From b1eb9c02e61bf9b4333fd40b5604b9537235b949 Mon Sep 17 00:00:00 2001 From: Your Name Date: Wed, 20 Mar 2024 14:05:21 -0600 Subject: [PATCH] fix --- debian.sh | 915 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 915 insertions(+) create mode 100644 debian.sh diff --git a/debian.sh b/debian.sh new file mode 100644 index 0000000..88028dc --- /dev/null +++ b/debian.sh @@ -0,0 +1,915 @@ +#!/bin/bash +######################## +# What this script is: +# +# An automatic installer for Debian Stable with the following features: +# 1. BTRFS with Grub Snapshots +# 2. Full-disk-encryption +# 3. Hibernation +# 4. GNOME, CINNAMON, XFCE, or KDE Desktop +# 5. The ability to build a custom and deployable image onto any machine +# 6. Easily create a bootable USB drive +# 7. Automatic Partitioning +# 8. Bypass entering encrypted disk password at boot time if desired +# +# INSTRUCTIONS +# +# For new disk installs, initialize the disk to setup Encryption and partitions from the main menu. +# +# Before running the install, ensure that you have Internet access. +# +# Please be sure to change USER,USER_PASSWORD,DISK_PASSWORD, and ROOT_PASSWORD strings in this file +# +# To install a new OS to a disk, run debian.sh and choose option 1 from the main menu +# +######################## +#Configure this section +######################## +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +export DEBIAN_FRONTEND=noninteractive +TARGET='/install' +mkdir $TARGET +###################################### +echo +HARD_DISK=$2 +###################################### +USER="verita84" +USER_PASSWORD="REM&rap234" +ROOT_PASSWORD="REM&rap234" +WIRELESS_PASSWORD='81572nt2k' +SSID='Tribble' +WIRELESS_INTERFACE='wlan0' +DISK_PASSWORD='REM&rap234' +COMPRESSION='compress=zstd:10' +AUTO_DECRYPT='True' +FLATPAKS+=(io.exodus.Exodus us.zoom.Zoom) +DESKTOP="KDE" +BROWSER="firefox" +#Packages +BASE_PACKAGES=" firmware-realtek neofetch linux-image-amd64 grub-efi efibootmgr plymouth plymouth-themes duperemove btrfs-compsize btrfs-progs cryptsetup-initramfs linux-headers-amd64 firmware-iwlwifi firmware-linux firmware-linux-nonfree packagekit cockpit-packagekit cockpit-storaged shfmt aardvark-dns power-profiles-daemon iptables-persistent resolvconf wireguard wireguard-tools nmap libsecret-tools libglu1-mesa preload powertop acpi btop inotify-tools debootstrap cups apt-transport-https samba samba-common nfs-common nfs-kernel-server linux-cpupower locales zram-tools acpid ghostscript cifs-utils ntp vim-airline rsync screen base udev git network-manager cryptsetup network-manager-openvpn ntp screen docbook-xsl alsa-utils sysstat fuse3 build-essential unzip bash-completion parted dosfstools wget curl " +KDE_DESKTOP_ENV=" krita libdbus-glib-1-2 calligra print-manager kwin-addons kde-standard konsole dolphin kde-spectacle " +XFCE_DESKTOP_ENV=" xfce4 xfce4-goodies xfce4-whiskermenu-plugin xfce4-pulseaudio-plugin slim " +CINNAMON_DESKTOP_ENV=" cinnamon slim gimp gnome-screenshot gimp " +GNOME_DESKTOP_ENV=" gnome gnome-music gdm3 gnome-shell-extension-arc-menu gnome-shell-extension-desktop-icons-ng gnome-shell-extension-tiling-assistant gnome-shell-extension-no-annoyance gnome-shell-extension-dash-to-panel gnome-shell-extension-weather gnome-shell-extension-dashtodock gnome-shell-extension-appindicator gnome-tweaks synaptic gimp " +SHARED_DESKTOP_APPS=" keepassxc telegram-desktop handbrake vlc nextcloud-desktop yt-dlp " +#VIRTUALIZATION=" virt-manager qemu-system libvirt-daemon-system ovmf cockpit-machines" +PACKAGES="" +TAR_EXCLUDES="--exclude=/.snapshots --exclude=/snapshots --exclude=/var/backups --exclude=/volumes/* --exclude=/mnt/* --exclude=/var/tmp/* --exclude=/tmp/* --exclude=/raid/* --exclude=/root/* --exclude=/var/cache/apt/archives/* --exclude=/proc/* --exclude=/.snapshots/* --exclude=/var/lib/libvirt/* --exclude=/dev/* --exclude=/sys/* --exclude=/home/* --exclude=/var/lib/postgresql --exclude=/var/lib/containers --exclude=/opt/chatgpt " + +installVPN() { + cd /tmp + rm -f *.deb + wget --content-disposition https://mullvad.net/download/app/deb/latest + apt install -y /tmp/*.deb + systemctl enable --now mullvad-daemon +} + +partitionDetection() { + #This is used for the installer to do script-based actions + EFI=$(blkid | grep $HARD_DISK | sort | cut -d ":" -f1 | head -1 | tail -1) + BOOT=$(blkid | grep $HARD_DISK | sort | cut -d ":" -f1 | head -2 | tail -1) + BTRFS=$(blkid | grep $HARD_DISK | sort | cut -d ":" -f1 | head -3 | tail -1) + SWAP=$(blkid | grep $HARD_DISK | sort | cut -d ":" -f1 | head -4 | tail -1) +} + +partitionDetection + +auto_login() { + + if [ -f "$TARGET/usr/bin/sddm" ]; then + mkdir -p $TARGET/etc/sddm.conf.d + echo "[Autologin]" >$TARGET/etc/sddm.conf.d/autologin + echo "User=$USER" >>$TARGET/etc/sddm.conf.d/autologin + echo "Session=plasma.desktop" >>$TARGET/etc/sddm.conf.d/autologin + echo "Relogin=false" >>$TARGET/etc/sddm.conf.d/autologin + fi + + if [ -f "$TARGET/usr/sbin/gdm3" ]; then + sed -i '/daemon/a AutomaticLoginEnable=True' $TARGET/etc/gdm3/daemon.conf + sed -i "/daemon/a AutomaticLogin = $USER" $TARGET/etc/gdm3/daemon.conf + fi +} + +hibernate-setup() { + echo "[Sleep]" >/etc/systemd/sleep.conf + echo "AllowSuspend=yes" >>/etc/systemd/sleep.conf + echo "AllowHibernation=yes" >>/etc/systemd/sleep.conf + echo "AllowSuspendThenHibernate=yes" >>/etc/systemd/sleep.conf + echo "HibernateState=disk" >>/etc/systemd/sleep.conf + echo "HibernateMode=platform" >>/etc/systemd/sleep.conf + echo "HibernateDelaySec=1800" >>/etc/systemd/sleep.conf + echo "HandleLidSwitch=suspend-then-hibernate" >>/etc/systemd/logind.conf + echo "HandleLidSwitchExternalPower=suspend-then-hibernate" >>/etc/systemd/logind.conf + unlink /usr/lib/systemd/system/systemd-suspend.service + rm -f /usr/lib/systemd/system/systemd-suspend.service + ln -s /usr/lib/systemd/system/systemd-suspend-then-hibernate.service /usr/lib/systemd/system/systemd-suspend.service +} + +create-os-snapshots() { + echo + mkdir $2 + echo "[Creating new OS snapshot to $2/$3.tgz]" + echo + echo + NEW_TAR_EXCLUDES="$TAR_EXCLUDES --exclude=/minio --exclude=$TARGET/* --exclude=/var/lib/docker " + echo + time tar cpzf $2/$3.tgz $NEW_TAR_EXCLUDES / + chown $USER:$USER $2/$3.tgz +} + +homeBackup() { + echo + echo "[Copying USER data from /home to $TARGET/@home]" + echo + rsync -a --delete /home/ --exclude=.cache --exclude=.local/share/flatpak --exclude=.local/share/containers $TARGET/\@home/ +} + +os-backup() { + umount $TARGET + + printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER_NAME + + if [[ -e "/dev/mapper/$ROOT_MAPPER_NAME" ]]; then + echo + echo "[Mounting.....]" + echo + mount -o $COMPRESSION /dev/mapper/$ROOT_MAPPER_NAME $TARGET + + if [[ -e "$TARGET/@$ROOT_NAME/usr/bin/bash" ]]; then + if [ "$1" = "home" ]; then + homeBackup + fi + + create-os-snapshots "$1" "$2" "$3" + else + echo + echo "Aborting Install, $TARGET/@$ROOT_MAPPER_NAME/usr/bin/bash not found!" + echo + echo + exit 1 + fi + + else + echo + echo "Aborting Install, /dev/mapper/$ROOT_MAPPER_NAME not found!" + echo + echo + exit 1 + fi + + ls $TARGET/ + umount $TARGET + cryptsetup close $ROOT_MAPPER_NAME +} + +os-restore() { + partitions + rm -rf $TARGET/usr $TARGET/sbin $TARGET/lib32 $TARGET/libx32 $TARGET/lib $TARGET/vmlinuz* $TARGET/initrd* $TARGET/bin $TARGET/var $TARGET/root $TARGET/opt $TARGET/etc $TARGET/run + clear + echo "[Restoring OS tarfile from $4/$2.tgz]" + echo + tar xfp $4/$2.tgz -C $TARGET/ + + if [ "$3" = "home" ]; then + echo "[Restoring /home]" + echo + rsync -a --delete /home/ $TARGET/home/ + fi + + fstab + cp -f debian.sh $TARGET/ + systemMounts + chmod +x $TARGET/debian.sh + chroot $TARGET /debian.sh bootloader $1 $2 $5 + chroot $TARGET /debian.sh btrfs-tweaks + chroot $TARGET /debian.sh accounts + chown -R $USER:$USER $TARGET/home/$USER + auto_login + rm -f $TARGET/debian.sh + unmount +} + +systemMounts() { + mount -o rbind /dev $TARGET/dev + mount -o rbind /dev/pts $TARGET/dev/pts + mount -o rbind /proc $TARGET/proc + mount -o rbind /sys $TARGET/sys + mount -t efivarfs none $TARGET/sys/firmware/efi/efivars +} + +decryptBoot() { + KEYFILE='keyfile.key' + echo + echo "Setting LUKS to use Keyfile for password entry" + + echo + echo "Clearing Old Keys" + echo + for i in 1 2 3 4 5 6; do + printf "$DISK_PASSWORD" | cryptsetup luksKillSlot $1 $i + done + dd if=/dev/urandom of=/etc/$KEYFILE bs=1024 count=4 + chown root:root /etc/$KEYFILE + chmod 0400 /etc/$KEYFILE + echo + echo "Adding new key......" + echo + printf "$DISK_PASSWORD" | cryptsetup luksAddKey $1 /etc/$KEYFILE + sed -i "s/none/\/etc\/$KEYFILE/" /etc/crypttab + echo "KEYFILE_PATTERN=\"/etc/*.key\"" >/etc/cryptsetup-initramfs/conf-hook +} + +configure-repository() { + echo 'force-unsafe-io' >$TARGET/etc/dpkg/dpkg.cfg.d/docker-apt-speedup + + if [ "$DEBIAN_RELEASE" == "testing" ]; then + echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free non-free-firmware" >$TARGET/etc/apt/sources.list + chroot $TARGET /usr/bin/apt update + chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES " + else + echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free non-free-firmware" >$TARGET/etc/apt/sources.list + echo "deb https://deb.debian.org/debian-security $DEBIAN_RELEASE-security main" >>$TARGET/etc/apt/sources.list + echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE-updates main " >>$TARGET/etc/apt/sources.list + echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE-backports main contrib non-free-firmware" >>$TARGET/etc/apt/sources.list + chroot $TARGET /usr/bin/apt update + chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES " + chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt dist-upgrade -y -t $DEBIAN_RELEASE-backports" + chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $TROUBLESOME_PACKAGES" + chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt auto-remove -y" + fi + + #echo 'DPkg::Post-Invoke {"/usr/bin/debian.sh snapshot";};' >$TARGET/etc/apt/apt.conf +} + +make-image() { + umount $TARGET + mount -t tmpfs tmpfs -o size=15G,dev,exec $TARGET + debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian + configure-repository + locale + custom_service_files + rm -rf $TARGET/var/lib/flatpak + cp -f debian.sh $TARGET/usr/bin/ + echo 'bash /usr/bin/debian.sh hibernate' >>$TARGET/setup.sh + echo "bash /usr/bin/debian.sh bootloader $1 $ROOT_NAME $ROOT_MAPPER_NAME" >>$TARGET/setup.sh + echo 'bash /usr/bin/debian.sh grub-snapshots' >>$TARGET/setup.sh + echo 'bash /usr/bin/debian.sh desktop' >>$TARGET/setup.sh + echo '/usr/bin/apt clean all' >>$TARGET/setup.sh + chmod +x $TARGET/usr/bin/debian.sh + chmod +x $TARGET/setup.sh + chroot $TARGET /setup.sh + rm -f $TARGET/setup.sh + echo -e "ALGO=zstd\nPERCENT=60" | tee -a $TARGET/etc/default/zramswap + cd $TARGET + echo "[Creating new OS image to $1/$ROOT_NAME.tgz]" + time tar cpzf $1/$ROOT_NAME.tgz --exclude=proc/* . + cd $1 + du -h $1/$ROOT_NAME.tgz | tail -1 + unmount +} + +install() { + partitions + sed -i '/^SigLevel/s/^\(.*\)$/#\1\n/' /etc/pacman.conf + sed -i '/#SigLevel/a SigLevel = Never' /etc/pacman.conf + pacman -Sy archlinux-keyring debootstrap --noconfirm + apt update + apt install debootstrap -y + rm -rf /debootstrap + debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian + systemMounts + cp -f /etc/resolv.conf $TARGET/etc/ + echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >$TARGET/setup.sh + configure-repository + locale + auto_login + custom_service_files + setup_script "$1" + echo -e "ALGO=zstd\nPERCENT=60" | tee -a $TARGET/etc/default/zramswap + unmount +} + +desktop() { + SERVICES+=(mullvad-daemon pmcd pmie pmlogger pmproxy exim4 cockpit.socket apparmor nfs-server smbd rpbind rpcbind.socket avahi-daemon bluetooth) + for i in "${SERVICES[@]}"; do + systemctl disable --now $i + done + + if [ -f "/usr/bin/sddm" ]; then + echo + echo "Performing KDE Bloat Removal" + echo + BLOAT_APPS+=(dragonplayer akregator kate konqueror kdeconnect kdepim*) + for i in "${BLOAT_APPS[@]}"; do + echo "Removing: $i" + apt remove --purge -y $i + apt autoremove -y + done + fi + + if [ -f "/usr/sbin/gdm3" ]; then + echo + echo "Performing GNOME Bloat Removal" + echo + chmod -x /usr/lib/evolution/evolution-calendar-factory + chmod -x /usr/lib/evolution/evolution-source-registry + chmod -x /usr/lib/evolution/evolution-addressbook-factory + chmod -x /usr/libexec/evolution-data-server/evolution-alarm-notify + mv /usr/lib/evolution-data-server /usr/lib/evolution-data-server-disabled + mv /usr/lib/evolution /usr/lib/evolution-disabled + BLOAT_APPS+=(gnome-calendar evolution four-in-a-row iagno aisleriot gnome-mahjongg gnome-software lightsoff zutty gnome-taquin gnome-tetravex simple-scan gnome-text-editor gnome-chess gnome-contacts gnome-clocks unattended-upgrades apparmor gnome-sound-recorder hitori shotwell quadrapassel quadrapassel gnome-sudoku swell-foop gnome-maps transmission-gtk cheese libgnome-games-support-common chromium chromium-common chromium-sandbox epiphany-browser epiphany-browser-data) + for i in "${BLOAT_APPS[@]}"; do + echo "Removing: $i" + apt remove --purge -y $i + apt autoremove -y + done + fi + + if [ -f "/usr/bin/slim" ]; then + echo + echo "Performing Cinnamon Bloat Removal" + echo + chmod -x /usr/lib/evolution/evolution-calendar-factory + chmod -x /usr/lib/evolution/evolution-source-registry + chmod -x /usr/lib/evolution/evolution-addressbook-factory + chmod -x /usr/libexec/evolution-data-server/evolution-alarm-notify + mv /usr/lib/evolution-data-server /usr/lib/evolution-data-server-disabled + mv /usr/lib/evolution /usr/lib/evolution-disabled + BLOAT_APPS+=(evolution ) + for i in "${BLOAT_APPS[@]}"; do + echo "Removing: $i" + apt remove --purge -y $i + apt autoremove -y + done + fi + + installBrowser + #installElement + installCodium + installVPN + installSteam + hibernate-setup + apt autoremove -y +} + +snapshots() { + echo + echo "Creating Snapshots....." + echo + DATE=$(echo $(date +%Y-%m-%d-%H-%M-%S)) + btrfs sub snapshot / /.snapshots/root-${DATE} + #update-grub +} + +remove-snapshots() { + btrfs sub delete /.snapshots/* + rm -f /boot/loader/entries/root-* +} + +flatpaks() { + echo + echo "Installing Flatpaks......" + echo + flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + for i in "${FLATPAKS[@]}"; do + echo $i + flatpak install --system $i -y + done +} + +grub-snapshots() { + cd /opt + git clone https://github.com/Antynea/grub-btrfs.git + cd /opt/grub-btrfs + make + make install + systemctl enable --now grub-btrfsd.service +} + +bootloader() { + if [ -z "$1" ]; then + echo + echo "Error: No Disk specified!" + echo + else + ROOT_MAPPER_NAME="$3" + ROOT_NAME="$2" + plymouth-set-default-theme -r + echo "$ROOT_MAPPER_NAME UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2) none luks" >/etc/crypttab + if [ "$AUTO_DECRYPT" == "True" ]; then + decryptBoot "${BTRFS}" + fi + /sbin/update-initramfs -c -k all + echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash mitigations=off\"" >/etc/default/grub + echo "GRUB_CMDLINE_LINUX=resume=UUID=$(/sbin/blkid | grep $SWAP | cut -d '"' -f2) cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):$ROOT_MAPPER_NAME root=UUID=$(/sbin/blkid | grep $ROOT_MAPPER_NAME | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} " >>/etc/default/grub + echo "GRUB_ENABLE_CRYPTODISK=n" >>/etc/default/grub + echo "GRUB_DISABLE_OS_PROBER=true" >>/etc/default/grub + echo "GRUB_TIMEOUT=1" >>/etc/default/grub + /sbin/grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian + /sbin/update-grub + fi + +} + +function setup_script() { + cp -f debian.sh $TARGET/usr/bin/ + #sed -i 's/most/dep/i' $TARGET/etc/initramfs-tools/initramfs.conf + echo 'bash /usr/bin/debian.sh hibernate' >>$TARGET/setup.sh + echo "bash /usr/bin/debian.sh bootloader $1 $ROOT_NAME $ROOT_MAPPER_NAME" >>$TARGET/setup.sh + echo 'bash /usr/bin/debian.sh grub-snapshots' >>$TARGET/setup.sh + echo 'bash /usr/bin/debian.sh accounts' >>$TARGET/setup.sh + echo 'bash /usr/bin/debian.sh desktop' >>$TARGET/setup.sh + echo 'bash /usr/bin/debian.sh btrfs-tweaks' >>$TARGET/setup.sh + + chmod +x $TARGET/usr/bin/debian.sh + chmod +x $TARGET/setup.sh + chroot $TARGET /setup.sh + rm -f $TARGET/setup.sh +} + +btrfs_filesytem() { + btrfs sub create $TARGET/@$ROOT_NAME + btrfs sub create $TARGET/@.snapshots + btrfs sub create $TARGET/@libvirt + btrfs sub create $TARGET/@home + btrfs sub create $TARGET/@root + btrfs sub create $TARGET/@containers + btrfs sub create $TARGET/@flatpak + echo + echo "Binding BTRFS Root" + echo + umount $TARGET + mount -o $COMPRESSION,subvol=@$ROOT_NAME /dev/mapper/$ROOT_MAPPER_NAME $TARGET +} + +installCodium() { + curl -fSsL https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | tee /usr/share/keyrings/vscodium.gpg >/dev/null + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/vscodium.gpg] https://download.vscodium.com/debs vscodium main" | tee /etc/apt/sources.list.d/vscodium.list + apt update + apt install codium -y +} + +installFirefoxNightly() { + cd /tmp + rm -rf /opt/firefox-nightly + apt remove firefox-esr -y + apt install libdbus-glib-1-2 -y + + #Firefox Nightly + wget -O /tmp/firefox.tar.gz "https://download.mozilla.org/?product=firefox-nightly-latest-ssl&os=linux64&lang=en-US" + tar xf /tmp/firefox.tar.gz -C /tmp/ + mv /tmp/firefox /opt/firefox-nightly + rm -rf /tmp/firefox* + + echo "[Desktop Entry]" >/usr/share/applications/firefox-nightly.desktop + echo "Name=Firefox Nightly" >>/usr/share/applications/firefox-nightly.desktop + echo "Comment=Web Browser" >>/usr/share/applications/firefox-nightly.desktop + echo "Exec=/opt/firefox-nightly/firefox %u" >>/usr/share/applications/firefox-nightly.desktop + echo "Terminal=false" >>/usr/share/applications/firefox-nightly.desktop + echo "Type=Application" >>/usr/share/applications/firefox-nightly.desktop + echo "Icon=/opt/firefox-nightly/browser/chrome/icons/default/default128.png" >>/usr/share/applications/firefox-nightly.desktop + echo "Categories=Network;WebBrowser;" >>/usr/share/applications/firefox-nightly.desktop + echo "MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;" >>/usr/share/applications/firefox.desktop + echo "StartupNotify=true" >>/usr/share/applications/firefox-nightly.desktop + echo "Actions=Private;" >>/usr/share/applications/firefox-nightly.desktop + echo "[Desktop Action Private]" >>/usr/share/applications/firefox-nightly.desktop + echo "Exec=/opt/firefox-nightly/firefox --private-window %u" >>/usr/share/applications/firefox-nightly.desktop + echo "Name=Open in private mode" >>/usr/share/applications/firefox-nightly.desktop +} + +installFirefox() { + cd /tmp + rm -rf /opt/firefox + apt remove firefox-esr -y + apt install libdbus-glib-1-2 -y + + #Firefox Stable + wget -O /tmp/firefox.tar.gz "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64&lang=en-US" + tar xf /tmp/firefox.tar.gz -C /opt/ + unlink /usr/bin/firefox + ln -s /opt/firefox/firefox /usr/bin/firefox + rm -rf /tmp/firefox* + + #Desktop/App Icon + echo "[Desktop Entry]" >/usr/share/applications/firefox.desktop + echo "Name=Firefox Stable" >>/usr/share/applications/firefox.desktop + echo "Comment=Web Browser" >>/usr/share/applications/firefox.desktop + echo "Exec=/opt/firefox/firefox %u" >>/usr/share/applications/firefox.desktop + echo "Terminal=false" >>/usr/share/applications/firefox.desktop + echo "Type=Application" >>/usr/share/applications/firefox.desktop + echo "Icon=/opt/firefox/browser/chrome/icons/default/default128.png" >>/usr/share/applications/firefox.desktop + echo "Categories=Network;WebBrowser;" >>/usr/share/applications/firefox.desktop + echo "MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;" >>/usr/share/applications/firefox.desktop + echo "StartupNotify=true" >>/usr/share/applications/firefox.desktop + echo "Actions=Private;" >>/usr/share/applications/firefox.desktop + echo "[Desktop Action Private]" >>/usr/share/applications/firefox.desktop + echo "Exec=/opt/firefox/firefox --private-window %u" >>/usr/share/applications/firefox.desktop + echo "Name=Open in private mode" >>/usr/share/applications/firefox.desktop +} + +installSteam() { + dpkg --add-architecture i386 + apt update + apt install libc6:amd64 libc6:i386 libegl1:amd64 libegl1:i386 libgbm1:amd64 libgbm1:i386 libgl1-mesa-dri:amd64 libgl1-mesa-dri:i386 libgl1:amd64 libgl1:i386 steam-libs-amd64:amd64 steam-libs-i386:i386 xterm libgl1-mesa-dri:i386 mesa-vulkan-drivers:i386 -y + cd /tmp + wget https://steamcdn-a.akamaihd.net/client/installer/steam.deb + apt install -y /tmp/steam.deb + apt install lutris -y +} + +installBrave() { + curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list + apt update + apt install brave-browser -y + apt remove -y firefox-esr + apt autoremove -y +} + +installChrome() { + curl -fSsL https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor | tee /usr/share/keyrings/google-chrome.gpg >>/dev/null + echo deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main | tee /etc/apt/sources.list.d/google-chrome.list + apt update + apt install -y google-chrome-stable +} + +installVivaldi() { + curl -fsSL https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg --dearmor | tee /usr/share/keyrings/vivaldi.gpg >/dev/null + echo deb [arch=amd64,armhf signed-by=/usr/share/keyrings/vivaldi.gpg] https://repo.vivaldi.com/archive/deb/ stable main | sudo tee /etc/apt/sources.list.d/vivaldi.list + apt update + apt install -y vivaldi-stable +} + +installEdge() { + curl -fSsL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | tee /usr/share/keyrings/microsoft-edge.gpg >/dev/null + echo 'deb [signed-by=/usr/share/keyrings/microsoft-edge.gpg] https://packages.microsoft.com/repos/edge stable main' | tee /etc/apt/sources.list.d/microsoft-edge.list + apt update -y + apt install microsoft-edge-stable -y +} + +installBrowser() { + if [ "$BROWSER" = "brave" ]; then + installBrave + elif [ "$BROWSER" = "edge" ]; then + installEdge + elif [ "$BROWSER" = "firefox" ]; then + installFirefox + elif [ "$BROWSER" = "firefox-nightly" ]; then + installFirefoxNightly + elif [ "$BROWSER" = "vivaldi" ]; then + installVivaldi + else + apt install -y firefox-esr + fi +} + +installElement() { + wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | tee /etc/apt/sources.list.d/element-io.list + apt update + apt install -y element-desktop +} + +mounts() { + echo + echo "Mounting......." + mount /dev/mapper/$ROOT_MAPPER_NAME $TARGET + btrfs_filesytem + mkdir -p $TARGET/boot + mount -t ext4 $BOOT $TARGET/boot + mkdir -p $TARGET/boot/efi + mount $EFI $TARGET/boot/efi + #CONFIGURE DATA DIRS (HOME) + mkdir $TARGET/home + mount -o subvol=@home /dev/mapper/$ROOT_MAPPER_NAME $TARGET/home +} + +unmount() { + echo + echo "Unmounting....." + umount $TARGET/proc + umount $TARGET/dev + umount $TARGET/sys + umount $TARGET/boot + umount $TARGET/home + umount -lR $TARGET/* + umount -R $TARGET + umount -R $TARGET + cryptsetup close $ROOT_MAPPER_NAME +} + +locale() { + echo "ln -sf /usr/share/zoneinfo/US/Mountain /etc/localtime" >>$TARGET/setup.sh + echo "hwclock --systohc" >>$TARGET/setup.sh + echo "en_US.UTF-8 UTF-8" >$TARGET/etc/locale.gen + echo "locale-gen" >>$TARGET/setup.sh +} + +partitions() { + echo + echo "Setting Up Partitions....." + printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER_NAME + + if [[ -e "/dev/mapper/$ROOT_MAPPER_NAME" ]]; then + echo + echo "Formatting $EFI" + echo + echo y | mkfs.vfat $EFI + echo "Formatting $BOOT" + echo y | mkfs.ext4 $BOOT + mkswap -f $SWAP + mounts + fstab + else + echo + echo "Aborting Install, /dev/mapper/$ROOT_MAPPER_NAME not found!" + echo + echo + exit 1 + fi +} + +fstab() { + mkdir $TARGET/etc + echo "UUID=$(/sbin/blkid | grep ${BOOT} | cut -d '"' -f2) /boot ext4 defaults 0 1" >$TARGET/etc/fstab + echo "UUID=$(/sbin/blkid | grep ${EFI} | cut -d '"' -f4) /boot/efi vfat umask=0077 0 1" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME / btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@$ROOT_NAME 0 1" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME /.snapshots btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@.snapshots 0 1" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME /var/lib/libvirt btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@libvirt 0 1" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME /var/lib/flatpak btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@flatpak 0 1" >>$TARGET/etc/fstab + echo "tmpfs /var/log tmpfs defaults,dev,exec 0 0" >>$TARGET/etc/fstab + echo "tmpfs /tmp tmpfs defaults 0 0" >>$TARGET/etc/fstab + echo "tmpfs /home/${USER}/.cache tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab + echo "tmpfs /home/${USER}/Downloads tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME /home btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@home 0 1" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME /root btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@root 0 1" >>$TARGET/etc/fstab + echo "/dev/mapper/$ROOT_MAPPER_NAME /var/lib/containers btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@containers 0 1" >>$TARGET/etc/fstab + echo "$SWAP none swap 0 0" >>$TARGET/etc/fstab +} + +accounts() { + echo + echo "Set Password for $USER" + useradd -m -s /bin/bash $USER + echo "$USER:$USER_PASSWORD" | chpasswd + gpasswd -a $USER wheel + gpasswd -a $USER network + gpasswd -a $USER video + gpasswd -a $USER libvirt + gpasswd -a $USER netdev + gpasswd -a $USER adm + echo "$USER ALL=(ALL) ALL" >/etc/sudoers + echo "root ALL=(ALL) ALL" >>/etc/sudoers + echo + echo "Setting ROOT Password:" + echo "root:$ROOT_PASSWORD" | chpasswd + /usr/bin/hostnamectl set-hostname $ROOT_NAME + #echo "$USER_PASSWORD" | chsh -s /usr/bin/zsh $USER + #echo "$ROOT_PASSWORD" | chsh -s /usr/bin/zsh root +} + +btrfs-tweaks() { + DISABLE_COW=("/var/lib/docker" "/var/lib/containers" "/volumes" "/var/lib/mysql" "/var/lib/libvirt") + + for i in "${DISABLE_COW[@]}"; do + chattr -R +C $i + done +} + +custom_service_files() { + echo "systemctl set-default graphical.target" >>$TARGET/setup.sh + + echo "[Unit]" >$TARGET/etc/systemd/system/powertop.service + echo "Description=Powertop tunings" >>$TARGET/etc/systemd/system/powertop.service + echo "[Service]" >>$TARGET/etc/systemd/system/powertop.service + echo "Type=oneshot" >>$TARGET/etc/systemd/system/powertop.service + echo "ExecStart=/usr/sbin/powertop --auto-tune" >>$TARGET/etc/systemd/system/powertop.service + echo "[Install]" >>$TARGET/etc/systemd/system/powertop.service + echo "WantedBy=multi-user.target" >>$TARGET/etc/systemd/system/powertop.service + +} + +initialize-disk() { + parted /dev/$HARD_DISK mklabel gpt + parted -a optimal /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB + parted -a optimal /dev/$HARD_DISK mkpart primary ext3 200MiB 700MiB + parted -a optimal /dev/$HARD_DISK set 1 esp on + parted -a optimal /dev/$HARD_DISK mkpart P2 ext3 700MiB 98% + parted -a optimal /dev/$HARD_DISK mkpart P2 ext3 98% 100% + partitionDetection + printf "$DISK_PASSWORD\n$DISK_PASSWORD" | cryptsetup luksFormat ${BTRFS} + printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER_NAME + echo + echo "Formatting....." + echo y | mkfs.btrfs /dev/mapper/$ROOT_MAPPER_NAME --force + echo + echo "Initialize Complete. Please reboot your machine to avoid any issues" + echo +} + +wifi() { + iwctl --passphrase $WIRELESS_PASSWORD station $WIRELESS_INTERFACE connect $SSID +} + +show-help() { + clear + echo + echo "[debian.sh arguments]" + echo + echo "./debian.sh wifi" + echo "./debian.sh bootloader [disk] [ROOT_NAME] [ROOT_MAPPER_NAME]" + echo "./debian.sh initialize" + echo "./debian.sh tar [device name] [location]" + echo "./debian.sh snapshot" + echo "./debian.sh reomve-snapshot" + echo "./debian.sh btrfs-tweaks" + echo +} + +tweaks() { + clear + echo + echo "[Debian Installer System Tweaks]" + echo + echo "[1] Enable/Disable Disk Password at Boot" + echo "[2] Create a deployable System Image" + echo "[3] Reinstall Bootloader" + echo "[4] Chroot into existing OS" + echo + read -p 'Your Choice: ' choice + if [[ $choice = 1 ]]; then + clear + echo "[Password Protection at Boot]" + echo + echo + set-devices + read -p 'Unlock Disk without password at boot time? ' -e -i "y" pass_change + if [[ $pass_change = *n* ]]; then + AUTO_DECRYPT="False" + bootloader "$HARD_DISK" "$ROOT_NAME" "$ROOT_MAPPER_NAME" + else + AUTO_DECRYPT="True" + bootloader "$HARD_DISK" "$ROOT_NAME" "$ROOT_MAPPER_NAME" + fi + elif [[ $choice = 2 ]]; then + clear + echo + echo "[Create Debian Image]" + echo + read -p 'Location to Store Image: ' -e -i "/home/$USER" image_directory + read -p 'Image File Name: ' -e -i "debian" ROOT_NAME + read -p 'Debian Version: ' -e -i "stable" DEBIAN_RELEASE + read -p 'KDE, CINNAMON, XFCE, or GNOME: ' -e -i "KDE" DESKTOP + if [[ $DESKTOP = *KDE* ]]; then + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$KDE_DESKTOP_ENV + elif [[ $DESKTOP = *XFCE* ]]; then + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$XFCE_DESKTOP_ENV + elif [[ $DESKTOP = *CINNAMON* ]]; then + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$CINNAMON_DESKTOP_ENV + else + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$GNOME_DESKTOP_ENV + fi + ROOT_MAPPER_NAME="/dev/foo" + make-image "$image_directory" + elif [[ $choice = 3 ]]; then + set-devices + bootloader $HARD_DISK $ROOT_NAME $ROOT_MAPPER_NAME + elif [[ $choice = 4 ]]; then + set-devices + partitions + systemMounts + + if [[ -e "$TARGET/usr/bin/bash" ]]; then + /usr/sbin/chroot $TARGET /usr/bin/bash + fi + unmount + fi +} + +menu() { + clear + echo + echo "[Welcome to Verita84's Debian Installer System]" + echo + echo "[1] Install" + echo "[2] Backup" + echo "[3] Restore" + echo "[4] Tools and Tweaks" + echo "[5] Initialize Disk" + echo + read -p 'Your Choice: ' choice + if [[ $choice = 1 ]]; then + clear + echo "[Install OS]" + echo + echo + read -p 'Debian Version: ' -e -i "stable" DEBIAN_RELEASE + read -p 'KDE, CINNAMON, XFCE, or GNOME: ' -e -i "KDE" DESKTOP + if [[ $DESKTOP = *KDE* ]]; then + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$KDE_DESKTOP_ENV + elif [[ $DESKTOP = *XFCE* ]]; then + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$XFCE_DESKTOP_ENV + elif [[ $DESKTOP = *CINNAMON* ]]; then + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$CINNAMON_DESKTOP_ENV + else + PACKAGES=$BASE_PACKAGES$SHARED_DESKTOP_APPS$GNOME_DESKTOP_ENV + fi + set-devices + install "$HARD_DISK" + elif [[ $choice = 2 ]]; then + clear + echo "[Backup OS]" + echo + set-devices + read -p 'Backup Home Directory? : ' -e -i 'y' home_backup + read -p 'OS Backup Directory Location : ' -e -i "/install/\@$ROOT_NAME/var/backups" backup_directory + if [[ $home_backup = *n* ]]; then + os-backup "none" "$backup_directory" "$ROOT_NAME" + else + os-backup "home" "$backup_directory" "$ROOT_NAME" + fi + elif [[ $choice = 3 ]]; then + clear + echo "[Restore from Backup]" + echo + echo + set-devices + read -p 'Restore Directory Image Source: ' -e -i "/var/backups" restore_directory + read -p 'Restore Home Directory? : ' -e -i 'n' home_restore + read -p 'Backup file name to restore: ' -e -i 'debian' backup_name + + if [[ $home_restore = *n* ]]; then + os-restore "$HARD_DISK" "$backup_name" "none" "$restore_directory" "$ROOT_MAPPER_NAME" + else + os-restore "$HARD_DISK" "$backup_name" "home" "$restore_directory" "$ROOT_MAPPER_NAME" + fi + elif [[ $choice = 4 ]]; then + tweaks + elif [[ $choice = 5 ]]; then + clear + echo "[Initialize Disk]" + echo + echo + set-devices + initialize-disk + else + menu + fi + +} + +set-devices() { + i=0 + while [ $i != "n" ]; do + clear + echo + echo "Disks and Partitions:" + echo + cat /proc/partitions + echo + echo "Erase the line and press enter to skip to the next detected disk" + echo + i=$(expr $i + 1) + read -p 'Disk Device to Use: ' -e -i $(lsblk | grep -i disk | grep -Evi 'swap' | cut -d ' ' -f1 | head -$i | tail -1) device + if [[ ! -z $device ]]; then + i="n" + fi + done + + read -p 'BTRFS Root Volume name: ' -e -i "debian" root_name + read -p 'LUKS Device Mapper Name: ' -e -i "root" device_mapper_name + HARD_DISK=$device + partitionDetection + ROOT_NAME=$root_name + ROOT_MAPPER_NAME=$device_mapper_name +} + +if [ "$1" = "desktop" ]; then + desktop +elif [ "$1" = "tar" ]; then + create-os-snapshots "null" "$3" "$2" +elif [ "$1" = "upgrade-system" ]; then + upgrade-system +elif [ "$1" = "wifi" ]; then + wifi +elif [ "$1" = "accounts" ]; then + accounts +elif [ "$1" = "hibernate" ]; then + hibernate-setup +elif [ "$1" = "flatpaks" ]; then + flatpaks +elif [ "$1" = "bootloader" ]; then + bootloader "$2" "$3" "$4" +elif [ "$1" = "snapshot" ]; then + snapshots +elif [ "$1" = "grub-snapshots" ]; then + grub-snapshots +elif [ "$1" = "btrfs-tweaks" ]; then + btrfs-tweaks +elif [ "$1" = "remove-snapshot" ]; then + remove-snapshots +elif [ "$1" = "help" ]; then + show-help +else + menu +fi