-mktab() {
- mkdir -p /tmp/fai
- dev=${boot_devs[0]}
- fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"
-
- if [[ $DISTRO == debianbullseye_bootstrap ]]; then
- cat > /tmp/fai/fstab <<EOF
-$first_boot_dev / btrfs noatime,subvol=$boot_vol 0 0
-$first_efi /boot/efi vfat nofail,$fstabstd 0 0
-EOF
- cat >/tmp/fai/disk_var.sh <<EOF
-BOOT_DEVICE="${short_devs[@]}"
-ROOT_PARTITION=$first_boot_dev
-EOF
- else
- # note, fai creates the mountpoints listed here
- cat > /tmp/fai/fstab <<EOF
-$first_root_crypt / btrfs $fstabstd,noatime,subvol=root_$DISTRO$mopts 0 0
-$first_root_crypt /mnt/root btrfs nofail,$fstabstd,noatime,subvolid=0$mopts 0 0
-$first_boot_dev /boot btrfs nofail,$fstabstd,noatime,subvol=$boot_vol 0 0
-$first_efi /boot/efi vfat nofail,$fstabstd 0 0
-$first_boot_dev /mnt/boot btrfs nofail,$fstabstd,noatime,subvolid=0 0 0
-EOF
- swaps=()
- rm -f /tmp/fai/crypttab
- for dev in ${devs[@]}; do
- swaps+=("$(swap-cryptname)")
- cat >>/tmp/fai/crypttab <<EOF
-$(root-cryptname) $(rootdev) none keyscript=/root/keyscript,discard,luks,initramfs
-$(swap-cryptname) $(swapdev) /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
-EOF
- cat >> /tmp/fai/fstab <<EOF
-$(swap-cryptdev) none swap nofail,$fstabstd,sw 0 0
-EOF
- done
-
- # fai would do this:
- #BOOT_DEVICE=\${BOOT_DEVICE:-"${devs[0]}"}
-
- # note: swaplist seems to do nothing.
- cat >/tmp/fai/disk_var.sh <<EOF
-BOOT_DEVICE="${short_devs[@]}"
-BOOT_PARTITION=\${BOOT_PARTITION:-$first_boot_dev}
-# ROOT_PARTITIONS is added by me, used in arch setup.
-ROOT_PARTITIONS="${root_devs[@]}"
-ROOT_PARTITION=\${ROOT_PARTITION:-$first_root_crypt}
-SWAPLIST=\${SWAPLIST:-"${swaps[@]}"}
-EOF
-
- if [[ $HOSTNAME == kd ]]; then
- # note, having these with keyscript and initramfs causes a luks error in fai.log,
- # but it is safely ignorable and gets us the ability to just type our password
- # in once at boot. A downside is that they are probably needed to be plugged in to boot.
- cat >>/tmp/fai/crypttab <<EOF
-crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part${even_bign} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part7 none keyscript=decrypt_keyctl,discard,luks,initramfs
-crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 none keyscript=decrypt_keyctl,discard,luks,initramfs
-crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 none keyscript=decrypt_keyctl,discard,luks,initramfs
-EOF
- cat >> /tmp/fai/fstab <<EOF
-# r7 = root partition7. it isnt actually #7 anymore, not a great name, but whatever
-/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V-part${even_bign} /mnt/r7 btrfs nofail,$fstabstd,noatime,compress=zstd,subvolid=0 0 0
-/dev/mapper/crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /mnt/rust1 btrfs nofail,$fstabstd,noatime,compress=zstd,subvolid=0 0 0
-/dev/mapper/crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /mnt/rust2 btrfs nofail,$fstabstd,noatime,compress=zstd,subvolid=0 0 0
-EOF
- fi
- fi
-}
-
-
-
-getluks() {
- if [[ ! $luks_dir ]]; then
- # see README for docs about how to create these
- luks_dir=$FAI/distro-install-common/luks
- if [[ ! -d $luks_dir ]]; then
- luks_dir=/q/root/luks
- fi
- if [[ ! -d $luks_dir ]]; then
- echo "$0: error: no luks_dir found" >&2
- exit 1
- fi
- fi
-
- luks_file=$luks_dir/host-$HOSTNAME
- if [[ ! -e $luks_file ]]; then
- # shellcheck disable=SC2206 # globbing is intended
- hostkeys=($luks_dir/host-*)
- # if there is only one key, we might be deploying somewhere
- # where dhcp doesnt give us a proper hostname, so use that.
- if [[ ${#hostkeys[@]} == 1 && -e ${hostkeys[0]} ]]; then
- luks_file=${hostkeys[0]}
- else
- echo "$0: error: no key for hostname at $luks_file" >&2
- exit 1
- fi
- fi
-
- # # note, corresponding changes in /b/ds/keyscript-{on,off}
- if ifclass demohost; then
- lukspw=x
- elif [[ -e $luks_dir/$HOSTNAME ]]; then
- lukspw=$(cat $luks_dir/$HOSTNAME)
- else
- lukspw=$(cat $luks_dir/iank)
- fi
-
- if $mkroot2; then
- luks_file=$luks_dir/host-amy
- lukspw=$(cat $luks_dir/amy)
- fi
-}
-
-
-#### root2 non-fai run
-doroot2() {
-
- # We write to these files instead of just /etc/fstab, /etc/crypttab,
- # because these are filesystems created after our current root, and so
- # this allows us to update other root filesystems too.
- rm -f /mnt/root/root2-{fs,crypt}tab
- if $partition; then
- echo $0: error: found partition=true but have mkroot2 arg
- exit 1
- fi
- for dev in ${devs[@]}; do
- if $mkroot2; then
- luks-setup $(root2dev)
- fi
- cat >>/mnt/root/root2-crypttab <<EOF
-$(root2-cryptname) $(root2dev) $luks_file discard,luks,initramfs
-EOF
- done
- if $mkroot2; then
- bpart $(for dev in ${devs[@]}; do root2-cryptdev; done)
- bpart ${boot2_devs[@]}
- fi
- mkdir -p /mnt/root2 /mnt/boot2
- cat >>/mnt/root/root2-fstab <<EOF
-$(root2-cryptdev ${devs[0]}) /mnt/root2 btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvolid=0$mopts 0 0
-${boot2_devs[0]} /mnt/boot2 btrfs nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvolid=0 0 0
-EOF
- exit 0
-}