281 lines
7.0 KiB
Bash
Executable File
281 lines
7.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
function first_stage(){
|
|
set -e
|
|
echo foo first_stage
|
|
|
|
echo -n "hostname: "
|
|
read hostname_in
|
|
export NEW_HOSTNAME=$hostname_in
|
|
|
|
echo -n "luks password: "
|
|
read -s luks_password_in
|
|
export LUKS_PASSWORD=$luks_password_in
|
|
echo
|
|
|
|
echo -n "root password: "
|
|
read -s root_password_in
|
|
export ROOT_PASSWORD=$root_password_in
|
|
echo
|
|
|
|
echo -n "user password: "
|
|
read -s user_password_in
|
|
export USER_PASSWORD=$user_password_in
|
|
echo
|
|
|
|
lsblk -ftpo NAME,FSTYPE,LABEL,UUID,FSAVAIL,MOUNTPOINT
|
|
select DEVICE in $(lsblk -frpno NAME); do
|
|
echo using $DEVICE
|
|
break
|
|
done
|
|
|
|
export DEVICE
|
|
|
|
apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync gdisk
|
|
|
|
if [ -d /dev/cryptvg ]; then
|
|
mount | grep target | awk '{print $3}'| sort -r | while read LINE; do
|
|
umount -l $LINE;
|
|
done
|
|
if [ -b /dev/cryptvg/swap ]; then
|
|
swapoff /dev/cryptvg/swap || true
|
|
fi
|
|
vgchange -an /dev/cryptvg
|
|
fi
|
|
|
|
if [ -b /dev/mapper/cryptlvm ]; then
|
|
cryptsetup luksClose cryptlvm
|
|
fi
|
|
|
|
wipefs -a ${DEVICE}
|
|
|
|
(
|
|
echo o
|
|
echo Y
|
|
echo n
|
|
echo 1
|
|
echo
|
|
echo +512M
|
|
echo ef02
|
|
echo n
|
|
echo 2
|
|
echo
|
|
echo +512M
|
|
echo ef00
|
|
echo n
|
|
echo p
|
|
echo 3
|
|
echo
|
|
echo
|
|
echo 8309
|
|
echo w
|
|
echo Y
|
|
) | gdisk ${DEVICE}
|
|
|
|
if [ -e ${DEVICE}1 ]; then
|
|
PART1=${DEVICE}1
|
|
elif [ -e ${DEVICE}p1 ]; then
|
|
PART1=${DEVICE}p1
|
|
fi
|
|
|
|
if [ -e ${DEVICE}2 ]; then
|
|
PART2=${DEVICE}2
|
|
elif [ -e ${DEVICE}p2 ]; then
|
|
PART2=${DEVICE}p2
|
|
fi
|
|
|
|
if [ -e ${DEVICE}3 ]; then
|
|
ROOTPART=${DEVICE}3
|
|
elif [ -e ${DEVICE}p3 ]; then
|
|
ROOTPART=${DEVICE}p3
|
|
fi
|
|
|
|
wipefs -a ${PART1}
|
|
wipefs -a ${ROOTPART}
|
|
|
|
echo mkfs.ext4 ${PART1}
|
|
yes | mkfs.ext4 ${PART1}
|
|
|
|
if [ -d /sys/firmware/efi ]; then
|
|
echo UEFI
|
|
echo mkfs.vfat -F32 ${PART2}
|
|
mkfs.vfat -F32 ${PART2}
|
|
else
|
|
echo BIOS
|
|
fi
|
|
|
|
(
|
|
echo $LUKS_PASSWORD
|
|
echo $LUKS_PASSWORD
|
|
)| cryptsetup luksFormat ${ROOTPART}
|
|
echo $LUKS_PASSWORD | cryptsetup luksOpen ${ROOTPART} cryptlvm
|
|
unset LUKS_PASSWORD
|
|
pvcreate /dev/mapper/cryptlvm
|
|
vgcreate cryptvg /dev/mapper/cryptlvm
|
|
|
|
export LVM_SIZE=$(dev_size /dev/mapper/cryptlvm)
|
|
|
|
export SWAP_SIZE=$(($(mem_size)/1024/1024))
|
|
export ROOT_SIZE=$(($LVM_SIZE/1024/1024-$SWAP_SIZE-512))
|
|
|
|
echo lvcreate /dev/cryptvg --name=root --size=${ROOT_SIZE}M
|
|
lvcreate /dev/cryptvg --name=root --size=${ROOT_SIZE}M
|
|
yes | mkfs.btrfs /dev/cryptvg/root
|
|
|
|
echo lvcreate /dev/cryptvg --name=swap --size=${SWAP_SIZE}M
|
|
lvcreate /dev/cryptvg --name=swap --size=${SWAP_SIZE}M
|
|
mkswap /dev/cryptvg/swap
|
|
swapon /dev/cryptvg/swap
|
|
|
|
mkdir -p /tmp/mnt
|
|
mount /dev/cryptvg/root /tmp/mnt
|
|
btrfs subvolume create /tmp/mnt/@
|
|
btrfs subvolume create /tmp/mnt/@home
|
|
umount /tmp/mnt
|
|
|
|
echo mount -osubvol=@ /dev/cryptvg/root $TARGET
|
|
mount -osubvol=@ /dev/cryptvg/root $TARGET
|
|
|
|
echo debootstrap sid $TARGET
|
|
debootstrap sid $TARGET
|
|
|
|
mount ${PART1} $TARGET/boot
|
|
echo mount ${PART1} $TARGET/boot
|
|
|
|
if [ -d /sys/firmware/efi ]; then
|
|
echo UEFI
|
|
mkdir -p $TARGET/boot/efi
|
|
mount ${PART2} $TARGET/boot/efi
|
|
echo mount ${PART2} $TARGET/boot/efi
|
|
fi
|
|
|
|
echo mount -osubvol=@home /dev/cryptvg/root $TARGET/home
|
|
mount -osubvol=@home /dev/cryptvg/root $TARGET/home
|
|
|
|
genfstab -U $TARGET | tee $TARGET/etc/fstab
|
|
UUID=$(lsblk -lpo NAME,UUID | grep ${ROOTPART} | awk '{print $2}')
|
|
echo cryptlvm UUID=${UUID} none luks,initramfs > $TARGET/etc/crypttab
|
|
}
|
|
|
|
function second_stage(){
|
|
set -e
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
(
|
|
echo $ROOT_PASSWORD
|
|
echo $ROOT_PASSWORD
|
|
) | passwd
|
|
unset ROOT_PASSWORD
|
|
echo -n > /etc/motd
|
|
echo $NEW_HOSTNAME > /etc/hostname
|
|
hostname $NEW_HOSTNAME
|
|
sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list
|
|
apt update
|
|
apt install -y linux-image-amd64 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf
|
|
if [ -d /sys/firmware/efi ]; then
|
|
echo UEFI
|
|
apt install -y grub-efi
|
|
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck --no-nvram --removable
|
|
update-grub
|
|
else
|
|
echo BIOS
|
|
apt install -y grub-pc
|
|
grub-install ${DEVICE}
|
|
update-grub
|
|
fi
|
|
update-initramfs -k all -u
|
|
mkdir /snap
|
|
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_00_basesystem)
|
|
apt install -y task-mate-desktop mate-desktop-environment-extra dbus-x11
|
|
(
|
|
echo $USER_PASSWORD
|
|
echo $USER_PASSWORD
|
|
echo
|
|
echo
|
|
echo
|
|
echo
|
|
echo
|
|
) | adduser jedi
|
|
unset USER_PASSWORD
|
|
|
|
chsh --shell /usr/bin/zsh jedi
|
|
|
|
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_01_user_gui)
|
|
apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq fonts-powerline
|
|
apt install -y virt-manager telegram-desktop chromium firefox thunderbird geany vlc pidgin meld remmina gmpc
|
|
apt install -y gimp inkscape blender freecad kicad kicad-packages3d || true
|
|
btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_02_big_tools)
|
|
|
|
# switch to woking in homedir
|
|
|
|
|
|
rsync -a /root/unbox_data/secrets/SSH/ ~jedi/.ssh/
|
|
chown -R jedi:jedi ~jedi/
|
|
|
|
echo second_stage done
|
|
|
|
export -f user_install
|
|
su jedi -c "bash -c user_install"
|
|
|
|
|
|
mkdir -p ~jedi/.snap/
|
|
btrfs subvolume snapshot ~jedi/ ~jedi/.snap/$(date +%Y-%m-%d_fresh_install)
|
|
}
|
|
|
|
function user_install(){
|
|
set -e
|
|
|
|
|
|
export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i/home/jedi/.ssh/id_rsa"
|
|
|
|
export XDG_RUNTIME_DIR=/run/user/1000
|
|
|
|
dbus-launch dconf write /org/mate/desktop/interface/gtk-theme "'Materia-dark'" || true
|
|
dbus-launch dconf write /org/mate/marco/general/theme "'Materia-dark'" || true
|
|
dbus-launch dconf write /org/mate/desktop/interface/icon-theme "'Adwaita'" || true
|
|
dbus-launch dconf write /org/mate/desktop/peripherals/mouse/cursor-theme "'Adwaita'" || true
|
|
|
|
|
|
export HOME=~jedi/
|
|
|
|
cd
|
|
|
|
git clone https://github.com/robbyrussell/oh-my-zsh.git $HOME/.oh-my-zsh
|
|
chmod 0755 $HOME/.oh-my-zsh
|
|
chown -R jedi:jedi $HOME
|
|
|
|
|
|
git clone ssh://git@git.neulandlabor.de:2222/j3d1/laptop_tools.git Tools
|
|
|
|
|
|
TOOLBOX_LINK=$(wget "https://data.services.jetbrains.com/products/releases?code=TBA&latest=true" -O - 2>/dev/null | jq -r ".TBA[0].downloads.linux.link")
|
|
wget --show-progress -qO ./toolbox.tar.gz ${TOOLBOX_LINK}
|
|
unset TOOLBOX_LINK
|
|
TOOLBOX_TEMP_DIR=$(mktemp -d)
|
|
tar -C "$TOOLBOX_TEMP_DIR" -xf toolbox.tar.gz
|
|
rm ./toolbox.tar.gz
|
|
"$TOOLBOX_TEMP_DIR"/*/jetbrains-toolbox
|
|
rm -r "$TOOLBOX_TEMP_DIR"
|
|
unset TOOLBOX_TEMP_DIR
|
|
|
|
|
|
# Signal
|
|
# 1. Install our official public software signing key
|
|
#wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
|
|
#cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
|
|
# 2. Add our repository to your list of repositories
|
|
#echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
|
|
#sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
|
|
# 3. Update your package database and install signal
|
|
#sudo apt update && sudo apt install signal-desktop
|
|
|
|
echo
|
|
}
|
|
|
|
|
|
function post_install_stage(){
|
|
sleep 0.5
|
|
mount | grep target | awk '{print $3}'| sort -r | while read LINE; do
|
|
umount -l $LINE;
|
|
done
|
|
}
|