[automated-distro-installer] / fai / config / hooks / partition.DEFAULT

#!/bin/bash -x
# Copyright (C) 2016 Ian Kelling

# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

# todo /boot/chboot needs update for lvm i think?

PS4='+ $LINENO '
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR

if [[ $EUID != 0 ]]; then
  echo "$0: error: need to run as root" >&2
  exit 1
fi

# for calling outside of FAI without args:
# fai-redep
#
# source /b/fai/fai-wrapper
# - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true...
#   or run eval-fai-classfile FILE.
# - Set a VOL_DISTROVER (if not doing mkroot2) eg:
#   fai-setclass VOL_NABIA
#
# ARGS (only 1 is valid):
#
# mkroot2: for running outside of fai and setting up the root2/boot2 luks and btrfs and tab files
#
# mkroot2tab: for running outside of fai and setting up the root2/boot2 tab files, in case luks and btrfs
# happen to already be setup.
#
# mktab: for running outside of fai and generating a crypttab for
# the main root fs in /tmp/fai. Must run with env var, eg export DISTRO=trisquelnabia.
#
# Example use in a bootstrap distro:
# scp /a/bin/fai/fai/config/{distro-install-common/devbyid,hooks/partition.DEFAULT} root@HOST:
# sl HOST
# export DISTRO=trisquelnabia; ./partition.DEFAULT mktab
# ## cryptsetup wont take within a pipeline
# mapfile -t lines < <(awk '! /swap/ {print $2,$1}' /tmp/fai/crypttab )
# for l in "${lines[@]}"; do cryptsetup luksOpen $l; done
#
# # or alternatively, to avoid typing it many times:
# read -r lukspw; for l in "${lines[@]}"; do yes "$lukspw" | cryptsetup luksOpen $l; done

## potentially useful later:
# sed 's#/root/keyscript,#decrypt_keyctl,#;s/$/,noauto/' /tmp/fai/crypttab >/etc/crypttab
#
# environment variables:
#
# HOSTNAME: if frodo, we exclude 2 devices from the /boot array, which
# the bios does not see. if demohost, we set the luks password to just
# 'x'.
#
# SPECIAL_DISK: For use outside of fai. A base disk name like
# /dev/sdk. If set, we just cryptsetup and partition this one disk then
# exit. This is useful for partitioning a disk in preparation to replace
# a failed or failing disk from a raid10 array.
#
# classes:
#
# REPARTITION: forces repartitioning even if we detect the proper amount
# of partitions already exist.
#
# NOWIPE: use existing subvolumes if they exist
#
# REROOTFS: Don't reuse the root filesystem, even if we normally would
#
# ROTATIONAL: forces to install onto hdds instead of sdds. normally sdds
# are chosen if they exist.
#
# PARTITION_PROMPT: command line prompt before partitioning. This is good
# to set if we don't expect repartitioning to happen.
#
# ROTATIONAL: in a system with ssd and hdd, install to the hdd
# instead of the default ssd.
#
# RAID0: forces raid0 filesystem. Normally with 4+ devices, we use
# raid10.
# RAID1: forces raid1 filesystem.
# RAID1c3: forces raid1c3 filesystem (btrfs raid 1, 3 copies).

mkroot2tab=false
mkroot2=false
mktab=false
if [[ $1 ]]; then
  ## duplicates fai-wrapper, for convenience of not needing it
  if ! type -t ifclass &>/dev/null; then
    ifclass() {
      local var=${1/#/CLASS_}
      [[ $HOSTNAME == "$1" || ${!var} ]]
    }
  fi

  case $1 in
    mkroot2)
      mkroot2=true
      ;;
    mkroot2tab)
      mkroot2tab=true
      ;;
    mktab)
      mktab=true
      ;;
    *)
      echo "$0: error: unsupported arg: $1" >&2
      exit 1
      ;;
  esac
fi


if [[ $SPECIAL_DISK ]]; then
  export CLASS_REPARTITION=true
fi

# # fai's setup-storage won't do btrfs on luks,
# # so we do it ourself :)
# inspiration taken from files in fai-setup-storage package

# if we are not running in fai, skiptask won't be defined, so carry on.
skiptask partition || ! type skiptask

if ! type -p devbyid; then
  for d in $FAI/distro-install-common \
             /a/bin/fai/fai/config/distro-install-common $FAI $PWD; do
    [[ -d $d ]] || continue
    if [[ -e $d/devbyid ]]; then
      devbyid=$d/devbyid
      devbyid() { $devbyid "$@"; }
      break
    fi
  done
  if [[ ! $devbyid ]]; then
    echo "$0: error: failed to find devbyid script" >&2
    exit 1
  fi
fi

#### begin configuration

# this is the ordering of the /dev/sdaX, but
# the ordering of the partition layout goes like this:
# bios_grub
# grub_ext
# efi
# lvm
#  root
#  swap
#  boot




##### end configuration

##### begin function defs

bpart() { # btrfs a partition
  case $raid_level in
    0) mkfs.btrfs -f $@ ;;
    *) mkfs.btrfs -f -m raid$raid_level -d raid$raid_level $@ ;;
  esac
}


zilap() {
  case $HOSTNAME in
    sy|bo)
      return 0
      ;;
  esac
  return 1
}

getluks() {
  if [[ ! $luks_dir ]]; then
    # see README for docs about how to create these
    luks_dir=$FAI/distro-install-common/luks
    if [[ ! -d $luks_dir ]]; then
      luks_dir=/q/root/luks
    fi
    if [[ ! -d $luks_dir ]]; then
      echo "$0: error: no luks_dir found" >&2
      exit 1
    fi
  fi

  luks_file=$luks_dir/host-$HOSTNAME
  if [[ ! -e $luks_file ]]; then
    # shellcheck disable=SC2206 # globbing is intended
    hostkeys=($luks_dir/host-*)
    # if there is only one key, we might be deploying somewhere
    # where dhcp doesnt give us a proper hostname, so use that.
    if [[ ${#hostkeys[@]} == 1 && -e ${hostkeys[0]} ]]; then
      luks_file=${hostkeys[0]}
    else
      echo "$0: error: no key for hostname at $luks_file" >&2
      exit 1
    fi
  fi

  # # note, corresponding changes in /b/ds/keyscript-{on,off}
  if ifclass demohost; then
    lukspw=x
  elif [[ -e $luks_dir/$HOSTNAME ]]; then
    lukspw=$(cat $luks_dir/$HOSTNAME)
  else
    lukspw=$(cat $luks_dir/iank)
  fi

  if $mkroot2; then
    luks_file=$luks_dir/host-amy
    lukspw=$(cat $luks_dir/amy)
  fi
}


fsf() {
  ifclass FSF
}


dev-mib() {
  local d=${1:-$dev}
  echo $(( $(parted -m $d unit MiB print | \
               sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
}

luks-setup() {
  local luksdev="$1"
  local cryptname="$2"
  # when we move to newer than trisquel 9, we can remove
  # --type luks1. We can also check on cryptsetup --help | less /compil
  # to see about the other settings. Default in debian 9 is luks2.
  # You can convert from luks2 to luks 1 by adding a temporary key:
  # cryptsetup luksAddKey --pbkdf pbkdf2
  # then remove the new format keys with cryptsetup luksRemoveKey
  # then cryptsetup convert DEV --type luks1, then readd old keys and remove temp.
  yes YES | cryptsetup luksFormat $luksdev $luks_file || [[ $? == 141 ]]
  yes "$lukspw" | \
    cryptsetup luksAddKey --key-file $luks_file \
               $luksdev || [[ $? == 141 ]]
  # background: Keyfile and password are treated just
  # like 2 ways to input a passphrase, so we don't actually need to have
  # different contents of keyfile and passphrase, but it makes some
  # security sense to a really big randomly generated passphrase
  # as much as possible, so we have both.
  #
  # This would remove the keyfile.
  #    yes 'test' | cryptsetup luksRemoveKey /dev/... \
    #                            /key/file || [[ $? == 141 ]]
  cryptsetup luksOpen $luksdev $cryptname --key-file $luks_file
}

mktab() {
  mkdir -p /tmp/fai
  dev=${boot_devs[0]}
  fstabstd="x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s"

  if [[ $DISTRO == debianbullseye_bootstrap ]]; then
    cat > /tmp/fai/fstab <<EOF
$first_boot_dev  /  btrfs  noatime,subvol=$boot_vol  0 0
$first_efi  /boot/efi  vfat          nofail,$fstabstd  0 0
EOF
    cat >/tmp/fai/disk_var.sh <<EOF
BOOT_DEVICE="${short_devs[@]}"
ROOT_PARTITION=$first_boot_dev
EOF
  else
    # note, fai creates the mountpoints listed here
    cat > /tmp/fai/fstab <<EOF
$first_root_dev  /  btrfs                   $fstabstd,noatime,subvol=root_$DISTRO$mopts  0 0
$first_root_dev  /mnt/root  btrfs    nofail,$fstabstd,noatime,subvolid=0$mopts  0 0
$first_boot_dev  /boot  btrfs        nofail,$fstabstd,noatime,subvol=$boot_vol  0 0
$first_efi  /boot/efi  vfat          nofail,$fstabstd  0 0
$first_boot_dev  /mnt/boot  btrfs    nofail,$fstabstd,noatime,subvolid=0  0 0
EOF
    rm -f /tmp/fai/crypttab
    for vg in ${vgs[@]}; do
      if ! fsf; then
        cat >>/tmp/fai/crypttab <<EOF
crypt-$vg-root /dev/$vg/root  none  keyscript=/root/keyscript,discard,luks,initramfs
crypt-$vg-swap /dev/$vg/swap  /dev/urandom  swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
      fi
      if fsf; then
        cat >> /tmp/fai/fstab <<EOF
/dev/$vg/swap  none  swap  nofail,$fstabstd,sw  0 0
EOF
      else
        cat >> /tmp/fai/fstab <<EOF
/dev/mapper/crypt-$vg-swap  none  swap  nofail,$fstabstd,sw  0 0
EOF
      fi
    done

    # fai would do this:
    #BOOT_DEVICE=\${BOOT_DEVICE:-"${devs[0]}"}

    # note: swaplist seems to do nothing.
    cat >/tmp/fai/disk_var.sh <<EOF
BOOT_DEVICE="${short_devs[@]}"
BOOT_PARTITION=\${BOOT_PARTITION:-$first_boot_dev}
# ROOT_PARTITIONS is added by me, used in arch setup.
ROOT_PARTITIONS="${root_devs[@]}"
ROOT_PARTITION=\${ROOT_PARTITION:-$first_root_dev}
SWAPLIST=\${SWAPLIST:-"${swap_devs[@]}"}
EOF

    if [[ $HOSTNAME == kd ]]; then
      # note, having these with keyscript and initramfs causes a luks error in fai.log,
      # but it is safely ignorable and gets us the ability to just type our password
      # in once at boot. A downside is that they are probably needed to be plugged in to boot.
      cat >>/tmp/fai/crypttab <<EOF
crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf} /dev/disk/by-id/ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf}  none  keyscript=decrypt_keyctl,discard,luks,initramfs
crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1 /dev/disk/by-id/ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1  none  keyscript=decrypt_keyctl,discard,luks,initramfs
crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1 /dev/disk/by-id/ata-ST6000DM001-1XY17Z_Z4D29EBL-part1  none  keyscript=decrypt_keyctl,discard,luks,initramfs
EOF
      cat >> /tmp/fai/fstab <<EOF
# r7 = root partition7. it isnt actually #7 anymore, not a great name, but whatever
/dev/mapper/crypt_dev_ata-Samsung_SSD_870_QVO_8TB_S5VUNG0N900656V${even_bigsuf}  /mnt/r7  btrfs  nofail,$fstabstd,noatime,compress=zstd,subvolid=0  0 0
/dev/mapper/crypt_dev_ata-TOSHIBA_MD04ACA500_84R2K773FS9A-part1  /mnt/rust1  btrfs  nofail,$fstabstd,noatime,compress=zstd,subvolid=0  0 0
/dev/mapper/crypt_dev_ata-ST6000DM001-1XY17Z_Z4D29EBL-part1  /mnt/rust2  btrfs  nofail,$fstabstd,noatime,compress=zstd,subvolid=0  0 0
EOF
    fi
  fi
}



#### root2 non-fai run

# todo: update for lvm
doroot2() {

  # We write to these files instead of just /etc/fstab, /etc/crypttab,
  # because these are filesystems created after our current root, and so
  # this allows us to update other root filesystems too.
  rm -f /mnt/root/root2-{fs,crypt}tab
  if $partition; then
    echo $0: error: found partition=true but have mkroot2 arg
    exit 1
  fi
  root2_devs=()
  for vg in ${vgs[@]}; do
    root2_devs+=(/dev/mapper/crypt-$vg-root2)
      if $mkroot2; then
      luks-setup /dev/$vg/root2 crypt-$vg-root2
    fi
    cat >>/mnt/root/root2-crypttab <<EOF
crypt-$vg-root2 /dev/$vg/root2  $luks_file  discard,luks,initramfs
EOF
  done
  if $mkroot2; then
    bpart ${root2_devs[@]}
    bpart ${boot2_devs[@]}
  fi
  mkdir -p /mnt/root2 /mnt/boot2
  cat >>/mnt/root/root2-fstab <<EOF
${root2_devs[0]} /mnt/root2  btrfs  nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvolid=0$mopts  0 0
${boot2_devs[0]} /mnt/boot2  btrfs  nofail,x-systemd.device-timeout=30s,x-systemd.mount-timeout=30s,noatime,subvolid=0  0 0
EOF
  exit 0
}


##### end function defs


##### begin variable setup
partition=false
if ifclass REPARTITION; then
  partition=true # force a full wipe
fi
wipe=true
if ifclass NOWIPE; then
  wipe=false
fi

rerootfs=false
if ifclass REROOTFS; then
  rerootfs=true
fi

if (($(nproc) > 2)); then
  mopts=,compress=zstd
fi

declare -A disk_excludes
if ! $mkroot2 && ! $mkroot2tab && ! $mktab ! ifclass USE_MOUNTED; then
  ## ignore disks that are mounted, eg when running from fai-cd
  while read -r l; do
    eval "$l"
    if [[ ! $PKNAME ]]; then
      # shellcheck disable=SC2153 # not a misspelling
      PKNAME="$KNAME"
    fi
    if [[ $MOUNTPOINT ]]; then
      disk_excludes[$PKNAME]=true
    fi
  done < <(lsblk -nP -o KNAME,MOUNTPOINT,PKNAME)
fi

hdds=()
ssds=()
# this excludes "usb". vda disk has empty tran (transport). This may need adjustment
# for some new type we come across. cdrom has type "rom"
for disk in $(lsblk -ndo name,type,tran | awk '$3 ~ "^(sata|nvme|)$" && $2 == "disk" { print $1 }'); do
  if [[ ${disk_excludes[$disk]} ]]; then
    continue
  fi
  case $disk in
    # cdrom
    sr*) continue ;;
  esac
  case $(cat /sys/block/$disk/queue/rotational) in
    0)
      ssds+=("/dev/$disk")
      echo $0: found ssd /dev/$disk
      ;;
    1)
      hdds+=("/dev/$disk")
      echo $0: found hdd /dev/$disk
      ;;
    *) echo "$0: error: unknown /sys/block/$disk/queue/rotational: \
$(cat $disk/queue/rotational)"; exit 1 ;;
  esac
done

# install all ssds, or if there are none, all hdds.
# Note, usb flash disks are seen as rotational, which is
# very odd, but convenient for ignoring them here.
if ! ifclass ROTATIONAL && (( ${#ssds[@]} > 0 )); then
  read -ra short_devs<<<"${ssds[@]}"
else
  read -ra short_devs<<<"${hdds[@]}"
fi

pvn=1

# rootn=1
# root2n=2
# swapn=3
# bootn=4
# boot2n=5

efin=2
# ext partition so grub can write persistent variables,
# so it can do a one time boot. grub can't write to
# btrfs or any cow fs because it's more
# more complicated to do and they don't want to.
grub_extn=3
# bios boot partition,
# https://wiki.archlinux.org/index.php/GRUB
bios_grubn=4
# for an even raid (raid 1), when one disk is bigger, this partition goes on the big disk
even_bign=5
lastn=$even_bign
# check if the partitions exist have the right filesystems
#blkid="$(blkid -s TYPE)"
for dev in ${short_devs[@]}; do
  if $partition; then break; fi
  y=$(readlink -f $dev)
  # shellcheck disable=SC2206 # globbing is intended
  arr=($y?*)
  if (( ${#arr[@]} < lastn )); then
    partition=true
  fi
  # On one system, blkid is missing some partitions.
  # maybe we need a flag, like FUZZY_BLKID or something, so we
  # can check that at least some exist.
  # for x in "`rootdev`: TYPE=\"crypto_LUKS\"" "`bootdev`: TYPE=\"btrfs\""; do
  #     echo "$blkid" | grep -Fx "$x" &>/dev/null || partition=true
  # done
done

if $partition && ifclass PARTITION_PROMPT; then
  echo "Press any key except ctrl-c to continue and partition these drives:"
  echo "  ${short_devs[*]}"
  read -r
fi

devs=()
vgs=()
root_devs=()
swap_devs=()
shopt -s extglob
partsuffix=-part
for short_dev in ${short_devs[@]}; do
  dev="$(devbyid $short_dev)"
  if [[ $dev != */by-id/* ]]; then
    # no by-id link, assume we are in a vm and this is true for all devs.
    partsuffix=
  fi
  # for vms, cant name a vg the same as the short device name, they
  # conflict: /dev/$vg is already taken

  dname=${dev##*/}
  vg=vg$dname
  vgs+=("$vg")
  devs+=("$dev")
  if fsf; then
    root_devs+=(/dev/$vg/root)
    swap_devs+=(/dev/$vg/swap)
  else
    root_devs+=(/dev/mapper/crypt-$vg-root)
    swap_devs+=(/dev/mapper/crypt-$vg-swap)
  fi
done
first_root_dev=${root_devs[0]}
if [[ ! ${devs[0]} ]]; then
  echo "$0: error: failed to detect devs" >&2
  exit 1
fi



pvsuf=$partsuffix$pvn
efisuf=$partsuffix$efin
grub_extsuf=$partsuffix$grub_extn
bios_grubsuf=$partsuffix$bios_grubn
even_bigsuf=$partsuffix$even_bign


boot_space=0
first=true
boot_devs=()
boot2_devs=()
for dev in ${devs[@]}; do
  vg=vg${dev##*/}
  # I ran into a machine (frodo) where the bios doesn't know about some disks,
  # so 1st stage of grub also doesn't know about them.
  # Also, grub does not support mounting degraded btrfs as far as
  # I can tell with some googling.
  # From within an arch install env, I could detect them by noting
  # their partitions were mixed with the next disk in /dev/disk/by-path,
  # and I have mixed model disks, and I could see the 8 models which showed
  # up in the bios, and thus see which 2 models were missing.
  # hdparm -I /dev/sdh will give model info in linux.
  # However, in fai on jessie, /dev/disk/by-path dir doesn't exist,
  # and I don't see another way, so I'm hardcoding them.
  # We still put grub on them and partition them the same, for uniformity
  # and in case they get moved to a system that can recognize them,
  # we just exclude them from the boot filesystem.
  cd /dev/disk/by-id/
  bad_disk=false
  for id in ata-TOSHIBA_MD04ACA500_8539K4TQFS9A \
              ata-TOSHIBA_MD04ACA500_Y5IFK6IJFS9A; do
    if [[ $(readlink -f $id) == "$(readlink -f $dev)" ]]; then
      bad_disk=true
      break
    fi
  done
  if $bad_disk; then
    continue
  fi
  boot_devs+=(/dev/$vg/boot)
  boot2_devs+=(/dev/$vg/boot2)
  boot_space=$(( boot_space + $(parted -m $dev unit MiB print | \
                                  sed -nr "s#^/dev/[^:]+:([0-9]+).*#\1#p") - 1))
  if $first; then
    first_efi=$dev$efisuf
    first_grub_extdev=$dev$grub_extsuf
    first=false
  fi
done
first_boot_dev=${boot_devs[0]}

even_raid=false
if ifclass RAID0 || (( ${#boot_devs[@]} == 1 )); then
  raid_level=0
  raid_duplication=1
elif ifclass RAID1 || (( ${#boot_devs[@]} == 2 )); then
  if (( ${#boot_devs[@]} == 2 )); then
    even_raid=true
  fi
  raid_level=1
  raid_duplication=2
elif ifclass RAID1c3 || (( ${#boot_devs[@]} == 3 )); then
  raid_level=1c3
  raid_duplication=3
else
  raid_level=10
  raid_duplication=2
fi



### Begin calculate boot partition space
# due to raid duplication
case $raid_level in
  1|10) boot_space=$(( boot_space / 2 )) ;;
  1c3) boot_space=$(( boot_space / 3 )) ;;
esac
if fsf; then
  boot_mib=4000
elif (( boot_space > 900000 )); then
  # this is larger than needed for several /boot subvols,
  # becuase I keep a minimal debian install on it for
  # recovery needs and for doing pxe-kexec.
  boot_mib=10000
  root2_mib=500000
  boot2_mib=5000
elif (( boot_space > 30000 )); then
  boot_mib=$(( 5000 + (boot_space - 30000) / 2 ))
  root2_mib=100
  boot2_mib=100
else
  # Small vms don't have room for /boot recovery.  With 3 kernels
  # installed, i'm using 132M on t8, so this seems like plenty of
  # room. note: rhel 8 recomments 1g for /boot.  u20.04 with 3 kernels =
  # 308 mb, so things have grown significantly
  boot_mib=1000
  root2_mib=100
  boot2_mib=100
fi
boot_part_mib=$(( boot_mib * raid_duplication / ${#boot_devs[@]} ))

if zilap; then
  boot2_part_mib=0
  root2_part_mib=0
else
  boot2_part_mib=$(( boot2_mib * raid_duplication / ${#boot_devs[@]}  ))
  root2_part_mib=$(( root2_mib * raid_duplication / ${#root_devs[@]}  ))
fi
### end calculate boot partition space


if [[ ! $DISTRO ]]; then
  if ifclass VOL_BULLSEYE_BOOTSTRAP; then
    DISTRO=debianbullseye_bootstrap
  elif ifclass VOL_STRETCH; then
    DISTRO=debianstretch
  elif ifclass VOL_BUSTER; then
    DISTRO=debianbuster
  elif ifclass VOL_BULLSEYE; then
    DISTRO=debianbullseye
  elif ifclass VOL_BOOKWORM; then
    DISTRO=debianbookworm
  elif ifclass VOL_TESTING; then
    DISTRO=debiantesting
  elif ifclass VOL_XENIAL; then
    DISTRO=ubuntuxenial
  elif ifclass VOL_BIONIC; then
    DISTRO=ubuntubionic
  elif ifclass VOL_FOCAL; then
    DISTRO=ubuntufocal
  elif ifclass VOL_JAMMY; then
    DISTRO=ubuntujammy
  elif ifclass VOL_FLIDAS; then
    DISTRO=trisquelflidas
  elif ifclass VOL_ETIONA; then
    DISTRO=trisqueletiona
  elif ifclass VOL_NABIA; then
    DISTRO=trisquelnabia
  elif ifclass VOL_ARAMO; then
    DISTRO=trisquelaramo
  elif $mkroot2 || $mkroot2tab; then
    :
  else
    echo "PARTITIONER ERROR: no distro class/var set" >&2
    exit 1
  fi
fi

if [[ $DISTRO == debianbullseye_bootstrap ]]; then
  # this is just convenience for the libreboot_grub config
  # so we can glob the other ones easier.
  boot_vol=$DISTRO
else
  boot_vol=boot_$DISTRO
fi


# 1.5 x based on https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-disk-partitioning-setup-x86.html#sect-custom-partitioning-x86
swap_mib=$(( $(grep ^MemTotal: /proc/meminfo | \
                 awk '{print $2}') * 3/(${#devs[@]} * 2 ) / 1024 ))

shopt -s nullglob
##### end variable setup




if $mkroot2 || $mkroot2tab; then
  getluks
  doroot2
elif $mktab; then
  mktab
  exit 0
else
  mktab
  if ! fsf; then
    getluks
  fi
fi


if $partition; then
  ### begin wipefs
  if [[ ! $SPECIAL_DISK ]]; then
    for lv in $(lvs --noheadings -o lv_path); do
      wipefs -a $lv
    done
    for vg in $(vgs --noheadings -o vgname); do
      vgchange -an $vg
      vgremove -ff $vg
    done
    for pv in $(pvs --noheadings -o pvname); do
      pvremove -ff $pv
    done
    for dev in ${devs[@]}; do
      # if we repartition to the same as an old partition,
      # we don't want any old fses hanging around.
      count_down=10
      # wipefs has failed, manual run works, google suggests timing issue
      while ! wipefs -a $dev; do
        sleep 2
        count_down=$((count_down - 1))
        (( count_down > 0 )) || exit 1
      done
    done
  fi
  ### end wipefs


  # When we have 2 disks of at least 100g difference in size,
  # make an extra partition on the end of the bigger one.
  even_big_part=false
  even_diff_min=100000
  if $even_raid; then
    smalli=0
    bigi=1
    if (( $(dev-mib ${devs[0]}) >= $(dev-mib ${devs[1]}) )); then
      smalli=1
      bigi=0
    fi
    disk_mib=$(dev-mib ${devs[smalli]})
    even_big_dev=${devs[bigi]}
    even_big_mib=$(dev-mib $even_big_dev)
    if (( even_big_mib - disk_mib > even_diff_min )); then
      even_big_part=true
    fi
  fi

  for dev in ${devs[@]}; do
    vg=vg${dev##*/}
    if [[ $SPECIAL_DISK ]]; then
      dev=$(devbyid $SPECIAL_DISK)
    fi

    # parted will round up the disk size. Do -1 so we can have
    # fully 1MiB unit partitions for easy resizing of the last partition.
    # Otherwise we would pass in -0 for the end argument for the last partition.
    #
    # Note: parted print error output is expected. example:
    # Error: /dev/vda: unrecognised disk label
    if ! $even_raid; then
      disk_mib=$(dev-mib)
    fi


    parted -s $dev mklabel gpt
    # MiB because parted complains about alignment otherwise.
    pcmd="parted -a optimal -s -- $dev"
    # main lvm partition
    $pcmd mkpart primary ext3 524MiB ${disk_mib}MiB
    $pcmd name $pvn pv

    pvcreate -y $dev$pvsuf
    vgcreate -y $vg $dev$pvsuf

    if fsf; then
      root_mib=40000
    else
      # 600 = uefi 512 + grubext 8 + bios grub 3 + some extra cuz this is lvm
      root_mib=$(( disk_mib - root2_part_mib - swap_mib - boot_part_mib - boot2_part_mib - 600 ))
    fi

    # -L unit default mebibyte
    lvcreate -y -L $root_mib $vg -n root
    lvcreate -y -L $swap_mib $vg -n swap
    # unencrypted swap needs mkswap
    if fsf; then
      mkswap /dev/$vg/swap
    fi
    lvcreate -y -L $boot_part_mib $vg -n boot

    if zilap; then
      # todo: now that we are using lvm, this doesnt need to be done until mkroot2
      lvcreate -y -L $root2_part_mib $vg -n root2
      lvcreate -y -L $boot2_part_mib $vg -n boot2
    fi

    # uefi partition, for normal bios systems, its just in case.
    $pcmd mkpart primary "fat32" 12MiB 524MiB
    $pcmd name $efin efi
    # note, this is shown here: https://support.system76.com/articles/bootloader/
    # but not mentioned https://wiki.archlinux.org/index.php/EFI_system_partition
    # might not be needed
    $pcmd set $efin esp on

    # i only need a few k, but googling min size,
    # I found someone saying that gparted required
    # required at least 8 because of their hard drive cylinder size.
    # And 8 is still very tiny.
    # grub_ext partition
    $pcmd mkpart primary "ext2" 4MiB 12MiB
    $pcmd name $grub_extn grubext
    # gpt ubuntu cloud image uses ~4 mb for this partition. fai uses 1 MiB.
    # so, I use 3, whatever.
    # note: parted manual saying cheap flash media
    # should to start at 4.
    # biols grub partition
    $pcmd mkpart primary "" 1MiB 4MiB
    $pcmd name $bios_grubn biosgrub
    $pcmd set $bios_grubn bios_grub on
    if $even_big_part  && [[ $dev == "$even_big_dev" ]]; then
      $pcmd mkpart primary ext3 ${disk_mib}MiB ${even_big_mib}MiB
      $pcmd name $even_bign even_big
    fi

    # the mkfs failed before on a vm, which prompted me to add
    # sleep .1
    # then it failed again on a physical machine
    # with:
    # Device /dev/disk/by-id/foo doesn't exist or access denied,
    # so I added a wait until it existed.
    # Then I added the mkfs.ext2, which claimed to succeed,
    # but then couldn't be found upon reboot. In that case we didn't
    # wait at all. So I've added a 3 second minimum wait.
    secs=0
    while [[ ! -e $dev$bios_grubsuf ]] && (( secs < 10 )); do
      sleep 1
      secs=$((secs +1))
    done
    sleep 3

    mkfs.fat -F32 $dev$efisuf

    if ! fsf && $even_big_part  && [[ $dev == "$even_big_dev" ]]; then
      luks-setup $even_big_dev ${even_big_dev##*/}
      mkfs.btrfs -f /dev/mapper/${even_big_dev##*/}
    fi

    # Holds just a single file, rarely written, so
    # use ext2, like was often used for the /boot partition.
    # This exists because grub can only persist data to a non-cow fs.
    # And we use persisting a var in grub to do a one time boot.
    # We could pass the data on the kernel command line and persist it
    # to grubenv after booting, but that relies on the boot always succeeding.
    # This is just a bit more robust, and it could work for booting
    # into ipxe which can't persist data, if we ever got that working.
    mkfs.ext2 $dev$grub_extsuf

    # for fsf, no encryption of root because root will not contain any
    # sensitive data.
    if ! fsf; then
      luks-setup /dev/$vg/root crypt-$vg-root
    fi

    if [[ $SPECIAL_DISK ]]; then
      exit 0
    fi
  done
  ls -la /dev/btrfs-control # this was probably for debugging...
  sleep 1

  bpart ${root_devs[@]}
  bpart ${boot_devs[@]}

else ## above: if $partition ##

  if ! fsf; then
    for vg in ${vgs[@]}; do
      if [[ -e /dev/mapper/crypt-$vg-root ]]; then
        continue
      fi
      if $rerootfs; then
        luks-setup /dev/$vg/root crypt-$vg-root
      else
        cryptsetup luksOpen /dev/$vg/root $vg-root \
                   --key-file $luks_file
      fi
    done
  fi

  if $rerootfs; then
    sleep 1
    bpart ${root_devs[@]}
  fi
  sleep 1
fi


if $wipe && [[ $DISTRO != debianbullseye_bootstrap ]]; then
  # bootstrap distro doesn't use separate encrypted root.
  mount -o subvolid=0 ${root_devs[0]} /mnt
  # systemd creates subvolumes we want to delete.
  mapfile -t s < <(btrfs subvolume list --sort=-path /mnt |
                     sed -rn "s#^.*path\s*(root_$DISTRO/\S+)\s*\$#\1#p")
  for subvol in ${s[@]}; do btrfs subvolume delete /mnt/$subvol; done
  btrfs subvolume set-default 0 /mnt
  [[ ! -e /mnt/root_$DISTRO ]] || btrfs subvolume delete /mnt/root_$DISTRO

  ## create subvols ##
  cd /mnt

  btrfs subvolume create root_$DISTRO

  # could set default subvol like this, but no reason to.
  # btrfs subvolume set-default \
    #       $(btrfs subvolume list . | grep "root_$DISTRO$" | awk '{print $2}') .

  # For raid systems, cow allows for error correction, for non-raid systems,
  # protects root fs from having the plug pulled. Reprovisioning a root
  # subvol is not my favorite thing to do.
  # # no cow on the root filesystem. it's setup is fully scripted,
  # # if it's messed up, we will just recreated it,
  # # and we can get better perf with this.
  # # I can't remember exactly why, but this is preferable to mounting with
  # # -o nodatacow, I think because subvolumes inherit that.
  # chattr -Rf +C root_$DISTRO
  cd /
  umount /mnt
fi

mount -o subvolid=0 $first_boot_dev /mnt
cd /mnt
btrfs subvolume set-default 0 /mnt # already default, just ensuring it.

# for libreboot systems. grub2 only reads from subvolid=0
mkdir -p /mnt/grub2
# todo: this probably needs updating for our lvm transition
cp $FAI/distro-install-common/libreboot_grub.cfg /mnt/grub2

if $wipe && [[ -e /mnt/$boot_vol ]]; then
  btrfs subvolume delete /mnt/$boot_vol
fi
if [[ ! -e /mnt/$boot_vol ]]; then
  btrfs subvolume create $boot_vol
fi
cd /
umount /mnt
## end create subvols ##

mount $first_grub_extdev /mnt
grub-editenv /mnt/grubenv set did_fai_check=true
grub-editenv /mnt/grubenv set last_boot=/$boot_vol
umount /mnt


# initial setup of extra data fs, mounted,
# btrfs subvol create nocow
# chattr +C nocow
# chown iank.iank nocow