#!/bin/bash # # System installer. # # Load source $APP_BASE/lib/hydra/functions || exit 1 hydra_config_load # Setup. hydra_read device /dev/sdb "Destination device" hydra_read garbage y "Pre-fill volumes with garbage? (y/n)" hydra_read hostname $HOSTNAME "Hostname" hydra_read domain example.com "Domain" hydra_read arch amd64 "System arch" hydra_read version lenny "Distro version" hydra_read vg vg "Temporary install vg" hydra_read grub n "Setup GRUB? (y/n)" # Warning. echo "" echo "Make sure you have chosen the right parameters" echo "and that $device has the needed partitions." echo "" echo "Press ENTER to continue, Ctrl-C to abort." read answer # Create volumes. echo "Creating the needed disk volumes..." pvcreate "$device"3 vgcreate $vg "$device"3 lvcreate -L20G -n root $vg vgchange -a y $vg # Garbage. if [ "$garbage" == "y" ]; then echo "Filling volumes with garbage..." dd if=/dev/urandom of=/dev/$vg/root dd if=/dev/urandom of="$device"1 fi # Create root device. echo "Creating root device..." cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root cryptsetup luksOpen /dev/$vg/root debootstrap mkfs.ext3 /dev/mapper/debootstrap # Initial system install. echo "Installing base system..." mkdir /tmp/debootstrap mount /dev/mapper/debootstrap /tmp/debootstrap/ debootstrap --arch=$arch $version /tmp/debootstrap/ # Initial configuration. echo "Applying initial configuration..." mount none -t proc /tmp/debootstrap/proc/ mount -o bind /dev/ /tmp/debootstrap/dev cp -L /etc/resolv.conf /tmp/debootstrap/etc echo $hostname.$domain > /tmp/debootstrap/etc/hostname echo "127.0.0.1 localhost $hostname $hostname.$domain" >> /tmp/debootstrap/etc/hosts echo LANG=C > /tmp/debootstrap/etc/default/locale # Initial upgrade. echo "Applying initial upgrades..." chroot /tmp/debootstrap/ apt-get update chroot /tmp/debootstrap/ apt-get upgrade chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools grub # Crypttab. echo "Configuring crypttab..." cat > /tmp/debootstrap/etc/crypttab <<-EOF # root /dev/mapper/vg-root none luks,cipher=aes-cbc-essiv:sha256 cswap "$device"1 /dev/random swap,cipher=aes-cbc-essiv:sha256 EOF # Fstab. echo "Configuring fstab..." cat > /tmp/debootstrap/etc/fstab <<-EOF /dev/mapper/cswap none swap sw 0 0 /dev/mapper/root / ext3 defaults,errors=remount-ro 0 1 EOF # Boot. echo "Boot device setup..." mkfs.ext3 "$device"2 mount "$device"2 /boot grub-install --no-floppy "$device" echo " "$device"2 /boot ext3 defaults,errors=remount-ro 0 2" >> /tmp/debootstrap/etc/fstab # Grub. if [ "$grub" == "y" ]; then echo "Setting up GRUB..." mkdir -p /tmp/debootstrap/boot/grub/ cat /tmp/debootstrap/boot/grub/menu.lst <<-EOF title $hostname (hd0) root (hd0,1) kernel /vmlinuz-2.6.26-2-vserver-amd64 root=/dev/mapper/root ro quiet rootdelay=10 initrd /initrd.img-2.6.26-2-vserver-amd64 title $hostname (hd0) (single) root (hd0,1) kernel /vmlinuz-2.6.26-2-vserver-amd64 root=/dev/mapper/root ro single rootdelay=10 initrd /initrd.img-2.6.26-2-vserver-amd64 EOF fi # Kernel. echo "Installing kernel..." cat > /tmp/debootstrap/boot/grub/etc/initramfs-tools/modules <<-EOF dm-mod dm-crypt aes twofish sha256 EOF cat > /tmp/debootstrap/etc/kernel-img.conf <<-EOF do_initrd = Yes EOF if [ "$arch" == "i386" ]; then kernel_arch="686" else kernel_arch="$arch" fi chroot /tmp/debootstrap apt-get install linux-image-2.6-vserver-$kernel_arch # Initramfs. echo "Creating initramfs..." chroot /tmp/debootstrap update-initramfs -v -u # Utils. echo "Installing basic utilities..." chroot /tmp/debootstrap apt-get install screen cron lsb-release openssl # Ssh. echo "Installing OpenSSH daemon..." chroot /tmp/debootstrap apt-get install openssh-server echo "OpenSSH fingerprints:" chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub chroot /tmp/debootstrap ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub # Accounts. echo "Installing sudo..." chroot /tmp/debootstrap apt-get install sudo echo "Choose a root password." chroot /tmp/debootstrap passwd root # Final steps: # Create an user account with sudo privileges. # Network setup.