change /p/c/machine_specific/vps/bind-initial/db.b8.nz
faiserver 10.0.44.1
-TARGET 10.0.44.2
+TARGET_HOSTNAME 10.0.44.2
apt install isc-dhcp-server
Setup fai or arch pxe (depending on $0 name)
then start a virtual machine to test the config
+todo: make it so this can run this on a network we dont control, the 2
+ways I know which could work are either running in libvirt's the nated
+network, and altering the dnsmasq options for the dnsmasq that runs in
+that, or giving the vm a static ip and for resolving faiserver, and then
+for resolving "faiserver", either setup some static resolution in the
+vm, or give it the host machine's ip as a dns server, or in general
+change references of faiserver to faiserver.b8.nz (I like this idea
+because it helps in other cases too).
+
Note, sometimes shutting down the existing demohost vm
fails. Just run again if that happens.
--d When doing pxe, don't do dhcp setup. Good for when we
+-d When doing pxe with -p, don't do dhcp setup. Good for when we
aren't on Ian's home network.
-n Create new qcow2(s) for vm. Good for testing partitioning
script, to ensure a blank disk.
#
# D16: for kgpe-d16 specific settings.
#
+# JAMMY_FIRMWARE: for trisquel install to get nonfree firmware from
+# ubuntu jammy. The linux-firmware-free package in trisquel conflicts
+# with the linux-firmware package in ubuntu, but you only find out after
+# installing due to an error.
+#
# For filesystem/partitioning related classes, see comments at the top of
# fai/config/hooks/partition.DEFAULT
fi
}
-# generating a hashed password:
-# under debian, you can do
-# mkpasswd -m sha-512 -s >/q/root/shadow/standard
-# On arch, best seems to be copy your shadow file to a temp location,
-# then passwd, get out the new pass, then copy the shadow file back.
-sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
# only setup root pass for bootstrap vol
if ifclass VOL_BULLSEYE_BOOTSTRAP; then
# return of 9 = user already exists. so we are idempotent.
au iank
-sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+# generating a hashed password:
+# under debian, you can do
+# mkpasswd -m sha-512 -s >/q/root/shadow/standard
+# On arch, best seems to be copy your shadow file to a temp location,
+# then passwd, get out the new pass, then copy the shadow file back.
+if [[ -e $root_pw_f ]]; then
+ sed 's/^/root:/' $root_pw_f | $ROOTCMD chpasswd -e
+ sed 's/^/iank:/' $root_pw_f | $ROOTCMD chpasswd -e
+fi
au user2
if ifclass frodo; then
--- /dev/null
+Package: linux-image-generic linux-firmware intel-microcode amd64-microcode
+Pin: release n=jammy,o=Ubuntu
+Pin-Priority: 1001
# See logind.conf(5) for details.
[Login]
HandleLidSwitch=ignore
-# seems like a good idea.
+# seemed like a good idea when i was using psd
# https://wiki.archlinux.org/index.php/profile-sync-daemon#I_need_more_memory_to_accommodate_my_profile/profiles_in_/run/user/xxxx._How_can_I_allocate_more?
-RuntimeDirectorySize=50%
+#RuntimeDirectorySize=50%
;;
esac
-faiserver=${1:-faiserver}
+faiserver=${1:-faiserver.b8.nz}
if $force; then
for (( i=4; i<=7; i++ )); do
if [[ $(blockdev --getsize64 ${dev}$i) == 8388608 ]]; then
grub_extn=${dev}$i
+ found=true
break
fi
done
exit 0
fi
+fcopy -riB /etc/apt/preferences.d
+# ian: i'm guessing fai does this already
+#fcopy -riB /etc/apt/sources.list.d
+
+
keyfile=/var/lib/fai/config/distro-install-common/luks/host-$HOSTNAME
f=$target/root/keyscript
cat > $f <<EOFOUTER
# this is also done by FAIBASE/10-misc by default (without B)
fcopy -riB /usr/local/bin
+fcopy -riB /etc/apt/logind.conf.d
+
# this gets done by fai, but just happens too often that
# I add sources due to new distros, whatever.
fcopy -riB /etc/apt/preferences.d
+++ /dev/null
-#!/bin/bash
-
-# usage: $0
-# this script is idempotent
-
-# warning: changes here may affect the open version of this script
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-
-m() { printf "%s\n" "$*"; "$@"; }
-
-
-fs_file=/root/crypt-luks-keys-loopback
-mapper_name=crypt-luks-keys-loopback
-
-if mountpoint /mnt2 &>/dev/null; then
- m umount /mnt2
-fi
-if cryptsetup status /dev/mapper/$mapper_name &>/dev/null; then
- m cryptsetup luksClose /dev/mapper/$mapper_name; then
-fi
-l=$(losetup -l --noheadings | awk '$6 ~ /\/'$mapper_name'$/ {print $1}')
-if [[ $l ]]; then
- m losetup -d $l
-else
- echo "$0: warning: no loopback device found" >&2
-fi
+++ /dev/null
-#!/bin/bash
-# Copyright (C) 2022 Ian Kelling
-# SPDX-License-Identifier: AGPL-3.0-or-later
-
-# todo: put this script and this library into ansible
-source /usr/local/lib/err
-
-#### begin arg processing ###
-usage() {
- cat <<EOF
-Usage: ${0##*/} [mdraid] hdd|sdd size_in_GB fqdn
-create disk for vm
-
--h|--help Print help and exit.
-
-EOF
- exit $1
-}
-m() { printf "%s\n" "$*"; "$@"; }
-
-
-mdraid=false
-case $1 in
- mdraid)
- mdraid=true
- shift
- ;;
- --help)
- usage
- ;;
-esac
-
-if (( $# != 3 )); then
- echo "$0: error: expected 3 arguments" >&2
- usage 1
-fi
-
-read -r disk_type gb hostname <<<"$@"
-#### end arg processing ###
-
-if ! type -p apg &>/dev/null; then
- apt install -y apg
-fi
-
-if ! mountpoint -q /mnt2; then
- echo "$0: error: expected /mnt2 to be a mountpoint, run /root/open-crypt-luks-keys-loopback" >&2
-fi
-
-case $disk_type in
- hdd)
- volgroups=(
- vgata-WDC_WD4004FZWX-00GBGB0_NHG3PK4M
- vgata-ST4000DM000-1F2168_Z3028BKA
- vgata-WDC_WD40EZRX-00SPEB0_WD-WCC4E0304017
- )
- ;;
- sdd)
- volgroups=(
- vgata-Samsung_SSD_850_EVO_1TB_S3PJNB0J902536K
- vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909382V
- vgata-Samsung_SSD_850_EVO_1TB_S3PJNF0J909379K
- )
- ;;
-esac
-
-for vg in ${volgroups[@]}; do
- lvdev=/dev/$vg/$hostname
- if [[ -e $lvdev ]]; then
- echo "$0: skipping creation of existing lv: $lvdev"
- else
- m lvcreate -L ${gb}g -n $hostname $vg
- fi
-done
-
-keyfile=/mnt2/$hostname
-if [[ ! -s $keyfile ]]; then
- apg -m 25 -x 25 -n1 | tr -d '\n' >$keyfile
- # directory is already 700, just being thorough
- m chmod 600 $keyfile
-fi
-
-crypttab_err=false
-
-mountdir=/mnt/$hostname
-mkdir -p $mountdir
-integrity_devs=()
-if $mdraid; then
- for vg in ${volgroups[@]}; do
- lvdev=/dev/$vg/$hostname
- integrity_name=integrity-$vg-$hostname
- integrity_dev=/dev/mapper/$integrity_name
- integrity_devs+=($integrity_dev)
- if [[ -e $integrity_dev ]]; then
- echo "$0: skipping creation of existing integrity dev: $integrity_dev"
- else
- m time integritysetup --batch-mode format $lvdev
- m integritysetup open --allow-discards $lvdev $integrity_name
- fi
- done
- mddev=/dev/md/md$hostname
- if [[ -e $mddev ]]; then
- echo "$0: skipping creation of existing mddev: $mddev"
- else
- # get stable auto-assembled names
- # https://serverfault.com/questions/763870/raid-device-on-rename-appended-with-0
- if ! grep -Fxq "HOMEHOST <ignore>" /etc/mdadm/mdadm.conf; then
- sed -i '/^ *HOMEHOST/d' /etc/mdadm/mdadm.conf
- echo "HOMEHOST <ignore>" >>/etc/mdadm/mdadm.conf
- m update-initramfs -u -k all
- fi
- yes yes | m mdadm --create /dev/md/md$hostname --level 1 --raid-devices=3 ${integrity_devs[@]} || [[ $? == 141 ]]
- fi
- luks_name=crypt-$hostname
- luks_dev=/dev/mapper/$luks_name
- if [[ -e $luks_dev ]]; then
- echo "$0: skipping creation of existing luks dev: $luks_dev"
- else
- yes YES | m cryptsetup luksFormat $mddev $keyfile || [[ $? == 141 ]]
- echo appending to /etc/crypttab
- echo "$luks_name $mddev $keyfile discard,luks" | tee -a /etc/crypttab
- m cryptdisks_start $luks_name
- fi
- m mkfs.ext4 $luks_dev
-else
-
- luks_devs=()
- for vg in ${volgroups[@]}; do
- lvdev=/dev/$vg/$hostname
- # todo add apg to automatically installed packages
- yes YES | m cryptsetup luksFormat $lvdev $keyfile || [[ $? == 141 ]]
- luks_name=crypt-$vg-$hostname
- echo appending to /etc/crypttab
- line="$luks_name $lvdev $keyfile discard,luks,noauto"
- if grep -Fq "$lvdev" /etc/crypttab; then
- if grep -Fx "$line" /etc/crypttab; then
- echo "$0: crypttab line already found ^. not adding"
- else
- echo "$0: error: found existing lvdev: $lvdev in /etc/crypttab that is different than expected:"
- echo "$line"
- echo "saving exit 1 until script completes. manual intervention required"
- crypttab_err=true
- fi
- else
- echo "appending to /etc/crypttab:"
- echo "$line" | tee -a /etc/crypttab
- fi
- m cryptdisks_start $luks_name
- luks_devs+=(/dev/mapper/$luks_name)
- done
-
- m mkfs.btrfs -f -m raid1c3 -d raid1c3 ${luks_devs[@]}
- m mount ${luks_devs[0]} $mountdir
- m btrfs sub create $mountdir/root
- m umount $mountdir
-fi
-
-if $crypttab_err; then
- echo "$0: crypttab error, exiting 1, see above."
- exit 1
-fi
+++ /dev/null
-#!/bin/bash
-
-# usage: $0
-# this script is idempotent
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-
-m() { printf "%s\n" "$*"; "$@"; }
-
-
-lvs --noheadings -o vg_name,lv_name | while read -r vg lv; do
- if [[ ! $vg || ! $lv ]]; then
- continue
- fi
- if ! integritysetup dump /dev/$vg/$lv &>/dev/null; then
- continue
- fi
- int_name=integrity-$vg-$lv
- if integritysetup status $int_name &>/dev/null; then
- continue
- fi
- m integritysetup open --allow-discards /dev/$vg/$lv $int_name
-done
-
-awk '$1 !~ /^ *#/ {print $1}' /etc/crypttab | while read -r c; do
- m cryptdisks_start $c
-done
+++ /dev/null
-#!/bin/bash
-
-# usage: $0
-# this script is idempotent
-
-# warning: changes here may affect the close version of this script
-
-
-if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
-shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
-set -eE -o pipefail
-trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
-
-m() { printf "%s\n" "$*"; "$@"; }
-
-
-fs_file=/root/crypt-luks-keys-loopback
-mapper_name=crypt-luks-keys-loopback
-
-l=$(losetup -j $fs_file | sed -rn 's/^([^ ]+): .*/\1/p' | head -n1 ||:)
-if [[ $l ]]; then
- echo "$0: skipping losetup due to existing loopback: $l"
-else
- l=$(losetup -f)
- m losetup $l $fs_file
-fi
-if cryptsetup status /dev/mapper/$mapper_name &>/dev/null; then
- echo "$0: skipping cryptsetup due to existing /dev/mapper/$mapper_name"
-else
- if ! cryptsetup luksOpen $l $mapper_name; then
- echo "$0: error luksOpen failed. detaching loopback" >&2
- m losetup -d $l
- exit 1
- fi
-fi
-if mountpoint -q /dev/mapper/$mapper_name; then
- echo "$0: skipping mount /dev/mapper/$mapper_name /mnt2 due to existing mount"
-else
- m mount /dev/mapper/$mapper_name /mnt2
-fi
iankelling.org / git / automated-distro-installer / commitdiff