make it working encrypted btrfs
This commit is contained in:
parent
464ea52842
commit
c8af316e5c
62
elfLaptop.sh
62
elfLaptop.sh
@ -18,6 +18,18 @@ function run(){
|
|||||||
|
|
||||||
echo "" >install.log
|
echo "" >install.log
|
||||||
|
|
||||||
|
echo -n "disk encryption password: "
|
||||||
|
read -s PASS
|
||||||
|
echo
|
||||||
|
echo -n "retype password: "
|
||||||
|
read -s PASSRE
|
||||||
|
echo
|
||||||
|
|
||||||
|
if [ "$PASS" != "$PASSRE" ]; then
|
||||||
|
echo "password do not match"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo === setup localisation
|
echo === setup localisation
|
||||||
echo
|
echo
|
||||||
@ -30,46 +42,29 @@ echo === setup partitions
|
|||||||
echo
|
echo
|
||||||
|
|
||||||
run "applly partion table" "sfdisk $DISK <./elfLaptop.sfdisk"
|
run "applly partion table" "sfdisk $DISK <./elfLaptop.sfdisk"
|
||||||
|
|
||||||
#echo -n "disk encryption password: "
|
|
||||||
#read -s PASS
|
|
||||||
#echo
|
|
||||||
#echo -n "retype password: "
|
|
||||||
#read -s PASSRE
|
|
||||||
#echo
|
|
||||||
|
|
||||||
#if [ "$PASS" != "$PASSRE" ]; then
|
|
||||||
# echo "password do not match"
|
|
||||||
# exit
|
|
||||||
#fi
|
|
||||||
#echo
|
|
||||||
|
|
||||||
run "format boot partition" "mkfs.fat -F 32 ${DISK}1"
|
run "format boot partition" "mkfs.fat -F 32 ${DISK}1"
|
||||||
run "format swap partition" "mkswap ${DISK}2"
|
run "format swap partition" "mkswap ${DISK}2"
|
||||||
#echo -n "$PASS" >keyfile.luks
|
echo -n "$PASS" >keyfile.luks
|
||||||
#run "encrypt root partition" "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${DISK}3" "rm keyfile.luks"
|
run "encrypt root partition" "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${DISK}3" "rm keyfile.luks"
|
||||||
#run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${DISK}3 cryptroot" "rm keyfile.luks"
|
run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${DISK}3 cryptroot" "rm keyfile.luks"
|
||||||
#rm keyfile.luks
|
rm keyfile.luks
|
||||||
#run "format root partition" "mkfs.btrfs /dev/mapper/cryptroot"
|
run "format root partition" "mkfs.btrfs /dev/mapper/cryptroot"
|
||||||
run "format root partition" "mkfs.ext4 ${DISK}3"
|
|
||||||
|
|
||||||
#run "mount root partition" "mount /dev/mapper/cryptroot /mnt"
|
run "mount root partition" "mount /dev/mapper/cryptroot /mnt"
|
||||||
#run "create root btrfs subvolume" "btrfs subvolume create /mnt/@"
|
run "create root btrfs subvolume" "btrfs subvolume create /mnt/@"
|
||||||
#run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home"
|
run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home"
|
||||||
#run "unmount btrfs" "umount /mnt"
|
run "unmount btrfs" "umount /mnt"
|
||||||
#run "mount root subvolume" "mount -o subvol=@ /dev/mapper/cryptroot /mnt"
|
run "mount root subvolume" "mount -o subvol=@ /dev/mapper/cryptroot /mnt"
|
||||||
run "mount root partition" "mount ${DISK}3 /mnt"
|
|
||||||
run "mount boot partition" "mount --mkdir ${DISK}1 /mnt/boot"
|
run "mount boot partition" "mount --mkdir ${DISK}1 /mnt/boot"
|
||||||
#run "mount home subvolume" "mount --mkdir -o subvol=@home /dev/mapper/cryptroot /mnt/home"
|
run "mount home subvolume" "mount --mkdir -o subvol=@home /dev/mapper/cryptroot /mnt/home"
|
||||||
run "enable swap" "swapon ${DISK}2"
|
run "enable swap" "swapon ${DISK}2"
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo === install arch
|
echo === install arch
|
||||||
echo
|
echo
|
||||||
|
|
||||||
#run "install base of arch" "pacstrap /mnt base linux linux-firmware grub efibootmgr"
|
|
||||||
run "install base of arch" "pacstrap /mnt base linux linux-firmware"
|
run "install base of arch" "pacstrap /mnt base linux linux-firmware"
|
||||||
#run "intall utitlities" "pacstrap /mnt btrfs-progs man vim"
|
run "intall utitlities" "pacstrap /mnt btrfs-progs man vim sudo"
|
||||||
run "generate fstab" "genfstab -U /mnt >>/mnt/etc/fstab"
|
run "generate fstab" "genfstab -U /mnt >>/mnt/etc/fstab"
|
||||||
run "copy in-root script" "cp in-root.sh /mnt/root"
|
run "copy in-root script" "cp in-root.sh /mnt/root"
|
||||||
|
|
||||||
@ -77,4 +72,11 @@ echo
|
|||||||
echo === chroot config
|
echo === chroot config
|
||||||
echo
|
echo
|
||||||
|
|
||||||
arch-chroot /mnt bash /root/in-root.sh "$HOSTNAME" "$DISK"
|
arch-chroot /mnt bash /root/in-root.sh "$HOSTNAME" "$DISK" || exit
|
||||||
|
|
||||||
|
run "umount drives" "umount -R /mnt"
|
||||||
|
run "close cryptroot" "cryptsetup close cryptroot"
|
||||||
|
run "reboot" "shutdown -r now"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
47
in-root.sh
47
in-root.sh
@ -18,6 +18,18 @@ function run(){
|
|||||||
|
|
||||||
echo >install.log
|
echo >install.log
|
||||||
|
|
||||||
|
echo -n "password for freenen: "
|
||||||
|
read -s PASS
|
||||||
|
echo
|
||||||
|
echo -n "retype password: "
|
||||||
|
read -s PASSRE
|
||||||
|
echo
|
||||||
|
|
||||||
|
if [ "$PASS" != "$PASSRE" ]; then
|
||||||
|
echo "password do not match"
|
||||||
|
exit
|
||||||
|
fi
|
||||||
|
echo
|
||||||
|
|
||||||
run "set timezone" "ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime"
|
run "set timezone" "ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime"
|
||||||
run "set hwclock to UTC" "hwclock --systohc"
|
run "set hwclock to UTC" "hwclock --systohc"
|
||||||
@ -33,12 +45,33 @@ run "config initramfs" "sed --in-place -e 's/HOOKS=(.*)/HOOKS=(base u
|
|||||||
run "generate initramfs" "mkinitcpio -P"
|
run "generate initramfs" "mkinitcpio -P"
|
||||||
|
|
||||||
DISKUUID=$(blkid --output export ${DISK}3 | grep '^UUID' | sed 's/UUID=//')
|
DISKUUID=$(blkid --output export ${DISK}3 | grep '^UUID' | sed 's/UUID=//')
|
||||||
run "run grub-install" "grub-install --target=x86_64-efi --bootloader-id=GRUB --efi-directory=/boot"
|
run "install systemd-boot" "bootctl install"
|
||||||
run "grub: enable crypt disk" "sed --in-place -E -e 's/#?GRUB_ENABLE_CRYPTODISK=(.*)/GRUB_ENABLE_CRYPTODISK=y/' /etc/default/grub"
|
run "create boot config for main" "cat >/boot/loader/entries/arch.conf <<EOF
|
||||||
run "grub: crypt disk map" "sed --in-place -E -e 's/#?GRUB_CMDLINE_LINUX=\"(.*)\"/GRUB_CMDLINE_LINUX=\"\/dev\/disk\/by-uuid\/${DISKUUID}:cryptroot \1\"/' /etc/default/grub"
|
title Elf OS
|
||||||
run "make grub config" "grub-mkconfig -o /boot/grub/grub.cfg"
|
linux /vmlinuz-linux
|
||||||
|
initrd /initramfs-linux.img
|
||||||
|
options cryptdevice=UUID=$DISKUUID:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw
|
||||||
|
EOF
|
||||||
|
"
|
||||||
|
run "create boot config for fallback" "cat >/boot/loader/entries/arch-fallback.conf <<EOF
|
||||||
|
title Elf OS fallback
|
||||||
|
linux /vmlinuz-linux
|
||||||
|
initrd /initramfs-linux-fallback.img
|
||||||
|
options cryptdevice=UUID=$DISKUUID:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw
|
||||||
|
EOF
|
||||||
|
"
|
||||||
|
run "create main boot config" "cat >/boot/loader/loader.conf <<EOF
|
||||||
|
default arch.conf
|
||||||
|
timeout 4
|
||||||
|
console-mode max
|
||||||
|
editor no
|
||||||
|
EOF
|
||||||
|
"
|
||||||
|
|
||||||
run "add .ssh dir to skel" "mkdir /etc/skel/.ssh"
|
run "add .ssh dir to skel" "mkdir /etc/skel/.ssh"
|
||||||
run "create user" "useradd --home-dir /home/mreenen --create-home --skel /etc/skel mreenen"
|
run "create user" "useradd --home-dir /home/freenen --create-home --skel /etc/skel freenen"
|
||||||
run "touch authoized keys" "touch /home/mreenen/.ssh/authorized_keys"
|
run "set password for user" "echo \"freenen:$PASS\" | chpasswd"
|
||||||
run "add sshkeys for new user" "curl -o /home/mreenen/.ssh/authorized_keys https://github.com/MReenen.keys"
|
run "add user to sudoers" "echo \"freenen ALL=(ALL:ALL) ALL\" >>/etc/sudoers"
|
||||||
|
run "touch authoized keys" "touch /home/freenen/.ssh/authorized_keys"
|
||||||
|
run "add sshkeys for new user" "curl -o /home/freenen/.ssh/authorized_keys https://github.com/FReenen.keys"
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user