Commit 7be84bf5 authored by Benjamin Slade's avatar Benjamin Slade

Initial commit

parents
#!/bin/bash
DEVICE=/dev/sda # set this accordingly
LUKSNAME=samcryptz # set this accordingly
wipefs --force --all ${DEVICE}
# Set MBR
/sbin/parted --script --align opt ${DEVICE} mklabel msdos
/sbin/parted --script --align opt ${DEVICE} mkpart pri 1MiB 100%
/sbin/parted --script --align opt ${DEVICE} set 1 boot on
/sbin/parted --script --align opt ${DEVICE} p # print
# Create LUKS container and open/mount it
cryptsetup luksFormat --type luks1 ${DEVICE}1
cryptsetup luksOpen ${DEVICE}1 ${LUKSNAME}
# We put this UUID into an env var to reuse later
CRYPTUUID=`blkid -o export ${DEVICE}1 | grep -E '^UUID='`
#!/bin/bash
DEVICE=/dev/sda # set this accordingly
LUKSNAME=samcryptz
wipefs --force --all ${DEVICE}
# Set MBR
/sbin/parted --script --align opt ${DEVICE} mklabel msdos
/sbin/parted --script --align opt ${DEVICE} mkpart pri 1MiB 100%
/sbin/parted --script --align opt ${DEVICE} set 1 boot on
/sbin/parted --script --align opt ${DEVICE} p # print
# Create LUKS container and open/mount it
cryptsetup luksFormat --type luks1 ${DEVICE}1
cryptsetup luksOpen ${DEVICE}1 ${LUKSNAME}
# We put this UUID into an env var to reuse later
CRYPTUUID=`blkid -o export ${DEVICE}1 | grep -E '^UUID='`
#!/bin/bash
# set hostid to head off issue of zfs thinking the pool is being imported by the wrong system
# use MAC address of first ethernet device (stripping out colons)
ip link sh | grep ether | awk '{print $2}' | tr -dc a-f0-9 > /etc/hostid
# or could just generate randomly, as below
# head /dev/urandom | tr -dc a-f0-9 | head -c 13 > /etc/hostid
USERNAME=slade #set accordingly
TARGET=/mnt # set accordingly
ZPOOLNAME=dozer # set to what you want your zpoolname to be
ZFSROOTBASENAME=${ZPOOLNAME}/ROOT
ZFSROOTDATASET=${ZFSROOTBASENAME}/system
# you may want to adjust some of the below settings
/sbin/zpool create -f \
-R ${TARGET} \
-O mountpoint=none \
-O relatime=on \
-O compression=on \ # 'on' defaults currently to lz4, which is probably quicker than no encryption
-o ashift=12 \ # best practice, probably, at this point regardless of actual device
${ZPOOLNAME} /dev/mapper/${LUKSNAME}
# adjust below datasets as desired - could be more elaborate, cp. https://github.com/zfsonlinux/zfs/wiki/Debian-Buster-Root-on-ZFS
# root for essential system bits, perhaps to be snapshotted/cloned
/sbin/zfs create -o canmount=off ${ZFSROOTBASENAME}
/sbin/zfs create -o mountpoint=/ ${ZFSROOTDATASET}
# boot dir (also perhaps to be snapshotted/cloned)
/sbin/zfs create -o mountpoint=/boot ${ZPOOLNAME}/boot
# home dirs
/sbin/zfs create -o mountpoint=/home ${ZPOOLNAME}/home
/sbin/zfs create -o mountpoint=/home/${USERNAME} ${ZPOOLNAME}/home/${USERNAME}
/sbin/zfs create -o mountpoint=/root ${ZPOOLNAME}/home/root
# for things that we probably don't need to clone
/sbin/zfs create -o canmount=off ${ZPOOLNAME}/VAR
/sbin/zfs create -o mountpoint=/var ${ZPOOLNAME}/VAR/var
/sbin/zfs create -o mountpoint=/var/log ${ZPOOLNAME}/VAR/logs
/sbin/zfs create -o mountpoint=/var/cache/xbps ${ZPOOLNAME}/VAR/distfiles
/sbin/zfs create -o mountpoint=/usr/local ${ZPOOLNAME}/VAR/local
/sbin/zfs create -o mountpoint=/usr/src ${ZPOOLNAME}/VAR/src
# sets dataset to boot from:
/sbin/zpool set bootfs=${ZFSROOTDATASET} ${ZPOOLNAME} # Do not skip this step
# show the user what has been done:
/sbin/zpool status -v # print zpool info
/sbin/zfs list # show zfs filesystems
#!/bin/bash
TARGET=/mnt
ZPOOLNAME=dozer
ZFSROOTBASENAME=${ZPOOLNAME}/ROOT
ZFSROOTDATASET=${ZFSROOTBASENAME}/void
/sbin/zpool create -f \
-R ${TARGET} \
-O mountpoint=none \
-O relatime=on \
-O compression=on \
-o ashift=12 \
${ZPOOLNAME} /dev/mapper/${LUKSNAME}
/sbin/zfs create -o canmount=off ${ZFSROOTBASENAME}
/sbin/zfs create -o mountpoint=/ ${ZFSROOTDATASET}
/sbin/zfs create -o mountpoint=/boot ${ZPOOLNAME}/boot
/sbin/zfs create -o mountpoint=/home ${ZPOOLNAME}/home
/sbin/zfs create -o mountpoint=/home/slade ${ZPOOLNAME}/home/slade
/sbin/zfs create -o mountpoint=/root ${ZPOOLNAME}/home/root
/sbin/zfs create -o mountpoint=/var/cache/xbps ${ZPOOLNAME}/var
/sbin/zfs create -o mountpoint=/var ${ZPOOLNAME}/var
/sbin/zfs create -o mountpoint=/var/log ${ZPOOLNAME}/var/log
/sbin/zpool set bootfs=${ZFSROOTDATASET} ${ZPOOLNAME} # Do not skip this step
/sbin/zpool status -v # print zpool info
#!/bin/bash
VOIDMIRROR=https://a-hel-fi.m.voidlinux.org/live/current/
VOIDFILE=void-x86_64-ROOTFS-20181111.tar.xz
wget -N ${VOIDMIRROR}/${VOIDFILE}
wget -N ${VOIDMIRROR}/sha256sums.txt
wget -N ${VOIDMIRROR}/sha256sums.txt.sig
tar xfv ./${VOIDFILE} -C ${TARGET}
#!/bin/bash
VOIDMIRROR=https://a-hel-fi.m.voidlinux.org/live/current/
VOIDFILE=void-x86_64-ROOTFS-20181111.tar.xz
wget -N ${VOIDMIRROR}/${VOIDFILE}
wget -N ${VOIDMIRROR}/sha256sums.txt
wget -N ${VOIDMIRROR}/sha256sums.txt.sig
#!/bin/bash
KEYDIR=${TARGET}/boot
KEYFILE=rootkey.bin
# Create key file:
dd if=/dev/urandom of=${KEYDIR}/${KEYFILE} bs=512 count=4
cryptsetup luksAddKey ${DEVICE}1 ${KEYDIR}/${KEYFILE} # This prompts for the LUKS container password
ln -sf /dev/mapper/${LUKSNAME} /dev
# Set crypttab:
echo "${LUKSNAME} ${CRYPTUUID} /${KEYFILE} luks" >> ${TARGET}/etc/crypttab
#!/bin/bash
for i in /dev /dev/pts /proc /sys
do
echo -n "mount $i..."
mount -B $i ${TARGET}$i
echo 'done!'
done
cp /etc/hostid /mnt/etc/ # copy hostid onto actual system
cp -p /etc/resolv.conf ${TARGET}/etc/
# copy cryptuuid & luksname into chroot location
echo "export CRYPTUUID=${CRYPTUUID}" > /mnt/importvars.sh
echo "export LUKSNAME=${LUKSNAME}" >> /mnt/importvars.sh
echo "export ZPOOLNAME=${ZPOOLNAME}" >> /mnt/importvars.sh
cp 06-config-inside-chroot.sh /mnt/
chroot /mnt
#!/bin/bash
for i in /dev /dev/pts /proc /sys
do
echo -n "mount $i..."
mount -B $i ${TARGET}$i
echo 'done!'
done
cp -p /etc/resolv.conf ${TARGET}/etc/
chroot /mnt
#!/bin/bash
YOURLOCALE="en_GB.UTF-8 UTF-8" # adjust accordingly
SYSTEMNAME="sushoma" # adjust accordingly
. importvars.sh # get old variables too
echo ${SYSTEMNAME} > /etc/hostname
# TODO: set up /etc/rc.conf
echo "Set root password: "
passwd
# TODO: set up /etc/locale.conf
echo ${YOURLOCALE} >> /etc/default/libc-locales
xbps-reconfigure -f glibc-locales
xbps-install -Su
xbps-install -S linux cryptsetup grub python3 zfs
# TODO: dracut
xbps-reconfigure -f linux4.19 # TODO: programmatically figure out name of latest stable linux kernel
# TODO: grub
echo "the following should say 'zfs'; otherwise something has gone wrong: "
grub-probe /
zpool set cachefile=/etc/zfs/zpool.cache ${ZPOOLNAME} # IMPORTANT
# set up swap
zfs create -o sync=always -o primarycache=metadata -o secondarycache=none -b 4k -V 8G -o logbias=throughput ${ZPOOLNAME}/swap
mkswap -f /dev/zvol/${ZPOOLNAME}/swap
echo "# zol swap vol" >> /etc/fstab
echo "/dev/zvol/${ZPOOLNAME}/swap none swap sw 0 0" >> /etc/fstab
echo "hit return to exit chroot"
read exitchroot
# get rid of scripts
rm importvars.sh
rm 06-config-inside-chroot.sh
exit
#!/bin/bash
. importvars.sh # get variables
echo "Set root password: "
passwd
# TODO: set up /etc/locale.conf
echo "en_GB.UTF-8 UTF-8" >> /etc/default/libc-locales
xbps-reconfigure -f glibc-locales
xbps-install -Su
xbps-install -S linux cryptsetup grub python python3 zfs
# TODO: dracut
xbps-reconfigure -f linux4.19 # TODO: programmatically figure out name of latest stable linux kernel
# TODO: grub
echo "the following should say 'zfs'; otherwise something has gone wrong: "
grub-probe /
zpool set cachefile=/etc/zfs/zpool.cache ${ZPOOLNAME} # IMPORTANT
zfs create -o sync=always -o primarycache=metadata -o secondarycache=none -b 4k -V 8G -o logbias=throughput ${ZPOOLNAME}/swap
mkswap -f /dev/zvol/rogue/swap
echo "# zol swap vol" >> /etc/fstab
echo "/dev/zvol/${ZPOOLNAME}/swap none swap sw 0 0" >> /etc/fstab
echo "hit return to exit chroot"
read exitchroot
exit
#!/bin/bash
for i in sys proc dev/pts dev
do
umount ${TARGET}/$i
done
/sbin/zfs unmount -a
/sbin/zpool export -a -f
echo "Hit return to reboot"
read reboot
reboot
#!/bin/bash
for i in sys proc dev/pts dev
do
umount ${TARGET}/$i
done
/sbin/zfs unmount -a
/sbin/zpool export -a -f
echo "Hit any key to reboot"
read reboot
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment