set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-# for calling outside of FAI, first
-# - source /a/bin/fai-wrapper
+# for calling outside of FAI:
+# # need to redep and set that location so that we get luks keys
+# export FAI=/srv/fai/config
+# fai-redep
+# source /b/fai/fai-wrapper
# - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true...
# or run eval-fai-classfile FILE
#
# see README for docs about how to create these
-luks_dir=${LUKS_DIR:-/var/lib/fai/config/distro-install-common/luks}
+luks_dir=$FAI/distro-install-common/luks
luks_file=$luks_dir/host-$HOSTNAME
bpart ${boot_devs[@]}
else
for dev in ${devs[@]}; do
- mkfs.ext2 $(grub_extdev)
+ if [[ -e /a/bin/fai/fai-wrapper && -e /dev/mapper/$(root-cryptname) ]]; then
+ continue
+ fi
cryptsetup luksOpen $(rootdev) $(root-cryptname) \
--key-file $luks_file
done
$first_root_crypt / btrfs noatime,subvol=root_$DISTRO 0 0
$first_root_crypt /mnt/root btrfs nofail,noatime,subvolid=0 0 0
$first_boot_dev /boot btrfs nofail,noatime,subvol=$boot_vol 0 0
+$first_boot_dev /mnt/boot btrfs nofail,noatime,subvol=subvolid=0 0 0
EOF
swaps=()
for dev in ${devs[@]}; do
swaps+=($(swap-cryptname))
cat >>/tmp/fai/crypttab <<EOF
-$(root-cryptname) $(rootdev) none keyscript=decrypt_keyctl,discard,luks,initramfs
+$(root-cryptname) $(rootdev) none keyscript=/root/keyscript,discard,luks,initramfs
$(swap-cryptname) $(swapdev) /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
cat >> /tmp/fai/fstab <<EOF
iankelling.org / git / automated-distro-installer / blobdiff