You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hardware-setup/post-debootstrap-installer.sh

116 lines
3.3 KiB
Bash

#!/bin/bash -e
export DEBIAN_FRONTEND=noninteractive
# config files
cp -a /hardware-setup/config/* /
# update apt because sources.list.d is also in config/*
apt-get update
apt-get dist-upgrade
# locales
echo 'console-setup console-setup/charmap47 select UTF-8' | debconf-set-selections
echo 'keyboard-configuration keyboard-configuration/variant select English (US)' | debconf-set-selections
echo 'keyboard-configuration kekeyboard-configuration keyboard-configuration/layout select English (US)' | debconf-set-selections
echo 'locales locales/default_environment_locale select en_US.UTF-8' | debconf-set-selections
echo 'locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8' | debconf-set-selections
apt-get -y install locales
### boot
apt-get -y install mdadm cryptsetup systemd systemd-sysv btrfs-tools firmware-linux
# --force-confold because we already provide /etc/dropbear-initramfs/config
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install dropbear-initramfs
# generate minimal mdadm.conf
mdadm --examine --scan | perl -pe 's/.*\/dev\/md\/?([0-9]+) .*UUID\=(.+?) .*/ARRAY \/dev\/md$1 UUID=$2/' > /etc/mdadm/mdadm.conf
# concat user keys for cryptsetup unlocking at boot
cat /hardware-setup/authorized_keys/* > /etc/dropbear-initramfs/authorized_keys
# after cryptsetup, mdadm, ... because of update-initramfs
apt-get -y install linux-image-amd64
# install grub
if [ -d /sys/firmware/efi ]; then
apt-get -y install grub-efi-amd64
update-grub
grub-install
else
apt-get -y install grub-pc
update-grub
root_disk="/dev/$(lsblk -no pkname $(cryptsetup status root-unlocked | grep device | perl -pe 's#.*device.* (.*)#$1#') | sort | head -n1)"
grub-install "$root_disk"
fi
# edit uuids in fstab
root_uuid=$(blkid --output value "$(cryptsetup status root-unlocked | grep device | perl -pe 's#.*device.* (.*)#$1#')" | head -n1)
boot_uuid=$(blkid --output value "/hardware-setup/hardware/${1}/boot" | head -n1)
esp_uuid=$(blkid --output value "/hardware-setup/hardware/${1}/esp" | head -n1)
sed -i "s/%root_uuid%/${root_uuid}/" /etc/crypttab
sed -i "s/%boot_uuid%/${boot_uuid}/" /etc/fstab
sed -i "s/%esp_uuid%/${esp_uuid}/" /etc/fstab
### networking
apt-get -y install iproute2
# --force-confold because we already provide /etc/nftables.conf
apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install nftables
# generate configs for systemd-networkd.service
# this is template specific
"/hardware-setup/hardware/${1}/network.sh"
systemctl enable systemd-networkd.service nftables.service
# set DNS
echo 'nameserver 1.1.1.1
nameserver 8.8.8.8' > /etc/resolv.conf
### Docker
# has to be executed before the users section,
# because otherwise the docker group doesn't exist
apt-get -y install docker-ce docker-compose
### users
apt-get -y install sudo
for key in /hardware-setup/authorized_keys/*; do
user=$(basename "$key")
adduser --gecos '' --disabled-password "$user"
mkdir -p /home/"$user"/.ssh
cp "$key" /home/"$user"/.ssh/authorized_keys
chown "$user": /home/"$user"/.ssh/authorized_keys
adduser "$user" sudo
adduser "$user" docker
done
### administration tools
apt-get -y install \
man-db \
byobu \
vim \
bash-completion \
htop \
iputils-ping \
traceroute \
tcpdump \
openssh-server