initial commit
This commit is contained in:
tumillanino
57
examples/os-installer-config-arkdep/scripts/configure.sh
Normal file
57
examples/os-installer-config-arkdep/scripts/configure.sh
Normal file
@@ -0,0 +1,57 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o pipefail
|
||||
|
||||
## Set common variables
|
||||
#
|
||||
# Commonly used variables
|
||||
declare -r workdir='/mnt'
|
||||
declare -r osidir='/etc/os-installer'
|
||||
declare -r scriptsdir="$osidir/scripts/configure.sh.d"
|
||||
|
||||
# Get target disk UUID
|
||||
if [[ $OSI_DEVICE_IS_PARTITION -ne 0 ]]; then
|
||||
declare -r uuid=$(sudo blkid -o value -s UUID ${OSI_DEVICE_PATH})
|
||||
elif [[ $OSI_DEVICE_PATH == *"nvme"*"n"* ]]; then
|
||||
declare -r uuid=$(sudo blkid -o value -s UUID ${OSI_DEVICE_PATH}p2)
|
||||
else
|
||||
declare -r uuid=$(sudo blkid -o value -s UUID ${OSI_DEVICE_PATH}2)
|
||||
fi
|
||||
|
||||
# User can provide full name as input, if they do only the first word will be used as username
|
||||
# OSI_USER_NAME is still used in the account comments
|
||||
declare firstname=($OSI_USER_NAME)
|
||||
firstname=${firstname[0]}
|
||||
|
||||
## Set common functions
|
||||
#
|
||||
# Quit script with error if called
|
||||
quit_on_err () {
|
||||
if [[ -n $1 ]]; then
|
||||
printf "$1\n"
|
||||
fi
|
||||
|
||||
# Ensure console prints error
|
||||
sleep 2
|
||||
|
||||
exit 1
|
||||
}
|
||||
|
||||
## Execute scripts
|
||||
#
|
||||
# Get list of all child scripts
|
||||
declare -r scripts=($(ls $scriptsdir))
|
||||
|
||||
# Loop and run install scripts
|
||||
for script in ${scripts[@]}; do
|
||||
printf "Now running $script\n"
|
||||
source $scriptsdir/$script
|
||||
done
|
||||
|
||||
## Cleanup and finish
|
||||
#
|
||||
# Ensure synced and umount
|
||||
sync
|
||||
sudo umount -R /mnt
|
||||
|
||||
exit 0
|
||||
@@ -0,0 +1,27 @@
|
||||
# Ensure user is in sudo group
|
||||
for group in $(groups); do
|
||||
if [[ $group == 'wheel' || $group == 'sudo' ]]; then
|
||||
declare -ri sudo_ok=1
|
||||
fi
|
||||
done
|
||||
|
||||
# If user is not in sudo group notify and exit with error
|
||||
if [[ ! -n $sudo_ok ]]; then
|
||||
quit_on_err 'The current user is not a member of either the sudo or wheel group, this os-installer configuration requires sudo permissions'
|
||||
fi
|
||||
|
||||
# Ensure all expected osi variables are set
|
||||
[[ -z ${OSI_LOCALE+x} ]] && quit_on_err 'OSI_LOCALE not set'
|
||||
[[ -z ${OSI_DEVICE_PATH+x} ]] && quit_on_err 'OSI_DEVICE_PATH not set'
|
||||
[[ -z ${OSI_DEVICE_IS_PARTITION+x} ]] && quit_on_err 'OSI_DEVICE_OS_PARTITION is not set'
|
||||
[[ -z ${OSI_DEVICE_EFI_PARTITION+x} ]] && quit_on_err 'OSI_DEVICE_EFI_PARTITION is not set'
|
||||
[[ -z ${OSI_USE_ENCRYPTION+x} ]] && quit_on_err 'OSI_USE_ENCRYPTION is not set'
|
||||
[[ -z ${OSI_ENCRYPTION_PIN+x} ]] && quit_on_err 'OSI_ENCRYPT_PIN is not set'
|
||||
[[ -z ${OSI_USER_NAME+x} ]] && quit_on_err 'OSI_USER_NAME is not set'
|
||||
[[ -z ${OSI_USER_AUTOLOGIN+x} ]] && quit_on_err 'OSI_USER_AUTOLOGIN is not set'
|
||||
[[ -z ${OSI_USER_PASSWORD+x} ]] && quit_on_err 'OSI_USER_PASSWORD is not set'
|
||||
[[ -z ${OSI_FORMATS+x} ]] && quit_on_err 'OSI_FORMATS is not set'
|
||||
[[ -z ${OSI_TIMEZONE+x} ]] && quit_on_err 'OSI_TIMEZONE is not set'
|
||||
[[ -z ${OSI_ADDITIONAL_SOFTWARE+x} ]] && quit_on_err 'OSI_ADDITIONAL_SOFTWARE is not set'
|
||||
[[ -z ${OSI_ADDITIONAL_FEATURES+x} ]] && quit_on_err 'OSI_ADDITIONAL_FEATURES is not set'
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
# Write overlay_arkdep
|
||||
for f in $(ls $osidir/overlay_arkdep/); do
|
||||
sudo cp -rv $osidir/overlay_arkdep/$f $workdir/arkdep/overlay/
|
||||
done
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
# Add GPG trusted keys to install
|
||||
sudo cp -v $osidir/bits/trusted-keys $workdir/arkdep/keys/
|
||||
@@ -0,0 +1,19 @@
|
||||
# Set custom keymap, very hacky but it gets the job done
|
||||
declare -r current_keymap=$(gsettings get org.gnome.desktop.input-sources sources)
|
||||
sudo mkdir -p $workdir/arkdep/overlay/etc/dconf/db/local.d
|
||||
printf "[org/gnome/desktop/input-sources]\nsources = $current_keymap\n" |
|
||||
sudo tee $workdir/arkdep/overlay/etc/dconf/db/local.d/keymap ||
|
||||
quit_on_err 'Failed to set dconf keymap'
|
||||
|
||||
# Attempt to set vconsole keymap
|
||||
data=${current_keymap#*(}
|
||||
data=${data%%)*}
|
||||
data=${data#*,}
|
||||
data=${data//\'}
|
||||
data=${data%%+*}
|
||||
|
||||
sudo localectl set-keymap $data
|
||||
localctl_exit_code=$?
|
||||
|
||||
[[ $localctl_exit_code -ne 0 ]] && printf 'Failed to detect keymap, vconsole will default to US international'
|
||||
[[ $localctl_exit_code -eq 0 ]] && sudo cp /etc/vconsole.conf $workdir/arkdep/overlay/etc/vconsole.conf
|
||||
@@ -0,0 +1,23 @@
|
||||
# The kernel parameters have to be configured differently based upon if the
|
||||
# user opted for disk encryption or not
|
||||
if [[ $OSI_USE_ENCRYPTION == 1 ]]; then
|
||||
# Overwrite default Arkdep systemd-boot template
|
||||
cat <<- END | sudo tee $workdir/arkdep/templates/systemd-boot
|
||||
title Arkane GNU/Linux - Arkdep
|
||||
linux /arkdep/%target%/vmlinuz
|
||||
initrd /amd-ucode.img
|
||||
initrd /intel-ucode.img
|
||||
initrd /arkdep/%target%/initramfs-linux.img
|
||||
options rd.auto=0 rd.luks.name=$uuid=arkane_root root=/dev/mapper/arkane_root rootflags=subvol=/arkdep/deployments/%target%/rootfs lsm=landlock,lockdown,yama,integrity,apparmor,bpf quiet splash loglevel=3 systemd.show_status=auto rd.udev.log_level=3 rw
|
||||
END
|
||||
else
|
||||
# Overwrite default Arkdep systemd-boot template
|
||||
cat <<- END | sudo tee $workdir/arkdep/templates/systemd-boot
|
||||
title Arkane GNU/Linux - Arkdep
|
||||
linux /arkdep/%target%/vmlinuz
|
||||
initrd /amd-ucode.img
|
||||
initrd /intel-ucode.img
|
||||
initrd /arkdep/%target%/initramfs-linux.img
|
||||
options root="LABEL=arkane_root" rootflags=subvol=/arkdep/deployments/%target%/rootfs lsm=landlock,lockdown,yama,integrity,apparmor,bpf quiet splash loglevel=3 systemd.show_status=auto rd.udev.log_level=3 rw
|
||||
END
|
||||
fi
|
||||
@@ -0,0 +1,22 @@
|
||||
# Deploy latest image
|
||||
sudo ARKDEP_NO_BOOTCTL=1 ARKDEP_ROOT=$workdir arkdep deploy || quit_on_err 'Failed to deploy image with arkdep'
|
||||
|
||||
declare -r deployment_version=($(ls $workdir/arkdep/deployments))
|
||||
|
||||
# Collect information about the system memory, this is used to determine an apropriate swapfile size
|
||||
declare -ri memtotal=$(grep MemTotal /proc/meminfo | awk '{print $2}')
|
||||
|
||||
# Determine suitable swapfile size
|
||||
if [[ $memtotal -lt 4500000 ]]; then
|
||||
# If RAM is less than 4.5GB create a 2GB swapfile
|
||||
sudo btrfs filesystem mkswapfile --size 2G $workdir/arkdep/shared/swapfile ||
|
||||
quit_on_err 'Failed to create swapfile'
|
||||
elif [[ $memtotal -lt 8500000 ]]; then
|
||||
# If RAM is less than 8.5GB, create a 4GB swapfile
|
||||
sudo btrfs filesystem mkswapfile --size 4G $workdir/arkdep/shared/swapfile ||
|
||||
quit_on_err 'Failed to create swapfile'
|
||||
else
|
||||
# Else create a 6GB swapfile
|
||||
sudo btrfs filesystem mkswapfile --size 6G $workdir/arkdep/shared/swapfile ||
|
||||
quit_on_err 'Failed to create swapfile'
|
||||
fi
|
||||
@@ -0,0 +1,9 @@
|
||||
declare -r deployment=($(ls $workdir/arkdep/deployments/))
|
||||
|
||||
sudo dconf compile $workdir/arkdep/overlay/etc/dconf/db/local \
|
||||
$workdir/arkdep/deployments/${deployment[0]}/rootfs/etc/dconf/db/local.d/ ||
|
||||
quit_on_err 'Failed to generate local dconf database'
|
||||
|
||||
sudo cp $workdir/arkdep/overlay/etc/dconf/db/local \
|
||||
$workdir/arkdep/deployments/${deployment[0]}/rootfs/etc/dconf/db/local ||
|
||||
quit_on_err 'Failed to copy dconf local db to deployment'
|
||||
@@ -0,0 +1,11 @@
|
||||
sudo umount -R $workdir/boot
|
||||
|
||||
# Remove boot folder, it is just a temporary mount point
|
||||
sudo rm -rf $workdir/boot
|
||||
|
||||
sync
|
||||
sudo umount -R $workdir
|
||||
|
||||
# Give it some time to unmount
|
||||
printf 'Waiting 10 seconds to ensure successful unmount...'
|
||||
sleep 10
|
||||
39
examples/os-installer-config-arkdep/scripts/install.sh
Executable file
39
examples/os-installer-config-arkdep/scripts/install.sh
Executable file
@@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o pipefail
|
||||
|
||||
## Set common variables
|
||||
#
|
||||
# Commonly used variables
|
||||
declare -r workdir='/mnt'
|
||||
declare -r osidir='/etc/os-installer'
|
||||
declare -r scriptsdir="$osidir/scripts/install.sh.d"
|
||||
declare -r rootlabel='arkane_root'
|
||||
declare -r bootlabel='arkane_boot'
|
||||
|
||||
## Set common functions
|
||||
#
|
||||
# Quit script with error if called
|
||||
quit_on_err () {
|
||||
if [[ -n $1 ]]; then
|
||||
printf "$1\n"
|
||||
fi
|
||||
|
||||
# Ensure console prints error
|
||||
sleep 2
|
||||
|
||||
exit 1
|
||||
}
|
||||
|
||||
## Execute scripts
|
||||
#
|
||||
# Get list of all child scripts
|
||||
declare -r scripts=($(ls $scriptsdir))
|
||||
|
||||
# Loop and run install scripts
|
||||
for script in ${scripts[@]}; do
|
||||
printf "Now running $script\n"
|
||||
source $scriptsdir/$script
|
||||
done
|
||||
|
||||
exit 0
|
||||
@@ -0,0 +1,23 @@
|
||||
# Ensure user is in sudo group
|
||||
for group in $(groups); do
|
||||
if [[ $group == 'wheel' || $group == 'sudo' ]]; then
|
||||
declare -ri sudo_ok=1
|
||||
fi
|
||||
done
|
||||
|
||||
# If user is not in sudo group notify and exit with error
|
||||
if [[ ! -n $sudo_ok ]]; then
|
||||
quit_on_err 'The current user is not a member of either the sudo or wheel group, this os-installer configuration requires sudo permissions'
|
||||
fi
|
||||
|
||||
# Ensure all expected osi variables are set
|
||||
[[ -z ${OSI_LOCALE+x} ]] && quit_on_err 'OSI_LOCALE not set'
|
||||
[[ -z ${OSI_DEVICE_PATH+x} ]] && quit_on_err 'OSI_DEVICE_PATH not set'
|
||||
[[ -z ${OSI_DEVICE_IS_PARTITION+x} ]] && quit_on_err 'OSI_DEVICE_IS_PARTITION not set'
|
||||
[[ -z ${OSI_DEVICE_EFI_PARTITION+x} ]] && quit_on_err 'OSI_DEVICE_EFI_PARTITION not set'
|
||||
[[ -z ${OSI_USE_ENCRYPTION+x} ]] && quit_on_err 'OSI_USE_ENCRYPTION not set'
|
||||
[[ -z ${OSI_ENCRYPTION_PIN+x} ]] && quit_on_err 'OSI_ENCRYPTION_PIN not set'
|
||||
|
||||
# Check if something is already mounted to $workdir
|
||||
mountpoint -q $workdir &&
|
||||
quit_on_err "$workdir is already a mountpoint, unmount this directory and try again"
|
||||
@@ -0,0 +1,99 @@
|
||||
# Write partition table to the disk unless manual partitioning is used
|
||||
if [[ $OSI_DEVICE_IS_PARTITION -eq 0 ]]; then
|
||||
sudo sfdisk $OSI_DEVICE_PATH < $osidir/bits/part.sfdisk ||
|
||||
quit_on_err 'Failed to write partition table to disk'
|
||||
fi
|
||||
|
||||
# NVMe drives follow a slightly different naming scheme to other block devices
|
||||
# this will change `/dev/nvme0n1` to `/dev/nvme0n1p` for easier parsing later
|
||||
if [[ $OSI_DEVICE_IS_PARTITION -ne 0 ]]; then
|
||||
declare -r partition_path="${OSI_DEVICE_PATH}"
|
||||
elif [[ $OSI_DEVICE_PATH == *"nvme"*"n"* ]]; then
|
||||
declare -r partition_path="${OSI_DEVICE_PATH}p"
|
||||
elif [[ $OSI_DEVICE_PATH == *"mmcblk"* ]]; then
|
||||
declare -r partition_path="${OSI_DEVICE_PATH}p"
|
||||
else
|
||||
declare -r partition_path="${OSI_DEVICE_PATH}"
|
||||
fi
|
||||
|
||||
|
||||
# Check if encryption is requested, write filesystems accordingly
|
||||
if [[ $OSI_USE_ENCRYPTION -eq 1 ]]; then
|
||||
|
||||
# If user requested disk encryption
|
||||
if [[ $OSI_DEVICE_IS_PARTITION -eq 0 ]]; then
|
||||
# If target is a drive
|
||||
sudo mkfs.fat -F32 ${partition_path}1 -n $bootlabel || quit_on_err "Failed to create FAT filesystem on ${partition_path}1"
|
||||
echo $OSI_ENCRYPTION_PIN | sudo cryptsetup -q luksFormat ${partition_path}2 ||
|
||||
quit_on_err "Failed to create LUKS partition on ${partition_path}2"
|
||||
|
||||
echo $OSI_ENCRYPTION_PIN | sudo cryptsetup open ${partition_path}2 $rootlabel - ||
|
||||
quit_on_err 'Failed to unlock LUKS partition'
|
||||
|
||||
sudo mkfs.btrfs -f -L $rootlabel /dev/mapper/$rootlabel ||
|
||||
quit_on_err 'Failed to create Btrfs partition on LUKS'
|
||||
|
||||
sudo mount -o compress=zstd /dev/mapper/$rootlabel $workdir ||
|
||||
quit_on_err "Failed to mount LUKS/Btrfs root partition to $workdir"
|
||||
|
||||
sudo mount --mkdir ${partition_path}1 $workdir/boot ||
|
||||
quit_on_err 'Failed to mount boot'
|
||||
else
|
||||
# If target is a partition
|
||||
sudo mkfs.fat -F32 $OSI_DEVICE_EFI_PARTITION -n $bootlabel ||
|
||||
quit_on_err "Failed to create FAT filesystem on $OSI_DEVICE_EFI_PARTITION"
|
||||
|
||||
echo $OSI_ENCRYPTION_PIN | sudo cryptsetup -q luksFormat $OSI_DEVICE_PATH ||
|
||||
quit_on_err "Failed to create LUKS partition on $OSI_DEVICE_PATH"
|
||||
|
||||
echo $OSI_ENCRYPTION_PIN | sudo cryptsetup open $OSI_DEVICE_PATH $rootlabel - ||
|
||||
quit_on_err 'Failed to unlock LUKS partition'
|
||||
|
||||
sudo mkfs.btrfs -f -L $rootlabel /dev/mapper/$rootlabel ||
|
||||
quit_on_err 'Failed to create Btrfs partition on LUKS'
|
||||
|
||||
sudo mount -o compress=zstd /dev/mapper/$rootlabel $workdir ||
|
||||
quit_on_err "Failed to mount LUKS/Btrfs root partition to $workdir"
|
||||
|
||||
sudo mount --mkdir $OSI_DEVICE_EFI_PARTITION $workdir/boot ||
|
||||
quit_on_err 'Failed to mount boot'
|
||||
fi
|
||||
|
||||
else
|
||||
|
||||
# If no disk encryption requested
|
||||
if [[ $OSI_DEVICE_IS_PARTITION -eq 0 ]]; then
|
||||
# If target is a drive
|
||||
sudo mkfs.fat -F32 ${partition_path}1 -n $bootlabel ||
|
||||
quit_on_err "Failed to create FAT filesystem on ${partition_path}1"
|
||||
|
||||
sudo mkfs.btrfs -f -L $rootlabel ${partition_path}2 ||
|
||||
quit_on_err "Failed to create root on ${partition_path}2"
|
||||
|
||||
sudo mount -o compress=zstd ${partition_path}2 $workdir ||
|
||||
quit_on_err "Failed to mount root to $workdir"
|
||||
|
||||
sudo mount --mkdir ${partition_path}1 $workdir/boot ||
|
||||
quit_on_err 'Failed to mount boot'
|
||||
else
|
||||
# If target is a partition
|
||||
sudo mkfs.fat -F32 $OSI_DEVICE_EFI_PARTITION -n $bootlabel ||
|
||||
quit_on_err "Failed to create FAT filesystem on $OSI_EFI_PARTITION"
|
||||
|
||||
sudo mkfs.btrfs -f -L $rootlabel $OSI_DEVICE_PATH ||
|
||||
quit_on_err "Failed to create root on $OSI_DEVICE_PATH"
|
||||
|
||||
sudo mount -o compress=zstd $OSI_DEVICE_PATH $workdir ||
|
||||
quit_on_err "Failed to mount root to $workdir"
|
||||
|
||||
sudo mount --mkdir $OSI_DEVICE_EFI_PARTITION $workdir/boot ||
|
||||
quit_on_err 'Failed to mount boot'
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
# Ensure partitions are mounted, quit and error if not
|
||||
for mountpoint in $workdir $workdir/boot; do
|
||||
mountpoint -q $mountpoint ||
|
||||
quit_on_err "No volume mounted to $mountpoint"
|
||||
done
|
||||
@@ -0,0 +1,14 @@
|
||||
# Manually install the systemd-boot bootloader
|
||||
sudo mkdir -p $workdir/boot/EFI/{BOOT,systemd} $workdir/boot/loader/entries ||
|
||||
quit_on_err 'Failed to create bootloader directories'
|
||||
|
||||
# TODO: Grab this from the image instead?
|
||||
sudo cp /usr/lib/systemd/boot/efi/systemd-bootx64.efi $workdir/boot/EFI/systemd/ ||
|
||||
quit_on_err 'Failed to copy systemd-boot bootloader to systemd-bootx64.efi'
|
||||
|
||||
sudo cp /usr/lib/systemd/boot/efi/systemd-bootx64.efi $workdir/boot/EFI/BOOT/BOOTx64.EFI ||
|
||||
quit_on_err 'Failed to copy systemd-boot bootloader to BOOTx64.EFI'
|
||||
|
||||
printf 'timeout 5\nconsole-mode max\neditor yes\nauto-entries yes\nauto-firmware yes' |
|
||||
sudo tee $workdir/boot/loader/loader.conf ||
|
||||
quit_on_err 'Failed to create loader.conf'
|
||||
@@ -0,0 +1,3 @@
|
||||
# Initialize arkdep
|
||||
sudo ARKDEP_NO_BOOTCTL=1 ARKDEP_ROOT="$workdir" arkdep init ||
|
||||
quit_on_err 'Failed to init arkep'
|
||||
22
examples/os-installer-config-arkdep/scripts/prepare.sh
Normal file
22
examples/os-installer-config-arkdep/scripts/prepare.sh
Normal file
@@ -0,0 +1,22 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -o pipefail
|
||||
|
||||
## Generic checks
|
||||
#
|
||||
# Ensure user is in sudo group
|
||||
for group in $(groups); do
|
||||
|
||||
if [[ $group == 'wheel' || $group == 'sudo' ]]; then
|
||||
declare -ri sudo_ok=1
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
# If user is not in sudo group notify and exit with error
|
||||
if [[ ! -n $sudo_ok ]]; then
|
||||
printf 'The current user is not a member of either the sudo or wheel group, this os-installer configuration requires sudo permissions\n'
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user