diff --git a/authorized_keys/lub b/authorized_keys/lub deleted file mode 100644 index 0aa74ce..0000000 --- a/authorized_keys/lub +++ /dev/null @@ -1,2 +0,0 @@ -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINQ0EPy3cbfX/wmelSsjRvrXpq9kZWo8tRh68r4Z3QhTAAAABHNzaDo= lub@primary -sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAUmJxFSwI95zf/NBKNMDXyiRViuKsWnVYl3Qd3DXdRWAAAABHNzaDo= lub@secondary diff --git a/authorized_keys/pandro b/authorized_keys/pandro new file mode 100644 index 0000000..08cba18 --- /dev/null +++ b/authorized_keys/pandro @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAsp+gJNn92bg7WWC4jITKBrEnhZPd7Q9wBF3CZV+80lB0OHlY/m9OSN0njtAAtDUTCY3owC4eXu8FNbzwzRT0pjAEwm2558sd5NCwfu075u0zypkDgZ/tedVLYjMhYlpgE1VrYW/Mn3tF5+e3RnAaSNk8OrRXMcd9BnjaC9TlppGo92g== peery@0WLH34RT diff --git a/config/etc/apt/sources.list b/config/base/etc/apt/sources.list similarity index 100% rename from config/etc/apt/sources.list rename to config/base/etc/apt/sources.list diff --git a/config/etc/apt/sources.list.d/debian-security.list b/config/base/etc/apt/sources.list.d/debian-security.list similarity index 100% rename from config/etc/apt/sources.list.d/debian-security.list rename to config/base/etc/apt/sources.list.d/debian-security.list diff --git a/config/etc/apt/sources.list.d/debian.list b/config/base/etc/apt/sources.list.d/debian.list similarity index 100% rename from config/etc/apt/sources.list.d/debian.list rename to config/base/etc/apt/sources.list.d/debian.list diff --git a/config/etc/crypttab b/config/base/etc/crypttab similarity index 100% rename from config/etc/crypttab rename to config/base/etc/crypttab diff --git a/config/etc/default/grub b/config/base/etc/default/grub similarity index 100% rename from config/etc/default/grub rename to config/base/etc/default/grub diff --git a/config/etc/docker/daemon.json b/config/base/etc/docker/daemon.json similarity index 100% rename from config/etc/docker/daemon.json rename to config/base/etc/docker/daemon.json diff --git a/config/etc/dropbear/initramfs/dropbear.conf b/config/base/etc/dropbear/initramfs/dropbear.conf similarity index 100% rename from config/etc/dropbear/initramfs/dropbear.conf rename to config/base/etc/dropbear/initramfs/dropbear.conf diff --git a/config/etc/fstab b/config/base/etc/fstab similarity index 100% rename from config/etc/fstab rename to config/base/etc/fstab diff --git a/config/etc/hosts b/config/base/etc/hosts similarity index 100% rename from config/etc/hosts rename to config/base/etc/hosts diff --git a/config/etc/ssh/sshd_config b/config/base/etc/ssh/sshd_config similarity index 100% rename from config/etc/ssh/sshd_config rename to config/base/etc/ssh/sshd_config diff --git a/config/etc/sysctl.d/80-inotify.conf b/config/base/etc/sysctl.d/80-inotify.conf similarity index 100% rename from config/etc/sysctl.d/80-inotify.conf rename to config/base/etc/sysctl.d/80-inotify.conf diff --git a/config/etc/sysctl.d/90-kubelet.conf b/config/base/etc/sysctl.d/90-kubelet.conf similarity index 100% rename from config/etc/sysctl.d/90-kubelet.conf rename to config/base/etc/sysctl.d/90-kubelet.conf diff --git a/config/ovh_ks-5_2x2TB_hdd/etc/crypttab b/config/ovh_ks-5_2x2TB_hdd/etc/crypttab new file mode 100644 index 0000000..26f4c45 --- /dev/null +++ b/config/ovh_ks-5_2x2TB_hdd/etc/crypttab @@ -0,0 +1,2 @@ +# +root-unlocked /dev/all_vg/root none luks,discard diff --git a/config/ovh_ks-5_2x2TB_hdd/etc/fstab b/config/ovh_ks-5_2x2TB_hdd/etc/fstab new file mode 100644 index 0000000..5ef7d43 --- /dev/null +++ b/config/ovh_ks-5_2x2TB_hdd/etc/fstab @@ -0,0 +1,8 @@ +# +# /etc/fstab: static file system information +# +# + +/dev/mapper/root-unlocked-sda / btrfs relatime,autodefrag 0 1 +UUID=%boot_uuid% /boot ext4 relatime 0 2 +UUID=%esp_uuid% /boot/efi vfat relatime 0 2 diff --git a/hardware/ovh_ks-5_2x2TB_hdd/boot b/hardware/ovh_ks-5_2x2TB_hdd/boot new file mode 120000 index 0000000..d79761c --- /dev/null +++ b/hardware/ovh_ks-5_2x2TB_hdd/boot @@ -0,0 +1 @@ +/dev/md0 \ No newline at end of file diff --git a/hardware/ovh_ks-5_2x2TB_hdd/esp b/hardware/ovh_ks-5_2x2TB_hdd/esp new file mode 120000 index 0000000..c85e423 --- /dev/null +++ b/hardware/ovh_ks-5_2x2TB_hdd/esp @@ -0,0 +1 @@ +/dev/sda3 \ No newline at end of file diff --git a/hardware/ovh_ks-5_2x2TB_hdd/mkfs.sh b/hardware/ovh_ks-5_2x2TB_hdd/mkfs.sh new file mode 100644 index 0000000..cc5c59f --- /dev/null +++ b/hardware/ovh_ks-5_2x2TB_hdd/mkfs.sh @@ -0,0 +1,36 @@ +#!/bin/bash +set -e + +# / 1990GB /dev/sda1 & /dev/sdb1 btrfs raid1 +# /boot 2GB /dev/md0 +# /boot/efi 1GB /dev/sda3 || /dev/sdb3 +# free 7GB + +chroot="$1" + +# encrypt and unlock the root partitions +echo -n 'Enter LUKS password: ' +read -s root_pwd +echo #to indicate progress after password prompt +for root in "sda1" "sdb1"; do + echo -n $root_pwd | cryptsetup -q luksFormat "/dev/$root" + echo -n $root_pwd | cryptsetup open --type luks "/dev/$root" "root-unlocked-$root" +done +unset root_pwd + + +# root device btrfs raid1 +mkfs.btrfs /dev/sda1 +mount /dev/sda1 "$chroot" +btrfs device add /dev/sdb1 "$chroot" -f +btrfs balance start -dconvert=raid1 -mconvert=raid1 "$chroot" + +# boot device ext4 +mkfs.ext4 "$boot" +mkdir "$chroot/boot" +mount "$boot" "$chroot/boot" + +# esp device FAT +mkfs.fat "$esp" +mkdir "$chroot/boot/efi" +mount "$esp" "$chroot/boot/efi" diff --git a/hardware/ovh_ks-5_2x2TB_hdd/network.sh b/hardware/ovh_ks-5_2x2TB_hdd/network.sh new file mode 100755 index 0000000..bb78674 --- /dev/null +++ b/hardware/ovh_ks-5_2x2TB_hdd/network.sh @@ -0,0 +1,16 @@ +#!/bin/bash -e + +address=$(ip addr show dev eth0 scope global | grep -F 'inet ' | perl -pe 's#.*inet (.*?) .*#$1#') +gateway=$(echo "$address" | perl -pe 's#\d*/24$/#254#') + +# $interface differs from the live system because of different naming schemes +# see https://wiki.debian.org/NetworkInterfaceNames for more details +interface='eno1' + + +echo "[Match] +Name=$interface + +[Network] +Address=$address +Gateway=$gateway" > "/etc/systemd/network/${interface}.network" \ No newline at end of file diff --git a/hardware/ovh_ks-5_2x2TB_hdd/parted.sh b/hardware/ovh_ks-5_2x2TB_hdd/parted.sh new file mode 100755 index 0000000..e01cc28 --- /dev/null +++ b/hardware/ovh_ks-5_2x2TB_hdd/parted.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -e + + +# / 1990GB +# /boot 2GB +# /boot/efi 1GB +# free 7GB + +parted /dev/sda mklabel gpt +parted /dev/sda mkpart primary 1 1990GB +parted /dev/sda mkpart primary 1990GB 1992GB +parted /dev/sda mkpart primary 1992GB 1993GB +# set flag for ESP +parted /dev/sda set 3 boot on + +parted /dev/sdb mklabel gpt +parted /dev/sdb mkpart primary 1 1990GB +parted /dev/sdb mkpart primary 1990GB 1992GB +parted /dev/sdb mkpart primary 1992GB 1993GB +# set flag for ESP +parted /dev/sdb set 3 boot on + +sleep 1 + +# $1=hostname +echo 'yes' | mdadm -C /dev/md0 --homehost="$1" -l1 -n2 /dev/sd[ab]2 # /boot raid1 diff --git a/hardware/ovh_ks-5_2x2TB_hdd/root b/hardware/ovh_ks-5_2x2TB_hdd/root new file mode 120000 index 0000000..f9e4493 --- /dev/null +++ b/hardware/ovh_ks-5_2x2TB_hdd/root @@ -0,0 +1 @@ +/dev/sda1 \ No newline at end of file diff --git a/post-debootstrap-installer.sh b/post-debootstrap-installer.sh index 614f986..a6363be 100755 --- a/post-debootstrap-installer.sh +++ b/post-debootstrap-installer.sh @@ -2,8 +2,10 @@ export DEBIAN_FRONTEND=noninteractive -# config files -cp -a /hardware-setup/config/* / +# common config files +cp -a /hardware-setup/base/config/* / +# overwrite config files +cp -a "/hardware-setup/$1/config/*" / # update apt because sources.list.d is also in config/* apt-get update @@ -23,7 +25,7 @@ apt-get -y install locales ### boot -apt-get -y install lvm2 mdadm cryptsetup systemd systemd-sysv e2fsprogs firmware-linux +apt-get -y install lvm2 mdadm cryptsetup systemd systemd-sysv e2fsprogs firmware-linux btrfs-progs systemctl enable fstrim.timer # --force-confold because we already provide /etc/dropbear/initramfs/dropbear.conf @@ -52,10 +54,6 @@ esp_uuid=$(blkid --output value "/hardware-setup/hardware/${1}/esp" | head -n1) sed -i "s/%boot_uuid%/${boot_uuid}/" /etc/fstab sed -i "s/%esp_uuid%/${esp_uuid}/" /etc/fstab -# install longhorn dependencies -apt-get -y install open-iscsi nfs-common -systemctl disable rpcbind.service # rpcbind is not used with NFS v4 - # after cryptsetup, mdadm, ... because of update-initramfs apt-get -y install linux-image-amd64 update-grub diff --git a/reset.sh b/reset.sh index 989c506..19c01e7 100755 --- a/reset.sh +++ b/reset.sh @@ -7,3 +7,4 @@ done wait sync +partprobe diff --git a/setup.sh b/setup.sh index e53a3b6..45865c9 100755 --- a/setup.sh +++ b/setup.sh @@ -2,7 +2,7 @@ set -e -apt-get -y install lvm2 mdadm cryptsetup debootstrap +apt-get -y install lvm2 mdadm cryptsetup debootstrap btrfs-progs # returns /dev/md0 as root device # returns "$boot" as boot device @@ -10,39 +10,10 @@ apt-get -y install lvm2 mdadm cryptsetup debootstrap root="hardware/${1}/root" boot="hardware/${1}/boot" esp="hardware/${1}/esp" -longhorn="hardware/${1}/longhorn" - -# encrypt and unlock root device -echo -n 'Enter LUKS password: ' -read -s root_pwd -echo #to indicate progress after password prompt -echo -n $root_pwd | cryptsetup -q luksFormat "$root" -echo -n $root_pwd | cryptsetup open --type luks "$root" root-unlocked -unset root_pwd - # format - chroot=/mnt/root-unlocked - -# root device -mkfs.ext4 /dev/mapper/root-unlocked -mkdir /mnt/root-unlocked -mount /dev/mapper/root-unlocked /mnt/root-unlocked - -# boot device -mkfs.ext4 "$boot" -mkdir "$chroot/boot" -mount "$boot" "$chroot/boot" - -# esp device -mkfs.fat "$esp" -mkdir "$chroot/boot/efi" -mount "$esp" "$chroot/boot/efi" - -# additional data disks -mkfs.ext4 "$longhorn" -mkdir --parents "$chroot/var/lib/longhorn" +"./hardware/${1}/mkfs.sh" "$chroot" # debootstrap