arch/debian.sh

#!/bin/bash
########################
# What this script is:
#
# An automatic installer for Debian Stable with BTRFS, Snapshots, and Full-disk-encryption
#
# INSTRUCTIONS
#
# For new disk installs, initialize the disk to setup Encryption and partitions:
# ./debian.sh initialize nvme0n1 (DO NOT SPECIFY /dev/ !)
#
# Before running the install, ensure that you have Internet access. If you modify the
# WIRELESS_PASSWORD and SSID in this file, you can connect to the Internet with:
# ./debian.sh wifi
#
# Plesae be sure to change USER,USER_PASSWORD,DISK_PASSWORD, and ROOT_PASSWORD strings in this file
#
# To install/reinstall the OS:
# ./debian.sh install nvme0n1
#
# reboot
########################
#Configure this section
########################
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export DEBIAN_FRONTEND=noninteractive
TARGET='/install'
mkdir $TARGET
######################################
echo
HARD_DISK=$2
EFI="/dev/$(lsblk | grep $HARD_DISK | head -2 | tail -1 | sed 's/├─//' | cut -d ' ' -f1)"
BTRFS="/dev/$(lsblk | grep $HARD_DISK | head -4 | tail -1 | sed 's/└─//' | cut -d ' ' -f1)"
BOOT="/dev/$(lsblk | grep $HARD_DISK | head -3 | tail -1 | sed 's/├─//' | cut -d ' ' -f1)"
ROOT_NAME='debian'
ROOT_MAPPER_NAME='root'
BACKUP_DISK='/dev/disk/by-uuid/da0af184-781f-49f8-bd3f-f3b869a08fcf'
BACKUP_DISK_MAPPER='usb'
BACKUP_DISK_ROOT_NAME='usb'
BACKUP_DISK_IMAGES="$TARGET/@$BACKUP_DISK_ROOT_NAME/var/backups"
######################################
USER="verita84"
USER_PASSWORD="123456"
ROOT_PASSWORD="123456"
WIRELESS_PASSWORD='123456'
SSID='123456'
WIRELESS_INTERFACE='wlan0'
DISK_PASSWORD='123456'
COMPRESSION='compress=zlib:5'
DEBIAN_RELEASE='stable'
CURRENT_STABLE_NAME='bullseye'
AUTO_DECRYPT='True'
FLATPAKS+=(net.sourceforge.chromium-bsu io.jor.mightymike com.eduke32.EDuke32 com.zandronum.Zandronum net.openra.OpenRA)

#Packages
PACKAGES=" nmap minidlna libsecret-tools libglu1-mesa preload flatpak powertop acpi cockpit cockpit-podman packagekit cockpit-packagekit cockpit-pcp cockpit-storaged "
BASE_PACKAGES=" btop shfmt cups apt-transport-https samba samba-common nfs-common nfs-kernel-server linux-cpupower locales zram-tools acpid podman ghostscript cifs-utils ntp vim-airline rsync screen base udev git network-manager efibootmgr linux-headers-amd64 cryptsetup network-manager-openvpn ntp screen docbook-xsl alsa-utils sysstat fuse3 build-essential unzip bash-completion parted dosfstools wget curl "
SHARED_DESKTOP_APPS=" kwin-addons power-profiles-daemon kde-standard konsole dolphin kde-spectacle print-manager digikam yt-dlp keepassxc telegram-desktop krita nextcloud-desktop handbrake calligra "
#Removed for Debian Bullseye. Works on Bookworm
#REMOVED=" aardvark-dns podman-compose podman-toolbox "
VIRTUALIZATION=" virt-manager qemu-system libvirt-daemon-system ovmf cockpit-machines"
PACKAGES=$BASE_PACKAGES$PACKAGES$SHARED_DESKTOP_APPS
#PACKAGES=$BASE_PACKAGES
SERVICES+=(powertop preload)
TAR_EXCLUDES="--exclude=/.snapshots --exclude=/snapshots --exclude=/var/backups --exclude=/volumes/* --exclude=/mnt/* --exclude=/var/tmp/* --exclude=/tmp/* --exclude=/raid/* --exclude=/root/* --exclude=/var/cache/apt/archives/* --exclude=/proc/* --exclude=/.snapshots/* --exclude=/var/lib/libvirt/* --exclude=/dev/* --exclude=/sys/* --exclude=/home/* --exclude=/var/lib/flatpak --exclude=/var/lib/postgresql --exclude=/var/lib/containers"

auto_login() {
	mkdir -p $TARGET/etc/sddm.conf.d
	echo "[Autologin]" >$TARGET/etc/sddm.conf.d/autologin
	echo "User=$USER" >>$TARGET/etc/sddm.conf.d/autologin
	echo "Session=plasma.desktop" >>$TARGET/etc/sddm.conf.d/autologin
	echo "Relogin=false" >>$TARGET/etc/sddm.conf.d/autologin
}

create-os-snapshots() {
	echo

	if [ -z "${2}" ]; then
		mkdir $BACKUP_DISK_IMAGES
		echo "[Creating new OS snapshot to $BACKUP_DISK_IMAGES/$1.tgz]"
		echo
		echo
		time tar cpzf $BACKUP_DISK_IMAGES/$1.tgz $TAR_EXCLUDES /
		chown $USER:$USER $BACKUP_DISK_IMAGES/$1.tgz
	else
		echo "[Creating new OS snapshot to $2/$1.tgz]"
		echo
		echo
		time tar cpzf $2/$1.tgz --exclude=/snapshots $TAR_EXCLUDES /
		chown $USER:$USER $2/$1.tgz
	fi
}

homeBackup() {
	echo
	echo "[Copying USER data from /home to $TARGET/@home]"
	echo
	rsync -a --delete /home/ --exclude=.cache --exclude=.local/share/flatpak --exclude=.local/share/containers $TARGET/\@home/
}

os-backup() {
	umount $TARGET

	printf "$DISK_PASSWORD" | cryptsetup open $BACKUP_DISK $BACKUP_DISK_MAPPER

	if [[ -e "/dev/mapper/$BACKUP_DISK_MAPPER" ]]; then
		echo
		echo "[Mounting.....]"
		echo
		mount /dev/mapper/$BACKUP_DISK_MAPPER $TARGET

		if [[ -e "$TARGET/@$BACKUP_DISK_ROOT_NAME/usr/bin/bash" ]]; then
			if [ "$2" = "home" ]; then
				homeBackup
			fi

			create-os-snapshots "$1"
		else
			echo
			echo "Aborting Install, $TARGET/@$BACKUP_DISK_ROOT_NAME/usr/bin/bash not found!"
			echo
			echo
			exit 1
		fi

	else
		echo
		echo "Aborting Install, /dev/mapper/$BACKUP_DISK_MAPPER not found!"
		echo
		echo
		exit 1
	fi

	ls $TARGET/
	umount $TARGET
	cryptsetup close $BACKUP_DISK_MAPPER
}

os-restore() {

	ROOT_CHECK=$(mount | grep ' / ')
	if [[ "$ROOT_CHECK" == *"$BACKUP_DISK_ROOT_NAME"* ]]; then
		BACKUP_DISK_IMAGES="/var/backups"
	fi

	if [ "${4}" ]; then
		BACKUP_DISK_IMAGES="${4}"
	fi

	partitions
	rm -rf $TARGET/usr $TARGET/sbin $TARGET/lib32 $TARGET/libx32 $TARGET/lib $TARGET/vmlinuz* $TARGET/initrd* $TARGET/bin $TARGET/var $TARGET/root $TARGET/opt $TARGET/etc $TARGET/run
	echo "[Restoring OS tarfile from $BACKUP_DISK_IMAGES/$2.tgz]"
	echo
	tar xfp $BACKUP_DISK_IMAGES/$2.tgz -C $TARGET/

	if [ "$3" = "home" ]; then
		rsync -a --delete /home/ $TARGET/home/
	fi

	fstab
	cp -f debian.sh $TARGET/
	systemMounts
	chmod +x $TARGET/debian.sh
	chroot $TARGET /debian.sh bootloader $1
	chroot $TARGET /debian.sh btrfs-tweaks
	chroot $TARGET /debian.sh accounts
	chown -R $USER:$USER $TARGET/home/$USER
	auto_login
	rm -f $TARGET/debian.sh
	unmount
}

systemMounts() {
	mount -o rbind /dev $TARGET/dev
	mount -o rbind /dev/pts $TARGET/dev/pts
	mount -o rbind /proc $TARGET/proc
	mount -o rbind /sys $TARGET/sys
	mount -t efivarfs none $TARGET/sys/firmware/efi/efivars
}

decryptBoot() {
	KEYFILE='keyfile.key'
	echo
	echo "Setting LUKS to use Keyfile for password entry"
	echo
	echo
	echo "Clearing Old Keys"
	echo
	for i in 1 2 3 4 5 6; do
		printf "$DISK_PASSWORD" | cryptsetup luksKillSlot ${BTRFS} $i
	done
	dd if=/dev/urandom of=/etc/$KEYFILE bs=1024 count=4
	chown root:root /etc/$KEYFILE
	chmod 0400 /etc/$KEYFILE
	echo
	echo "Adding new key......"
	echo
	printf "$DISK_PASSWORD" | cryptsetup luksAddKey ${BTRFS} /etc/$KEYFILE
	sed -i "s/none/\/etc\/$KEYFILE/" /etc/crypttab
	echo "KEYFILE_PATTERN=\"/etc/*.key\"" >/etc/cryptsetup-initramfs/conf-hook
}

install-vscode() {
	wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg
	echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list
	apt update
	apt install -y codium
}

install-vivaldi() {
	wget -qO- https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg --dearmor | dd of=/usr/share/keyrings/vivaldi-browser.gpg
	echo "deb [signed-by=/usr/share/keyrings/vivaldi-browser.gpg arch=$(dpkg --print-architecture)] https://repo.vivaldi.com/archive/deb/ stable main" | dd of=/etc/apt/sources.list.d/vivaldi-archive.list
	apt update && apt install -y vivaldi-stable
}

install-brave() {
	apt install curl -y
	curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
	echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list
	apt update
	apt install brave-browser -y
}
install-element() {
	wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
	echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | tee /etc/apt/sources.list.d/element-io.list
	apt update
	apt install -y element-desktop
}

install-tor() {
	apt update
	apt install -y apt-transport-https privoxy
	echo "deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org $DEBIAN_RELEASE main" >/etc/apt/sources.list.d/tor.list
	echo "deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org $DEBIAN_RELEASE main" >>/etc/apt/sources.list.d/tor.list
	wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
	apt update
	apt install -y tor deb.torproject.org-keyring
	echo "ExitNodes {us}" >>/etc/tor/torrc
	echo "forward-socks4a /             0.0.0.0:9050 ." >>/etc/privoxy/config
}

additional-software() {
	install-tor
	install-vivaldi
	#install-brave
	install-element
	#install-vscode
}

configure-repository() {
	echo 'force-unsafe-io' >$TARGET/etc/dpkg/dpkg.cfg.d/docker-apt-speedup

	if [ "$DEBIAN_RELEASE" == "testing" ]; then
		echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free non-free-firmware" >$TARGET/etc/apt/sources.list
		chroot $TARGET /usr/bin/apt update
		chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES"
	else
		echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free" >$TARGET/etc/apt/sources.list
		echo "deb https://deb.debian.org/debian-security $DEBIAN_RELEASE-security main" >>$TARGET/etc/apt/sources.list
		echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE-updates main " >>$TARGET/etc/apt/sources.list
		echo "deb https://deb.debian.org/debian $CURRENT_STABLE_NAME-backports main" >>$TARGET/etc/apt/sources.list
		chroot $TARGET /usr/bin/apt update
		chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES"
		chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt dist-upgrade -y -t $CURRENT_STABLE_NAME-backports"
		chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt auto-remove -y"
	fi

	echo 'DPkg::Post-Invoke {"/usr/bin/debian.sh snapshot";};' >$TARGET/etc/apt/apt.conf
}

make-image() {
	umount $TARGET
	mount -t tmpfs tmpfs -o size=11G,dev,exec $TARGET
	debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian
	configure-repository
	locale
	custom_service_files
	services
	cp -f debian.sh $TARGET/usr/bin/
	cp -f debian.tar $TARGET/etc/default/
	echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh
	echo "bash /usr/bin/debian.sh bootloader $1" >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh grub-snapshots' >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh desktop' >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh additional-software' >>$TARGET/setup.sh
	echo '/usr/bin/apt clean all' >>$TARGET/setup.sh
	chmod +x $TARGET/usr/bin/debian.sh
	chmod +x $TARGET/setup.sh
	chroot $TARGET /setup.sh
	rm -f $TARGET/setup.sh
	echo -e "ALGO=zstd\nPERCENT=60" | tee -a $TARGET/etc/default/zramswap
	cd $TARGET
	echo "[Creating new OS image to $1/$ROOT_NAME.tgz]"
	time tar cpzf $1/$ROOT_NAME.tgz $TAR_EXCLUDES .
	cd $1
	umount $TARGET
}

install() {
	partitions
	sed -i '/^SigLevel/s/^\(.*\)$/#\1\n/' /etc/pacman.conf
	sed -i '/#SigLevel/a SigLevel = Never' /etc/pacman.conf
	pacman -Sy archlinux-keyring debootstrap --noconfirm
	apt update
	apt install debootstrap -y
	rm -rf /debootstrap
	debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian
	systemMounts
	cp -f /etc/resolv.conf $TARGET/etc/
	echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >$TARGET/setup.sh
	configure-repository
	cp -f debian.tar $TARGET/etc/default/
	locale
	auto_login
	custom_service_files
	services
	setup_script "$1"
	echo -e "ALGO=zstd\nPERCENT=60" | tee -a $TARGET/etc/default/zramswap
	unmount
}

desktop() {
	SERVICES+=(pmcd pmie pmlogger pmproxy exim4 cockpit.socket apparmor nfs-server smbd rpbind rpcbind.socket avahi-daemon bluetooth minidlna openvpn)
	for i in "${SERVICES[@]}"; do
		systemctl disable --now $i
	done

	apt -y purge apparmor
	apt remove unattended-upgrades chromium chromium-common chromium-sandbox epiphany-browser epiphany-browser-data -y
	apt autoremove -y
}

snapshots() {
	echo
	echo "Creating Snapshots....."
	echo
	DATE=$(echo $(date +%Y-%m-%d-%H-%M-%S))
	btrfs sub snapshot / /.snapshots/root-${DATE}
	update-grub
}

remove-snapshots() {
	btrfs sub delete /.snapshots/*
	rm -f /boot/loader/entries/root-*
}

enter_chroot() {
	printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER_NAME
	mounts
	systemMounts
	chroot $TARGET /bin/bash
}

flatpaks() {
	flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
	for i in "${FLATPAKS[@]}"; do
		echo $i
		flatpak install $i -y
	done
}

grub-snapshots() {
	cd /opt
	git clone https://github.com/Antynea/grub-btrfs.git
	cd /opt/grub-btrfs
	make
}

kernel-packages() {
	/usr/bin/apt install --reinstall -y linux-image-$(ls /lib/modules/) grub-efi efibootmgr plymouth plymouth-themes btrfs-progs cryptsetup-initramfs linux-image-amd64 linux-headers-amd64 firmware-iwlwifi firmware-linux firmware-linux-nonfree
}

secure-boot() {
	if [ -z "$1" ]; then
		clear
		echo
		echo "Error: No Disk specified!"
		echo
	else
		clear
		echo
		echo "Disabling Automatic Password Decryption for Hard Disk....."
		echo
		AUTO_DECRYPT='False'
		bootloader "$1"
	fi
}

bootloader() {
	if [ -z "$1" ]; then
		echo
		echo "Error: No Disk specified!"
		echo
	else
		rm -rf /boot/grub/themes
		mkdir /boot/grub/themes
		tar xf /etc/default/debian.tar -C /boot/grub/themes/
		plymouth-set-default-theme -R spacefun
		echo "$ROOT_MAPPER_NAME UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2)  none luks" >/etc/crypttab
		if [ "$AUTO_DECRYPT" == "True" ]; then
			decryptBoot
		fi
		/sbin/update-initramfs -c -k all
		echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash\"" >/etc/default/grub
		echo "GRUB_CMDLINE_LINUX=cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):$ROOT_MAPPER_NAME root=UUID=$(/sbin/blkid | grep $ROOT_MAPPER_NAME | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} mitigations=-off" >>/etc/default/grub
		echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub
		echo "GRUB_DISABLE_OS_PROBER=false" >>/etc/default/grub
		echo "GRUB_THEME=/boot/grub/themes/theme.txt" >>/etc/default/grub
		/sbin/grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian
		/sbin/update-grub
	fi

}

function setup_script() {
	cp -f debian.sh $TARGET/usr/bin/
	echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh
	#sed -i 's/most/dep/i' $TARGET/etc/initramfs-tools/initramfs.conf
	echo "bash /usr/bin/debian.sh bootloader $1" >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh grub-snapshots' >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh accounts' >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh desktop' >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh additional-software' >>$TARGET/setup.sh
	echo 'bash /usr/bin/debian.sh btrfs-tweaks' >>$TARGET/setup.sh

	chmod +x $TARGET/usr/bin/debian.sh
	chmod +x $TARGET/setup.sh
	chroot $TARGET /setup.sh
	rm -f $TARGET/setup.sh
}

btrfs_filesytem() {
	btrfs sub create $TARGET/@$ROOT_NAME
	btrfs sub create $TARGET/@.snapshots
	btrfs sub create $TARGET/@libvirt
	btrfs sub create $TARGET/@home
	btrfs sub create $TARGET/@root
	btrfs sub create $TARGET/@containers
	echo
	echo "Binding BTRFS Root"
	echo
	umount $TARGET
	mount -o $COMPRESSION,subvol=@$ROOT_NAME /dev/mapper/$ROOT_MAPPER_NAME $TARGET
}

mounts() {
	echo
	echo "Mounting......."
	mount /dev/mapper/$ROOT_MAPPER_NAME $TARGET
	btrfs_filesytem
	mkdir -p $TARGET/boot
	mount -t ext4 $BOOT $TARGET/boot
	mkdir -p $TARGET/boot/efi
	mount $EFI $TARGET/boot/efi
	#CONFIGURE DATA DIRS (HOME)
	mkdir $TARGET/home
	mount -o subvol=@home /dev/mapper/$ROOT_MAPPER_NAME $TARGET/home
}

unmount() {
	echo
	echo "Unmounting....."
	umount $TARGET/proc
	umount $TARGET/dev
	umount $TARGET/sys
	umount $TARGET/boot
	umount $TARGET/home
	umount -R $TARGET/*
	umount -R $TARGET
	umount -R $TARGET
	cryptsetup close $ROOT_MAPPER_NAME
}

locale() {
	echo "ln -sf /usr/share/zoneinfo/US/Mountain /etc/localtime" >>$TARGET/setup.sh
	echo "hwclock --systohc" >>$TARGET/setup.sh
	echo "en_US.UTF-8 UTF-8" >$TARGET/etc/locale.gen
	echo "locale-gen" >>$TARGET/setup.sh
}

partitions() {
	echo
	echo "Setting Up Partitions....."
	printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER_NAME

	if [[ -e "/dev/mapper/$ROOT_MAPPER_NAME" ]]; then
		echo
		echo "Formatting $EFI"
		echo
		echo y | mkfs.vfat $EFI
		echo "Formatting $BOOT"
		echo y | mkfs.ext4 $BOOT
		mounts
		fstab
	else
		echo
		echo "Aborting Install, /dev/mapper/$ROOT_MAPPER_NAME not found!"
		echo
		echo
		exit 1
	fi
}

fstab() {
	mkdir $TARGET/etc
	echo "UUID=$(/sbin/blkid | grep ${BOOT} | cut -d '"' -f2)  /boot ext4 defaults 0 1" >$TARGET/etc/fstab
	echo "UUID=$(/sbin/blkid | grep ${EFI} | cut -d '"' -f4)  /boot/efi vfat umask=0077 0 1" >>$TARGET/etc/fstab
	echo "/dev/mapper/$ROOT_MAPPER_NAME / btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@$ROOT_NAME 0 1" >>$TARGET/etc/fstab
	echo "/dev/mapper/$ROOT_MAPPER_NAME /.snapshots btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@.snapshots 0 1" >>$TARGET/etc/fstab
	echo "/dev/mapper/$ROOT_MAPPER_NAME /var/lib/libvirt btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@libvirt 0 1" >>$TARGET/etc/fstab
	echo "tmpfs /var/log tmpfs defaults 0 0" >>$TARGET/etc/fstab
	echo "tmpfs /var/tmp tmpfs defaults 0 0" >>$TARGET/etc/fstab
	echo "tmpfs /home/${USER}/.cache tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab
	echo "tmpfs /home/${USER}/Downloads tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab
	echo "/dev/mapper/$ROOT_MAPPER_NAME /home btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@home 0 1" >>$TARGET/etc/fstab
	echo "/dev/mapper/$ROOT_MAPPER_NAME /root btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@root 0 1" >>$TARGET/etc/fstab
	echo "/dev/mapper/$ROOT_MAPPER_NAME /var/lib/containers btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@containers 0 1" >>$TARGET/etc/fstab
}

accounts() {
	echo
	echo "Set Password for $USER"
	useradd -m -s /bin/bash $USER
	echo "$USER:$USER_PASSWORD" | chpasswd
	gpasswd -a $USER wheel
	gpasswd -a $USER network
	gpasswd -a $USER video
	gpasswd -a $USER libvirt
	gpasswd -a $USER netdev
	echo "$USER ALL=(ALL) ALL" >/etc/sudoers
	echo "root ALL=(ALL) ALL" >>/etc/sudoers
	echo
	echo "Setting ROOT Password:"
	echo "root:$ROOT_PASSWORD" | chpasswd
	/usr/bin/hostnamectl set-hostname $ROOT_NAME
}

btrfs-tweaks() {
	DISABLE_COW=("/var/lib/docker" "/var/lib/containers" "/volumes" "/var/lib/mysql" "/var/lib/libvirt")

	for i in "${DISABLE_COW[@]}"; do
		chattr -R +C $i
	done
}

custom_service_files() {
	echo "systemctl set-default graphical.target" >>$TARGET/setup.sh

	echo "[Unit]" >$TARGET/etc/systemd/system/powertop.service
	echo "Description=Powertop tunings" >>$TARGET/etc/systemd/system/powertop.service
	echo "[Service]" >>$TARGET/etc/systemd/system/powertop.service
	echo "Type=oneshot" >>$TARGET/etc/systemd/system/powertop.service
	echo "ExecStart=/usr/sbin/powertop --auto-tune" >>$TARGET/etc/systemd/system/powertop.service
	echo "[Install]" >>$TARGET/etc/systemd/system/powertop.service
	echo "WantedBy=multi-user.target" >>$TARGET/etc/systemd/system/powertop.service

}

services() {
	for i in "${SERVICES[@]}"; do
		echo "systemctl enable $i" >>$TARGET/setup.sh
	done

}

server-config() {
	cp -f etc/smb.conf /etc/samba/
	cp- f etc/minidlna.conf /etc/
	cp -f etc/99-sysctl.conf /etc/sysctl.d/
	cp -f systemd/*.service /etc/systemd/system/
	cp -f etc/exports /etc/
	crontab >crontab

	SERVICES+=(minidlna vip containers pmie pmielogger nfs-server.service exim4 cockpit.socket smbd)
	for i in "${SERVICES[@]}"; do
		systemctl enable $i
	done

	systemctl mask apparmor
	systemctl disable --now exim4
	systemctl mask exim4
	rm -f /etc/systemd/system/default.target
	ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
	systemctl isolate multi-user.target
	apt autoremove -y
}

initialize-disk() {
	parted /dev/$HARD_DISK mklabel gpt
	parted /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB
	parted /dev/$HARD_DISK mkpart primary ext3 200MiB 700MiB
	parted /dev/$HARD_DISK set 1 esp on
	parted /dev/$HARD_DISK mkpart P2 ext3 700MiB 100%
	printf "$DISK_PASSWORD\n$DISK_PASSWORD" | cryptsetup luksFormat ${BTRFS}
	printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER_NAME
	echo
	echo "Formatting....."
	echo y | mkfs.btrfs /dev/mapper/$ROOT_MAPPER_NAME --force
}

wifi() {
	iwctl --passphrase $WIRELESS_PASSWORD station $WIRELESS_INTERFACE connect $SSID
}

show-help() {
	echo
	echo "debian.sh arguments:"
	echo
	echo "./debian.sh install [disk]"
	echo "./debian.sh backup [device name] [home]"
	echo "./debian.sh restore [disk] [backup name] [home] [tar dir]"
	echo "./debian.sh secure-boot [disk]"
	echo "./debian.sh chroot [disk]"
	echo "./debian.sh wifi"
	echo "./debian.sh bootloader [disk]"
	echo "./debian.sh initialize [disk]"
	echo "./debian.sh tar [device name] [location]"
	echo "./debian.sh snapshot"
	echo "./debian.sh reomve-snapshot"
	echo "./debian.sh btrfs-tweaks"
	echo
}

if [ "$1" = "install" ]; then
	install "$2"
elif [ "$1" = "desktop" ]; then
 	desktop
elif [ "$1" = "tar" ]; then
	create-os-snapshots "$2" "$3"
elif [ "$1" = "kernel-packages" ]; then
	kernel-packages
elif [ "$1" = "upgrade-system" ]; then
	upgrade-system
elif [ "$1" = "additional-software" ]; then
	additional-software
elif [ "$1" = "chroot" ]; then
	enter_chroot
elif [ "$1" = "initialize" ]; then
	initialize-disk
elif [ "$1" = "wifi" ]; then
	wifi
elif [ "$1" = "accounts" ]; then
	accounts
elif [ "$1" = "flatpaks" ]; then
	flatpaks
elif [ "$1" = "bootloader" ]; then
	bootloader "$2"
elif [ "$1" = "make-image" ]; then
	make-image "$2"
elif [ "$1" = "snapshot" ]; then
	snapshots
elif [ "$1" = "secure-boot" ]; then
	secure-boot "$2"
elif [ "$1" = "backup" ]; then
	os-backup "$2" "$3"
elif [ "$1" = "server-config" ]; then
	server-config
elif [ "$1" = "grub-snapshots" ]; then
	grub-snapshots
elif [ "$1" = "btrfs-tweaks" ]; then
	btrfs-tweaks
elif [ "$1" = "restore" ]; then
	os-restore "$2" "$3" "$4" "$5"
elif [ "$1" = "remove-snapshot" ]; then
	remove-snapshots
elif [ "$1" = "help" ]; then
	show-help
else
	show-help
fi