Author: Adam Evyčędo <git@apiote.xyz>
add install scripts
install-in-chroot.sh | 41 ++++++++++++++++ install.sh | 117 ++++++++++++++++++++++++++++++++++++++++++++++ prepare.sh | 20 +++++++
diff --git a/install-in-chroot.sh b/install-in-chroot.sh new file mode 100755 index 0000000000000000000000000000000000000000..ec744931272ff6d21ab0a0eac639bed8ba2c07ff --- /dev/null +++ b/install-in-chroot.sh @@ -0,0 +1,41 @@ +#!/bin/sh + +set -ex + +partition="$1" +disk="$2" + +{ + printf 'GRUB_TIMEOUT=0\n' + printf 'GRUB_ENABLE_CRYPTODISK=y\n' + printf 'GRUB_DISABLE_SUBMENU=y\n' + printf 'GRUB_DISABLE_RECOVERY=true\n' + printf 'GRUB_PRELOAD_MODULES="luks cryptodisk part_gpt lvm"\n' + printf 'GRUB_CMDLINE_LINUX_DEFAULT="modules=sd-mod,usb-storage,btrfs cryptroot=UUID=%s cryptdm=mycroft cryptkey quiet rootfstype=btrfs"\n' "$(blkid -s UUID -o value "$partition")" +} > /etc/default/grub +dd bs=12 count=4 if=/dev/random of=/crypto_keyfile.bin +chmod 000 /crypto_keyfile.bin +cryptsetup luksAddKey "$partition" /crypto_keyfile.bin +sed -i 's/features="/features="cryptkey /' /etc/mkinitfs/mkinitfs.conf +# shellcheck disable=SC2010 +kernel=$(basename "$(ls /lib/modules | grep -v firmware | sort -V | head -n1)") +mkinitfs -c /etc/mkinitfs/mkinitfs.conf "$kernel" + +grub-install --boot-directory=/boot "$disk" #--target=x86_64-efi --efi-directory=/boot/efi +grub-mkconfig -o /boot/grub/grub.cfg + +{ + printf 'UUID=%s swap swap defaults 0 0\n' "$(blkid -s UUID -o value /dev/mycroft/swap)" +} >>/etc/fstab +rc-update add swap boot + +cat >/tmp/init-git.sh <<END +cd / +git init +git remote add origin https://git.apiote.xyz/git/embankment.git +git fetch +git checkout origin/master -ft +END +su - infra -c 'sh /tmp/init-git.sh' +apk update +apk fix diff --git a/install.sh b/install.sh new file mode 100755 index 0000000000000000000000000000000000000000..01bf7dbf87c9b8dfa59fc9a9a71f0a41a47108cd --- /dev/null +++ b/install.sh @@ -0,0 +1,117 @@ +#!/bin/sh + +set -ex + +if [ -z "$1" ] +then + echo 'disk not given' + exit 1 +fi + +printf "auto lo\niface lo inet loopback\n\nauto eth0\niface eth0 inet dhcp\n" >/etc/network/interfaces +/etc/init.d/networking restart +{ + printf 'http://alpine.sakamoto.pl/alpine/edge/main\n' + printf 'http://alpine.sakamoto.pl/alpine/edge/community\n' + printf 'http://alpine.sakamoto.pl/alpine/edge/testing\n' +} >/etc/apk/repositories +while ! ip a | grep 192 +do + sleep 2 +done +apk update +apk add sfdisk cryptsetup btrfs-progs e2fsprogs grub lvm2 mkinitfs util-linux man-pages docs font-terminus git dosfstools grub-efi efibootmgr grub-bios +apk upgrade +modprobe btrfs + +disk=$1 +existing=$2 + +efi_partition="${disk}1" +lvm_partition="${disk}2" + +setup-devd -C udev + +if [ -z "$existing" ] +then + printf 'This will destroy all data. Continue [y/N]: ' + read -r confirmation + if [ "$confirmation" != 'Y' ] && [ "$confirmation" != 'y' ] + then + printf 'Aborting\n' + exit 0 + fi + + printf "label: dos\nsize=512M,bootable,type=U\nsize=+" | sfdisk "$disk" + + # NOTE LUSK2 https://savannah.gnu.org/bugs/?55093 + cryptsetup --verbose --verify-passphrase --cipher aes-xts-plain64 --iter-time 5000 --use-random luksFormat --type luks1 "$lvm_partition" + cryptsetup open "$lvm_partition" bimba + pvcreate /dev/mapper/bimba + vgcreate bimba /dev/mapper/bimba + + lvcreate -L 2G bimba -n swap + lvcreate -L 2G bimba -n boot + lvcreate -l 100%FREE bimba -n root + + mkswap -L swap /dev/bimba/swap +elif [ "$existing" = 'true' ] +then + printf 'Using existing disk structure\n' + cryptsetup open "$lvm_partition" bimba + /etc/init.d/lvm start +fi + +mkfs.fat -F32 "$efi_partition" +mkfs.ext4 /dev/bimba/boot +mkfs.btrfs -f -L root /dev/bimba/root +swapon /dev/bimba/swap + +setup-timezone Europe/Warsaw +setup-hostname bimba +setup-keymap pl pl +grep 'adam' /etc/passwd || setup-user -a -f Adam adam +passwd adam +mkdir -p /home/adam +chown adam:users /home/adam +grep 'infra' /etc/passwd || setup-user infra + +rc-update add networking boot +rc-update add seedrng boot +rc-update add crond default +rc-update add acpid default + +openrc boot +openrc default + +setup-ntp chrony + +mount -t btrfs /dev/bimba/root /mnt +mkdir -p /mnt/boot +mount -t ext4 /dev/bimba/boot /mnt/boot +# mkdir -p /mnt/boot/efi +# mount -t vfat "$efi_partition" /mnt/boot/efi + +setup-disk -m sys /mnt + +mount -t proc /proc /mnt/proc +mount --rbind /dev /mnt/dev +mount --make-rslave /mnt/dev +mount --rbind /sys /mnt/sys +# mount --rbind /sys/firmware/efi/efiwars /mnt/sys/firmware/efi/efivars + +cp install-in-chroot.sh /mnt/ +chroot /mnt /install-in-chroot.sh "$lvm_partition" "$disk" +rm /mnt/install-in-chroot.sh + +cd +umount -l /mnt/dev +umount -l /mnt/proc +# umount -l /mnt/sys/firmware/efi/efivars +umount -l /mnt/sys +# umount /mnt/boot/efi +umount /mnt/boot +swapoff /dev/bimba/swap +umount /mnt +vgchange -a n +cryptsetup luksClose lvmcrypt diff --git a/prepare.sh b/prepare.sh new file mode 100755 index 0000000000000000000000000000000000000000..64ce6125972daf9ce7046c463ca403f93711d74c --- /dev/null +++ b/prepare.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +if [ -z "$1" ]; then + echo "extracted or mounted iso directory not given" + exit 1 +fi + +iso_dir="$1" +unpack_iso_dir="/tmp/iso-alpine-bimba/" +rm -rf "$unpack_iso_dir" +mkdir "$unpack_iso_dir" +cp -r "$iso_dir"/* "$unpack_iso_dir" +chmod -R u+rwX,g+rwX "$unpack_iso_dir" + +mkdir -p "$unpack_iso_dir/bin" +cp ./install.sh "$unpack_iso_dir/bin/" +cp ./install-in-chroot.sh "$unpack_iso_dir/bin/" +genisoimage -vJr -no-emul-boot -boot-load-size 4 -boot-info-table -b "boot/syslinux/isolinux.bin" -c "boot/syslinux/boot.cat" -eltorito-alt-boot -b "boot/grub/efi.img" -no-emul-boot -o bimba.alpine.iso "$unpack_iso_dir"