Spotter-VM/vm.sh

112 lines
3.0 KiB
Bash
Raw Normal View History

#!/bin/sh
2018-10-31 22:27:17 +01:00
set -v
2018-07-09 15:14:44 +02:00
# Based on
# https://wiki.alpinelinux.org/wiki/LVM_on_LUKS
# Prerequisites for this script
# setup-interfaces
# ifup eth0
2018-10-31 22:27:17 +01:00
# Ask for passwords
2018-11-02 17:46:16 +01:00
read -sp 'Encryption password:' ENCPWD
2018-10-31 22:27:17 +01:00
echo
# Set up repositories
cat <<EOF >/etc/apk/repositories
2020-02-04 16:09:48 +01:00
http://dl-cdn.alpinelinux.org/alpine/v3.11/main
http://dl-cdn.alpinelinux.org/alpine/v3.11/community
EOF
# Install disk management tools
apk --no-cache add lvm2 cryptsetup e2fsprogs syslinux
# Create disk partitions
cat <<EOF | fdisk /dev/sda
n
p
1
+50m
a
1
n
p
2
t
2
8e
w
EOF
# Set up partition encryption
2018-10-31 22:27:17 +01:00
echo -n "${ENCPWD}" | cryptsetup -q luksFormat /dev/sda2
echo -n "${ENCPWD}" | cryptsetup open --type luks /dev/sda2 system
# Set up LVM
pvcreate /dev/mapper/system
vgcreate vg0 /dev/mapper/system
lvcreate -l 100%FREE vg0 -n root
# Format
mkfs.ext4 -m0 /dev/sda1
mkfs.ext4 -m1 /dev/vg0/root
# Mount
mount -t ext4 /dev/vg0/root /mnt
mkdir /mnt/boot
mount -t ext4 /dev/sda1 /mnt/boot
# Install Alpine linux
setup-disk -m sys /mnt
# Update boot-time volume information
2020-02-04 16:09:48 +01:00
export BOOT_UUID=$(blkid -s UUID -o value /dev/sda1)
export CRYPT_UUID=$(blkid -s UUID -o value /dev/sda2)
cat <<EOF >/mnt/etc/fstab
/dev/vg0/root / ext4 rw,noatime,data=ordered 0 1
UUID=${BOOT_UUID} /boot ext4 rw,noatime,data=ordered 0 2
/dev/vg0/swap swap swap defaults 0 0
EOF
echo "system UUID=${CRYPT_UUID} none luks" >/mnt/etc/crypttab
# Rebuild initfs
sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf
mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules)
2018-07-09 15:14:44 +02:00
# Update extlinux (ignore the errors)
sed -i "s/rootfstype=ext4/rootfstype=ext4 cryptroot=UUID=${CRYPT_UUID} cryptdm=system/" /mnt/etc/update-extlinux.conf
chroot /mnt update-extlinux
2019-03-19 21:46:39 +01:00
sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf
# Set time zone
chroot /mnt setup-timezone -z Europe/Prague
2018-10-31 22:27:17 +01:00
# Install basic system
apk --no-cache add apache2-utils gettext
wget https://repo.spotter.cz/vm.tar.gz -O - | tar xzf - -C /mnt
2019-06-13 09:46:24 +02:00
envsubst </mnt/boot/extlinux.conf.old >/mnt/boot/extlinux.conf
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt wireguard-tools-wg spoc@vm vmmgr@vm
chroot /mnt newaliases
2020-03-13 13:18:05 +01:00
for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix spoc swap urandom vmmgr; do
2018-10-31 22:27:17 +01:00
ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
done
ADMINPWD=$(htpasswd -bnBC 10 '' "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.json >/mnt/etc/vmmgr/config.json.new
mv /mnt/etc/vmmgr/config.json.new /mnt/etc/vmmgr/config.json
2018-10-31 22:27:17 +01:00
# Cleanup
rm -rf /mnt/root
2019-03-22 10:14:02 +01:00
mkdir -p /mnt/root/.ssh
# Install bootloader to MBR
dd bs=440 count=1 conv=notrunc if=/mnt/usr/share/syslinux/mbr.bin of=/dev/sda
# Unmount and shut down
umount /mnt/boot
umount /mnt
vgchange -a n
cryptsetup luksClose system
poweroff