aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xshare/hydractl/provision125
1 files changed, 104 insertions, 21 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision
index 98e526f..0d11a73 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -20,10 +20,54 @@
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load
+# Create a logical volume
+function hydra_lvcreate {
+ local volume="$1"
+ local size="$2"
+
+ if [ -z "$volume" ] || [ "$size" == "0" ]; then
+ return
+ fi
+
+ if ! lvdisplay $vg/$volume &> /dev/null; then
+ echo "Creating logical volume $volume..."
+ hydra_safe_run lvcreate -L$size -n $volume $vg
+ fi
+}
+
+# Create a physical volume
+function hydra_create_volume {
+ local volume="$1"
+
+ if [ -z "$volume" ] || [ ! -b "/dev/$vg/$volume" ]; then
+ return
+ fi
+
+ if [ "$encrypt" == "y" ]; then
+ echo "Creating encrypted $volume device..."
+ hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/$volume
+ hydra_safe_run cryptsetup luksOpen /dev/$vg/$volume $volume
+ hydra_safe_run mkfs.ext4 /dev/mapper/debootstrap
+
+ if [ "$volume" == "root" ]; then
+ install_device="/dev/mapper/$volume"
+ fi
+ else
+ echo "Creating $volume device..."
+ mkfs.ext4 /dev/vg/$volume
+
+ if [ "$volume" == "root" ]; then
+ install_device="/dev/vg/$volume"
+ fi
+ fi
+}
+
# Setup.
hydra_user_input device /dev/sdb "Destination device"
hydra_user_input root_size 20G "Size of root partition"
hydra_user_input swap y "Use swap? (y/n)"
+hydra_user_input home_size 0 "Size of home partition (0 to not create it)"
+hydra_user_input var_size 0 "Size of var partition (0 to not create it)"
hydra_user_input encrypt y "Encrypt volumes? (y/n)"
hydra_user_input garbage y "Pre-fill volumes with garbage? (y/n)"
hydra_user_input hostname $HOSTNAME "Hostname"
@@ -84,17 +128,26 @@ if ! vgdisplay $vg &> /dev/null; then
hydra_safe_run vgcreate $vg $syst_device
fi
-if ! lvdisplay $vg/root &> /dev/null; then
- echo "Creating logical volume..."
- hydra_safe_run lvcreate -L$root_size -n root $vg
-fi
+hydra_lvcreate root $root_size
+hydra_lvcreate home $home_size
+hydra_lvcreate var $var_size
hydra_safe_run vgchange -a y $vg
# Garbage.
if [ "$garbage" == "y" ]; then
echo "Filling volumes with garbage..."
+
dd if=/dev/urandom of=/dev/$vg/root
+
+ if [ -b "/dev/$vg/home" ]; then
+ dd if=/dev/urandom of=/dev/$vg/home
+ fi
+
+ if [ -b "/dev/$vg/var" ]; then
+ dd if=/dev/urandom of=/dev/$vg/var
+ fi
+
if [ "$swap" == "y" ]; then
dd if=/dev/urandom of=$swap_device
fi
@@ -105,18 +158,10 @@ mkdir -p /tmp/debootstrap
umount /tmp/debootstrap/proc &> /dev/null
umount /tmp/debootstrap/dev &> /dev/null
-# Create root device.
-if [ "$encrypt" == "y" ]; then
- echo "Creating encrypted root device..."
- hydra_safe_run cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root
- hydra_safe_run cryptsetup luksOpen /dev/$vg/root root
- hydra_safe_run mkfs.ext4 /dev/mapper/debootstrap
- install_device="/dev/mapper/root"
-else
- echo "Creating root device..."
- mkfs.ext4 /dev/vg/root
- install_device="/dev/vg/root"
-fi
+# Create devices
+hydra_create_volume root
+hydra_create_volume home
+hydra_create_volume var
# Initial system install.
echo "Installing base system..."
@@ -152,18 +197,28 @@ chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools
# Crypttab.
echo "Configuring crypttab..."
-echo "" > /tmp/debootstrap/etc/crypttab
+echo "# <target name> <source device> <key file> <options>" > /tmp/debootstrap/etc/crypttab
if [ "$encrypt" == "y" ]; then
cat > /tmp/debootstrap/etc/crypttab <<-EOF
-# <target name> <source device> <key file> <options>
root /dev/mapper/vg-root none luks,cipher=aes-cbc-essiv:sha256
EOF
fi
+if [ "$home_size" != "0" ] && [ "$encrypt" == "y" ]; then
+ cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+home /dev/mapper/vg-home none luks,cipher=aes-cbc-essiv:sha256
+EOF
+fi
+
+if [ "$var_size" != "0" ] && [ "$encrypt" == "y" ]; then
+ cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+var /dev/mapper/vg-var none luks,cipher=aes-cbc-essiv:sha256
+EOF
+fi
+
if [ "$swap" == "y" ]; then
cat >> /tmp/debootstrap/etc/crypttab <<-EOF
-# <target name> <source device> <key file> <options>
cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256
EOF
fi
@@ -171,16 +226,44 @@ fi
# Fstab.
echo "Configuring fstab..."
echo "" > /tmp/debootstrap/etc/fstab
+if [ "$swap" == "y" ]; then
+ cat >> /tmp/debootstrap/etc/fstab <<-EOF
+/dev/mapper/cswap none swap sw 0 0
+EOF
+fi
+
if [ "$encrypt" == "y" ]; then
cat > /tmp/debootstrap/etc/fstab <<-EOF
/dev/mapper/root / ext4 defaults,errors=remount-ro 0 1
EOF
+else
+ cat > /tmp/debootstrap/etc/fstab <<-EOF
+/dev/vg/root / ext4 defaults,errors=remount-ro 0 1
+EOF
fi
-if [ "$swap" == "y" ]; then
+if [ "$home_size" != "0" ]; then
+ if [ "$encrypt" == "y" ]; then
+ cat >> /tmp/debootstrap/etc/fstab <<-EOF
+/dev/mapper/home /home ext4 defaults,errors=remount-ro 0 2
+EOF
+ else
cat >> /tmp/debootstrap/etc/fstab <<-EOF
-/dev/mapper/cswap none swap sw 0 0
+/dev/vg/home /home ext4 defaults,errors=remount-ro 0 2
EOF
+ fi
+fi
+
+if [ "$var_size" != "0" ]; then
+ if [ "$encrypt" == "y" ]; then
+ cat >> /tmp/debootstrap/etc/fstab <<-EOF
+/dev/mapper/var /var ext4 defaults,errors=remount-ro 0 2
+EOF
+ else
+ cat >> /tmp/debootstrap/etc/fstab <<-EOF
+/dev/vg/var /var ext4 defaults,errors=remount-ro 0 2
+EOF
+ fi
fi
# Grub.