xenophonf/install.sh

## install.sh
#!/usr/bin/env bash

set -x

FQDN=$1
DISK=$2
IFACE=$3

HOSTNAME=$(echo ${FQDN} | sed -e 's/\..*//')

apt-add-repository universe
apt update

apt install --yes debootstrap gdisk zfs-initramfs

sgdisk --zap-all $DISK

sgdisk -a1 -n2:34:2047  -t2:EF02 $DISK
sgdisk     -n3:1M:+512M -t3:EF00 $DISK

sgdisk     -n4:0:+512M  -t4:8300 $DISK
sgdisk     -n1:0:0      -t1:8300 $DISK

cryptsetup luksFormat -c aes-xts-plain64 -s 256 -h sha256 $DISK-part1
cryptsetup luksOpen $DISK-part1 luks1
zpool create -o ashift=12 -O atime=off -O canmount=off \
             -O compression=lz4 -O normalization=formD \
             -O mountpoint=/ -R /mnt rpool /dev/mapper/luks1

zfs create -o canmount=off -o mountpoint=none rpool/ROOT

zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/ubuntu
zfs mount rpool/ROOT/ubuntu

zfs create                 -o setuid=off              rpool/home
zfs create -o mountpoint=/root                        rpool/home/root
zfs create -o canmount=off -o setuid=off  -o exec=off rpool/var
zfs create -o com.sun:auto-snapshot=false             rpool/var/cache
zfs create -o acltype=posixacl -o xattr=sa            rpool/var/log
zfs create                                            rpool/var/spool
zfs create -o com.sun:auto-snapshot=false -o exec=on  rpool/var/tmp
zfs create                                            rpool/srv
zfs create                                            rpool/var/games
zfs create                                            rpool/var/mail
zfs create -o com.sun:auto-snapshot=false \
           -o mountpoint=/var/lib/nfs                 rpool/var/nfs

mke2fs -t ext2 $DISK-part4
mkdir /mnt/boot
mount $DISK-part4 /mnt/boot

chmod 1777 /mnt/var/tmp
debootstrap bionic /mnt
zfs set devices=off rpool

echo $HOSTNAME > /mnt/etc/hostname
echo 127.0.1.1 $FQDN $HOSTNAME >> /mnt/etc/hosts

cat > /mnt/etc/netplan/$IFACE.yaml <<EOF
network:
  version: 2
  ethernets:
    $IFACE:
      dhcp4: true
EOF

cat > /mnt/etc/apt/sources.list <<EOF
deb http://archive.ubuntu.com/ubuntu bionic main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu bionic main universe restricted multiverse

deb http://security.ubuntu.com/ubuntu bionic-security main universe restricted multiverse
deb-src http://security.ubuntu.com/ubuntu bionic-security main universe restricted multiverse

deb http://archive.ubuntu.com/ubuntu bionic-updates main universe restricted multiverse
deb http://archive.ubuntu.com/ubuntu bionic-backports main universe restricted multiverse
deb-src http://archive.ubuntu.com/ubuntu bionic-updates main universe restricted multiverse
EOF

mount --rbind /dev  /mnt/dev
mount --rbind /proc /mnt/proc
mount --rbind /sys  /mnt/sys

cp post-install.sh /mnt
chroot /mnt /bin/bash --login post-install.sh $DISK

mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | xargs -i{} umount -lf {}
zpool export rpool

## post-install.sh
#!/usr/bin/env bash

set -x

DISK=$1

ln -s /proc/self/mounts /etc/mtab
apt update

apt install --yes locales
dpkg-reconfigure locales

dpkg-reconfigure tzdata

apt install --yes --no-install-recommends linux-image-generic
apt install --yes zfs-initramfs

echo UUID=$(blkid -s UUID -o value $DISK-part4) \
     /boot ext2 defaults 0 2 >> /etc/fstab

apt install --yes cryptsetup

echo luks1 UUID=$(blkid -s UUID -o value $DISK-part1) \
     none luks,discard,initramfs > /etc/crypttab

apt install --yes grub-pc

apt install dosfstools
mkdosfs -F 32 -n EFI $DISK-part3
mkdir /boot/efi
echo PARTUUID=$(blkid -s PARTUUID -o value $DISK-part3) \
     /boot/efi vfat nofail,x-systemd.device-timeout=1 0 2 >> /etc/fstab
mount /boot/efi

addgroup --system lpadmin
addgroup --system sambashare

passwd

zfs set mountpoint=legacy rpool/var/log
zfs set mountpoint=legacy rpool/var/tmp
cat >> /etc/fstab << EOF
rpool/var/log /var/log zfs defaults 0 0
rpool/var/tmp /var/tmp zfs defaults 0 0
EOF

grub-probe / | fgrep zfs > /dev/null && echo grub-probe: recognized ZFS

update-initramfs -c -k all

update-grub

grub-install $DISK

ls /boot/grub/*/zfs.mod > /dev/null && echo grub: ZFS module installed

zfs snapshot rpool/ROOT/ubuntu@install
	#!/usr/bin/env bash

	set -x

	FQDN=$1
	DISK=$2
	IFACE=$3

	HOSTNAME=$(echo ${FQDN} \| sed -e 's/\..*//')

	apt-add-repository universe
	apt update

	apt install --yes debootstrap gdisk zfs-initramfs

	sgdisk --zap-all $DISK

	sgdisk -a1 -n2:34:2047 -t2:EF02 $DISK
	sgdisk -n3:1M:+512M -t3:EF00 $DISK

	sgdisk -n4:0:+512M -t4:8300 $DISK
	sgdisk -n1:0:0 -t1:8300 $DISK

	cryptsetup luksFormat -c aes-xts-plain64 -s 256 -h sha256 $DISK-part1
	cryptsetup luksOpen $DISK-part1 luks1
	zpool create -o ashift=12 -O atime=off -O canmount=off \
	-O compression=lz4 -O normalization=formD \
	-O mountpoint=/ -R /mnt rpool /dev/mapper/luks1

	zfs create -o canmount=off -o mountpoint=none rpool/ROOT

	zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/ubuntu
	zfs mount rpool/ROOT/ubuntu

	zfs create -o setuid=off rpool/home
	zfs create -o mountpoint=/root rpool/home/root
	zfs create -o canmount=off -o setuid=off -o exec=off rpool/var
	zfs create -o com.sun:auto-snapshot=false rpool/var/cache
	zfs create -o acltype=posixacl -o xattr=sa rpool/var/log
	zfs create rpool/var/spool
	zfs create -o com.sun:auto-snapshot=false -o exec=on rpool/var/tmp
	zfs create rpool/srv
	zfs create rpool/var/games
	zfs create rpool/var/mail
	zfs create -o com.sun:auto-snapshot=false \
	-o mountpoint=/var/lib/nfs rpool/var/nfs

	mke2fs -t ext2 $DISK-part4
	mkdir /mnt/boot
	mount $DISK-part4 /mnt/boot

	chmod 1777 /mnt/var/tmp
	debootstrap bionic /mnt
	zfs set devices=off rpool

	echo $HOSTNAME > /mnt/etc/hostname
	echo 127.0.1.1 $FQDN $HOSTNAME >> /mnt/etc/hosts

	cat > /mnt/etc/netplan/$IFACE.yaml <<EOF
	network:
	version: 2
	ethernets:
	$IFACE:
	dhcp4: true
	EOF

	cat > /mnt/etc/apt/sources.list <<EOF
	deb http://archive.ubuntu.com/ubuntu bionic main universe restricted multiverse
	deb-src http://archive.ubuntu.com/ubuntu bionic main universe restricted multiverse

	deb http://security.ubuntu.com/ubuntu bionic-security main universe restricted multiverse
	deb-src http://security.ubuntu.com/ubuntu bionic-security main universe restricted multiverse

	deb http://archive.ubuntu.com/ubuntu bionic-updates main universe restricted multiverse
	deb http://archive.ubuntu.com/ubuntu bionic-backports main universe restricted multiverse
	deb-src http://archive.ubuntu.com/ubuntu bionic-updates main universe restricted multiverse
	EOF

	mount --rbind /dev /mnt/dev
	mount --rbind /proc /mnt/proc
	mount --rbind /sys /mnt/sys

	cp post-install.sh /mnt
	chroot /mnt /bin/bash --login post-install.sh $DISK

	mount \| grep -v zfs \| tac \| awk '/\/mnt/ {print $3}' \| xargs -i{} umount -lf {}
	zpool export rpool
	#!/usr/bin/env bash

	set -x

	DISK=$1

	ln -s /proc/self/mounts /etc/mtab
	apt update

	apt install --yes locales
	dpkg-reconfigure locales

	dpkg-reconfigure tzdata

	apt install --yes --no-install-recommends linux-image-generic
	apt install --yes zfs-initramfs

	echo UUID=$(blkid -s UUID -o value $DISK-part4) \
	/boot ext2 defaults 0 2 >> /etc/fstab

	apt install --yes cryptsetup

	echo luks1 UUID=$(blkid -s UUID -o value $DISK-part1) \
	none luks,discard,initramfs > /etc/crypttab

	apt install --yes grub-pc

	apt install dosfstools
	mkdosfs -F 32 -n EFI $DISK-part3
	mkdir /boot/efi
	echo PARTUUID=$(blkid -s PARTUUID -o value $DISK-part3) \
	/boot/efi vfat nofail,x-systemd.device-timeout=1 0 2 >> /etc/fstab
	mount /boot/efi

	addgroup --system lpadmin
	addgroup --system sambashare

	passwd

	zfs set mountpoint=legacy rpool/var/log
	zfs set mountpoint=legacy rpool/var/tmp
	cat >> /etc/fstab << EOF
	rpool/var/log /var/log zfs defaults 0 0
	rpool/var/tmp /var/tmp zfs defaults 0 0
	EOF

	grub-probe / \| fgrep zfs > /dev/null && echo grub-probe: recognized ZFS

	update-initramfs -c -k all

	update-grub

	grub-install $DISK

	ls /boot/grub/*/zfs.mod > /dev/null && echo grub: ZFS module installed

	zfs snapshot rpool/ROOT/ubuntu@install