#!/bin/sh
# ++-- Artix Linux Minimal Encrypted Install Script --++

# Proper usage checks.
[ -z "$1" ] && echo "Usage: 
artix-luks-base-install dev/sdX encrypt3dpassw0rd" && exit
[ -z "$(ls /sys/firmware/efi/efivars)" ] && echo "EFI only installation; Please boot with EFI." && exit
[ $(id -u) != 0 ] && echo "Root privileges required." && exit
[ -z "$(connmanctl state | grep -e online -e ready)" ] && \
	echo "No network connection." && exit

# Parameters.
targetdisk=$1
[ -z "$targetdisk" ] && echo "No target disk specified." && exit
cryptpass=$2
[ -z "$cryptpass" ] && echo "No encryption password provided." && exit

cvg=CryptVolGroup

echo "+-- Artix Installation Parameters --+"
echo "Target disk   : \"$targetdisk\""
echo "Crypto pass   : \"$cryptpass\""
echo "Cryptvol group: \"$cvg\""
echo -n "Correct?" && read

# Reset/init.
pacman -Sy --noconfirm parted
swapoff /dev/$cvg/swap 2>/dev/null
umount -R /mnt 2>/dev/null
vgchange -a n 2>/dev/null
cryptsetup close cryptlvm 2>/dev/null
killall -s 9 cryptsetup 2>/dev/null

set -xe
# Partition the disk.
parted -s -a optimal $targetdisk mklabel gpt
parted -s -a optimal $targetdisk mkpart "BOOT" fat32 0% 512MiB
parted -s -a optimal $targetdisk set 1 esp on
parted -s -a optimal $targetdisk mkpart "CRYPT" ext4 512MiB 100%

# Set up LUKS encrypted container.
echo -ne "$cryptpass" | cryptsetup luksFormat ${targetdisk}2 -d -
echo -ne "$cryptpass" | cryptsetup open ${targetdisk}2 cryptlvm -d -

# Create logical volumes.
pvcreate /dev/mapper/cryptlvm
vgcreate $cvg /dev/mapper/cryptlvm
lvcreate -L 12G $cvg -n swap
lvcreate -L 50G $cvg -n root
lvcreate -l 100%FREE $cvg -n home

# Make filesystems.
mkfs.fat -F32 ${targetdisk}1
mkswap -f /dev/$cvg/swap
mkfs.ext4 -qF /dev/$cvg/root
mkfs.ext4 -qF /dev/$cvg/home

# Mount filesystems.
mount /dev/$cvg/root /mnt
mkdir /mnt/boot
mkdir /mnt/home
mount ${targetdisk}1 /mnt/boot
mount /dev/$cvg/home /mnt/home
swapon /dev/$cvg/swap

# Basestrap the system and install lvm hooks.
basestrap /mnt runit elogind-runit base base-devel networkmanager networkmanager-runit vi
basestrap /mnt linux linux-firmware
fstabgen -U /mnt > /mnt/etc/fstab
sed -s 's/^HOOKS=.*/HOOKS=(base udev autodetect modconf block \
encrypt keyboard keymap lvm2 resume filesystems fsck)/g' -i /mnt/etc/mkinitcpio.conf
basestrap /mnt cryptsetup lvm2 mkinitcpio grub efibootmgr

# Install grub.
cryptuuid=$(blkid -s UUID -o value ${targetdisk}2)
swapuuid=$(blkid -s UUID -o value /dev/$cvg/swap)
sed -s "s/^GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"\
cryptdevice=UUID=$cryptuuid:lvm-system loglevel=3 quiet resume=UUID=$swapuuid net.ifnames=0\"/g" \
	-i /mnt/etc/default/grub
sed -s 's/^#GRUB_ENABLE_CRYPTODISK=y/GRUB_ENABLE_CRYPTODISK=y/g' -i /mnt/etc/default/grub
artix-chroot /mnt sh -c 'grub-install --target=x86_64-efi --efi-directory=/boot \
--bootloader-id=grub && grub-mkconfig -o /boot/grub/grub.cfg'

# Set root password and sudoers.
artix-chroot /mnt sh -c 'echo root:123 | chpasswd'
sed -s 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL \
Defaults rootpw,pwfeedback/g' -i /mnt/etc/sudoers

# Set hosts and link NetworkManager.
echo "4rt1x" > /mnt/etc/hostname
echo '127.0.0.1 localhost
::1 localhost
127.0.1.1 4rt1x.localdomain 4rt1x' >> /mnt/etc/hosts
artix-chroot /mnt sh -c 'ln -s /etc/runit/sv/NetworkManager /etc/runit/runsvdir/default'

# Set locale and default timezone.
echo 'LANG="en_US.UTF-8"
LC_COLLATE="C"' > /mnt/etc/locale.conf
sed -s 's/#en_US/en_US/g' -i /mnt/etc/locale.gen
artix-chroot /mnt sh -c 'locale-gen'
artix-chroot /mnt sh -c 'ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime && hwclock -w'

# Perform cleanups.
swapoff /dev/$cvg/swap
umount -R /mnt
vgchange -a n
cryptsetup close cryptlvm

set +x
echo
echo '+---------------------------------------------------------------+'
echo '| Installation completed, you can log in with root password 123 |'
echo '+---------------------------------------------------------------+'