some of working version

This commit is contained in:
Adrian Amaglio 2023-05-16 21:25:16 +02:00
parent d9cef67dd4
commit 7c0af76b4f

View File

@ -39,13 +39,18 @@ varia[b]=boot_device
boot_device= boot_device=
usage[R]="The device where the system will be installed" usage[R]="The device where the system will be installed"
varia[R]=boot_device varia[R]=root_device
boot_device= root_device=
usage[l]="System locale" usage[l]="System locale"
varia[l]=locale varia[l]=locale
locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8" locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8"
usage[w]="Wireguard IP last number (4 for 1.2.3.4)"
varia[w]=wireguard_number
wireguard_number=
. driglibash-args . driglibash-args
@ -63,7 +68,7 @@ install="vim openssh-server git nginx"
. driglibash-base . driglibash-base
chroot_run(){ chroot_run(){
run echo "$@" | chroot "$mnt" chroot "$mnt" $@
if [ "$?" -ne 0 ] ; then if [ "$?" -ne 0 ] ; then
die "Error, chroot command [$@] exited with code '$?'" die "Error, chroot command [$@] exited with code '$?'"
fi fi
@ -77,16 +82,14 @@ wait_for_user(){
mount_misc(){ mount_misc(){
run mkdir -p "$mnt"/{proc,dev,sys} run mkdir -p "$mnt"/{proc,dev,sys}
run mount -t proc none "$mnt/proc" run mount -t proc /proc "$mnt/proc"
clean "umount '$mnt/proc'" #clean "umount '$(realpath "$mnt/proc")'"
# To access physical devices # To access physical devices
run mount -o bind /dev "$mnt/dev" run mount --rbind --make-rslave /dev "$mnt/dev"
clean "umount '$mnt/dev'" #clean "umount -R '$(realpath "$mnt/dev")'"
run mount -o bind /dev/pts "$mnt/dev/pts" run mount --rbind --make-rslave /sys "$mnt/sys"
clean "umount '$mnt/dev/pts'" #clean "umount -R '$(realpath "$mnt/sys")'"
run mount -o bind /sys "$mnt/sys" clean "umount -R '$mnt'"
clean "umount '$mnt/sys'"
# mount /dev/pts ? apt install complain about its absence
} }
if [ -z "$hostname" ] ; then if [ -z "$hostname" ] ; then
@ -104,15 +107,25 @@ if ! [ -d "$secret_dir" ] ; then
fi fi
section "debootstraping" section "Mounting additionnal items"
if [ -n "$(df | grep "$root_device")" ] ; then
run umount "$root_device"
fi
run mount --make-private "$root_device" "$mnt"
clean "umount -R '$mnt'"
# Debootstrap may fail when the target is an existing system # Debootstrap may fail when the target is an existing system
#if [ -n "$(ls -A $mnt)" ]; then if [ -n "$(ls -A $mnt)" ]; then
# die "Root dir '$mnt' is not empty. Wont debootstrap it." die "Root dir '$mnt' is not empty. Wont debootstrap it."
#fi fi
section "debootstraping"
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo" run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
section "Mounting additionnal items"
mount_misc mount_misc
@ -121,7 +134,7 @@ section "Installing selected software"
chroot "$mnt" <<EOF chroot "$mnt" <<EOF
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt-get update -q -y apt-get update -q -y
apt-get install -q -y linux-image-amd64 console-data grub2 locales $install apt-get install -q -y linux-image-amd64 console-data grub2 locales vim wireguard-tools wireguard $install
EOF EOF
# TODO watershed ? # TODO watershed ?
@ -199,14 +212,39 @@ EOF
section "Creating root SSH key to connect" section "Creating root SSH key to connect"
if [ -n "$(ls -A $secret_dir)" ]; then if [ -n "$(ls -A $secret_dir)" ]; then
#die "Secret dir '$secret_dir' is not empty" #die "Secret dir '$secret_dir' is not empty"
yell "Secret dir is not empty. Wont save ssh key." yell "Secret dir is not empty. May erase key."
else
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
run mkdir -p "$mnt/root/.ssh/"
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
fi fi
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
run mkdir -p "$mnt/root/.ssh/"
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
section "Creating wireguard conf"
if [ -n "$wireguard_number" ] ; then
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
[Interface]
PrivateKey = $(wg genkey)
ListenPort = 51812
Address = 10.98.1.$wireguard_number/32
[Peer] # debug
PublicKey = OpENQI1ElPuVdNssMySffO8iZEyJsOaSQ9bQLU6Uz2E=
AllowedIPs = 10.98.1.254/32
Endpoint = 193.33.56.94:51812
PersistentKeepalive = 25
EOF
wireguard_pubkey="$(cat /etc/wireguard/jeancloud.conf | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
run cat >> "$secret_dir/wg_conf_part_$hostname" <<EOF
[Peer] # $hostname
PublicKey = $wireguard_pubkey
AllowedIPs = 10.98.1.$wireguard_number/32
EOF
else
yell "Passing"
fi
section "Generating locales" section "Generating locales"
chroot_run echo -e "$locale" > "/etc/locale.gen" chroot_run echo -e "$locale" > "/etc/locale.gen"
chroot_run locale-gen chroot_run locale-gen