set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
-# for calling outside of FAI, first
-# - source /a/bin/fai-wrapper
+# for calling outside of FAI:
+# # need to redep and set that location so that we get luks keys
+# export FAI=/srv/fai/config
+# fai-redep
+# source /b/fai/fai-wrapper
# - set any appropriate classes with: fai-setclass OPT1... which sets CLASS_OPT1=true...
# or run eval-fai-classfile FILE
#
# see README for docs about how to create these
-luks_dir=${LUKS_DIR:-/var/lib/fai/config/distro-install-common/luks}
+luks_dir=$FAI/distro-install-common/luks
luks_file=$luks_dir/host-$HOSTNAME
bpart ${boot_devs[@]}
else
for dev in ${devs[@]}; do
- mkfs.ext2 $(grub_extdev)
+ if [[ -e /a/bin/fai/fai-wrapper && -e /dev/mapper/$(root-cryptname) ]]; then
+ continue
+ fi
cryptsetup luksOpen $(rootdev) $(root-cryptname) \
--key-file $luks_file
done
btrfs subvolume create root_$DISTRO
- mkdir -p /mnt/root_$DISTRO/boot
# could set default subvol like this, but no reason to.
# btrfs subvolume set-default \
# $(btrfs subvolume list . | grep "root_$DISTRO$" | awk '{print $2}') .
else
# note, fai creates the mountpoints listed here
cat > /tmp/fai/fstab <<EOF
-$first_root_crypt / btrfs noatime,subvol=root_$DISTRO 0 0
+$first_root_crypt / btrfs noatime,subvol=root_$DISTRO 0 0
$first_root_crypt /mnt/root btrfs nofail,noatime,subvolid=0 0 0
-$first_boot_dev /boot btrfs nofail,noatime,subvol=$boot_vol 0 0
+$first_boot_dev /boot btrfs nofail,noatime,subvol=$boot_vol 0 0
+$first_boot_dev /mnt/boot btrfs nofail,noatime,subvolid=0 0 0
EOF
swaps=()
for dev in ${devs[@]}; do
swaps+=($(swap-cryptname))
cat >>/tmp/fai/crypttab <<EOF
-$(root-cryptname) $(rootdev) none keyscript=decrypt_keyctl,discard,luks,initramfs
+$(root-cryptname) $(rootdev) none keyscript=/root/keyscript,discard,luks,initramfs
$(swap-cryptname) $(swapdev) /dev/urandom swap,cipher=aes-xts-plain64,size=256,hash=ripemd160
EOF
cat >> /tmp/fai/fstab <<EOF