2 # Copyright (C) 2022 Ian Kelling
3 # SPDX-License-Identifier: AGPL-3.0-or-later
5 # todo: put this script and this library into ansible
6 source /usr
/local
/lib
/err
8 #### begin arg processing ###
11 Usage: ${0##*/} [mdraid] hdd|sdd size_in_GB fqdn
14 -h|--help Print help and exit.
19 m
() { printf "%s\n" "$*"; "$@"; }
33 if (( $# != 3 )); then
34 echo "$0: error: expected 3 arguments" >&2
38 read -r disk_type gb hostname
<<<"$@"
39 #### end arg processing ###
41 if ! type -p apg
&>/dev
/null
; then
45 if ! mountpoint
-q /mnt2
; then
46 echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2
52 vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M
53 vgata-ST4000DM000-1F2168_Z3028BKA
54 vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017
59 vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K
60 vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V
61 vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K
66 for vg
in ${volgroups[@]}; do
67 lvdev
=/dev
/$vg/$hostname
68 if [[ -e $lvdev ]]; then
69 echo "$0: skipping creation of existing lv: $lvdev"
71 m lvcreate
-L ${gb}g
-n $hostname $vg
75 keyfile
=/mnt
2/$hostname
76 if [[ ! -s $keyfile ]]; then
77 apg
-m 25 -x 25 -n1 |
tr -d '\n' >$keyfile
78 # directory is already 700, just being thorough
84 mountdir
=/mnt
/$hostname
88 for vg
in ${volgroups[@]}; do
89 lvdev
=/dev
/$vg/$hostname
90 integrity_name
=integrity-
$vg-$hostname
91 integrity_dev
=/dev
/mapper
/$integrity_name
92 integrity_devs
+=($integrity_dev)
93 if [[ -e $integrity_dev ]]; then
94 echo "$0: skipping creation of existing integrity dev: $integrity_dev"
96 m
time integritysetup
--batch-mode format
$lvdev
97 m integritysetup open
--allow-discards $lvdev $integrity_name
100 mddev
=/dev
/md
/md
$hostname
101 if [[ -e $mddev ]]; then
102 echo "$0: skipping creation of existing mddev: $mddev"
104 # get stable auto-assembled names
105 # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0
106 if ! grep -Fxq "HOMEHOST <ignore>" /etc
/mdadm
/mdadm.conf
; then
107 sed -i '/^ *HOMEHOST/d' /etc
/mdadm
/mdadm.conf
108 echo "HOMEHOST <ignore>" >>/etc
/mdadm
/mdadm.conf
109 m update-initramfs
-u -k all
111 yes yes | m mdadm
--create /dev
/md
/md
$hostname --level 1 --raid-devices=3 ${integrity_devs[@]} ||
[[ $?
== 141 ]]
113 luks_name
=crypt-
$hostname
114 luks_dev
=/dev
/mapper
/$luks_name
115 if [[ -e $luks_dev ]]; then
116 echo "$0: skipping creation of existing luks dev: $luks_dev"
118 yes YES | m cryptsetup luksFormat
$mddev $keyfile ||
[[ $?
== 141 ]]
119 echo appending to
/etc
/crypttab
120 echo "$luks_name $mddev $keyfile discard,luks" |
tee -a /etc
/crypttab
121 m cryptdisks_start
$luks_name
123 m mkfs.ext4
$luks_dev
127 for vg
in ${volgroups[@]}; do
128 lvdev
=/dev
/$vg/$hostname
129 # todo add apg to automatically installed packages
130 yes YES | m cryptsetup luksFormat
$lvdev $keyfile ||
[[ $?
== 141 ]]
131 luks_name
=crypt-
$vg-$hostname
132 echo appending to
/etc
/crypttab
133 line
="$luks_name $lvdev $keyfile discard,luks,noauto"
134 if grep -Fq "$lvdev" /etc
/crypttab
; then
135 if grep -Fx "$line" /etc
/crypttab
; then
136 echo "$0: crypttab line already found ^. not adding"
138 echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:"
140 echo "saving exit 1 until script completes. manual intervention required"
144 echo "appending to /etc/crypttab:"
145 echo "$line" |
tee -a /etc
/crypttab
147 m cryptdisks_start
$luks_name
148 luks_devs
+=(/dev
/mapper
/$luks_name)
151 m mkfs.btrfs
-f -m raid1c3
-d raid1c3
${luks_devs[@]}
152 m mount
${luks_devs[0]} $mountdir
153 m btrfs sub create
$mountdir/root
157 if $crypttab_err; then
158 echo "$0: crypttab error, exiting 1, see above."