jean-cloud-services/installing/debootstrap_ordis_portables.sh
2023-05-16 21:25:16 +02:00

270 lines
6.8 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Ce script est une base quil faut sûrement améliorer.
# Il sert à installer un debian dordi portable JC pour le cluster SHLAGO
# Le but est dinstaller juste ce quil faut pour le le serveur tourne, le reste est laissé à ansible.
# Il génère une clé SSH qui permettra daccéder à la machine. Cest peut-être con, il faudrait plutôt le remplir de nos ssh publiques.
# https://github.com/adrianamaglio/driglibash
declare -A usage
declare -A varia
driglibash_run_retry=true
version="alpha nightly 0.0.1 pre-release unstable"
summary="$0 [options]"
usage[m]="Path of the temporar mount point"
varia[m]=mnt
mnt="temporary_mount_point"
usage[a]="The architecture of installed system as supported by debootstrap"
varia[a]=arch
arch="amd64"
usage[r]="The release of installed system as supported by debootstrap"
varia[r]=release
release="bullseye"
usage[s]="Source repository of installed system"
varia[s]=repo
#repo=
repo="http://ftp.fr.debian.org/debian"
#repo="http://localhost:3142/ftp.fr.debian.org/debian"
usage[n]="The hostname"
varia[n]=hostname
hostname=""
usage[b]="The device where grub will be installed"
varia[b]=boot_device
boot_device=
usage[R]="The device where the system will be installed"
varia[R]=root_device
root_device=
usage[l]="System locale"
varia[l]=locale
locale="en_US.UTF-8 UTF-8\nfr_FR.UTF-8 UTF-8"
usage[w]="Wireguard IP last number (4 for 1.2.3.4)"
varia[w]=wireguard_number
wireguard_number=
. driglibash-args
secret_dir=secrets
secret_dir="$(realpath -m "$secret_dir/$hostname")"
install="vim openssh-server git nginx"
###############################################################################
# Actual script
###############################################################################
. driglibash-base
chroot_run(){
chroot "$mnt" $@
if [ "$?" -ne 0 ] ; then
die "Error, chroot command [$@] exited with code '$?'"
fi
}
wait_for_user(){
section "Time for a pause"
run echo "Press 'Enter' to continue"
read
}
mount_misc(){
run mkdir -p "$mnt"/{proc,dev,sys}
run mount -t proc /proc "$mnt/proc"
#clean "umount '$(realpath "$mnt/proc")'"
# To access physical devices
run mount --rbind --make-rslave /dev "$mnt/dev"
#clean "umount -R '$(realpath "$mnt/dev")'"
run mount --rbind --make-rslave /sys "$mnt/sys"
#clean "umount -R '$(realpath "$mnt/sys")'"
clean "umount -R '$mnt'"
}
if [ -z "$hostname" ] ; then
die "Hostname arg needed"
fi
root_or_die
section "Testing for existing secrets"
if ! [ -d "$secret_dir" ] ; then
run mkdir -p "$secret_dir"
run chown -R root:root "$secret_dir"
run chmod 700 "$secret_dir"
fi
section "Mounting additionnal items"
if [ -n "$(df | grep "$root_device")" ] ; then
run umount "$root_device"
fi
run mount --make-private "$root_device" "$mnt"
clean "umount -R '$mnt'"
# Debootstrap may fail when the target is an existing system
if [ -n "$(ls -A $mnt)" ]; then
die "Root dir '$mnt' is not empty. Wont debootstrap it."
fi
section "debootstraping"
run debootstrap --verbose --arch "$arch" "$release" "$mnt" "$repo"
mount_misc
section "Installing selected software"
#XXX use chroot_run
chroot "$mnt" <<EOF
export DEBIAN_FRONTEND=noninteractive
apt-get update -q -y
apt-get install -q -y linux-image-amd64 console-data grub2 locales vim wireguard-tools wireguard $install
EOF
# TODO watershed ?
section "Configuring new system"
uuid=$(blkid | grep "$root_device" | cut -d ' ' -f 2)
line_in_file "$uuid / ext4 errors=remount-ro 0 1" "$mnt/etc/fstab"
line_in_file "proc /proc proc defaults" "$mnt/etc/fstab"
# TODO set noauto to /boot if needed
# Set hostname
run echo "$hostname" > "$mnt/etc/hostname"
# Fix path and remove noisy beep
run cat > "$mnt/root/.bashrc" <<EOF
PATH=$PATH:/usr/bin:/bin:/sbin:/usr/sbin:/sbin
/usr/bin/setterm -blength 0
xset b off
EOF
# Be sure this fucking beep is gone
echo 'set bell-style none' >> "$mnt/etc/inputrc"
# TODO find a third method to kill this doomed beep
# boot crypted
#section "Installing cryptsetup in initramfs"
#run echo 'CRYPTSETUP=y' >> /etc/cryptsetup-initramfs/conf-hook
#run cp key "$mnt/root/"
#run echo 'FILES="/root/key"' >> /etc/initramfs-tools/initramfs.conf
#run update-initramfs -ut
#echo "$mnt/etc/initramfs-tools/conf.d/cryptsetup" <<EOF
## This will setup non-us keyboards in early userspace,
## necessary for punching in passphrases.
#KEYMAP=y
#
## force busybox and cryptsetup on initramfs
#BUSYBOX=y
#CRYPTSETUP=y
#
## and for systems using plymouth instead, use the new option
#FRAMEBUFFER=y
#EOF
#echo 'export CRYPTSETUP=y' >> "$mnt/etc/environment"
#echo 'export FILES="./key"' >> "$mnt/etc/initramfs-tools/initramfs.conf"
#chroot_run 'update-initramfs -ut'
section "Set up networking"
# Disable the unpredictable naming (since we are not on the future host)
run ln -s /dev/null "$mnt/etc/udev/rules.d/80-net-setup-link.rules"
run cat >> "$mnt/etc/network/interfaces" <<EOF
auto enp1s0
allow-hotplug enp1s0
iface enp1s0 inet dhcp
iface enp1s0 inet6 dhcp
auto enp2s0
allow-hotplug enp2s0
iface enp2s0 inet dhcp
iface enp2s0 inet6 dhcp
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
iface eth0 inet6 dhcp
auto eth1
allow-hotplug eth1
iface eth1 inet dhcp
iface eth1 inet6 dhcp
EOF
# TODO add dyndn service
section "Creating root SSH key to connect"
if [ -n "$(ls -A $secret_dir)" ]; then
#die "Secret dir '$secret_dir' is not empty"
yell "Secret dir is not empty. May erase key."
fi
run export HOSTNAME="$hostname" && ssh-keygen -b 4096 -f "$secret_dir/id_rsa" -P ''
run mkdir -p "$mnt/root/.ssh/"
cat "$secret_dir/id_rsa.pub" >> "$mnt/root/.ssh/authorized_keys"
section "Creating wireguard conf"
if [ -n "$wireguard_number" ] ; then
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
[Interface]
PrivateKey = $(wg genkey)
ListenPort = 51812
Address = 10.98.1.$wireguard_number/32
[Peer] # debug
PublicKey = OpENQI1ElPuVdNssMySffO8iZEyJsOaSQ9bQLU6Uz2E=
AllowedIPs = 10.98.1.254/32
Endpoint = 193.33.56.94:51812
PersistentKeepalive = 25
EOF
wireguard_pubkey="$(cat /etc/wireguard/jeancloud.conf | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
run cat >> "$secret_dir/wg_conf_part_$hostname" <<EOF
[Peer] # $hostname
PublicKey = $wireguard_pubkey
AllowedIPs = 10.98.1.$wireguard_number/32
EOF
else
yell "Passing"
fi
section "Generating locales"
chroot_run echo -e "$locale" > "/etc/locale.gen"
chroot_run locale-gen
section "Installing grub"
# Disable predictable name (again)
run sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"/g' "$mnt/etc/default/grub"
chroot_run update-grub
chroot_run grub-install "$boot_device"
if [ "$arg_test" != "false" ] ; then
section "Testing installed system"
run qemu-system-x86_64 -m 1024M "$boot_device"
fi
echo "To test the system with qemu type:"
echo "qemu-system-x86_64 -m 1024M '$boot_device'"
clean