diff --git a/README.md b/README.md index 305b96e..9df756c 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,10 @@ wireguard settings firefox profiles home/.mozzilla/firefox thunderbird profile home/.thunderbird jetbrains settings home/.config/JetBrains - +signal settings .config/Signal +telegram settings -local/share/TelegramDesktop pidgin setting home/.purple +gnucash + files home/Projects home/Mount @@ -21,5 +23,7 @@ home/Tools ;ldnsutils wireguard resolvconf freecad +fonts-powerline kicad-packages3d + systemctl enable tinc systemctl enable tinc@nodes.j3d1.de diff --git a/entry.sh b/entry.sh index 079c5e2..531bec9 100755 --- a/entry.sh +++ b/entry.sh @@ -31,7 +31,7 @@ function first_stage(){ export DEVICE - apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync + apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync gdisk if [ -d /dev/cryptvg ]; then mount | grep target | awk '{print $3}'| sort -r | while read LINE; do @@ -51,31 +51,64 @@ function first_stage(){ ( echo o + echo Y echo n - echo p echo 1 echo - echo +2G + echo +512M + echo ef02 echo n - echo p echo 2 echo + echo +512M + echo ef00 + echo n + echo p + echo 3 + echo echo + echo 8309 echo w - ) | fdisk ${DEVICE} + echo Y + ) | gdisk ${DEVICE} + if [ -e ${DEVICE}1 ]; then + PART1=${DEVICE}1 + elif [ -e ${DEVICE}p1 ]; then + PART1=${DEVICE}p1 + fi - wipefs -a ${DEVICE}1 - wipefs -a ${DEVICE}2 + if [ -e ${DEVICE}2 ]; then + PART2=${DEVICE}2 + elif [ -e ${DEVICE}p2 ]; then + PART2=${DEVICE}p2 + fi + + if [ -e ${DEVICE}3 ]; then + ROOTPART=${DEVICE}3 + elif [ -e ${DEVICE}p3 ]; then + ROOTPART=${DEVICE}p3 + fi + + wipefs -a ${PART1} + wipefs -a ${ROOTPART} + + echo mkfs.ext4 ${PART1} + yes | mkfs.ext4 ${PART1} - echo mkfs.ext4 ${DEVICE}1 - yes | mkfs.ext4 ${DEVICE}1 + if [ -d /sys/firmware/efi ]; then + echo UEFI + echo mkfs.vfat -F32 ${PART2} + mkfs.vfat -F32 ${PART2} + else + echo BIOS + fi ( echo $LUKS_PASSWORD echo $LUKS_PASSWORD - )| cryptsetup luksFormat ${DEVICE}2 - echo $LUKS_PASSWORD | cryptsetup luksOpen ${DEVICE}2 cryptlvm + )| cryptsetup luksFormat ${ROOTPART} + echo $LUKS_PASSWORD | cryptsetup luksOpen ${ROOTPART} cryptlvm unset LUKS_PASSWORD pvcreate /dev/mapper/cryptlvm vgcreate cryptvg /dev/mapper/cryptlvm @@ -106,14 +139,21 @@ function first_stage(){ echo debootstrap sid $TARGET debootstrap sid $TARGET - mount ${DEVICE}1 $TARGET/boot - echo mount ${DEVICE}1 $TARGET/boot + mount ${PART1} $TARGET/boot + echo mount ${PART1} $TARGET/boot + + if [ -d /sys/firmware/efi ]; then + echo UEFI + mkdir -p $TARGET/boot/efi + mount ${PART2} $TARGET/boot/efi + echo mount ${PART2} $TARGET/boot/efi + fi echo mount -osubvol=@home /dev/cryptvg/root $TARGET/home mount -osubvol=@home /dev/cryptvg/root $TARGET/home genfstab -U $TARGET | tee $TARGET/etc/fstab - UUID=$(lsblk -lpo NAME,UUID | grep ${DEVICE}2 | awk '{print $2}') + UUID=$(lsblk -lpo NAME,UUID | grep ${ROOTPART} | awk '{print $2}') echo cryptlvm UUID=${UUID} none luks,initramfs > $TARGET/etc/crypttab } @@ -130,12 +170,21 @@ function second_stage(){ hostname $NEW_HOSTNAME sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list apt update - apt install -y linux-image-amd64 grub2 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf - grub-install ${DEVICE} - update-grub + apt install -y linux-image-amd64 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf + if [ -d /sys/firmware/efi ]; then + echo UEFI + apt install -y grub-efi + grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck --no-nvram --removable + update-grub + else + echo BIOS + apt install -y grub-pc + grub-install ${DEVICE} + update-grub + fi update-initramfs -k all -u mkdir /snap - btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_basesystem) + btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_00_basesystem) apt install -y task-mate-desktop mate-desktop-environment-extra dbus-x11 ( echo $USER_PASSWORD @@ -148,21 +197,28 @@ function second_stage(){ ) | adduser jedi unset USER_PASSWORD - btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_user_gui) - apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq + chsh --shell /usr/bin/zsh jedi + + btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_01_user_gui) + apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq fonts-powerline apt install -y virt-manager telegram-desktop chromium firefox thunderbird geany vlc pidgin meld remmina gmpc - apt install -y gimp inkscape blender freecad kicad || true - btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_big_tools) + apt install -y gimp inkscape blender freecad kicad kicad-packages3d || true + btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_02_big_tools) + # switch to woking in homedir + + rsync -a /root/unbox_data/secrets/SSH/ ~jedi/.ssh/ chown -R jedi:jedi ~jedi/ - chsh --shell /usr/bin/zsh jedi echo second_stage done export -f user_install su jedi -c "bash -c user_install" + + mkdir -p ~jedi/.snap/ + btrfs subvolume snapshot ~jedi/ ~jedi/.snap/$(date +%Y-%m-%d_fresh_install) } function user_install(){ @@ -201,6 +257,17 @@ function user_install(){ rm -r "$TOOLBOX_TEMP_DIR" unset TOOLBOX_TEMP_DIR + + # Signal + # 1. Install our official public software signing key + #wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg + #cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null + # 2. Add our repository to your list of repositories + #echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\ + #sudo tee -a /etc/apt/sources.list.d/signal-xenial.list + # 3. Update your package database and install signal + #sudo apt update && sudo apt install signal-desktop + echo }