laptop-scripts/entry.sh

#!/bin/bash

function first_stage(){
	set -e
	echo foo first_stage

	echo -n "hostname: "
	read hostname_in
	export NEW_HOSTNAME=$hostname_in

	echo -n "luks password: "
	read -s luks_password_in
	export LUKS_PASSWORD=$luks_password_in
	echo

	echo -n "root password: "
	read -s root_password_in
	export ROOT_PASSWORD=$root_password_in
	echo

	echo -n "user password: "
	read -s user_password_in
	export USER_PASSWORD=$user_password_in
	echo

	lsblk -ftpo NAME,FSTYPE,LABEL,UUID,FSAVAIL,MOUNTPOINT
	select DEVICE in $(lsblk -frpno NAME); do
	echo using $DEVICE
	break
	done

	export DEVICE

	apt install -y debootstrap cryptsetup btrfs-progs lvm2 rsync gdisk

	if [ -d /dev/cryptvg ]; then
		mount | grep target | awk '{print $3}'| sort -r | while read LINE; do
			umount -l $LINE;
		done
		if [ -b /dev/cryptvg/swap ]; then
			swapoff /dev/cryptvg/swap || true
		fi
		vgchange -an /dev/cryptvg
	fi

	if [ -b /dev/mapper/cryptlvm ]; then
		cryptsetup luksClose cryptlvm
	fi

	wipefs -a ${DEVICE}

	(
	echo o
	echo Y
	echo n
	echo 1
	echo
	echo +512M
	echo ef02
	echo n
	echo 2
	echo
	echo +512M
	echo ef00
	echo n
	echo p
	echo 3
	echo
	echo 
	echo 8309
	echo w
	echo Y
	) | gdisk ${DEVICE}
	
	if [ -e ${DEVICE}1 ]; then
	    PART1=${DEVICE}1
	elif [ -e ${DEVICE}p1 ]; then
	    PART1=${DEVICE}p1
	fi
	
	if [ -e ${DEVICE}2 ]; then
	    PART2=${DEVICE}2
	elif [ -e ${DEVICE}p2 ]; then
	    PART2=${DEVICE}p2
	fi
	
	if [ -e ${DEVICE}3 ]; then
	    ROOTPART=${DEVICE}3
	elif [ -e ${DEVICE}p3 ]; then
	    ROOTPART=${DEVICE}p3
	fi
	
	wipefs -a ${PART1}
	wipefs -a ${ROOTPART}
	
	echo mkfs.ext4 ${PART1}
	yes | mkfs.ext4 ${PART1}

	if [ -d /sys/firmware/efi ]; then
		echo UEFI
		echo mkfs.vfat -F32 ${PART2}
		mkfs.vfat -F32 ${PART2}
	else
		echo BIOS
	fi

	(
	echo $LUKS_PASSWORD
	echo $LUKS_PASSWORD	
	)| cryptsetup luksFormat ${ROOTPART}
	echo $LUKS_PASSWORD | cryptsetup luksOpen ${ROOTPART} cryptlvm
	unset LUKS_PASSWORD
	pvcreate /dev/mapper/cryptlvm
	vgcreate cryptvg /dev/mapper/cryptlvm

	export LVM_SIZE=$(dev_size /dev/mapper/cryptlvm)

	export SWAP_SIZE=$(($(mem_size)/1024/1024))
	export ROOT_SIZE=$(($LVM_SIZE/1024/1024-$SWAP_SIZE-512))

	echo lvcreate /dev/cryptvg --name=root --size=${ROOT_SIZE}M
	lvcreate /dev/cryptvg --name=root --size=${ROOT_SIZE}M
	yes | mkfs.btrfs /dev/cryptvg/root

	echo lvcreate /dev/cryptvg --name=swap --size=${SWAP_SIZE}M
	lvcreate /dev/cryptvg --name=swap --size=${SWAP_SIZE}M
	mkswap /dev/cryptvg/swap
	swapon /dev/cryptvg/swap

	mkdir -p /tmp/mnt
	mount /dev/cryptvg/root /tmp/mnt
	btrfs subvolume create  /tmp/mnt/@
	btrfs subvolume create  /tmp/mnt/@home
	umount /tmp/mnt

	echo mount -osubvol=@ /dev/cryptvg/root $TARGET
	mount -osubvol=@ /dev/cryptvg/root $TARGET

	echo debootstrap sid $TARGET
	debootstrap sid $TARGET

	mount ${PART1} $TARGET/boot
	echo mount ${PART1} $TARGET/boot
	
	if [ -d /sys/firmware/efi ]; then
		echo UEFI
		mkdir -p $TARGET/boot/efi
		mount ${PART2} $TARGET/boot/efi
		echo mount ${PART2} $TARGET/boot/efi
	fi

	echo mount -osubvol=@home /dev/cryptvg/root $TARGET/home
	mount -osubvol=@home /dev/cryptvg/root $TARGET/home

	genfstab -U $TARGET | tee $TARGET/etc/fstab
	UUID=$(lsblk -lpo NAME,UUID | grep ${ROOTPART} | awk '{print $2}')
	echo cryptlvm UUID=${UUID} none luks,initramfs > $TARGET/etc/crypttab
}

function second_stage(){
	set -e
	export DEBIAN_FRONTEND=noninteractive
	(
	echo $ROOT_PASSWORD
	echo $ROOT_PASSWORD
	) | passwd
	unset ROOT_PASSWORD
	echo -n > /etc/motd
	echo $NEW_HOSTNAME > /etc/hostname
	hostname $NEW_HOSTNAME
	sed -i 's/main/main contrib non-free/g' /etc/apt/sources.list
	apt update
	apt install -y linux-image-amd64 cryptsetup cryptsetup-initramfs cryptsetup-suspend btrfs-progs lvm2 firmware-iwlwifi locales tzdata keyboard-configuration console-common zsh intel-microcode ldnsutils wireguard resolvconf
	if [ -d /sys/firmware/efi ]; then
		echo UEFI
		apt install -y grub-efi
		grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck --no-nvram --removable
		update-grub
	else
		echo BIOS
		apt install -y grub-pc
		grub-install ${DEVICE}
		update-grub
	fi
	update-initramfs -k all -u
	mkdir /snap
	btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_00_basesystem)
	apt install -y task-mate-desktop mate-desktop-environment-extra dbus-x11
	(
	echo $USER_PASSWORD
	echo $USER_PASSWORD
	echo
	echo
	echo
	echo
	echo
	) | adduser jedi
	unset USER_PASSWORD

	chsh --shell /usr/bin/zsh jedi

	btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_01_user_gui)
	apt install -y git wget materia-gtk-theme htop nmap arandr timeshift gparted jq fonts-powerline
	apt install -y virt-manager telegram-desktop chromium firefox thunderbird geany vlc pidgin meld remmina gmpc
	apt install -y gimp inkscape blender freecad kicad kicad-packages3d || true
	btrfs subvolume snapshot / /snap/$(date +%Y-%m-%d_02_big_tools)
	
	# switch to woking in homedir


	rsync -a /root/unbox_data/secrets/SSH/ ~jedi/.ssh/
	chown -R jedi:jedi ~jedi/
	
	echo second_stage done
	
	export -f user_install
	su jedi -c "bash -c user_install"


	mkdir -p ~jedi/.snap/
	btrfs subvolume snapshot ~jedi/ ~jedi/.snap/$(date +%Y-%m-%d_fresh_install)
}

function user_install(){
	set -e
	
	
	export GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i/home/jedi/.ssh/id_rsa" 
	
	export XDG_RUNTIME_DIR=/run/user/1000
	
	dbus-launch dconf write /org/mate/desktop/interface/gtk-theme "'Materia-dark'" || true
	dbus-launch dconf write /org/mate/marco/general/theme "'Materia-dark'" || true
	dbus-launch dconf write /org/mate/desktop/interface/icon-theme "'Adwaita'" || true
	dbus-launch dconf write /org/mate/desktop/peripherals/mouse/cursor-theme "'Adwaita'" || true 
	
	
	export HOME=~jedi/
	
	cd
	
	git clone https://github.com/robbyrussell/oh-my-zsh.git $HOME/.oh-my-zsh
	chmod 0755 $HOME/.oh-my-zsh
	chown -R jedi:jedi $HOME
	
	
	git clone ssh://git@git.neulandlabor.de:2222/j3d1/laptop_tools.git Tools
	
	
	TOOLBOX_LINK=$(wget "https://data.services.jetbrains.com/products/releases?code=TBA&latest=true" -O - 2>/dev/null | jq -r ".TBA[0].downloads.linux.link")
	wget --show-progress -qO ./toolbox.tar.gz ${TOOLBOX_LINK}
	unset TOOLBOX_LINK
	TOOLBOX_TEMP_DIR=$(mktemp -d)
	tar -C "$TOOLBOX_TEMP_DIR" -xf toolbox.tar.gz
	rm ./toolbox.tar.gz
	"$TOOLBOX_TEMP_DIR"/*/jetbrains-toolbox
	rm -r "$TOOLBOX_TEMP_DIR"
	unset TOOLBOX_TEMP_DIR
	
	
	# Signal
	# 1. Install our official public software signing key
	#wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
	#cat signal-desktop-keyring.gpg | sudo tee -a /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null
	# 2. Add our repository to your list of repositories
	#echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' |\
	#sudo tee -a /etc/apt/sources.list.d/signal-xenial.list
	# 3. Update your package database and install signal
	#sudo apt update && sudo apt install signal-desktop
	
	echo
}


function post_install_stage(){
	sleep 0.5
	mount | grep target | awk '{print $3}'| sort -r | while read LINE; do
		umount -l $LINE;
	done
}