verita84/arch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d2dea50fef
arch/debian.sh
Your Name d2dea50fef fix
2022-12-27 19:33:31 -07:00

455 lines
16 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
########################
# What this script is:
#
# An automatic installer for Debian Testing with BTRFS, Snapshots, and Full-disk-encryption
#
# INSTRUCTIONS
#
# For new disk installs, initialize the disk to setup Encryption and partitions:
# ./debian.sh initialize nvme0n1 (DO NOT SPECIFY /dev/ !)
#
# Before running the install, ensure that you have Internet access. If you modify the
# WIRELESS_PASSWORD and SSID in this file, you can connect to the Internet with:
# ./debian.sh wifi
#
# Plesae be sure to change USER,USER_PASSWORD,DISK_PASSWORD, and ROOT_PASSWORD strings in this file
#
# To install/reinstall the OS:
# ./debian.sh install nvme0n1
#
# reboot
########################
#Configure this section
########################
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export DEBIAN_FRONTEND=noninteractive
TARGET='/install'
mkdir $TARGET
######################################
echo
HARD_DISK=$2
EFI="/dev/$(lsblk | grep $HARD_DISK | head -2 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
BTRFS="/dev/$(lsblk | grep $HARD_DISK | head -4 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
BOOT="/dev/$(lsblk | grep $HARD_DISK | head -3 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
ROOT_NAME='debian'
#NET_BACKUP='-t cifs -o username=guest,password=123456 //192.168.0.153/backup'
#HOME_BACKUP="root@server2:/raid/backup/home/"
NET_BACKUP='/dev/disk/by-uuid/1a143f83-d4fe-4894-8e67-2b6d3baacea6'
HOME_BACKUP="$TARGET/home/"
######################################
USER="verita84"
USER_PASSWORD="123456"
ROOT_PASSWORD="123456"
WIRELESS_PASSWORD='123456'
SSID='123456'
WIRELESS_INTERFACE='wlan0'
DISK_PASSWORD='123456'
COMPRESSION='compress=zlib:5'
DEBIAN_RELEASE='testing'
FLATPAKS+=( app/net.brinkervii.grapejuice org.kde.kdenlive )
#Packages
PACKAGES=" libglu1-mesa preload podman-compose yt-dlp aardvark-dns apt-transport-https zram-tools samba samba-common nfs-common nfs-kernel-server linux-cpupower locales redis cockpit cockpit-machines cockpit-podman flatpak powertop blueman cups acpi packagekit cockpit-packagekit cockpit-pcp cockpit-storaged acpid podman pulseaudio ghostscript cifs-utils ntp vim-airline rsync screen base udev git network-manager efibootmgr linux-headers-amd64 cryptsetup network-manager-openvpn ntp screen docbook-xsl alsa-utils sysstat postgresql redis neofetch fuse3 build-essential unzip bash-completion parted dosfstools wget curl "
SHARED_DESKTOP_APPS=" gnome-core gimp gnome-tweaks gajim evolution nextcloud-desktop telegram-desktop gnome-photos handbrake vlc libreoffice "
#REMOVED=" podman-toolbox syncthing "
VIRTUALIZATION=" virt-manager qemu-system libvirt-daemon-system ovmf "
PACKAGES=$PACKAGES$SHARED_DESKTOP_APPS$VIRTUALIZATION
SERVICES+=( powertop preload );
auto_login(){
sed -i "/#WaylandEnable=false/a AutomaticLoginEnable=True" $TARGET/etc/gdm3/daemon.conf
sed -i "/True/a AutomaticLogin=$USER" $TARGET/etc/gdm3/daemon.conf
}
create-smb-snapshots(){
echo;echo "[Creating new snapshots.....]";echo
time tar cvpf $TARGET/$ROOT_NAME-$1.tgz --exclude=/mnt/* --exclude=/var/tmp/* --exclude=/tmp/* --exclude=/raid/* --exclude=/root/* --exclude=/var/cache/apt/archives/* --exclude=/proc/* --exclude=/.snapshots/* --exclude=$TARGET/* --exclude=/var/lib/libvirt/* --exclude=/dev/* --exclude=/sys/* --exclude=/home/* --exclude=/var/lib/postgresql --exclude=/var/lib/containers /
}
homeBackup() {
echo;echo "[Copying USER data....]";echo
rsync --progress -avz --delete /home/ --exclude=.cache --exclude=.local/share/containers $HOME_BACKUP/
}
net-backup() {
umount $TARGET
echo;echo "[Mounting.....]";echo
mount $NET_BACKUP $TARGET
mkdir $TARGET/$1
if [ "$2" = "home" ]; then
homeBackup
fi
create-smb-snapshots "$1"
cp -f debian.sh $TARGET/$1/
ls $TARGET/
umount $TARGET
}
net-restore() {
partitions
rm -rf $TARGET/usr $TARGET/sbin $TARGET/lib32 $TARGET/libx32 $TARGET/lib $TARGET/vmlinuz* $TARGET/initrd* $TARGET/bin $TARGET/var $TARGET/root $TARGET/opt $TARGET/etc $TARGET/run
tar xfpv ../$ROOT_NAME-$2.tgz -C $TARGET/
if [ "$3" = "home" ]; then
rsync -av --progress --delete $HOME_BACKUP/ $TARGET/home/
fi
fstab
cp -f debian.sh $TARGET/
systemMounts
chroot $TARGET /debian.sh bootloader $1
chroot $TARGET /debian.sh btrfs-tweaks
rm -f $TARGET/debian.sh
unmount
}
systemMounts(){
mount -o rbind /dev $TARGET/dev
mount -o rbind /dev/pts $TARGET/dev/pts
mount -o rbind /proc $TARGET/proc
mount -o rbind /sys $TARGET/sys
mount -t efivarfs none $TARGET/sys/firmware/efi/efivars
}
install-vscode(){
wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg
echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list
apt update;apt install -y codium
}
install-doom(){
wget -O - http://debian.drdteam.org/drdteam.gpg | apt-key add -
add-apt-repository 'deb http://debian.drdteam.org/ stable multiverse'
apt update;apt install -y zandronum doomseeker-zandronum
}
install-element(){
wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | tee /etc/apt/sources.list.d/element-io.list
apt update;apt install -y element-desktop
}
additional-software(){
install-element
install-doom
install-vscode
}
install() {
partitions
sed -i '/^SigLevel/s/^\(.*\)$/#\1\n/' /etc/pacman.conf
sed -i '/#SigLevel/a SigLevel = Never' /etc/pacman.conf
pacman -Sy archlinux-keyring debootstrap --noconfirm
apt update;apt install debootstrap -y
rm -rf /debootstrap
debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian
apt-tweaks
systemMounts
cp -f /etc/resolv.conf $TARGET/etc/
echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" > $TARGET/setup.sh
echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free" >>$TARGET/etc/apt/sources.list
chroot $TARGET /usr/bin/apt update
chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES"
locale
accounts
auto_login
custom_service_files
services
setup_script "$1"
unmount
}
apt-tweaks(){
echo 'DPkg::Post-Invoke {"/usr/bin/debian.sh snapshot";};' > $TARGET/etc/apt/apt.conf
echo 'force-unsafe-io' > $TARGET/etc/dpkg/dpkg.cfg.d/docker-apt-speedup
}
desktop(){
systemctl disable --now exim4
systemctl disable --now cockpit.socket
systemctl disable --now redis-server
systemctl disable --now postgresql
systemctl disable --now apparmor
apt -y purge apparmor
}
snapshots() {
echo
echo "Creating Snapshots....."
echo
DATE=$(echo $(date +%Y-%m-%d-%H-%M-%S))
btrfs sub snapshot / /.snapshots/root-${DATE}
update-grub
}
remove-snapshots() {
btrfs sub delete /.snapshots/*
rm -f /boot/loader/entries/root-*
}
enter_chroot() {
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root
mounts
systemMounts
chroot $TARGET /bin/bash
}
flatpaks() {
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
for i in "${FLATPAKS[@]}"; do
echo $i
flatpak install $i -y
done
}
grub-snapshots(){
cd /opt
git clone https://github.com/Antynea/grub-btrfs.git
cd /opt/grub-btrfs
make
}
kernel-packages(){
/usr/bin/apt install --reinstall -y linux-image-`ls /lib/modules/` grub-efi efibootmgr plymouth plymouth-themes btrfs-progs cryptsetup-initramfs linux-image-amd64 linux-headers-amd64 firmware-iwlwifi firmware-linux firmware-linux-nonfree
}
bootloader() {
echo "root UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2) none luks" > /etc/crypttab
/sbin/update-initramfs -c -k all
echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash\"" >/etc/default/grub
echo "GRUB_CMDLINE_LINUX=cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):root root=UUID=$(/sbin/blkid | grep root | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} mitigations=-off" >>/etc/default/grub
echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub
/sbin/grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian
/sbin/update-grub
}
function setup_script() {
cp -f debian.sh $TARGET/usr/bin/
echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh
echo "bash /usr/bin/debian.sh bootloader $1" >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh grub-snapshots' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh desktop' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh additional-software' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh btrfs-tweaks' >>$TARGET/setup.sh
chmod +x $TARGET/usr/bin/debian.sh
chmod +x $TARGET/setup.sh
chroot $TARGET /setup.sh
rm -f $TARGET/setup.sh
}
btrfs_filesytem() {
btrfs sub create $TARGET/@$ROOT_NAME
btrfs sub create $TARGET/@.snapshots
btrfs sub create $TARGET/@libvirt
btrfs sub create $TARGET/@home
btrfs sub create $TARGET/@root
btrfs sub create $TARGET/@postgres
btrfs sub create $TARGET/@containers
echo
echo "Binding BTRFS Root"
echo
umount $TARGET
mount -o $COMPRESSION,subvol=@$ROOT_NAME /dev/mapper/root $TARGET
}
mounts() {
echo
echo "Mounting......."
mount /dev/mapper/root $TARGET
btrfs_filesytem
mkdir -p $TARGET/boot
mount -t ext4 $BOOT $TARGET/boot
mkdir -p $TARGET/boot/efi
mount $EFI $TARGET/boot/efi
#CONFIGURE DATA DIRS (HOME)
mkdir $TARGET/home
mount -o subvol=@home /dev/mapper/root $TARGET/home
}
unmount() {
echo
echo "Unmounting....."
umount $TARGET/proc
umount $TARGET/dev
umount $TARGET/sys
umount $TARGET/boot
umount $TARGET/home
umount -R $TARGET/*
umount -R $TARGET
umount -R $TARGET
}
locale() {
echo "ln -sf /usr/share/zoneinfo/US/Mountain /etc/localtime" >>$TARGET/setup.sh
echo "hwclock --systohc" >>$TARGET/setup.sh
echo "en_US.UTF-8 UTF-8" >$TARGET/etc/locale.gen
echo "locale-gen" >>$TARGET/setup.sh
}
partitions() {
echo
echo "Setting Up Partitions....."
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root
unmount
echo
echo "Formatting $EFI"
echo
echo y | mkfs.vfat $EFI
echo "Formatting $BOOT"
echo y | mkfs.ext4 $BOOT
mounts
#Configure /etc/fstab
fstab
}
fstab() {
mkdir $TARGET/etc
echo "UUID=$(/sbin/blkid | grep ${BOOT} | cut -d '"' -f2) /boot ext4 defaults 0 1" >$TARGET/etc/fstab
echo "UUID=$(/sbin/blkid | grep ${EFI} | cut -d '"' -f4) /boot/efi vfat umask=0077 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root / btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@$ROOT_NAME 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /.snapshots btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@.snapshots 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /var/lib/libvirt btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@libvirt 0 1" >>$TARGET/etc/fstab
echo "tmpfs /var/log tmpfs defaults 0 0" >>$TARGET/etc/fstab
echo "tmpfs /var/tmp tmpfs defaults 0 0" >>$TARGET/etc/fstab
echo "tmpfs /var/cache tmpfs defaults 0 0" >>$TARGET/etc/fstab
echo "tmpfs /home/${USER}/.cache tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab
echo "tmpfs /home/${USER}/Downloads tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab
echo "/dev/mapper/root /home btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@home 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /root btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@root 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /var/lib/postgresql btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@postgres 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /var/lib/containers btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@containers 0 1" >>$TARGET/etc/fstab
}
accounts() {
echo
echo "Set Password for $USER"
echo "useradd -m -s /bin/bash $USER" >>$TARGET/setup.sh
echo "echo \"$USER:$USER_PASSWORD\"| chpasswd " >>$TARGET/setup.sh
echo "gpasswd -a $USER wheel" >>$TARGET/setup.sh
echo "gpasswd -a $USER network" >>$TARGET/setup.sh
echo "gpasswd -a $USER video" >>$TARGET/setup.sh
echo "gpasswd -a $USER libvirt" >>$TARGET/setup.sh
echo "gpasswd -a $USER netdev" >>$TARGET/setup.sh
echo "$USER ALL=(ALL) ALL" >$TARGET/etc/sudoers
echo "root ALL=(ALL) ALL" >>$TARGET/etc/sudoers
echo
echo "Setting ROOT Password:"
echo "echo \"root:$ROOT_PASSWORD\"| chpasswd " >>$TARGET/setup.sh
echo "/usr/bin/hostnamectl hostname $ROOT_NAME" >>$TARGET/setup.sh
}
btrfs-tweaks() {
DISABLE_COW=("/var/lib/docker" "/var/lib/containers" "/var/lib/postgresql" "/var/lib/mysql" "/var/lib/libvirt");
for i in "${DISABLE_COW[@]}"
do
chattr -R +C $i
done
}
custom_service_files() {
echo "systemctl set-default graphical.target" >>$TARGET/setup.sh
echo "[Unit]" >$TARGET/etc/systemd/system/powertop.service
echo "Description=Powertop tunings" >>$TARGET/etc/systemd/system/powertop.service
echo "[Service]" >>$TARGET/etc/systemd/system/powertop.service
echo "Type=oneshot" >>$TARGET/etc/systemd/system/powertop.service
echo "ExecStart=/usr/sbin/powertop --auto-tune" >>$TARGET/etc/systemd/system/powertop.service
echo "[Install]" >>$TARGET/etc/systemd/system/powertop.service
echo "WantedBy=multi-user.target" >>$TARGET/etc/systemd/system/powertop.service
}
services() {
for i in "${SERVICES[@]}"
do
echo "systemctl enable $i" >>$TARGET/setup.sh
done
}
initialize-disk() {
parted /dev/$HARD_DISK mklabel gpt
parted /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB
parted /dev/$HARD_DISK mkpart primary ext3 200MiB 500MiB
parted /dev/$HARD_DISK set 1 esp on
parted /dev/$HARD_DISK mkpart P2 ext3 500MiB 100%
printf "$DISK_PASSWORD\n$DISK_PASSWORD" | cryptsetup luksFormat ${BTRFS}
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root
echo
echo "Formatting....."
echo y | mkfs.btrfs /dev/mapper/root --force
}
wifi() {
iwctl --passphrase $WIRELESS_PASSWORD station $WIRELESS_INTERFACE connect $SSID
}
show-help() {
echo
echo "debian.sh arguments:"
echo
echo "./debian.sh install [disk]"
echo "./debian.sh backup [device name] [home]"
echo "./debian.sh restore [disk] [backup name] [home]"
echo "./debian.sh chroot [disk]"
echo "./debian.sh wifi"
echo "./debian.sh bootloader [disk]"
echo "./debian.sh initialize [disk]"
echo "./debian.sh snapshot"
echo "./debian.sh reomve-snapshot"
echo "./debian.sh btrfs-tweaks"
echo
}
if [ "$1" = "install" ]; then
install "$2"
elif [ "$1" = "desktop" ]; then
desktop
elif [ "$1" = "kernel-packages" ]; then
kernel-packages
elif [ "$1" = "upgrade-system" ]; then
upgrade-system
elif [ "$1" = "additional-software" ]; then
additional-software
elif [ "$1" = "chroot" ]; then
enter_chroot
elif [ "$1" = "initialize" ]; then
initialize-disk
elif [ "$1" = "wifi" ]; then
wifi
elif [ "$1" = "flatpaks" ]; then
flatpaks
elif [ "$1" = "bootloader" ]; then
bootloader
elif [ "$1" = "snapshot" ]; then
snapshots
elif [ "$1" = "backup" ]; then
net-backup "$2" "$3"
elif [ "$1" = "grub-snapshots" ]; then
grub-snapshots
elif [ "$1" = "btrfs-tweaks" ]; then
btrfs-tweaks
elif [ "$1" = "restore" ]; then
net-restore "$2" "$3" "$4"
elif [ "$1" = "remove-snapshot" ]; then
remove-snapshots
elif [ "$1" = "help" ]; then
show-help
else
show-help
fi
Reference in New Issue View Git Blame Copy Permalink