "$repo"/.mozilla/firefox/extensions/auto-tab-discard-preferences.json -O "$HOME"/Téléchargements/auto-tab-discard-preferences.json
# === Enable Bluetooth ==
systemctl enable bluetooth.service
systemctl start bluetooth.service
sed -i "s/#AutoEnable=true/AutoEnable=false/g" /etc/bluetooth/main.conf
# === VSCodium ==
wget -q "$repo"/.config/VSCodium/product.json -O "$HOME"/.config/VSCodium/product.json
# === Printers ==
sudo systemctl enable cups.socket
sudo systemctl start cups.socket
sudo systemctl enable avahi-daemon.service
sudo systemctl start avahi-daemon.service
# === UFW (pare-feu) ==
sudo systemctl enable ufw.service
sudo systemctl start ufw.service
sudo ufw enable
sudo ufw default deny
# Changes
# => KDEConnect
sudo ufw allow 1714:1764/tcp
sudo ufw allow 1714:1764/udp
# Reload
sudo ufw reload; sudo systemctl restart ufw
# === s-tui ==
# Configuration
wget -q --show-progress "$repo"/.config/s-tui/s-tui.conf -O "$HOME"/.config/s-tui/s-tui.conf
# === ClamAV ==
# Virus definitions
sudo systemctl enable clamav-freshclam.service
sudo systemctl start clamav-freshclam.service
# Logging fix, see https://bbs.archlinux.org/viewtopic.php?id=292252
sudo touch /var/log/clamav/freshclam.log
sudo chown clamav:clamav /var/log/clamav/freshclam.log
# Daemon
sudo systemctl enable clamav-daemon.service
sudo systemctl start clamav-daemon.service
# === Secure Boot ==
if sbctl status | grep "Setup Mode.*Enabled";
then
# Sources: https://www.youtube.com/watch?v=R5dUWnSQIuY & https://old.reddit.com/r/archlinux/comments/zo83gb/how_i_setup_secure_boot_for_arch_linux_simple/
# Create and enroll generated keys
sudo sbctl create-keys
sudo sbctl enroll-keys -m
# Sign EFI binaries
sudo sbctl sign -s /boot/vmlinuz-linux
sudo sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI
sudo sbctl sign -s /boot/EFI/systemd/systemd-bootx64.efi
sudo sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi
sudo sbctl sign -s -o /usr/lib/fwupd/efi/fwupdx64.efi.signed /usr/lib/fwupd/efi/fwupdx64.efi
# sudo sbctl verify
sudo mkinitcpio -P
echo "'Secure Boot' désormais activable."
else
echo "Pas en 'Setup Mode' alors impossible d'activer le secure boot."
fi
# todo from https://www.youtube.com/watch?v=R5dUWnSQIuY
echo -e "\n\nInstallation terminée.\nIl faut redémarrer l'ordinateur."
}
if grep "archlinux" /proc/version > /dev/null;
then
main "$@"
else
echo "Ce script ne fonctionne que sur Arch." >&2
fi
Reference in a new issue View git blame Copy permalink