add EFI support

This commit is contained in:
j3d1 2022-10-23 08:45:55 +02:00
parent 19cc3dfbba
commit 1dc84b5e89
2 changed files with 95 additions and 24 deletions

View file

@ -12,8 +12,10 @@ wireguard settings
firefox profiles home/.mozzilla/firefox firefox profiles home/.mozzilla/firefox
thunderbird profile home/.thunderbird thunderbird profile home/.thunderbird
jetbrains settings home/.config/JetBrains jetbrains settings home/.config/JetBrains
signal settings .config/Signal
telegram settings -local/share/TelegramDesktop
pidgin setting home/.purple pidgin setting home/.purple
gnucash + files
home/Projects home/Projects
home/Mount home/Mount
@ -21,5 +23,7 @@ home/Tools
;ldnsutils wireguard resolvconf freecad ;ldnsutils wireguard resolvconf freecad
fonts-powerline kicad-packages3d
systemctl enable tinc systemctl enable tinc
systemctl enable tinc@nodes.j3d1.de systemctl enable tinc@nodes.j3d1.de

109
entry.sh
View file

@ -31,7 +31,7 @@ function first_stage(){
export DEVICE export DEVICE
apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync gdisk
if [ -d /dev/cryptvg ]; then if [ -d /dev/cryptvg ]; then
mount | grep target | awk '{print $3}'| sort -r | while read LINE; do mount | grep target | awk '{print $3}'| sort -r | while read LINE; do
@ -51,31 +51,64 @@ function first_stage(){
( (
echo o echo o
echo Y
echo n echo n
echo p
echo 1 echo 1
echo echo
echo +2G echo +512M
echo ef02
echo n echo n
echo p
echo 2 echo 2
echo echo
echo +512M
echo ef00
echo n
echo p
echo 3
echo echo
echo
echo 8309
echo w echo w
) | fdisk ${DEVICE} echo Y
) | gdisk ${DEVICE}
if [ -e ${DEVICE}1 ]; then
PART1=${DEVICE}1
elif [ -e ${DEVICE}p1 ]; then
PART1=${DEVICE}p1
fi
wipefs -a ${DEVICE}1 if [ -e ${DEVICE}2 ]; then
wipefs -a ${DEVICE}2 PART2=${DEVICE}2
elif [ -e ${DEVICE}p2 ]; then
PART2=${DEVICE}p2
fi
echo mkfs.ext4 ${DEVICE}1 if [ -e ${DEVICE}3 ]; then
yes | mkfs.ext4 ${DEVICE}1 ROOTPART=${DEVICE}3
elif [ -e ${DEVICE}p3 ]; then
ROOTPART=${DEVICE}p3
fi
wipefs -a ${PART1}
wipefs -a ${ROOTPART}
echo mkfs.ext4 ${PART1}
yes | mkfs.ext4 ${PART1}
if [ -d /sys/firmware/efi ]; then
echo UEFI
echo mkfs.vfat -F32 ${PART2}
mkfs.vfat -F32 ${PART2}
else
echo BIOS
fi
( (
echo $LUKS_PASSWORD echo $LUKS_PASSWORD
echo $LUKS_PASSWORD echo $LUKS_PASSWORD
)| cryptsetup luksFormat ${DEVICE}2 )| cryptsetup luksFormat ${ROOTPART}
echo $LUKS_PASSWORD | cryptsetup luksOpen ${DEVICE}2 cryptlvm echo $LUKS_PASSWORD | cryptsetup luksOpen ${ROOTPART} cryptlvm
unset LUKS_PASSWORD unset LUKS_PASSWORD
pvcreate /dev/mapper/cryptlvm pvcreate /dev/mapper/cryptlvm
vgcreate cryptvg /dev/mapper/cryptlvm vgcreate cryptvg /dev/mapper/cryptlvm
@ -106,14 +139,21 @@ function first_stage(){
echo debootstrap sid $TARGET echo debootstrap sid $TARGET
debootstrap sid $TARGET debootstrap sid $TARGET
mount ${DEVICE}1 $TARGET/boot mount ${PART1} $TARGET/boot
echo mount ${DEVICE}1 $TARGET/boot echo mount ${PART1} $TARGET/boot
if [ -d /sys/firmware/efi ]; then
echo UEFI
mkdir -p $TARGET/boot/efi
mount ${PART2} $TARGET/boot/efi
echo mount ${PART2} $TARGET/boot/efi
fi
echo mount -osubvol=@home /dev/cryptvg/root $TARGET/home echo mount -osubvol=@home /dev/cryptvg/root $TARGET/home
mount -osubvol=@home /dev/cryptvg/root $TARGET/home mount -osubvol=@home /dev/cryptvg/root $TARGET/home
genfstab -U $TARGET | tee $TARGET/etc/fstab genfstab -U $TARGET | tee $TARGET/etc/fstab
UUID=$(lsblk -lpo NAME,UUID | grep ${DEVICE}2 | awk '{print $2}') UUID=$(lsblk -lpo NAME,UUID | grep ${ROOTPART} | awk '{print $2}')
echo cryptlvm UUID=${UUID} none luks,initramfs > $TARGET/etc/crypttab echo cryptlvm UUID=${UUID} none luks,initramfs > $TARGET/etc/crypttab
} }
@ -130,12 +170,21 @@ function second_stage(){
hostname $NEW_HOSTNAME hostname $NEW_HOSTNAME
sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list
apt update apt update
apt install -y linux-image-amd64 grub2 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf apt install -y linux-image-amd64 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf
if [ -d /sys/firmware/efi ]; then
echo UEFI
apt install -y grub-efi
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck --no-nvram --removable
update-grub
else
echo BIOS
apt install -y grub-pc
grub-install ${DEVICE} grub-install ${DEVICE}
update-grub update-grub
fi
update-initramfs -k all -u update-initramfs -k all -u
mkdir /snap mkdir /snap
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_basesystem) btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_00_basesystem)
apt install -y task-mate-desktop mate-desktop-environment-extra dbus-x11 apt install -y task-mate-desktop mate-desktop-environment-extra dbus-x11
( (
echo $USER_PASSWORD echo $USER_PASSWORD
@ -148,21 +197,28 @@ function second_stage(){
) | adduser jedi ) | adduser jedi
unset USER_PASSWORD unset USER_PASSWORD
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_user_gui) chsh --shell /usr/bin/zsh jedi
apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_01_user_gui)
apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq fonts-powerline
apt install -y virt-manager telegram-desktop chromium firefox thunderbird geany vlc pidgin meld remmina gmpc apt install -y virt-manager telegram-desktop chromium firefox thunderbird geany vlc pidgin meld remmina gmpc
apt install -y gimp inkscape blender freecad kicad || true apt install -y gimp inkscape blender freecad kicad kicad-packages3d || true
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_big_tools) btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_02_big_tools)
# switch to woking in homedir
rsync -a /root/unbox_data/secrets/SSH/ ~jedi/.ssh/ rsync -a /root/unbox_data/secrets/SSH/ ~jedi/.ssh/
chown -R jedi:jedi ~jedi/ chown -R jedi:jedi ~jedi/
chsh --shell /usr/bin/zsh jedi
echo second_stage done echo second_stage done
export -f user_install export -f user_install
su jedi -c "bash -c user_install" su jedi -c "bash -c user_install"
mkdir -p ~jedi/.snap/
btrfs subvolume snapshot ~jedi/ ~jedi/.snap/$(date +%Y-%m-%d_fresh_install)
} }
function user_install(){ function user_install(){
@ -201,6 +257,17 @@ function user_install(){
rm -r "$TOOLBOX_TEMP_DIR" rm -r "$TOOLBOX_TEMP_DIR"
unset TOOLBOX_TEMP_DIR unset TOOLBOX_TEMP_DIR
# Signal
# 1. Install our official public software signing key
#wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
#cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
# 2. Add our repository to your list of repositories
#echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
#sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
# 3. Update your package database and install signal
#sudo apt update && sudo apt install signal-desktop
echo echo
} }