diff options
-rwxr-xr-x | share/hydractl/provision | 125 |
1 files changed, 104 insertions, 21 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index 98e526f..0d11a73 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -20,10 +20,54 @@ source $APP_BASE/lib/hydra/functions || exit 1 hydra_config_load +# Create a logical volume +function hydra_lvcreate { + local volume="$1" + local size="$2" + + if [ -z "$volume" ] || [ "$size" == "0" ]; then + return + fi + + if ! lvdisplay $vg/$volume &> /dev/null; then + echo "Creating logical volume $volume..." + hydra_safe_run lvcreate -L$size -n $volume $vg + fi +} + +# Create a physical volume +function hydra_create_volume { + local volume="$1" + + if [ -z "$volume" ] || [ ! -b "/dev/$vg/$volume" ]; then + return + fi + + if [ "$encrypt" == "y" ]; then + echo "Creating encrypted $volume device..." + hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/$volume + hydra_safe_run cryptsetup luksOpen /dev/$vg/$volume $volume + hydra_safe_run mkfs.ext4 /dev/mapper/debootstrap + + if [ "$volume" == "root" ]; then + install_device="/dev/mapper/$volume" + fi + else + echo "Creating $volume device..." + mkfs.ext4 /dev/vg/$volume + + if [ "$volume" == "root" ]; then + install_device="/dev/vg/$volume" + fi + fi +} + # Setup. hydra_user_input device /dev/sdb "Destination device" hydra_user_input root_size 20G "Size of root partition" hydra_user_input swap y "Use swap? (y/n)" +hydra_user_input home_size 0 "Size of home partition (0 to not create it)" +hydra_user_input var_size 0 "Size of var partition (0 to not create it)" hydra_user_input encrypt y "Encrypt volumes? (y/n)" hydra_user_input garbage y "Pre-fill volumes with garbage? (y/n)" hydra_user_input hostname $HOSTNAME "Hostname" @@ -84,17 +128,26 @@ if ! vgdisplay $vg &> /dev/null; then hydra_safe_run vgcreate $vg $syst_device fi -if ! lvdisplay $vg/root &> /dev/null; then - echo "Creating logical volume..." - hydra_safe_run lvcreate -L$root_size -n root $vg -fi +hydra_lvcreate root $root_size +hydra_lvcreate home $home_size +hydra_lvcreate var $var_size hydra_safe_run vgchange -a y $vg # Garbage. if [ "$garbage" == "y" ]; then echo "Filling volumes with garbage..." + dd if=/dev/urandom of=/dev/$vg/root + + if [ -b "/dev/$vg/home" ]; then + dd if=/dev/urandom of=/dev/$vg/home + fi + + if [ -b "/dev/$vg/var" ]; then + dd if=/dev/urandom of=/dev/$vg/var + fi + if [ "$swap" == "y" ]; then dd if=/dev/urandom of=$swap_device fi @@ -105,18 +158,10 @@ mkdir -p /tmp/debootstrap umount /tmp/debootstrap/proc &> /dev/null umount /tmp/debootstrap/dev &> /dev/null -# Create root device. -if [ "$encrypt" == "y" ]; then - echo "Creating encrypted root device..." - hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root - hydra_safe_run cryptsetup luksOpen /dev/$vg/root root - hydra_safe_run mkfs.ext4 /dev/mapper/debootstrap - install_device="/dev/mapper/root" -else - echo "Creating root device..." - mkfs.ext4 /dev/vg/root - install_device="/dev/vg/root" -fi +# Create devices +hydra_create_volume root +hydra_create_volume home +hydra_create_volume var # Initial system install. echo "Installing base system..." @@ -152,18 +197,28 @@ chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools # Crypttab. echo "Configuring crypttab..." -echo "" > /tmp/debootstrap/etc/crypttab +echo "# <target name> <source device> <key file> <options>" > /tmp/debootstrap/etc/crypttab if [ "$encrypt" == "y" ]; then cat > /tmp/debootstrap/etc/crypttab <<-EOF -# <target name> <source device> <key file> <options> root /dev/mapper/vg-root none luks,cipher=aes-cbc-essiv:sha256 EOF fi +if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then + cat >> /tmp/debootstrap/etc/crypttab <<-EOF +home /dev/mapper/vg-home none luks,cipher=aes-cbc-essiv:sha256 +EOF +fi + +if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then + cat >> /tmp/debootstrap/etc/crypttab <<-EOF +var /dev/mapper/vg-var none luks,cipher=aes-cbc-essiv:sha256 +EOF +fi + if [ "$swap" == "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -# <target name> <source device> <key file> <options> cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256 EOF fi @@ -171,16 +226,44 @@ fi # Fstab. echo "Configuring fstab..." echo "" > /tmp/debootstrap/etc/fstab +if [ "$swap" == "y" ]; then + cat >> /tmp/debootstrap/etc/fstab <<-EOF +/dev/mapper/cswap none swap sw 0 0 +EOF +fi + if [ "$encrypt" == "y" ]; then cat > /tmp/debootstrap/etc/fstab <<-EOF /dev/mapper/root / ext4 defaults,errors=remount-ro 0 1 EOF +else + cat > /tmp/debootstrap/etc/fstab <<-EOF +/dev/vg/root / ext4 defaults,errors=remount-ro 0 1 +EOF fi -if [ "$swap" == "y" ]; then +if [ "$home_size" != "0" ]; then + if [ "$encrypt" == "y" ]; then + cat >> /tmp/debootstrap/etc/fstab <<-EOF +/dev/mapper/home /home ext4 defaults,errors=remount-ro 0 2 +EOF + else cat >> /tmp/debootstrap/etc/fstab <<-EOF -/dev/mapper/cswap none swap sw 0 0 +/dev/vg/home /home ext4 defaults,errors=remount-ro 0 2 EOF + fi +fi + +if [ "$var_size" != "0" ]; then + if [ "$encrypt" == "y" ]; then + cat >> /tmp/debootstrap/etc/fstab <<-EOF +/dev/mapper/var /var ext4 defaults,errors=remount-ro 0 2 +EOF + else + cat >> /tmp/debootstrap/etc/fstab <<-EOF +/dev/vg/var /var ext4 defaults,errors=remount-ro 0 2 +EOF + fi fi # Grub. |