commit c11812535afe469ca2ff62fa0e69b1b98f5a655a
Author: Pratyush Desai <pratyush.desai@liberta.casa>
Date:   Sat Jun 14 13:43:17 2025 +0530

    Base working script
    
    Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/README b/README
new file mode 100644
index 0000000..e68e5fb
--- /dev/null
+++ b/README
@@ -0,0 +1,3 @@
+# Automated ArchLinux Installer
+
+ Automated ArchLinux install script with luks encrypted btrfs root partition
diff --git a/archinst.sh b/archinst.sh
new file mode 100644
index 0000000..7ef8e25
--- /dev/null
+++ b/archinst.sh
@@ -0,0 +1,146 @@
+#!/bin/bash
+set -euo pipefail
+
+# Load
+source ./env
+
+loadkeys "$KEYMAP"
+
+[ -d /sys/firmware/efi ] || { echo "[-] BIOS mode not supported."; exit 1; }
+
+ping -c1 archlinux.org >/dev/null || { echo "[-] No network!"; exit 1; }
+timedatectl set-ntp true
+
+read -rp "!!! WARNING: This will destroy all data on $DEVICE. Proceed? (yes/[no]): " confirm
+[[ "$confirm" == "yes" ]] || exit 1
+
+sgdisk --zap-all "$DEVICE"
+wipefs -a "$DEVICE"
+sgdisk -n 1:0:+512M -t 1:ef00 -c 1:"EFI System Partition" "$DEVICE"
+sgdisk -n 2:0:0     -t 2:8300 -c 2:"Linux root" "$DEVICE"
+
+cryptsetup luksFormat --type luks2 "$ROOT_PART"
+cryptsetup open "$ROOT_PART" "$CRYPT_NAME"
+mkfs.btrfs -f "$CRYPT_DEVICE"
+
+mount "$CRYPT_DEVICE" /mnt
+btrfs subvolume create /mnt/@
+btrfs subvolume create /mnt/@home
+btrfs subvolume create /mnt/@log
+btrfs subvolume create /mnt/@pkg
+btrfs subvolume create /mnt/@srv
+btrfs subvolume create /mnt/@snapshots
+umount /mnt
+
+mount -o compress=zstd,subvol=@ "$CRYPT_DEVICE" /mnt
+mkdir -p /mnt/{home,var/log,var/cache/pacman/pkg,srv,.snapshots,boot}
+mount -o compress=zstd,subvol=@home "$CRYPT_DEVICE" /mnt/home
+mount -o compress=zstd,subvol=@log "$CRYPT_DEVICE" /mnt/var/log
+mount -o compress=zstd,subvol=@pkg "$CRYPT_DEVICE" /mnt/var/cache/pacman/pkg
+mount -o compress=zstd,subvol=@srv "$CRYPT_DEVICE" /mnt/srv
+mount -o compress=zstd,subvol=@snapshots "$CRYPT_DEVICE" /mnt/.snapshots
+
+mkfs.fat -F32 "$EFI_PART"
+mount "$EFI_PART" /mnt/boot
+
+btrfs filesystem mkswapfile --size "${SWAP_SIZE_GB}g" /mnt/swapfile
+chmod 600 /mnt/swapfile
+mkswap /mnt/swapfile
+swapon /mnt/swapfile
+pacstrap -K /mnt base linux linux-firmware btrfs-progs vim sudo man-db openssh nftables apparmor
+
+genfstab -U /mnt >> /mnt/etc/fstab
+UUID=$(blkid -s UUID -o value "$ROOT_PART")
+
+sed -i 's|/boot vfat defaults|/boot vfat defaults,dmask=077,fmask=177|' /mnt/etc/fstab
+
+arch-chroot /mnt /bin/bash <<EOF
+
+UUID=$(blkid -s UUID -o value "$ROOT_PART")
+
+ln -sf "/usr/share/zoneinfo/$TIMEZONE" /etc/localtime
+hwclock --systohc
+
+echo "$LOCALE UTF-8" > /etc/locale.gen
+locale-gen
+echo "LANG=$LOCALE" > /etc/locale.conf
+echo "KEYMAP=$KEYMAP" > /etc/vconsole.conf
+
+echo "$HOSTNAME" > /etc/hostname
+cat <<HCONF > /etc/hosts
+127.0.0.1   localhost
+::1         localhost
+127.0.1.1   $HOSTNAME.localdomain $HOSTNAME
+HCONF
+
+echo "root:$ROOTPASS" | chpasswd
+
+useradd -m -G wheel "$USERNAME"
+echo "$USERNAME:$USERPASS" | chpasswd
+echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers
+
+
+sed -i 's/^HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap modconf block encrypt filesystems btrfs fsck)/' /etc/mkinitcpio.conf
+mkinitcpio -P
+
+bootctl install
+cat <<BLDR > /boot/loader/loader.conf
+default arch
+timeout 3
+editor no
+BLDR
+
+cat <<ENTRY > /boot/loader/entries/arch.conf
+title   Arch Linux
+linux   /vmlinuz-linux
+initrd  /initramfs-linux.img
+options cryptdevice=/dev/sda2:cryptroot root=/dev/mapper/cryptroot rw rootflags=subvol=@
+
+ENTRY
+
+echo "/swapfile none swap defaults 0 0" >> /etc/fstab
+
+systemctl enable sshd
+systemctl enable nftables
+systemctl enable apparmor
+systemctl enable systemd-networkd
+systemctl enable systemd-resolved
+ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+
+cat <<NET > /etc/systemd/network/20-wired.network
+[Match]
+Name=en*
+
+[Network]
+DHCP=yes
+NET
+
+mkdir -p /home/$USERNAME/.ssh
+chmod 700 /home/$USERNAME/.ssh
+echo $SSHPUBKEY > /home/$USERNAME/.ssh/authorized_keys
+chmod 600 /home/$USERNAME/.ssh/authorized_keys
+chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh
+
+sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
+sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+
+cat <<NFT > /etc/nftables.conf
+table inet filter {
+	chain input {
+		type filter hook input priority 0;
+		policy drop;
+		ct state established,related accept
+		iif lo accept
+		tcp dport ssh accept
+	}
+}
+NFT
+
+nft -f /etc/nftables.conf
+
+
+EOF
+
+umount -R /mnt
+reboot
+