lub
20909b75d2
also pin to mac address fixes #7 |
2 years ago | |
|---|---|---|
| authorized_keys | 3 years ago | |
| authorized_keys_dropbear | 3 years ago | |
| config | 3 years ago | |
| hardware | 2 years ago | |
| README.md | 3 years ago | |
| post-debootstrap-installer.sh | 2 years ago | |
| reset.sh | 4 years ago | |
| setup.sh | 2 years ago | |
README.md
These scripts setup a blank hardware server according to our requirements including partitions, raids, debootstrap, package installation and various other configuration. The goal is to create a server ready to join into the swarm.
Usage (from a live system):
# (!) wipes the start sectors of all disks (!)
# (!) review before executing (!)
./reset.sh
reboot
./setup.sh <template> <fqdn>
# example:
./setup.sh ovh_rise-1 server321.example.com
# Unlock the disk after booting the server from disk:
# Dropbear is configured on 222 and only allows the user root
ssh -p 222 root@<fqdn>
cryptroot-unlock
setup.sh executes the hardware specific template files, debootstraps and invokes the actual installer inside the fresh environment.
As much as possible should be done in the chroot, as only there we have control over the software (the live system is normally provided by the hardware provider).
Templates (hardware/*) consist of three files:
esp- a symlink to the desired ESP partitionparted.sh- script to prepare the partitions. Should create ESP (/boot/efi), md0 (/) and md1 (/boot)network.sh- creates the neccessary configs in /etc/systemd/network
config/* gets copied to the chroot and contains static config files
authorized_keys/* is used to create the users and populate their respective ~/.ssh/authorized_keys
authorized_keys_dropbear/* is allowed to login for fde unlocking. No ed25519 keys supported.`