Personal setup script for Arch install on T-series

151 commits 3 branches 0 tags 239 KiB

Shell 100%

Find a file

patrick brisbin 1be19b67c6 Add diff-etc script		2025年10月15日 09:58:10 -04:00
bin	Add diff-etc script	2025年10月15日 09:58:10 -04:00
files	Update stack-completions hook for new package name	2025年10月15日 07:52:27 -04:00
install	Add nix.conf installation	2025年03月13日 10:34:25 -04:00
README.md	Update setup to expect Stow, not rcm	2025年10月13日 11:09:45 -04:00

README.md

Arch Setup Script

This script was drafted the last time I installed Arch on a new laptop. It was then polished up and debugged in VirtualBox. It aims to bring me from a new machine to my complete, usual environment with as little interaction as possible.

Usage

Create an installation flashdrive from Downloads:

Assuming the drive is at /dev/sdb:
```
sudo dd bs=4M if=archlinux-...-dual.iso of=/dev/sdb status=progress
sync
```
Reboot your system from the flashdrive

Connect networking

iwctl
[iwd]# station wlan0 connect <ssid>

Run archinstall:
```
archinstall \
 --config https://codeberg.org/pbrisbin/arch-setup/raw/branch/main/files/config.json \
 --mount-point /mnt
```
You will need to tweak some things:
1. Adjust Hostname, if desired
2. Set disk configuration and encryption
3. Set root password
4. Add user named patrick with sudo
Run this post-install script
```
curl -L https://codeberg.org/pbrisbin/arch-setup/src/branch/main/install | sh
```
This adds a bunch of system configuration files, adjusts networking, and installs my personal dotfiles, which includes some more user-level setup.

Once comfortably in X, there are a few more manual steps, as documented below for my own reference.

Wifi

sudo wifi-menu

SSH

ssh-keygen -t rsa -b 4096
curl -F'file=@.ssh/id_rsa.pub' https://0x0.st

Install it in Codeberg, and GitHub.

Test it out by fixing our dotfiles remote:

cd ~/code/pbrisbin/dotfiles
git remote set-url origin git@codeberg.org:pbrisbin/dotfiles.git
git fetch
git pull

`pass(1)`

git clone git@codeberg.org:pbrisbin/password-store.git ~/.password-store

GPG

Create a local encryption key, just for pass(1)

gpg --full-generate-key
gpg --export --armor ... > here.key

Using my physical master GPG set, re-encrypt my passwords to include it and generate a new signing subkey. This should be in its own terminal.

sudo cryptsetup open /dev/sdb1 --type=tcrypt flashdrive
sudo mkdir -p /mnt/flashdrive
sudo mount /dev/mapper/flashdrive /mnt/flashdrive
export GNUPGHOME=/mnt/flashdrive/gnupg
gpg --import here.key
gpg --edit-key {THAT}
> trust
vim ~/.password-store/.gpg-id
...
pass init $(< ~/.password-store/.gpg-id)
pass git push
gpg --edit-key pbrisbin@gmail.com
> addkey
gpg --list-keys --keyid-format SHORT pbrisbin@gmail.com
gpg --output secret-subkeys --export-secret-subkey {SUBKEY}!
gpg --send-keys pbrisbin@gmail.com
gpg --export --armor pbrisbin@gmail.com > public.key
sudo umount /mnt/flashdrive
sudo cryptsetup close flashdrive

Import the new signing key

gpg --import < secret-subkeys
gpg -K

At this point, you should be able to:

Make Git commits
Read passwords

Delete and re-add the public key in Codeberg, and re-push it to S3 once you have AWS access back.