#!/bin/bash function first_stage(){ set -e echo foo first_stage echo -n "hostname: " read hostname_in export NEW_HOSTNAME=$hostname_in echo -n "luks password: " read -s luks_password_in export LUKS_PASSWORD=$luks_password_in echo echo -n "root password: " read -s root_password_in export ROOT_PASSWORD=$root_password_in echo echo -n "user password: " read -s user_password_in export USER_PASSWORD=$user_password_in echo lsblk -ftpo NAME,FSTYPE,LABEL,UUID,FSAVAIL,MOUNTPOINT select DEVICE in $(lsblk -frpno NAME); do echo using $DEVICE break done export DEVICE apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync gdisk if [ -d /dev/cryptvg ]; then mount | grep target | awk '{print $3}'| sort -r | while read LINE; do umount -l $LINE; done if [ -b /dev/cryptvg/swap ]; then swapoff /dev/cryptvg/swap || true fi vgchange -an /dev/cryptvg fi if [ -b /dev/mapper/cryptlvm ]; then cryptsetup luksClose cryptlvm fi wipefs -a ${DEVICE} ( echo o echo Y echo n echo 1 echo echo +512M echo ef02 echo n echo 2 echo echo +512M echo ef00 echo n echo p echo 3 echo echo echo 8309 echo w echo Y ) | gdisk ${DEVICE} if [ -e ${DEVICE}1 ]; then PART1=${DEVICE}1 elif [ -e ${DEVICE}p1 ]; then PART1=${DEVICE}p1 fi if [ -e ${DEVICE}2 ]; then PART2=${DEVICE}2 elif [ -e ${DEVICE}p2 ]; then PART2=${DEVICE}p2 fi if [ -e ${DEVICE}3 ]; then ROOTPART=${DEVICE}3 elif [ -e ${DEVICE}p3 ]; then ROOTPART=${DEVICE}p3 fi wipefs -a ${PART1} wipefs -a ${ROOTPART} echo mkfs.ext4 ${PART1} yes | mkfs.ext4 ${PART1} if [ -d /sys/firmware/efi ]; then echo UEFI echo mkfs.vfat -F32 ${PART2} mkfs.vfat -F32 ${PART2} else echo BIOS fi ( echo $LUKS_PASSWORD echo $LUKS_PASSWORD )| cryptsetup luksFormat ${ROOTPART} echo $LUKS_PASSWORD | cryptsetup luksOpen ${ROOTPART} cryptlvm unset LUKS_PASSWORD pvcreate /dev/mapper/cryptlvm vgcreate cryptvg /dev/mapper/cryptlvm export LVM_SIZE=$(dev_size /dev/mapper/cryptlvm) export SWAP_SIZE=$(($(mem_size)/1024/1024)) export ROOT_SIZE=$(($LVM_SIZE/1024/1024-$SWAP_SIZE-512)) echo lvcreate /dev/cryptvg --name=root --size=${ROOT_SIZE}M lvcreate /dev/cryptvg --name=root --size=${ROOT_SIZE}M yes | mkfs.btrfs /dev/cryptvg/root echo lvcreate /dev/cryptvg --name=swap --size=${SWAP_SIZE}M lvcreate /dev/cryptvg --name=swap --size=${SWAP_SIZE}M mkswap /dev/cryptvg/swap swapon /dev/cryptvg/swap mkdir -p /tmp/mnt mount /dev/cryptvg/root /tmp/mnt btrfs subvolume create /tmp/mnt/@ btrfs subvolume create /tmp/mnt/@home umount /tmp/mnt echo mount -osubvol=@ /dev/cryptvg/root $TARGET mount -osubvol=@ /dev/cryptvg/root $TARGET echo debootstrap sid $TARGET debootstrap sid $TARGET mount ${PART1} $TARGET/boot echo mount ${PART1} $TARGET/boot if [ -d /sys/firmware/efi ]; then echo UEFI mkdir -p $TARGET/boot/efi mount ${PART2} $TARGET/boot/efi echo mount ${PART2} $TARGET/boot/efi fi echo mount -osubvol=@home /dev/cryptvg/root $TARGET/home mount -osubvol=@home /dev/cryptvg/root $TARGET/home genfstab -U $TARGET | tee $TARGET/etc/fstab UUID=$(lsblk -lpo NAME,UUID | grep ${ROOTPART} | awk '{print $2}') echo cryptlvm UUID=${UUID} none luks,initramfs > $TARGET/etc/crypttab } function second_stage(){ set -e export DEBIAN_FRONTEND=noninteractive ( echo $ROOT_PASSWORD echo $ROOT_PASSWORD ) | passwd unset ROOT_PASSWORD echo -n > /etc/motd echo $NEW_HOSTNAME > /etc/hostname hostname $NEW_HOSTNAME sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list apt update apt install -y linux-image-amd64 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf if [ -d /sys/firmware/efi ]; then echo UEFI apt install -y grub-efi grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck --no-nvram --removable update-grub else echo BIOS apt install -y grub-pc grub-install ${DEVICE} update-grub fi update-initramfs -k all -u mkdir /snap btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_00_basesystem) apt install -y task-mate-desktop mate-desktop-environment-extra dbus-x11 ( echo $USER_PASSWORD echo $USER_PASSWORD echo echo echo echo echo ) | adduser jedi unset USER_PASSWORD chsh --shell /usr/bin/zsh jedi btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_01_user_gui) apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq fonts-powerline apt install -y virt-manager telegram-desktop chromium firefox thunderbird geany vlc pidgin meld remmina gmpc apt install -y gimp inkscape blender freecad kicad kicad-packages3d || true btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_02_big_tools) # switch to woking in homedir rsync -a /root/unbox_data/secrets/SSH/ ~jedi/.ssh/ chown -R jedi:jedi ~jedi/ echo second_stage done export -f user_install su jedi -c "bash -c user_install" mkdir -p ~jedi/.snap/ btrfs subvolume snapshot ~jedi/ ~jedi/.snap/$(date +%Y-%m-%d_fresh_install) } function user_install(){ set -e export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i/home/jedi/.ssh/id_rsa" export XDG_RUNTIME_DIR=/run/user/1000 dbus-launch dconf write /org/mate/desktop/interface/gtk-theme "'Materia-dark'" || true dbus-launch dconf write /org/mate/marco/general/theme "'Materia-dark'" || true dbus-launch dconf write /org/mate/desktop/interface/icon-theme "'Adwaita'" || true dbus-launch dconf write /org/mate/desktop/peripherals/mouse/cursor-theme "'Adwaita'" || true export HOME=~jedi/ cd git clone https://github.com/robbyrussell/oh-my-zsh.git $HOME/.oh-my-zsh chmod 0755 $HOME/.oh-my-zsh chown -R jedi:jedi $HOME git clone ssh://git@git.neulandlabor.de:2222/j3d1/laptop_tools.git Tools TOOLBOX_LINK=$(wget "https://data.services.jetbrains.com/products/releases?code=TBA&latest=true" -O - 2>/dev/null | jq -r ".TBA[0].downloads.linux.link") wget --show-progress -qO ./toolbox.tar.gz ${TOOLBOX_LINK} unset TOOLBOX_LINK TOOLBOX_TEMP_DIR=$(mktemp -d) tar -C "$TOOLBOX_TEMP_DIR" -xf toolbox.tar.gz rm ./toolbox.tar.gz "$TOOLBOX_TEMP_DIR"/*/jetbrains-toolbox rm -r "$TOOLBOX_TEMP_DIR" unset TOOLBOX_TEMP_DIR # Signal # 1. Install our official public software signing key #wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg #cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null # 2. Add our repository to your list of repositories #echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\ #sudo tee -a /etc/apt/sources.list.d/signal-xenial.list # 3. Update your package database and install signal #sudo apt update && sudo apt install signal-desktop echo } function post_install_stage(){ sleep 0.5 mount | grep target | awk '{print $3}'| sort -r | while read LINE; do umount -l $LINE; done }