verita84/arch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Your Name 2023-02-14 16:29:59 -07:00
parent d4c9cbb8d3
commit 96817b958e
1 changed files with 112 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
debian.sh
View File

@ -32,8 +32,8 @@ HARD_DISK=$2
EFI="/dev/$(lsblk | grep $HARD_DISK | head -2 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)" EFI="/dev/$(lsblk | grep $HARD_DISK | head -2 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
BTRFS="/dev/$(lsblk | grep $HARD_DISK | head -4 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)" BTRFS="/dev/$(lsblk | grep $HARD_DISK | head -4 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
BOOT="/dev/$(lsblk | grep $HARD_DISK | head -3 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)" BOOT="/dev/$(lsblk | grep $HARD_DISK | head -3 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
ROOT_NAME='install2' ROOT_NAME='debian'
ROOT_MAPPER_NAME='install' ROOT_MAPPER_NAME='root'
BACKUP_DISK='/dev/disk/by-uuid/43076025-fa41-4b02-9c69-d0193a1a0371' BACKUP_DISK='/dev/disk/by-uuid/43076025-fa41-4b02-9c69-d0193a1a0371'
###################################### ######################################
USER="verita84" USER="verita84"
@ -47,7 +47,7 @@ COMPRESSION='compress=zlib:5'
DEBIAN_RELEASE='stable' DEBIAN_RELEASE='stable'
CURRENT_STABLE_NAME='bullseye' CURRENT_STABLE_NAME='bullseye'
AUTO_DECRYPT='True' AUTO_DECRYPT='True'
FLATPAKS+=( app/net.brinkervii.grapejuice org.kde.kdenlive ) FLATPAKS+=(app/net.brinkervii.grapejuice org.kde.kdenlive)
#Packages #Packages
PACKAGES=" minidlna libsecret-tools libglu1-mesa preload flatpak powertop blueman acpi neofetch cockpit cockpit-podman packagekit cockpit-packagekit cockpit-pcp cockpit-storaged redis " PACKAGES=" minidlna libsecret-tools libglu1-mesa preload flatpak powertop blueman acpi neofetch cockpit cockpit-podman packagekit cockpit-packagekit cockpit-pcp cockpit-storaged redis "
@ -58,28 +58,34 @@ SHARED_DESKTOP_APPS=" firefox-esr yt-dlp keepassxc rssguard telegram-desktop gno
VIRTUALIZATION=" virt-manager qemu-system libvirt-daemon-system ovmf cockpit-machines" VIRTUALIZATION=" virt-manager qemu-system libvirt-daemon-system ovmf cockpit-machines"
PACKAGES=$BASE_PACKAGES$PACKAGES$SHARED_DESKTOP_APPS PACKAGES=$BASE_PACKAGES$PACKAGES$SHARED_DESKTOP_APPS
#PACKAGES=$BASE_PACKAGES #PACKAGES=$BASE_PACKAGES
SERVICES+=( powertop preload ); SERVICES+=(powertop preload)
auto_login(){ auto_login() {
sed -i "/#WaylandEnable=false/a AutomaticLoginEnable=True" $TARGET/etc/gdm3/daemon.conf sed -i "/#WaylandEnable=false/a AutomaticLoginEnable=True" $TARGET/etc/gdm3/daemon.conf
sed -i "/True/a AutomaticLogin=$USER" $TARGET/etc/gdm3/daemon.conf sed -i "/True/a AutomaticLogin=$USER" $TARGET/etc/gdm3/daemon.conf
} }
create-os-snapshots(){ create-os-snapshots() {
echo;echo "[Creating new snapshots.....]";echo echo
echo "[Creating new snapshots.....]"
echo
mkdir -p $TARGET/\@install/var/lib/backup mkdir -p $TARGET/\@install/var/lib/backup
time tar cvpzf $TARGET/\@install/var/lib/backup/$1.tgz --exclude=/volumes/* --exclude=/mnt/* --exclude=/var/tmp/* --exclude=/tmp/* --exclude=/raid/* --exclude=/root/* --exclude=/var/cache/apt/archives/* --exclude=/proc/* --exclude=/.snapshots/* --exclude=$TARGET/* --exclude=/var/lib/libvirt/* --exclude=/dev/* --exclude=/sys/* --exclude=/home/* --exclude=/var/lib/postgresql --exclude=/var/lib/containers / time tar cvpzf $TARGET/\@install/var/lib/backup/$1.tgz --exclude=/volumes/* --exclude=/mnt/* --exclude=/var/tmp/* --exclude=/tmp/* --exclude=/raid/* --exclude=/root/* --exclude=/var/cache/apt/archives/* --exclude=/proc/* --exclude=/.snapshots/* --exclude=$TARGET/* --exclude=/var/lib/libvirt/* --exclude=/dev/* --exclude=/sys/* --exclude=/home/* --exclude=/var/lib/postgresql --exclude=/var/lib/containers /
} }
homeBackup() { homeBackup() {
echo;echo "[Copying USER data....]";echo echo
echo "[Copying USER data....]"
echo
rsync --progress -avz --delete /home/ --exclude=.cache/ --exclude=.local/share/containers $TARGET/\@home/ rsync --progress -avz --delete /home/ --exclude=.cache/ --exclude=.local/share/containers $TARGET/\@home/
} }
os-backup() { os-backup() {
umount $TARGET umount $TARGET
echo;echo "[Mounting.....]";echo echo
echo "[Mounting.....]"
echo
printf "$DISK_PASSWORD" | cryptsetup open $BACKUP_DISK install printf "$DISK_PASSWORD" | cryptsetup open $BACKUP_DISK install
mount /dev/mapper/install $TARGET mount /dev/mapper/install $TARGET
@ -110,7 +116,7 @@ os-restore() {
unmount unmount
} }
systemMounts(){ systemMounts() {
mount -o rbind /dev $TARGET/dev mount -o rbind /dev $TARGET/dev
mount -o rbind /dev/pts $TARGET/dev/pts mount -o rbind /dev/pts $TARGET/dev/pts
mount -o rbind /proc $TARGET/proc mount -o rbind /proc $TARGET/proc
@ -118,50 +124,58 @@ systemMounts(){
mount -t efivarfs none $TARGET/sys/firmware/efi/efivars mount -t efivarfs none $TARGET/sys/firmware/efi/efivars
} }
decryptBoot(){ decryptBoot() {
KEYFILE='keyfile.key' KEYFILE='keyfile.key'
echo;echo "Setting LUKS to use Keyfile for password entry";echo echo
echo;echo "Clearing Old Keys";echo echo "Setting LUKS to use Keyfile for password entry"
for i in 1 2 3 4 5 6 echo
do echo
printf "$DISK_PASSWORD" | cryptsetup luksKillSlot ${BTRFS} $i echo "Clearing Old Keys"
echo
for i in 1 2 3 4 5 6; do
printf "$DISK_PASSWORD" | cryptsetup luksKillSlot ${BTRFS} $i
done done
dd if=/dev/urandom of=/etc/$KEYFILE bs=1024 count=4 dd if=/dev/urandom of=/etc/$KEYFILE bs=1024 count=4
chown root:root /etc/$KEYFILE chown root:root /etc/$KEYFILE
chmod 0400 /etc/$KEYFILE chmod 0400 /etc/$KEYFILE
echo;echo "Adding new key......";echo echo
echo "Adding new key......"
echo
printf "$DISK_PASSWORD" | cryptsetup luksAddKey ${BTRFS} /etc/$KEYFILE printf "$DISK_PASSWORD" | cryptsetup luksAddKey ${BTRFS} /etc/$KEYFILE
sed -i "s/none/\/etc\/$KEYFILE/" /etc/crypttab sed -i "s/none/\/etc\/$KEYFILE/" /etc/crypttab
echo "KEYFILE_PATTERN=\"/etc/*.key\"" > /etc/cryptsetup-initramfs/conf-hook echo "KEYFILE_PATTERN=\"/etc/*.key\"" >/etc/cryptsetup-initramfs/conf-hook
} }
install-vscode(){ install-vscode() {
wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg
echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list
apt update;apt install -y codium apt update
apt install -y codium
} }
install-doom(){ install-doom() {
wget -O - http://debian.drdteam.org/drdteam.gpg | apt-key add - wget -O - http://debian.drdteam.org/drdteam.gpg | apt-key add -
add-apt-repository 'deb http://debian.drdteam.org/ stable multiverse' add-apt-repository 'deb http://debian.drdteam.org/ stable multiverse'
apt update;apt install -y zandronum doomseeker-zandronum apt update
apt install -y zandronum doomseeker-zandronum
} }
install-element(){ install-element() {
wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | tee /etc/apt/sources.list.d/element-io.list echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | tee /etc/apt/sources.list.d/element-io.list
apt update;apt install -y element-desktop apt update
apt install -y element-desktop
} }
additional-software(){ additional-software() {
install-element install-element
install-doom install-doom
install-vscode install-vscode
} }
configure-repository(){ configure-repository() {
echo 'force-unsafe-io' > $TARGET/etc/dpkg/dpkg.cfg.d/docker-apt-speedup echo 'force-unsafe-io' >$TARGET/etc/dpkg/dpkg.cfg.d/docker-apt-speedup
if [ "$DEBIAN_RELEASE" == "testing" ];then if [ "$DEBIAN_RELEASE" == "testing" ]; then
echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free non-free-firmware" >$TARGET/etc/apt/sources.list echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free non-free-firmware" >$TARGET/etc/apt/sources.list
chroot $TARGET /usr/bin/apt update chroot $TARGET /usr/bin/apt update
chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES" chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES"
@ -176,7 +190,7 @@ configure-repository(){
chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt auto-remove -y" chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt auto-remove -y"
fi fi
echo 'DPkg::Post-Invoke {"/usr/bin/debian.sh snapshot";};' > $TARGET/etc/apt/apt.conf echo 'DPkg::Post-Invoke {"/usr/bin/debian.sh snapshot";};' >$TARGET/etc/apt/apt.conf
} }
install() { install() {
@ -184,12 +198,13 @@ install() {
sed -i '/^SigLevel/s/^\(.*\)$/#\1\n/' /etc/pacman.conf sed -i '/^SigLevel/s/^\(.*\)$/#\1\n/' /etc/pacman.conf
sed -i '/#SigLevel/a SigLevel = Never' /etc/pacman.conf sed -i '/#SigLevel/a SigLevel = Never' /etc/pacman.conf
pacman -Sy archlinux-keyring debootstrap --noconfirm pacman -Sy archlinux-keyring debootstrap --noconfirm
apt update;apt install debootstrap -y apt update
apt install debootstrap -y
rm -rf /debootstrap rm -rf /debootstrap
debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian
systemMounts systemMounts
cp -f /etc/resolv.conf $TARGET/etc/ cp -f /etc/resolv.conf $TARGET/etc/
echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" > $TARGET/setup.sh echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" >$TARGET/setup.sh
configure-repository configure-repository
cp -f debian.tar $TARGET/etc/default/ cp -f debian.tar $TARGET/etc/default/
locale locale
@ -202,12 +217,11 @@ install() {
unmount unmount
} }
desktop(){ desktop() {
SERVICES+=( exim4 cockpit.socket redis-server apparmor nfs-server smbd rpbind rpcbind.socket avahi-daemon bluetooth minidlna openvpn); SERVICES+=(exim4 cockpit.socket redis-server apparmor nfs-server smbd rpbind rpcbind.socket avahi-daemon bluetooth minidlna openvpn)
for i in "${SERVICES[@]}" for i in "${SERVICES[@]}"; do
do systemctl disable --now $i
systemctl disable --now $i done
done
apt -y purge apparmor apt -y purge apparmor
apt remove unattended-upgrades chromium chromium-common chromium-sandbox epiphany-browser epiphany-browser-data -y apt remove unattended-upgrades chromium chromium-common chromium-sandbox epiphany-browser epiphany-browser-data -y
@ -236,22 +250,22 @@ enter_chroot() {
} }
flatpaks() { flatpaks() {
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
for i in "${FLATPAKS[@]}"; do for i in "${FLATPAKS[@]}"; do
echo $i echo $i
flatpak install $i -y flatpak install $i -y
done done
} }
grub-snapshots(){ grub-snapshots() {
cd /opt cd /opt
git clone https://github.com/Antynea/grub-btrfs.git git clone https://github.com/Antynea/grub-btrfs.git
cd /opt/grub-btrfs cd /opt/grub-btrfs
make make
} }
kernel-packages(){ kernel-packages() {
/usr/bin/apt install --reinstall -y linux-image-`ls /lib/modules/` grub-efi efibootmgr plymouth plymouth-themes btrfs-progs cryptsetup-initramfs linux-image-amd64 linux-headers-amd64 firmware-iwlwifi firmware-linux firmware-linux-nonfree /usr/bin/apt install --reinstall -y linux-image-$(ls /lib/modules/) grub-efi efibootmgr plymouth plymouth-themes btrfs-progs cryptsetup-initramfs linux-image-amd64 linux-headers-amd64 firmware-iwlwifi firmware-linux firmware-linux-nonfree
} }
bootloader() { bootloader() {
@ -259,20 +273,20 @@ bootloader() {
mkdir /boot/grub/themes mkdir /boot/grub/themes
tar xf /etc/default/debian.tar -C /boot/grub/themes/ tar xf /etc/default/debian.tar -C /boot/grub/themes/
plymouth-set-default-theme -R spacefun plymouth-set-default-theme -R spacefun
echo "$ROOT_MAPPER_NAME UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2) none luks" > /etc/crypttab echo "$ROOT_MAPPER_NAME UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2) none luks" >/etc/crypttab
if [ "$AUTO_DECRYPT" == "True" ];then if [ "$AUTO_DECRYPT" == "True" ]; then
decryptBoot decryptBoot
fi fi
/sbin/update-initramfs -c -k all /sbin/update-initramfs -c -k all
echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash\"" >/etc/default/grub echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash\"" >/etc/default/grub
echo "GRUB_CMDLINE_LINUX=cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):$ROOT_MAPPER_NAME root=UUID=$(/sbin/blkid | grep $ROOT_MAPPER_NAME | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} mitigations=-off" >>/etc/default/grub echo "GRUB_CMDLINE_LINUX=cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):$ROOT_MAPPER_NAME root=UUID=$(/sbin/blkid | grep $ROOT_MAPPER_NAME | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} mitigations=-off" >>/etc/default/grub
echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub
echo "GRUB_THEME=/boot/grub/themes/theme.txt" >>/etc/default/grub echo "GRUB_THEME=/boot/grub/themes/theme.txt" >>/etc/default/grub
/sbin/grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian /sbin/grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian
/sbin/update-grub /sbin/update-grub
} }
function setup_script() { function setup_script() {
cp -f debian.sh $TARGET/usr/bin/ cp -f debian.sh $TARGET/usr/bin/
echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh
sed -i 's/most/dep/i' $TARGET/etc/initramfs-tools/initramfs.conf sed -i 's/most/dep/i' $TARGET/etc/initramfs-tools/initramfs.conf
@ -282,7 +296,6 @@ bootloader() {
echo 'bash /usr/bin/debian.sh additional-software' >>$TARGET/setup.sh echo 'bash /usr/bin/debian.sh additional-software' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh btrfs-tweaks' >>$TARGET/setup.sh echo 'bash /usr/bin/debian.sh btrfs-tweaks' >>$TARGET/setup.sh
chmod +x $TARGET/usr/bin/debian.sh chmod +x $TARGET/usr/bin/debian.sh
chmod +x $TARGET/setup.sh chmod +x $TARGET/setup.sh
chroot $TARGET /setup.sh chroot $TARGET /setup.sh
@ -340,21 +353,26 @@ locale() {
partitions() { partitions() {
echo echo
echo "Setting Up Partitions....." echo "Setting Up Partitions....."
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} $ROOT_MAPPER
unmount unmount
echo if [[ -f "/dev/mapper/$ROOT_MAPPER" ]]; then
echo "Formatting $EFI" echo
echo echo "Formatting $EFI"
echo y | mkfs.vfat $EFI echo
echo "Formatting $BOOT" echo y | mkfs.vfat $EFI
echo y | mkfs.ext4 $BOOT echo "Formatting $BOOT"
echo y | mkfs.ext4 $BOOT
mounts mounts
fstab
#Configure /etc/fstab else
fstab echo
echo "Aborting Install, mapper device not found!"
echo
echo
exit 1
fi
} }
fstab() { fstab() {
@ -392,15 +410,13 @@ accounts() {
} }
btrfs-tweaks() { btrfs-tweaks() {
DISABLE_COW=("/var/lib/docker" "/var/lib/containers" "/volumes" "/var/lib/mysql" "/var/lib/libvirt"); DISABLE_COW=("/var/lib/docker" "/var/lib/containers" "/volumes" "/var/lib/mysql" "/var/lib/libvirt")
for i in "${DISABLE_COW[@]}" for i in "${DISABLE_COW[@]}"; do
do chattr -R +C $i
chattr -R +C $i done
done
} }
custom_service_files() { custom_service_files() {
echo "systemctl set-default graphical.target" >>$TARGET/setup.sh echo "systemctl set-default graphical.target" >>$TARGET/setup.sh
@ -415,26 +431,24 @@ custom_service_files() {
} }
services() { services() {
for i in "${SERVICES[@]}" for i in "${SERVICES[@]}"; do
do echo "systemctl enable $i" >>$TARGET/setup.sh
echo "systemctl enable $i" >>$TARGET/setup.sh done
done
} }
server-config(){ server-config() {
cp -f ./smb.conf /etc/samba/ cp -f ./smb.conf /etc/samba/
cp- f ./minidlna.conf /etc/ cp- f ./minidlna.conf /etc/
cp -f ./99-sysctl.conf /etc/sysctl.d/ cp -f ./99-sysctl.conf /etc/sysctl.d/
cp -f *.service /etc/systemd/system/ cp -f *.service /etc/systemd/system/
cp -f exports /etc/ cp -f exports /etc/
crontab > crontab crontab >crontab
SERVICES+=( minidlna vip containers pmie pmielogger nfs-server.service exim4 cockpit.socket redis-server smbd); SERVICES+=(minidlna vip containers pmie pmielogger nfs-server.service exim4 cockpit.socket redis-server smbd)
for i in "${SERVICES[@]}" for i in "${SERVICES[@]}"; do
do systemctl enable $i
systemctl enable $i done
done
systemctl mask apparmor systemctl mask apparmor
systemctl disable --now exim4 systemctl disable --now exim4
@ -446,7 +460,6 @@ server-config(){
apt autoremove -y apt autoremove -y
} }
initialize-disk() { initialize-disk() {
parted /dev/$HARD_DISK mklabel gpt parted /dev/$HARD_DISK mklabel gpt
parted /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB parted /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB