Last active
January 1, 2016 16:49
-
-
Save idueppe/8173364 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export LANG="C" | |
| TARGET_HOSTNAME="labs" | |
| TARGET_DOMAIN="fritz.box" | |
| TARGET_IPADDR="192.168.123.80" | |
| TARGET_NETMASK="255.255.255.0" | |
| TARGET_GATEWAY="192.168.123.1" | |
| TARGET_BROADCAST="192.168.123.255" | |
| DEFAULT_NAMESERVER="192.168.123.1" | |
| DEBOOTSTRAP_VERSION="1.0.56" | |
| #INITIAL_ROOT_PASSWORD="masterkey" | |
| clear | |
| function hint { | |
| echo -e "\e[92mSTART: $@ \e[39m" | |
| # read | |
| } | |
| function wait_for_key { | |
| echo "" | |
| echo -e "\e[92mDONE: Press key to continue \e[39m" | |
| # read | |
| } | |
| # setup install needed packages | |
| hint "installing needed packages" | |
| #apt-get -y update | |
| apt-get -y install cryptsetup lvm2 mdadm debootstrap build-essential | |
| #wait_for_key | |
| # delete devices | |
| hint "delete devices" | |
| dd if=/dev/zero of=/dev/sda bs=65336 count=100 | |
| dd if=/dev/zero of=/dev/sdb bs=65336 count=100 | |
| #wait_for_key | |
| # setup install needed packages | |
| hint "installing needed packages" | |
| parted /dev/sda unit compact | |
| parted /dev/sda mklabel msdos | |
| parted /dev/sda mkpart primary 4 1000 | |
| parted /dev/sda mkpart primary 1002 10700 | |
| parted /dev/sda set 1 boot on | |
| parted /dev/sda set 1 raid on | |
| parted /dev/sda set 2 raid on | |
| parted /dev/sdb unit compact | |
| parted /dev/sdb mklabel msdos | |
| parted /dev/sdb mkpart primary 4 1000 | |
| parted /dev/sdb mkpart primary 1002 10700 | |
| parted /dev/sdb set 1 boot on | |
| parted /dev/sdb set 1 raid on | |
| parted /dev/sdb set 2 raid on | |
| parted /dev/sda p | |
| parted /dev/sdb p | |
| wait_for_key | |
| # setup raid | |
| hint "setting up raid" | |
| mdadm --create -f --metadata=1.2 -n 2 -l 1 /dev/md1 /dev/sda2 /dev/sdb2 | |
| mdadm --create -f --metadata=1.2 -n 2 -l 1 /dev/md0 /dev/sda1 /dev/sdb1 | |
| cat /proc/mdstat | |
| wait_for_key | |
| # setup bootpartition | |
| hint "setting up boot partition" | |
| mkfs.ext3 /dev/md0 | |
| wait_for_key | |
| #setup encryp partition | |
| #hint "setting up encryption" | |
| #cryptsetup -c aes-cdc-essiv:sha256 -s 256 -y luksFormat /dev/md2 | |
| #cryptsetup luksFormat /dev/md2 | |
| #wait_for_key | |
| #open luks drive | |
| hint "open luks drive and creating lvm" | |
| #cryptsetup luksOpen /dev/md2 decrypt | |
| #pvcreate /dev/mapper/decrypt | |
| #vgcreate vg_encrypted /dev/mapper/decrypt | |
| pvcreate /dev/md1 | |
| vgcreate vg1 /dev/md1 | |
| #lvcreate -L 2G -n crypt_swap vg1 | |
| #lvcreate -L 7G -n crypt_root vg1 | |
| lvcreate -L 2G -n swap vg1 | |
| lvcreate -L 7G -n root vg1 | |
| cryptsetup luksFormat /dev/vg1/swap | |
| cryptsetup luksFormat /dev/vg1/root | |
| cryptsetup luksOpen /dev/vg1/swap crypt_swap | |
| cryptsetup luksOpen /dev/vg1/root crypt_root | |
| mkswap /dev/mapper/crypt_swap | |
| mkfs.ext3 /dev/mapper/crypt_root | |
| wait_for_key | |
| #mounting filesystem | |
| hint "mounting filesystem stage 1" | |
| mkdir -vp /ubuntu | |
| mount -v /dev/mapper/crypt_root /ubuntu | |
| mkdir -vp /ubuntu/tmp | |
| mkdir -vp /ubuntu/var | |
| mkdir -vp /ubuntu/home | |
| mkdir -vp /ubuntu/boot | |
| mkdir -vp /ubuntu/boot | |
| mount -v ext3 /dev/md0 /ubuntu/boot | |
| wait_for_key | |
| # downloading and install debootstrap | |
| hint "installing debootstrap" | |
| wget http://archive.ubuntu.com/ubuntu/pool/main/d/debootstrap/debootstrap_${DEBOOTSTRAP_VERSION}_all.deb | |
| dpkg -i debootstrap_${DEBOOTSTRAP_VERSION}_all.deb | |
| rm debootstrap_*.deb | |
| wait_for_key | |
| # running debootstrap | |
| hint "running debootstrap" | |
| debootstrap --arch amd64 --components=main,restricted,universe,multiverse --verbose precise /ubuntu http://archive.ubuntu.com/ubuntu/ | |
| wait_for_key | |
| #mounting filesystem | |
| hint "mounting filesystem stage 2" | |
| mkdir -vp /ubuntu/dev | |
| mkdir -vp /ubuntu/sys | |
| mkdir -vp /ubuntu/proc | |
| mount -v --rbind /dev /ubuntu/dev | |
| mount -v --rbind /proc /ubuntu/proc | |
| mount -v --rbind /sys /ubuntu/sys | |
| wait_for_key | |
| # configure /etc/fstab | |
| hint "writing fstab" | |
| UUID_BOOT_PARTITION=$(blkid /dev/md0 | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
| UUID_SWAP_PARTITION=$(blkid /dev/mapper/crypt_swap | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
| UUID_ROOT_PARTITION=$(blkid /dev/mapper/crypt_root | sed -n 's/.*UUID=\"\([^\"]*\)\".*/\1/p') | |
| cat >/ubuntu/etc/fstab <<EOF | |
| # <file system> <mount point> <type> <options> <dump> <pass> | |
| proc /proc proc defaults 0 0 | |
| none /dev/pts devpts gid=5,mode=620 0 0 | |
| #sys /sys sysfs nodev,noexec,nosuid 0 0 | |
| #UUID=${UUID_ROOT_PARTITION} / ext4 defaults 0 0 | |
| /dev/mapper/crypt_root / ext4 defaults 0 1 | |
| UUID=${UUID_BOOT_PARTITION} /boot ext3 defaults 0 1 | |
| #UUID=${UUID_SWAP_PARTITION} none swap sw 0 0 | |
| /dev/mapper/crypt_swap none swap sw 0 0 | |
| EOF | |
| cat /ubuntu/etc/fstab | |
| chroot /ubuntu /bin/bash -c "grep -v swap /etc/fstab >/etc/mtab" | |
| wait_for_key | |
| # configure networking | |
| hint "configure /etc/network/interfaces" | |
| cat >/ubuntu/etc/network/interfaces <<EOF | |
| # Loopback device: | |
| auto lo | |
| iface lo inet loopback | |
| ## device: eth0 | |
| auto eth0 | |
| iface eth0 inet static | |
| address ${TARGET_IPADDR} | |
| netmask ${TARGET_NETMASK} | |
| gateway ${TARGET_GATEWAY} | |
| broadcast ${TARGET_BROADCAST} | |
| EOF | |
| cat /ubuntu/etc/network/interfaces | |
| hint "configure /etc/hostname" | |
| echo "${TARGET_HOSTNAME}" >/ubuntu/etc/hostname | |
| cat >/ubuntu/etc/hosts <<EOF | |
| 127.0.0.1 localhost | |
| ${TARGET_IPADDR} ${TARGET_HOSTNAME}.${TARGET_DOMAIN} ${TARGET_HOSTNAME} | |
| # The following lines are desirable for IPv6 capable hosts | |
| ::1 ip6-localhost ip6-loopback | |
| fe00::0 ip6-localnet | |
| ff00::0 ip6-mcastprefix | |
| ff02::1 ip6-allnodes | |
| ff02::2 ip6-allrouters | |
| EOF | |
| wait_for_key | |
| hint "configure name server" | |
| cat >/ubuntu/etc/resolvconf/resolv.conf.d/base<<EOF | |
| nameserver ${DEFAULT_NAMESERVER} | |
| EOF | |
| wait_for_key | |
| # configure /etc/crypttable | |
| hint "configure /etc/crypttable" | |
| UUID_LUKS_SWAP_DEV=$(cryptsetup luksUUID /dev/vg1/swap) | |
| UUID_LUKS_ROOT_DEV=$(cryptsetup luksUUID /dev/vg1/root) | |
| cat >/ubuntu/etc/crypttab <<EOF | |
| # <target name> <source device> <key file> <options> | |
| crypt_swap UUID=${UUID_LUKS_SWAP_DEV} none luks | |
| crypt_root UUID=${UUID_LUKS_ROOT_DEV} none luks | |
| EOF | |
| cat /ubuntu/etc/crypttab | |
| wait_for_key | |
| # install missing packages | |
| hint "configure sources.list" | |
| cp -f /ubuntu/etc/apt/sources.list /ubuntu/etc/apt/sources.list.orig | |
| cat >/ubuntu/etc/apt/sources.list <<EOF | |
| #deb http://mirror.hetzner.de/ubuntu/packages precise main restricted universe multiverse | |
| #deb http://mirror.hetzner.de/ubuntu/packages precise-backports main restricted universe multiverse | |
| #deb http://mirror.hetzner.de/ubuntu/packages precise-updates main restricted universe multiverse | |
| #deb http://mirror.hetzner.de/ubuntu/security precise-security main restricted universe multiverse | |
| #deb http://ppa.launchpad.net/spuzirev/grub2/ubuntu precise main | |
| #deb-src http://ppa.launchpad.net/spuzirev/grub2/ubuntu precise main | |
| deb http://archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse | |
| #deb-src http://archive.ubuntu.com/ubuntu/ precise main restricted universe multiverse | |
| deb http://archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse | |
| #deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main restricted universe multiverse | |
| #deb http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse | |
| #deb-src http://archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse | |
| deb http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse | |
| #deb-src http://security.ubuntu.com/ubuntu precise-security main restricted universe multiverse | |
| EOF | |
| wait_for_key | |
| #chroot /ubuntu /bin/bash -c | |
| hint "updating locale" | |
| chroot /ubuntu locale-gen de_De.UTF-8 | |
| chroot /ubuntu update-locale LANG=de_DE.UTF-8 | |
| wait_for_key | |
| # install essential packages | |
| hint "install essential packages 1" | |
| chroot /ubuntu /bin/bash -c "apt-get -y update" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install tzdata" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install lvm2" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install mdadm" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install cryptsetup" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install initramfs-tools" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install python-software-properties" | |
| wait_for_key | |
| # copy mdadm.conf | |
| hint "creating new mdadm.conf to new system" | |
| mkdir -p /ubuntu/etc/mdadm | |
| chroot /ubuntu /bin/bash -c "/usr/share/mdadm/mkconf >/etc/mdadm/mdadm.conf" | |
| wait_for_key | |
| # install linux-image-generic | |
| hint "install linux image generic" | |
| chroot /ubuntu /bin/bash -c "apt-get -y update" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install grub-pc" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install linux-image-3.8.0-34-generic" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install linux-image-generic" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install linux-server" | |
| wait_for_key | |
| # install grub install | |
| hint "installing grub" | |
| chroot /ubuntu /bin/bash -c "grub-install --recheck /dev/sda" | |
| chroot /ubuntu /bin/bash -c "grub-install --recheck /dev/sdb" | |
| chroot /ubuntu /bin/bash -c "update-initramfs -u -k all" | |
| wait_for_key | |
| # install essential packages | |
| hint "install essential packages 2" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install language-pack-en-base" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install language-pack-de-base" | |
| chroot /ubuntu /bin/bash -c "dpkg-reconfigure tzdata" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install openssh-server" | |
| chroot /ubuntu /bin/bash -c "apt-get -y install ubuntu-standard" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install busybox" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install aptitude" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y openssh-server" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install busybox" | |
| #chroot /ubuntu /bin/bash -c "apt-get -y install dropbear" | |
| wait_for_key | |
| # configure luks boot | |
| #hint "configure luks boot" | |
| #chroot /ubuntu /bin/bash -c "echo \"dm-crypt\" >> /etc/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"aes\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"aes_i586\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"aes_x86_64\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"aes_generic\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"dm-crypt\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"dm-mod\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"sha256\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"sha256_generic\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"lrw\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"xts\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"crypto_blkcipher\" >> /etc/initramfs-tools/modules" | |
| #chroot /ubuntu /bin/bash -c "echo \"gf128mul\" >> /etc/initramfs-tools/modules" | |
| wait_for_key | |
| # add new user | |
| hint "adding default user" | |
| chroot /ubuntu /bin/bash -c "adduser idueppe" | |
| chroot /ubuntu /bin/bash -c "gpasswd -a idueppe sudo" | |
| chroot /ubuntu /bin/bash -c "mkdir -p /home/idueppe/.ssh" | |
| chroot /ubuntu /bin/bash -c "chown idueppe:idueppe /home/idueppe/.ssh" | |
| cp /home/ubuntu/.ssh/authorized_keys /ubuntu/home/idueppe/.ssh | |
| chroot /ubuntu /bin/bash -c "chown idueppe:idueppe /home/idueppe/.ssh/authorized_keys" | |
| wait_for_key | |
| # remove warning during booting | |
| hint "blacklist device for vmware fusion guest systems" | |
| chroot /ubuntu /bin/bash -c "echo \"blacklist i2c_piix4\" >> /etc/modprobe.d/blacklist.conf" | |
| wait_for_key | |
| # updating grub | |
| hint "updating grub configuration" | |
| cat >/ubuntu/etc/default/grub <<EOF | |
| # If you change this file, run 'update-grub' afterwards to update | |
| # /boot/grub/grub.cfg. | |
| # For full documentation of the options in this file, see: | |
| # info -f grub -n 'Simple configuration' | |
| GRUB_DEFAULT=0 | |
| #GRUB_HIDDEN_TIMEOUT=0 | |
| GRUB_HIDDEN_TIMEOUT_QUIET=true | |
| #GRUB_TIMEOUT=5 | |
| GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\` | |
| GRUB_CMDLINE_LINUX_DEFAULT="nomodeset" | |
| GRUB_CMDLINE_LINUX="bootdegraded=true" | |
| # Uncomment to enable BadRAM filtering, modify to suit your needs | |
| # This works with Linux (no patch required) and with any kernel that obtains | |
| # the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...) | |
| #GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef" | |
| # Uncomment to disable graphical terminal (grub-pc only) | |
| GRUB_TERMINAL=console | |
| # The resolution used on graphical terminal | |
| # note that you can use only modes which your graphic card supports via VBE | |
| # you can see them in real GRUB with the command \`vbeinfo' | |
| #GRUB_GFXMODE=640x480 | |
| # Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux | |
| #GRUB_DISABLE_LINUX_UUID=true | |
| # Uncomment to disable generation of recovery mode menu entries | |
| #GRUB_DISABLE_RECOVERY="true" | |
| # Uncomment to get a beep at grub start | |
| #GRUB_INIT_TUNE="480 440 1" | |
| GRUB_VIDEO_BACKEND="vga" | |
| GRUB_GFXPAYLOAD_LINUX="text" | |
| EOF | |
| # update initramfs | |
| #hint "updating initramfs" | |
| #chroot /ubuntu /bin/bash -c "modprobe dm-mod" | |
| #chroot /ubuntu /bin/bash -c "update-initramfs -u -k all" | |
| wait_for_key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment