LailaTheElf/ElfOS
1
1
Fork 0
Code Issues 5 Pull Requests Packages Projects Releases Wiki Activity

make it working encrypted btrfs

Browse Source
This commit is contained in:
Laila van Reenen 2024-09-26 18:18:07 +00:00
parent 464ea52842
commit c8af316e5c
2 changed files with 72 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
elfLaptop.sh
View File

@ -18,6 +18,18 @@ function run(){
echo "" >install.log
echo -n "disk encryption password: "
read -s PASS
echo
echo -n "retype password: "
read -s PASSRE
echo
if [ "$PASS" != "$PASSRE" ]; then
echo "password do not match"
exit
fi
echo
echo === setup localisation
echo
@ -30,46 +42,29 @@ echo === setup partitions
echo
run "applly partion table" "sfdisk $DISK <./elfLaptop.sfdisk"
#echo -n "disk encryption password: "
#read -s PASS
#echo
#echo -n "retype password: "
#read -s PASSRE
#echo
#if [ "$PASS" != "$PASSRE" ]; then
# echo "password do not match"
# exit
#fi
#echo
run "format boot partition" "mkfs.fat -F 32 ${DISK}1"
run "format swap partition" "mkswap ${DISK}2"
#echo -n "$PASS" >keyfile.luks
#run "encrypt root partition" "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${DISK}3" "rm keyfile.luks"
#run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${DISK}3 cryptroot" "rm keyfile.luks"
#rm keyfile.luks
#run "format root partition" "mkfs.btrfs /dev/mapper/cryptroot"
run "format root partition" "mkfs.ext4 ${DISK}3"
echo -n "$PASS" >keyfile.luks
run "encrypt root partition" "cryptsetup luksFormat --batch-mode --key-file keyfile.luks ${DISK}3" "rm keyfile.luks"
run "map root partitaion" "cryptsetup open --batch-mode --key-file keyfile.luks ${DISK}3 cryptroot" "rm keyfile.luks"
rm keyfile.luks
run "format root partition" "mkfs.btrfs /dev/mapper/cryptroot"
#run "mount root partition" "mount /dev/mapper/cryptroot /mnt"
#run "create root btrfs subvolume" "btrfs subvolume create /mnt/@"
#run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home"
#run "unmount btrfs" "umount /mnt"
#run "mount root subvolume" "mount -o subvol=@ /dev/mapper/cryptroot /mnt"
run "mount root partition" "mount ${DISK}3 /mnt"
run "mount root partition" "mount /dev/mapper/cryptroot /mnt"
run "create root btrfs subvolume" "btrfs subvolume create /mnt/@"
run "create home btrfs subvolume" "btrfs subvolume create /mnt/@home"
run "unmount btrfs" "umount /mnt"
run "mount root subvolume" "mount -o subvol=@ /dev/mapper/cryptroot /mnt"
run "mount boot partition" "mount --mkdir ${DISK}1 /mnt/boot"
#run "mount home subvolume" "mount --mkdir -o subvol=@home /dev/mapper/cryptroot /mnt/home"
run "mount home subvolume" "mount --mkdir -o subvol=@home /dev/mapper/cryptroot /mnt/home"
run "enable swap" "swapon ${DISK}2"
echo
echo === install arch
echo
#run "install base of arch" "pacstrap /mnt base linux linux-firmware grub efibootmgr"
run "install base of arch" "pacstrap /mnt base linux linux-firmware"
#run "intall utitlities" "pacstrap /mnt btrfs-progs man vim"
run "intall utitlities" "pacstrap /mnt btrfs-progs man vim sudo"
run "generate fstab" "genfstab -U /mnt >>/mnt/etc/fstab"
run "copy in-root script" "cp in-root.sh /mnt/root"
@ -77,4 +72,11 @@ echo
echo === chroot config
echo
arch-chroot /mnt bash /root/in-root.sh "$HOSTNAME" "$DISK"
arch-chroot /mnt bash /root/in-root.sh "$HOSTNAME" "$DISK" || exit
run "umount drives" "umount -R /mnt"
run "close cryptroot" "cryptsetup close cryptroot"
run "reboot" "shutdown -r now"

47
in-root.sh
View File

@ -18,6 +18,18 @@ function run(){
echo >install.log
echo -n "password for freenen: "
read -s PASS
echo
echo -n "retype password: "
read -s PASSRE
echo
if [ "$PASS" != "$PASSRE" ]; then
echo "password do not match"
exit
fi
echo
run "set timezone" "ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime"
run "set hwclock to UTC" "hwclock --systohc"
@ -33,12 +45,33 @@ run "config initramfs" "sed --in-place -e 's/HOOKS=(.*)/HOOKS=(base u
run "generate initramfs" "mkinitcpio -P"
DISKUUID=$(blkid --output export ${DISK}3 | grep '^UUID' | sed 's/UUID=//')
run "run grub-install" "grub-install --target=x86_64-efi --bootloader-id=GRUB --efi-directory=/boot"
run "grub: enable crypt disk" "sed --in-place -E -e 's/#?GRUB_ENABLE_CRYPTODISK=(.*)/GRUB_ENABLE_CRYPTODISK=y/' /etc/default/grub"
run "grub: crypt disk map" "sed --in-place -E -e 's/#?GRUB_CMDLINE_LINUX=\"(.*)\"/GRUB_CMDLINE_LINUX=\"\/dev\/disk\/by-uuid\/${DISKUUID}:cryptroot \1\"/' /etc/default/grub"
run "make grub config" "grub-mkconfig -o /boot/grub/grub.cfg"
run "install systemd-boot" "bootctl install"
run "create boot config for main" "cat >/boot/loader/entries/arch.conf <<EOF
title Elf OS
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=$DISKUUID:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw
EOF
"
run "create boot config for fallback" "cat >/boot/loader/entries/arch-fallback.conf <<EOF
title Elf OS fallback
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options cryptdevice=UUID=$DISKUUID:cryptroot:allow-discards root=/dev/mapper/cryptroot rootflags=subvol=@ rd.luks.options=discard rw
EOF
"
run "create main boot config" "cat >/boot/loader/loader.conf <<EOF
default arch.conf
timeout 4
console-mode max
editor no
EOF
"
run "add .ssh dir to skel" "mkdir /etc/skel/.ssh"
run "create user" "useradd --home-dir /home/mreenen --create-home --skel /etc/skel mreenen"
run "touch authoized keys" "touch /home/mreenen/.ssh/authorized_keys"
run "add sshkeys for new user" "curl -o /home/mreenen/.ssh/authorized_keys https://github.com/MReenen.keys"
run "create user" "useradd --home-dir /home/freenen --create-home --skel /etc/skel freenen"
run "set password for user" "echo \"freenen:$PASS\" | chpasswd"
run "add user to sudoers" "echo \"freenen ALL=(ALL:ALL) ALL\" >>/etc/sudoers"
run "touch authoized keys" "touch /home/freenen/.ssh/authorized_keys"
run "add sshkeys for new user" "curl -o /home/freenen/.ssh/authorized_keys https://github.com/FReenen.keys"