some of working version
This commit is contained in:
parent
d9cef67dd4
commit
7c0af76b4f
@ -39,13 +39,18 @@ varia[b]=boot_device
|
|||||||
boot_device=
|
boot_device=
|
||||||
|
|
||||||
usage[R]="The device where the system will be installed"
|
usage[R]="The device where the system will be installed"
|
||||||
varia[R]=boot_device
|
varia[R]=root_device
|
||||||
boot_device=
|
root_device=
|
||||||
|
|
||||||
usage[l]="System locale"
|
usage[l]="System locale"
|
||||||
varia[l]=locale
|
varia[l]=locale
|
||||||
locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8"
|
locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8"
|
||||||
|
|
||||||
|
usage[w]="Wireguard IP last number (4 for 1.2.3.4)"
|
||||||
|
varia[w]=wireguard_number
|
||||||
|
wireguard_number=
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
. driglibash-args
|
. driglibash-args
|
||||||
|
|
||||||
@ -63,7 +68,7 @@ install="vim openssh-server git nginx"
|
|||||||
. driglibash-base
|
. driglibash-base
|
||||||
|
|
||||||
chroot_run(){
|
chroot_run(){
|
||||||
run echo "$@" | chroot "$mnt"
|
chroot "$mnt" $@
|
||||||
if [ "$?" -ne 0 ] ; then
|
if [ "$?" -ne 0 ] ; then
|
||||||
die "Error, chroot command [$@] exited with code '$?'"
|
die "Error, chroot command [$@] exited with code '$?'"
|
||||||
fi
|
fi
|
||||||
@ -77,16 +82,14 @@ wait_for_user(){
|
|||||||
|
|
||||||
mount_misc(){
|
mount_misc(){
|
||||||
run mkdir -p "$mnt"/{proc,dev,sys}
|
run mkdir -p "$mnt"/{proc,dev,sys}
|
||||||
run mount -t proc none "$mnt/proc"
|
run mount -t proc /proc "$mnt/proc"
|
||||||
clean "umount '$mnt/proc'"
|
#clean "umount '$(realpath "$mnt/proc")'"
|
||||||
# To access physical devices
|
# To access physical devices
|
||||||
run mount -o bind /dev "$mnt/dev"
|
run mount --rbind --make-rslave /dev "$mnt/dev"
|
||||||
clean "umount '$mnt/dev'"
|
#clean "umount -R '$(realpath "$mnt/dev")'"
|
||||||
run mount -o bind /dev/pts "$mnt/dev/pts"
|
run mount --rbind --make-rslave /sys "$mnt/sys"
|
||||||
clean "umount '$mnt/dev/pts'"
|
#clean "umount -R '$(realpath "$mnt/sys")'"
|
||||||
run mount -o bind /sys "$mnt/sys"
|
clean "umount -R '$mnt'"
|
||||||
clean "umount '$mnt/sys'"
|
|
||||||
# mount /dev/pts ? apt install complain about its absence
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if [ -z "$hostname" ] ; then
|
if [ -z "$hostname" ] ; then
|
||||||
@ -104,15 +107,25 @@ if ! [ -d "$secret_dir" ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
section "debootstraping"
|
section "Mounting additionnal items"
|
||||||
|
if [ -n "$(df | grep "$root_device")" ] ; then
|
||||||
|
run umount "$root_device"
|
||||||
|
fi
|
||||||
|
run mount --make-private "$root_device" "$mnt"
|
||||||
|
clean "umount -R '$mnt'"
|
||||||
|
|
||||||
|
|
||||||
# Debootstrap may fail when the target is an existing system
|
# Debootstrap may fail when the target is an existing system
|
||||||
#if [ -n "$(ls -A $mnt)" ]; then
|
if [ -n "$(ls -A $mnt)" ]; then
|
||||||
# die "Root dir '$mnt' is not empty. Won’t debootstrap it."
|
die "Root dir '$mnt' is not empty. Won’t debootstrap it."
|
||||||
#fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
section "debootstraping"
|
||||||
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
||||||
|
|
||||||
|
|
||||||
section "Mounting additionnal items"
|
|
||||||
mount_misc
|
mount_misc
|
||||||
|
|
||||||
|
|
||||||
@ -121,7 +134,7 @@ section "Installing selected software"
|
|||||||
chroot "$mnt" <<EOF
|
chroot "$mnt" <<EOF
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get update -q -y
|
apt-get update -q -y
|
||||||
apt-get install -q -y linux-image-amd64 console-data grub2 locales $install
|
apt-get install -q -y linux-image-amd64 console-data grub2 locales vim wireguard-tools wireguard $install
|
||||||
EOF
|
EOF
|
||||||
# TODO watershed ?
|
# TODO watershed ?
|
||||||
|
|
||||||
@ -199,14 +212,39 @@ EOF
|
|||||||
section "Creating root SSH key to connect"
|
section "Creating root SSH key to connect"
|
||||||
if [ -n "$(ls -A $secret_dir)" ]; then
|
if [ -n "$(ls -A $secret_dir)" ]; then
|
||||||
#die "Secret dir '$secret_dir' is not empty"
|
#die "Secret dir '$secret_dir' is not empty"
|
||||||
yell "Secret dir is not empty. Wont save ssh key."
|
yell "Secret dir is not empty. May erase key."
|
||||||
else
|
|
||||||
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
|
||||||
run mkdir -p "$mnt/root/.ssh/"
|
|
||||||
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
|
||||||
fi
|
fi
|
||||||
|
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
||||||
|
run mkdir -p "$mnt/root/.ssh/"
|
||||||
|
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
||||||
|
|
||||||
|
|
||||||
|
section "Creating wireguard conf"
|
||||||
|
if [ -n "$wireguard_number" ] ; then
|
||||||
|
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = $(wg genkey)
|
||||||
|
ListenPort = 51812
|
||||||
|
Address = 10.98.1.$wireguard_number/32
|
||||||
|
|
||||||
|
[Peer] # debug
|
||||||
|
PublicKey = OpENQI1ElPuVdNssMySffO8iZEyJsOaSQ9bQLU6Uz2E=
|
||||||
|
AllowedIPs = 10.98.1.254/32
|
||||||
|
Endpoint = 193.33.56.94:51812
|
||||||
|
PersistentKeepalive = 25
|
||||||
|
EOF
|
||||||
|
wireguard_pubkey="$(cat /etc/wireguard/jeancloud.conf | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
|
||||||
|
|
||||||
|
run cat >> "$secret_dir/wg_conf_part_$hostname" <<EOF
|
||||||
|
[Peer] # $hostname
|
||||||
|
PublicKey = $wireguard_pubkey
|
||||||
|
AllowedIPs = 10.98.1.$wireguard_number/32
|
||||||
|
EOF
|
||||||
|
|
||||||
|
else
|
||||||
|
yell "Passing"
|
||||||
|
fi
|
||||||
|
|
||||||
section "Generating locales"
|
section "Generating locales"
|
||||||
chroot_run echo -e "$locale" > "/etc/locale.gen"
|
chroot_run echo -e "$locale" > "/etc/locale.gen"
|
||||||
chroot_run locale-gen
|
chroot_run locale-gen
|
||||||
|
Loading…
Reference in New Issue
Block a user