tweaks for blatte
This commit is contained in:
parent
7c0af76b4f
commit
d2c05a5647
@ -30,6 +30,10 @@ varia[s]=repo
|
|||||||
repo="http://ftp.fr.debian.org/debian"
|
repo="http://ftp.fr.debian.org/debian"
|
||||||
#repo="http://localhost:3142/ftp.fr.debian.org/debian"
|
#repo="http://localhost:3142/ftp.fr.debian.org/debian"
|
||||||
|
|
||||||
|
usage[S]="Additional sources to add in source.list. Newline separated."
|
||||||
|
varia[S]=repos
|
||||||
|
repos="deb http://ftp.fr.debian.org/debian stable main contrib non-free"
|
||||||
|
|
||||||
usage[n]="The hostname"
|
usage[n]="The hostname"
|
||||||
varia[n]=hostname
|
varia[n]=hostname
|
||||||
hostname=""
|
hostname=""
|
||||||
@ -50,6 +54,13 @@ usage[w]="Wireguard IP last number (4 for 1.2.3.4)"
|
|||||||
varia[w]=wireguard_number
|
varia[w]=wireguard_number
|
||||||
wireguard_number=
|
wireguard_number=
|
||||||
|
|
||||||
|
usage[J]="Just mount and chroot it. No installation"
|
||||||
|
varia[J]=just_mount
|
||||||
|
just_mount=false
|
||||||
|
|
||||||
|
usage[i]="Packages to install. space separated"
|
||||||
|
varia[i]=install
|
||||||
|
install=
|
||||||
|
|
||||||
|
|
||||||
. driglibash-args
|
. driglibash-args
|
||||||
@ -57,9 +68,9 @@ wireguard_number=
|
|||||||
|
|
||||||
secret_dir=secrets
|
secret_dir=secrets
|
||||||
secret_dir="$(realpath -m "$secret_dir/$hostname")"
|
secret_dir="$(realpath -m "$secret_dir/$hostname")"
|
||||||
install="vim openssh-server git nginx"
|
install="$install vim openssh-server git nginx smartmontool"
|
||||||
|
|
||||||
|
|
||||||
|
debootstrap_done_marker="$mnt/etc/debootstrap_done"
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Actual script
|
# Actual script
|
||||||
@ -69,7 +80,7 @@ install="vim openssh-server git nginx"
|
|||||||
|
|
||||||
chroot_run(){
|
chroot_run(){
|
||||||
chroot "$mnt" $@
|
chroot "$mnt" $@
|
||||||
if [ "$?" -ne 0 ] ; then
|
if [ "$?" -ne 0 ] && [ "$?" != '0' ] ; then
|
||||||
die "Error, chroot command [$@] exited with code '$?'"
|
die "Error, chroot command [$@] exited with code '$?'"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -86,6 +97,7 @@ mount_misc(){
|
|||||||
#clean "umount '$(realpath "$mnt/proc")'"
|
#clean "umount '$(realpath "$mnt/proc")'"
|
||||||
# To access physical devices
|
# To access physical devices
|
||||||
run mount --rbind --make-rslave /dev "$mnt/dev"
|
run mount --rbind --make-rslave /dev "$mnt/dev"
|
||||||
|
# even explicitly mounting /dev/pts makes apt cry for its absence…
|
||||||
#clean "umount -R '$(realpath "$mnt/dev")'"
|
#clean "umount -R '$(realpath "$mnt/dev")'"
|
||||||
run mount --rbind --make-rslave /sys "$mnt/sys"
|
run mount --rbind --make-rslave /sys "$mnt/sys"
|
||||||
#clean "umount -R '$(realpath "$mnt/sys")'"
|
#clean "umount -R '$(realpath "$mnt/sys")'"
|
||||||
@ -111,26 +123,40 @@ section "Mounting additionnal items"
|
|||||||
if [ -n "$(df | grep "$root_device")" ] ; then
|
if [ -n "$(df | grep "$root_device")" ] ; then
|
||||||
run umount "$root_device"
|
run umount "$root_device"
|
||||||
fi
|
fi
|
||||||
|
run mkdir -p "$mnt"
|
||||||
run mount --make-private "$root_device" "$mnt"
|
run mount --make-private "$root_device" "$mnt"
|
||||||
clean "umount -R '$mnt'"
|
# bug in driglibash-base. If $mnt got spaces it break
|
||||||
|
clean "umount -R $mnt"
|
||||||
|
|
||||||
|
|
||||||
# Debootstrap may fail when the target is an existing system
|
if [ "$just_mount" != false ] ; then
|
||||||
if [ -n "$(ls -A $mnt)" ]; then
|
echo 'Mounted. Exit shell to unmount.'
|
||||||
die "Root dir '$mnt' is not empty. Won’t debootstrap it."
|
chroot_run
|
||||||
|
die 'You asked to just mount then exit.'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
section "debootstraping"
|
section "debootstraping"
|
||||||
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
if [ ! -f "$debootstrap_done_marker" ] ; then
|
||||||
|
# Debootstrap may fail when the target is an existing system
|
||||||
|
if [ -n "$(ls -A $mnt)" ]; then
|
||||||
|
die "Root dir '$mnt' is not empty. Won’t debootstrap it. Is this installation broken?"
|
||||||
|
fi
|
||||||
|
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
||||||
|
touch "$debootstrap_done_marker"
|
||||||
|
else
|
||||||
|
yell "Already done"
|
||||||
|
fi
|
||||||
|
|
||||||
mount_misc
|
mount_misc
|
||||||
|
|
||||||
|
|
||||||
|
section "Generating locales"
|
||||||
|
echo -e "$locale" > "$mnt/etc/locale.gen"
|
||||||
|
chroot_run locale-gen
|
||||||
|
|
||||||
section "Installing selected software"
|
section "Installing selected software"
|
||||||
#XXX use chroot_run
|
echo "$repos" >> "$mnt/etc/apt/sources.list"
|
||||||
chroot "$mnt" <<EOF
|
chroot "$mnt" <<EOF
|
||||||
export DEBIAN_FRONTEND=noninteractive
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
apt-get update -q -y
|
apt-get update -q -y
|
||||||
@ -154,7 +180,6 @@ run echo "$hostname" > "$mnt/etc/hostname"
|
|||||||
run cat > "$mnt/root/.bashrc" <<EOF
|
run cat > "$mnt/root/.bashrc" <<EOF
|
||||||
PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin:/sbin
|
PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin:/sbin
|
||||||
/usr/bin/setterm -blength 0
|
/usr/bin/setterm -blength 0
|
||||||
xset b off
|
|
||||||
EOF
|
EOF
|
||||||
# Be sure this fucking beep is gone
|
# Be sure this fucking beep is gone
|
||||||
echo 'set bell-style none' >> "$mnt/etc/inputrc"
|
echo 'set bell-style none' >> "$mnt/etc/inputrc"
|
||||||
@ -188,23 +213,10 @@ section "Set up networking"
|
|||||||
# Disable the unpredictable naming (since we are not on the future host)
|
# Disable the unpredictable naming (since we are not on the future host)
|
||||||
run ln -s /dev/null "$mnt/etc/udev/rules.d/80-net-setup-link.rules"
|
run ln -s /dev/null "$mnt/etc/udev/rules.d/80-net-setup-link.rules"
|
||||||
run cat >> "$mnt/etc/network/interfaces" <<EOF
|
run cat >> "$mnt/etc/network/interfaces" <<EOF
|
||||||
auto enp1s0
|
|
||||||
allow-hotplug enp1s0
|
|
||||||
iface enp1s0 inet dhcp
|
|
||||||
iface enp1s0 inet6 dhcp
|
|
||||||
auto enp2s0
|
|
||||||
allow-hotplug enp2s0
|
|
||||||
iface enp2s0 inet dhcp
|
|
||||||
iface enp2s0 inet6 dhcp
|
|
||||||
auto eth0
|
|
||||||
allow-hotplug eth0
|
allow-hotplug eth0
|
||||||
iface eth0 inet dhcp
|
iface eth0 inet dhcp
|
||||||
iface eth0 inet6 dhcp
|
|
||||||
auto eth1
|
|
||||||
allow-hotplug eth1
|
|
||||||
iface eth1 inet dhcp
|
|
||||||
iface eth1 inet6 dhcp
|
|
||||||
EOF
|
EOF
|
||||||
|
#iface eth0 inet6 dhcp
|
||||||
# TODO add dyndn service
|
# TODO add dyndn service
|
||||||
|
|
||||||
|
|
||||||
@ -217,9 +229,11 @@ fi
|
|||||||
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
||||||
run mkdir -p "$mnt/root/.ssh/"
|
run mkdir -p "$mnt/root/.ssh/"
|
||||||
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
||||||
|
chroot_run systemctl enable ssh
|
||||||
|
|
||||||
|
|
||||||
section "Creating wireguard conf"
|
section "Creating wireguard conf"
|
||||||
|
|
||||||
if [ -n "$wireguard_number" ] ; then
|
if [ -n "$wireguard_number" ] ; then
|
||||||
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
||||||
[Interface]
|
[Interface]
|
||||||
@ -233,22 +247,19 @@ AllowedIPs = 10.98.1.254/32
|
|||||||
Endpoint = 193.33.56.94:51812
|
Endpoint = 193.33.56.94:51812
|
||||||
PersistentKeepalive = 25
|
PersistentKeepalive = 25
|
||||||
EOF
|
EOF
|
||||||
wireguard_pubkey="$(cat /etc/wireguard/jeancloud.conf | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
|
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
|
||||||
|
|
||||||
run cat >> "$secret_dir/wg_conf_part_$hostname" <<EOF
|
run cat >> "$secret_dir/wg_conf_part_$hostname" <<EOF
|
||||||
[Peer] # $hostname
|
[Peer] # $hostname
|
||||||
PublicKey = $wireguard_pubkey
|
PublicKey = $wireguard_pubkey
|
||||||
AllowedIPs = 10.98.1.$wireguard_number/32
|
AllowedIPs = 10.98.1.$wireguard_number/32
|
||||||
EOF
|
EOF
|
||||||
|
chroot_run systemctl enable wg-quick@jeancloud.service
|
||||||
|
|
||||||
else
|
else
|
||||||
yell "Passing"
|
yell "Passing"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
section "Generating locales"
|
|
||||||
chroot_run echo -e "$locale" > "/etc/locale.gen"
|
|
||||||
chroot_run locale-gen
|
|
||||||
|
|
||||||
|
|
||||||
section "Installing grub"
|
section "Installing grub"
|
||||||
# Disable predictable name (again)
|
# Disable predictable name (again)
|
||||||
|
Loading…
Reference in New Issue
Block a user