--- /dev/null
+THE_DEV=/dev/sda
+THE_HOSTNAME=somehost
+THE_USERNAME=someuser
+
+gdisk $THE_DEV
+ESP 200M ef00
+XBOOTLDR 824M
+LUKSROOT
+
+vgcreate $THE_HOSTNAME /dev/disk/by-partlabel/LUKSROOT
+lvcreate -L16G -nswap $THE_HOSTNAME
+lvcreate -l100%FREE -nroot $THE_HOSTNAME
+
+mount /dev/mapper/$THE_HOSTNAME-root /mnt/
+
+cd /mnt/
+btrfs fi label /mnt/ btrfsroot
+btrfs subv create @root
+btrfs subv set-default /mnt/@root
+btrfs subv create @home
+btrfs subv create @apt
+btrfs subv create @vartmp
+chmod 1777 @vartmp
+umount /mnt/
+mount /dev/mapper/$THE_HOSTNAME-root /mnt/
+
+mkdir -p /mnt/etc/
+cat <<EOT > /mnt/etc/fstab
+LABEL=btrfsroot / btrfs subvol=@root,discard,compress,nodev 0 0
+LABEL=btrfsroot /btrfs btrfs subvol=/,discard,compress,nodev,nosuid 0 0
+LABEL=btrfsroot /home btrfs subvol=@home,discard,compress,nodev,nosuid 0 0
+LABEL=btrfsroot /var/cache/apt btrfs subvol=@apt,discard,compress,nodev,nosuid 0 0
+LABEL=btrfsroot /var/tmp btrfs subvol=@vartmp,discard,compress,nodev,nosuid 0 0
+PARTLABEL=XBOOTLDR /boot ext4 discard,nodev,nosuid,noexec 0 0
+PARTLABEL=ESP /boot/efi vfat discard,nodev,nosuid,noexec 0 0
+LABEL=swap swap swap discard 0 0
+tmpfs /tmp tmpfs nosuid,nodev 0 0
+EOT
+
+debootstrap bookworm /mnt/ https://deb.debian.org/debian
+
+cat <<EOT > /mnt/etc/apt/sources.list
+deb https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+deb https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+EOT
+
+chroot /mnt/
+
+mkdir -p /btrfs/ /boot/efi/ /home/ /var/cache/apt/ /var/tmp/
+
+mkdir /run/systemd/resolve/
+[ -f /run/systemd/resolve/stub-resolv.conf ] || echo 'nameserver 1.1.1.1' > /run/systemd/resolve/stub-resolv.conf
+
+echo $THE_HOSTNAME > /etc/hostname
+echo do_symlinks=no > /etc/kernel-img.conf
+
+cd /root/
+apt-get install aptitude curl git python3 vim
+curl -sSfL https://code.delx.au/p/dotfiles | bash
+
+exit
+for i in /dev /proc /sys /run /tmp; do mount --rbind $i /mnt$i; done
+chroot /mnt/
+cd /root
+
+mkdir /root/bin/
+git clone https://code.delx.au/monosys
+ln -s /root/monosys/bin /root/bin/monosys-bin
+
+mkdir /root/monosys/package-lists/local
+ln -s /root/monosys/package-lists/local /root/.aptorphan
+cd /root/monosys/package-lists/local
+for i in base base-hw desktop-base desktop-gnome desktop-gnome-software desktop-plymouth desktop-printing filesystems multimedia-players wifi; do ln -s ../debian/$i; done
+cp ../debian/system .
+
+apt-get update
+aptorphan
+
+dpkg-reconfigure locales
+systemctl disable ssh
+find /etc/systemd/system -xtype l -delete
+
+mv /etc/default/grub{,.bak}
+cp /root/monosys/etc/default/grub /etc/default/grub
+grub-install
+update-grub
+
+passwd root
+adduser $THE_USER
+gpasswd -a $THE_USER sudo
+
+plymouth-set-default-theme spinner
+
+
+
+reboot
+
+timedatectl set-timezone Australia/Sydney
+
+flatpak remote-add flathub https://dl.flathub.org/repo/flathub.flatpakrepo
--- /dev/null
+# https://www.raspberrypi.com/documentation/computers/configuration.html#set-up-a-headless-raspberry-pi
+# https://www.raspberrypi.com/software/operating-systems/
+
+xzcat image.xz | pv > /dev/mmcblk0
+
+mount /dev/mmcblk0p1 /mnt
+touch /mnt/ssh
+echo "pitmp:$(echo 'password1A!' | openssl passwd -6 -stdin)" > /mnt/userconf.txt
+
+# boot
+THE_IP=192.168.1.XXX
+
+ssh-copy-id pitmp@$THE_IP
+ssh pitmp@$THE_IP sudo cp -R ~pitmp/.ssh /root/.ssh
+
+ssh root@$THE_IP
+
+deluser pitmp
+rm -rf /home/pitmp
+
+hostnamectl set-hostname XYZ
+timedatectl set-timezone Australia/Sydney
+localectl set-locale en_AU.UTF-8
+
+rm -rf /var/log/journal
+systemctl restart systemd-journald
+
+rm /initrd.img /initrd.img.old /vmlinuz /vmlinuz.old
+echo 'do_symlinks=no' > /etc/kernel-img.conf
+
+apt-get install git python3 screen vim
+curl -sSfL https://code.delx.au/p/dotfiles | bash
+
+git clone https://code.delx.au/monosys
+
+cp monosys/etc/ssh/sshd_config sshd_config
+(cd /etc/ssh/; rm ssh_host_ecdsa_key ssh_host_ecdsa_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub)
+
+cp monosys/etc/systemd/network/ethernet.network /etc/systemd/network/ethernet.network
+systemctl stop networking
+systemctl start systemd-networkd
+systemctl enable systemd-networkd
+for i in ModemManager NetworkManager avahi-daemon{,.socket} triggerhappy{,.socket} wpa_supplicant udisks2; do systemctl disable --now $i; done
+
+find /etc/systemd/system -xtype l -delete