Compare commits
2 Commits
d9cef67dd4
...
d2c05a5647
| Author | SHA1 | Date | |
|---|---|---|---|
|
d2c05a5647 | ||
|
|
7c0af76b4f |
@ -30,6 +30,10 @@ varia[s]=repo
|
||||
repo="http://ftp.fr.debian.org/debian"
|
||||
#repo="http://localhost:3142/ftp.fr.debian.org/debian"
|
||||
|
||||
usage[S]="Additional sources to add in source.list. Newline separated."
|
||||
varia[S]=repos
|
||||
repos="deb http://ftp.fr.debian.org/debian stable main contrib non-free"
|
||||
|
||||
usage[n]="The hostname"
|
||||
varia[n]=hostname
|
||||
hostname=""
|
||||
@ -39,22 +43,34 @@ varia[b]=boot_device
|
||||
boot_device=
|
||||
|
||||
usage[R]="The device where the system will be installed"
|
||||
varia[R]=boot_device
|
||||
boot_device=
|
||||
varia[R]=root_device
|
||||
root_device=
|
||||
|
||||
usage[l]="System locale"
|
||||
varia[l]=locale
|
||||
locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8"
|
||||
|
||||
usage[w]="Wireguard IP last number (4 for 1.2.3.4)"
|
||||
varia[w]=wireguard_number
|
||||
wireguard_number=
|
||||
|
||||
usage[J]="Just mount and chroot it. No installation"
|
||||
varia[J]=just_mount
|
||||
just_mount=false
|
||||
|
||||
usage[i]="Packages to install. space separated"
|
||||
varia[i]=install
|
||||
install=
|
||||
|
||||
|
||||
. driglibash-args
|
||||
|
||||
|
||||
secret_dir=secrets
|
||||
secret_dir="$(realpath -m "$secret_dir/$hostname")"
|
||||
install="vim openssh-server git nginx"
|
||||
|
||||
install="$install vim openssh-server git nginx smartmontool"
|
||||
|
||||
debootstrap_done_marker="$mnt/etc/debootstrap_done"
|
||||
|
||||
###############################################################################
|
||||
# Actual script
|
||||
@ -63,8 +79,8 @@ install="vim openssh-server git nginx"
|
||||
. driglibash-base
|
||||
|
||||
chroot_run(){
|
||||
run echo "$@" | chroot "$mnt"
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
chroot "$mnt" $@
|
||||
if [ "$?" -ne 0 ] && [ "$?" != '0' ] ; then
|
||||
die "Error, chroot command [$@] exited with code '$?'"
|
||||
fi
|
||||
}
|
||||
@ -77,16 +93,15 @@ wait_for_user(){
|
||||
|
||||
mount_misc(){
|
||||
run mkdir -p "$mnt"/{proc,dev,sys}
|
||||
run mount -t proc none "$mnt/proc"
|
||||
clean "umount '$mnt/proc'"
|
||||
run mount -t proc /proc "$mnt/proc"
|
||||
#clean "umount '$(realpath "$mnt/proc")'"
|
||||
# To access physical devices
|
||||
run mount -o bind /dev "$mnt/dev"
|
||||
clean "umount '$mnt/dev'"
|
||||
run mount -o bind /dev/pts "$mnt/dev/pts"
|
||||
clean "umount '$mnt/dev/pts'"
|
||||
run mount -o bind /sys "$mnt/sys"
|
||||
clean "umount '$mnt/sys'"
|
||||
# mount /dev/pts ? apt install complain about its absence
|
||||
run mount --rbind --make-rslave /dev "$mnt/dev"
|
||||
# even explicitly mounting /dev/pts makes apt cry for its absence…
|
||||
#clean "umount -R '$(realpath "$mnt/dev")'"
|
||||
run mount --rbind --make-rslave /sys "$mnt/sys"
|
||||
#clean "umount -R '$(realpath "$mnt/sys")'"
|
||||
clean "umount -R '$mnt'"
|
||||
}
|
||||
|
||||
if [ -z "$hostname" ] ; then
|
||||
@ -104,24 +119,48 @@ if ! [ -d "$secret_dir" ] ; then
|
||||
fi
|
||||
|
||||
|
||||
section "debootstraping"
|
||||
# Debootstrap may fail when the target is an existing system
|
||||
#if [ -n "$(ls -A $mnt)" ]; then
|
||||
# die "Root dir '$mnt' is not empty. Won’t debootstrap it."
|
||||
#fi
|
||||
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
||||
|
||||
|
||||
section "Mounting additionnal items"
|
||||
if [ -n "$(df | grep "$root_device")" ] ; then
|
||||
run umount "$root_device"
|
||||
fi
|
||||
run mkdir -p "$mnt"
|
||||
run mount --make-private "$root_device" "$mnt"
|
||||
# bug in driglibash-base. If $mnt got spaces it break
|
||||
clean "umount -R $mnt"
|
||||
|
||||
|
||||
if [ "$just_mount" != false ] ; then
|
||||
echo 'Mounted. Exit shell to unmount.'
|
||||
chroot_run
|
||||
die 'You asked to just mount then exit.'
|
||||
fi
|
||||
|
||||
|
||||
section "debootstraping"
|
||||
if [ ! -f "$debootstrap_done_marker" ] ; then
|
||||
# Debootstrap may fail when the target is an existing system
|
||||
if [ -n "$(ls -A $mnt)" ]; then
|
||||
die "Root dir '$mnt' is not empty. Won’t debootstrap it. Is this installation broken?"
|
||||
fi
|
||||
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
|
||||
touch "$debootstrap_done_marker"
|
||||
else
|
||||
yell "Already done"
|
||||
fi
|
||||
|
||||
mount_misc
|
||||
|
||||
|
||||
section "Generating locales"
|
||||
echo -e "$locale" > "$mnt/etc/locale.gen"
|
||||
chroot_run locale-gen
|
||||
|
||||
section "Installing selected software"
|
||||
#XXX use chroot_run
|
||||
echo "$repos" >> "$mnt/etc/apt/sources.list"
|
||||
chroot "$mnt" <<EOF
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get update -q -y
|
||||
apt-get install -q -y linux-image-amd64 console-data grub2 locales $install
|
||||
apt-get install -q -y linux-image-amd64 console-data grub2 locales vim wireguard-tools wireguard $install
|
||||
EOF
|
||||
# TODO watershed ?
|
||||
|
||||
@ -141,7 +180,6 @@ run echo "$hostname" > "$mnt/etc/hostname"
|
||||
run cat > "$mnt/root/.bashrc" <<EOF
|
||||
PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin:/sbin
|
||||
/usr/bin/setterm -blength 0
|
||||
xset b off
|
||||
EOF
|
||||
# Be sure this fucking beep is gone
|
||||
echo 'set bell-style none' >> "$mnt/etc/inputrc"
|
||||
@ -175,23 +213,10 @@ section "Set up networking"
|
||||
# Disable the unpredictable naming (since we are not on the future host)
|
||||
run ln -s /dev/null "$mnt/etc/udev/rules.d/80-net-setup-link.rules"
|
||||
run cat >> "$mnt/etc/network/interfaces" <<EOF
|
||||
auto enp1s0
|
||||
allow-hotplug enp1s0
|
||||
iface enp1s0 inet dhcp
|
||||
iface enp1s0 inet6 dhcp
|
||||
auto enp2s0
|
||||
allow-hotplug enp2s0
|
||||
iface enp2s0 inet dhcp
|
||||
iface enp2s0 inet6 dhcp
|
||||
auto eth0
|
||||
allow-hotplug eth0
|
||||
iface eth0 inet dhcp
|
||||
iface eth0 inet6 dhcp
|
||||
auto eth1
|
||||
allow-hotplug eth1
|
||||
iface eth1 inet dhcp
|
||||
iface eth1 inet6 dhcp
|
||||
EOF
|
||||
#iface eth0 inet6 dhcp
|
||||
# TODO add dyndn service
|
||||
|
||||
|
||||
@ -199,17 +224,41 @@ EOF
|
||||
section "Creating root SSH key to connect"
|
||||
if [ -n "$(ls -A $secret_dir)" ]; then
|
||||
#die "Secret dir '$secret_dir' is not empty"
|
||||
yell "Secret dir is not empty. Wont save ssh key."
|
||||
else
|
||||
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
||||
run mkdir -p "$mnt/root/.ssh/"
|
||||
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
||||
yell "Secret dir is not empty. May erase key."
|
||||
fi
|
||||
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
|
||||
run mkdir -p "$mnt/root/.ssh/"
|
||||
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
|
||||
chroot_run systemctl enable ssh
|
||||
|
||||
|
||||
section "Generating locales"
|
||||
chroot_run echo -e "$locale" > "/etc/locale.gen"
|
||||
chroot_run locale-gen
|
||||
section "Creating wireguard conf"
|
||||
|
||||
if [ -n "$wireguard_number" ] ; then
|
||||
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
||||
[Interface]
|
||||
PrivateKey = $(wg genkey)
|
||||
ListenPort = 51812
|
||||
Address = 10.98.1.$wireguard_number/32
|
||||
|
||||
[Peer] # debug
|
||||
PublicKey = OpENQI1ElPuVdNssMySffO8iZEyJsOaSQ9bQLU6Uz2E=
|
||||
AllowedIPs = 10.98.1.254/32
|
||||
Endpoint = 193.33.56.94:51812
|
||||
PersistentKeepalive = 25
|
||||
EOF
|
||||
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
|
||||
|
||||
run cat >> "$secret_dir/wg_conf_part_$hostname" <<EOF
|
||||
[Peer] # $hostname
|
||||
PublicKey = $wireguard_pubkey
|
||||
AllowedIPs = 10.98.1.$wireguard_number/32
|
||||
EOF
|
||||
chroot_run systemctl enable wg-quick@jeancloud.service
|
||||
|
||||
else
|
||||
yell "Passing"
|
||||
fi
|
||||
|
||||
|
||||
section "Installing grub"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user