arch/debian.sh
Your Name dabecdf5a5 fix
2023-01-06 08:14:27 -07:00

469 lines
16 KiB
Bash
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
########################
# What this script is:
#
# An automatic installer for Debian Testing with BTRFS, Snapshots, and Full-disk-encryption
#
# INSTRUCTIONS
#
# For new disk installs, initialize the disk to setup Encryption and partitions:
# ./debian.sh initialize nvme0n1 (DO NOT SPECIFY /dev/ !)
#
# Before running the install, ensure that you have Internet access. If you modify the
# WIRELESS_PASSWORD and SSID in this file, you can connect to the Internet with:
# ./debian.sh wifi
#
# Plesae be sure to change USER,USER_PASSWORD,DISK_PASSWORD, and ROOT_PASSWORD strings in this file
#
# To install/reinstall the OS:
# ./debian.sh install nvme0n1
#
# reboot
########################
#Configure this section
########################
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export DEBIAN_FRONTEND=noninteractive
TARGET='/install'
mkdir $TARGET
######################################
echo
HARD_DISK=$2
EFI="/dev/$(lsblk | grep $HARD_DISK | head -2 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
BTRFS="/dev/$(lsblk | grep $HARD_DISK | head -4 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
BOOT="/dev/$(lsblk | grep $HARD_DISK | head -3 | tail -1 | cut -c 7-20 | cut -d ' ' -f1)"
ROOT_NAME='debian'
#NET_BACKUP='-t cifs -o username=guest,password=123456 //192.168.0.153/backup'
#HOME_BACKUP="root@server2:/raid/backup/home/"
NET_BACKUP='/dev/disk/by-uuid/1a143f83-d4fe-4894-8e67-2b6d3baacea6'
HOME_BACKUP="$TARGET/home/"
######################################
USER="verita84"
USER_PASSWORD="123456"
ROOT_PASSWORD="123456"
WIRELESS_PASSWORD='123456'
SSID='123456'
WIRELESS_INTERFACE='wlan0'
DISK_PASSWORD='123456'
COMPRESSION='compress=zlib:5'
DEBIAN_RELEASE='testing'
FLATPAKS+=( app/net.brinkervii.grapejuice org.kde.kdenlive )
#Packages
PACKAGES=" libglu1-mesa preload podman-compose yt-dlp aardvark-dns apt-transport-https zram-tools samba samba-common nfs-common nfs-kernel-server linux-cpupower locales redis cockpit cockpit-machines cockpit-podman flatpak powertop blueman cups acpi packagekit cockpit-packagekit cockpit-pcp cockpit-storaged acpid podman pulseaudio ghostscript cifs-utils ntp vim-airline rsync screen base udev git network-manager efibootmgr linux-headers-amd64 cryptsetup network-manager-openvpn ntp screen docbook-xsl alsa-utils sysstat postgresql redis neofetch fuse3 build-essential unzip bash-completion parted dosfstools wget curl "
SHARED_DESKTOP_APPS=" gnome-core gimp gnome-tweaks gajim evolution nextcloud-desktop telegram-desktop gnome-photos handbrake vlc libreoffice "
#REMOVED=" podman-toolbox syncthing "
VIRTUALIZATION=" virt-manager qemu-system libvirt-daemon-system ovmf "
PACKAGES=$PACKAGES$SHARED_DESKTOP_APPS$VIRTUALIZATION
SERVICES+=( powertop preload );
auto_login(){
sed -i "/#WaylandEnable=false/a AutomaticLoginEnable=True" $TARGET/etc/gdm3/daemon.conf
sed -i "/True/a AutomaticLogin=$USER" $TARGET/etc/gdm3/daemon.conf
}
create-smb-snapshots(){
echo;echo "[Creating new snapshots.....]";echo
time tar cvpf $TARGET/$ROOT_NAME-$1.tgz --exclude=/mnt/* --exclude=/var/tmp/* --exclude=/tmp/* --exclude=/raid/* --exclude=/root/* --exclude=/var/cache/apt/archives/* --exclude=/proc/* --exclude=/.snapshots/* --exclude=$TARGET/* --exclude=/var/lib/libvirt/* --exclude=/dev/* --exclude=/sys/* --exclude=/home/* --exclude=/var/lib/postgresql --exclude=/var/lib/containers /
}
homeBackup() {
echo;echo "[Copying USER data....]";echo
rsync --progress -avz --delete /home/ --exclude=.cache --exclude=.local/share/containers $HOME_BACKUP/
}
net-backup() {
umount $TARGET
echo;echo "[Mounting.....]";echo
mount $NET_BACKUP $TARGET
mkdir $TARGET/$1
if [ "$2" = "home" ]; then
homeBackup
fi
create-smb-snapshots "$1"
cp -f debian.sh $TARGET/$1/
ls $TARGET/
umount $TARGET
}
net-restore() {
partitions
rm -rf $TARGET/usr $TARGET/sbin $TARGET/lib32 $TARGET/libx32 $TARGET/lib $TARGET/vmlinuz* $TARGET/initrd* $TARGET/bin $TARGET/var $TARGET/root $TARGET/opt $TARGET/etc $TARGET/run
tar xfpv ../$ROOT_NAME-$2.tgz -C $TARGET/
if [ "$3" = "home" ]; then
rsync -av --progress --delete ../home/ $TARGET/home/
fi
fstab
cp -f debian.sh $TARGET/
systemMounts
chroot $TARGET /debian.sh bootloader $1
chroot $TARGET /debian.sh btrfs-tweaks
rm -f $TARGET/debian.sh
unmount
}
systemMounts(){
mount -o rbind /dev $TARGET/dev
mount -o rbind /dev/pts $TARGET/dev/pts
mount -o rbind /proc $TARGET/proc
mount -o rbind /sys $TARGET/sys
mount -t efivarfs none $TARGET/sys/firmware/efi/efivars
}
install-vscode(){
wget -qO - https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg | gpg --dearmor | dd of=/usr/share/keyrings/vscodium-archive-keyring.gpg
echo 'deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.gpg ] https://download.vscodium.com/debs vscodium main' | tee /etc/apt/sources.list.d/vscodium.list
apt update;apt install -y codium
}
install-doom(){
wget -O - http://debian.drdteam.org/drdteam.gpg | apt-key add -
add-apt-repository 'deb http://debian.drdteam.org/ stable multiverse'
apt update;apt install -y zandronum doomseeker-zandronum
}
install-element(){
wget -O /usr/share/keyrings/element-io-archive-keyring.gpg https://packages.element.io/debian/element-io-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/element-io-archive-keyring.gpg] https://packages.element.io/debian/ default main" | tee /etc/apt/sources.list.d/element-io.list
apt update;apt install -y element-desktop
}
install-vivaldi(){
wget -qO- https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg dearmor | dd of=/usr/share/keyrings/vivaldi-browser.gpg
echo “deb [signed-by=/usr/share/keyrings/vivaldi-browser.gpg arch=$(dpkg print-architecture)] https://repo.vivaldi.com/archive/deb/ stable main” | dd of=/etc/apt/sources.list.d/vivaldi-archive.list
apt update && apt install vivaldi-stable -y
}
additional-software(){
install-element
install-doom
install-vscode
install-vivaldi
}
install() {
partitions
sed -i '/^SigLevel/s/^\(.*\)$/#\1\n/' /etc/pacman.conf
sed -i '/#SigLevel/a SigLevel = Never' /etc/pacman.conf
pacman -Sy archlinux-keyring debootstrap --noconfirm
apt update;apt install debootstrap -y
rm -rf /debootstrap
debootstrap --arch amd64 $DEBIAN_RELEASE $TARGET https://deb.debian.org/debian
apt-tweaks
systemMounts
cp -f /etc/resolv.conf $TARGET/etc/
echo "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" > $TARGET/setup.sh
echo "deb https://deb.debian.org/debian $DEBIAN_RELEASE main contrib non-free" >>$TARGET/etc/apt/sources.list
chroot $TARGET /usr/bin/apt update
chroot $TARGET /usr/bin/bash -c "export DEBIAN_FRONTEND=noninteractive;/usr/bin/apt install -y $PACKAGES"
wget -q https://github.com/AdisonCavani/distro-grub-themes/raw/master/themes/debian.tar -O $TARGET/etc/default/debian.tar
locale
accounts
auto_login
custom_service_files
services
setup_script "$1"
unmount
}
apt-tweaks(){
echo 'DPkg::Post-Invoke {"/usr/bin/debian.sh snapshot";};' > $TARGET/etc/apt/apt.conf
echo 'force-unsafe-io' > $TARGET/etc/dpkg/dpkg.cfg.d/docker-apt-speedup
}
desktop(){
systemctl disable --now exim4
systemctl disable --now cockpit.socket
systemctl disable --now redis-server
systemctl disable --now postgresql
systemctl disable --now apparmor
systemctl disable --now nfs-server
systemctl disable --now smbd
systemctl disable --now rpbind
apt -y purge apparmor
}
snapshots() {
echo
echo "Creating Snapshots....."
echo
DATE=$(echo $(date +%Y-%m-%d-%H-%M-%S))
btrfs sub snapshot / /.snapshots/root-${DATE}
update-grub
}
remove-snapshots() {
btrfs sub delete /.snapshots/*
rm -f /boot/loader/entries/root-*
}
enter_chroot() {
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root
mounts
systemMounts
chroot $TARGET /bin/bash
}
flatpaks() {
flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
for i in "${FLATPAKS[@]}"; do
echo $i
flatpak install $i -y
done
}
grub-snapshots(){
cd /opt
git clone https://github.com/Antynea/grub-btrfs.git
cd /opt/grub-btrfs
make
}
kernel-packages(){
/usr/bin/apt install --reinstall -y linux-image-`ls /lib/modules/` grub-efi efibootmgr plymouth plymouth-themes btrfs-progs cryptsetup-initramfs linux-image-amd64 linux-headers-amd64 firmware-iwlwifi firmware-linux firmware-linux-nonfree
}
bootloader() {
mkdir /boot/grub/themes
tar xf /etc/default/debian.tar -C /boot/grub/themes/
echo "root UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2) none luks" > /etc/crypttab
/sbin/update-initramfs -c -k all
echo "GRUB_CMDLINE_LINUX_DEFAULT=\"quiet splash\"" >/etc/default/grub
echo "GRUB_CMDLINE_LINUX=cryptdevice=UUID=$(/sbin/blkid | grep $BTRFS | cut -d '"' -f2):root root=UUID=$(/sbin/blkid | grep root | cut -d '"' -f4) rootflags=subvol@${ROOT_NAME} mitigations=-off" >>/etc/default/grub
echo "GRUB_ENABLE_CRYPTODISK=y" >>/etc/default/grub
echo "GRUB_THEME=/boot/grub/themes/theme.txt" >>/etc/default/grub
/sbin/grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian
/sbin/update-grub
}
function setup_script() {
cp -f debian.sh $TARGET/usr/bin/
echo 'bash /usr/bin/debian.sh kernel-packages' >>$TARGET/setup.sh
echo "bash /usr/bin/debian.sh bootloader $1" >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh grub-snapshots' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh desktop' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh additional-software' >>$TARGET/setup.sh
echo 'bash /usr/bin/debian.sh btrfs-tweaks' >>$TARGET/setup.sh
chmod +x $TARGET/usr/bin/debian.sh
chmod +x $TARGET/setup.sh
chroot $TARGET /setup.sh
rm -f $TARGET/setup.sh
}
btrfs_filesytem() {
btrfs sub create $TARGET/@$ROOT_NAME
btrfs sub create $TARGET/@.snapshots
btrfs sub create $TARGET/@libvirt
btrfs sub create $TARGET/@home
btrfs sub create $TARGET/@root
btrfs sub create $TARGET/@postgres
btrfs sub create $TARGET/@containers
echo
echo "Binding BTRFS Root"
echo
umount $TARGET
mount -o $COMPRESSION,subvol=@$ROOT_NAME /dev/mapper/root $TARGET
}
mounts() {
echo
echo "Mounting......."
mount /dev/mapper/root $TARGET
btrfs_filesytem
mkdir -p $TARGET/boot
mount -t ext4 $BOOT $TARGET/boot
mkdir -p $TARGET/boot/efi
mount $EFI $TARGET/boot/efi
#CONFIGURE DATA DIRS (HOME)
mkdir $TARGET/home
mount -o subvol=@home /dev/mapper/root $TARGET/home
}
unmount() {
echo
echo "Unmounting....."
umount $TARGET/proc
umount $TARGET/dev
umount $TARGET/sys
umount $TARGET/boot
umount $TARGET/home
umount -R $TARGET/*
umount -R $TARGET
umount -R $TARGET
}
locale() {
echo "ln -sf /usr/share/zoneinfo/US/Mountain /etc/localtime" >>$TARGET/setup.sh
echo "hwclock --systohc" >>$TARGET/setup.sh
echo "en_US.UTF-8 UTF-8" >$TARGET/etc/locale.gen
echo "locale-gen" >>$TARGET/setup.sh
}
partitions() {
echo
echo "Setting Up Partitions....."
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root
unmount
echo
echo "Formatting $EFI"
echo
echo y | mkfs.vfat $EFI
echo "Formatting $BOOT"
echo y | mkfs.ext4 $BOOT
mounts
#Configure /etc/fstab
fstab
}
fstab() {
mkdir $TARGET/etc
echo "UUID=$(/sbin/blkid | grep ${BOOT} | cut -d '"' -f2) /boot ext4 defaults 0 1" >$TARGET/etc/fstab
echo "UUID=$(/sbin/blkid | grep ${EFI} | cut -d '"' -f4) /boot/efi vfat umask=0077 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root / btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@$ROOT_NAME 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /.snapshots btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@.snapshots 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /var/lib/libvirt btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@libvirt 0 1" >>$TARGET/etc/fstab
echo "tmpfs /var/log tmpfs defaults 0 0" >>$TARGET/etc/fstab
echo "tmpfs /var/tmp tmpfs defaults 0 0" >>$TARGET/etc/fstab
echo "tmpfs /var/cache tmpfs defaults 0 0" >>$TARGET/etc/fstab
echo "tmpfs /home/${USER}/.cache tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab
echo "tmpfs /home/${USER}/Downloads tmpfs rw,user,exec 0 0" >>$TARGET/etc/fstab
echo "/dev/mapper/root /home btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@home 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /root btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@root 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /var/lib/postgresql btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@postgres 0 1" >>$TARGET/etc/fstab
echo "/dev/mapper/root /var/lib/containers btrfs noatime,nodiratime,autodefrag,$COMPRESSION,subvol=@containers 0 1" >>$TARGET/etc/fstab
}
accounts() {
echo
echo "Set Password for $USER"
echo "useradd -m -s /bin/bash $USER" >>$TARGET/setup.sh
echo "echo \"$USER:$USER_PASSWORD\"| chpasswd " >>$TARGET/setup.sh
echo "gpasswd -a $USER wheel" >>$TARGET/setup.sh
echo "gpasswd -a $USER network" >>$TARGET/setup.sh
echo "gpasswd -a $USER video" >>$TARGET/setup.sh
echo "gpasswd -a $USER libvirt" >>$TARGET/setup.sh
echo "gpasswd -a $USER netdev" >>$TARGET/setup.sh
echo "$USER ALL=(ALL) ALL" >$TARGET/etc/sudoers
echo "root ALL=(ALL) ALL" >>$TARGET/etc/sudoers
echo
echo "Setting ROOT Password:"
echo "echo \"root:$ROOT_PASSWORD\"| chpasswd " >>$TARGET/setup.sh
echo "/usr/bin/hostnamectl hostname $ROOT_NAME" >>$TARGET/setup.sh
}
btrfs-tweaks() {
DISABLE_COW=("/var/lib/docker" "/var/lib/containers" "/var/lib/postgresql" "/var/lib/mysql" "/var/lib/libvirt");
for i in "${DISABLE_COW[@]}"
do
chattr -R +C $i
done
}
custom_service_files() {
echo "systemctl set-default graphical.target" >>$TARGET/setup.sh
echo "[Unit]" >$TARGET/etc/systemd/system/powertop.service
echo "Description=Powertop tunings" >>$TARGET/etc/systemd/system/powertop.service
echo "[Service]" >>$TARGET/etc/systemd/system/powertop.service
echo "Type=oneshot" >>$TARGET/etc/systemd/system/powertop.service
echo "ExecStart=/usr/sbin/powertop --auto-tune" >>$TARGET/etc/systemd/system/powertop.service
echo "[Install]" >>$TARGET/etc/systemd/system/powertop.service
echo "WantedBy=multi-user.target" >>$TARGET/etc/systemd/system/powertop.service
}
services() {
for i in "${SERVICES[@]}"
do
echo "systemctl enable $i" >>$TARGET/setup.sh
done
}
initialize-disk() {
parted /dev/$HARD_DISK mklabel gpt
parted /dev/$HARD_DISK mkpart primary fat32 1MiB 200MiB
parted /dev/$HARD_DISK mkpart primary ext3 200MiB 500MiB
parted /dev/$HARD_DISK set 1 esp on
parted /dev/$HARD_DISK mkpart P2 ext3 500MiB 100%
printf "$DISK_PASSWORD\n$DISK_PASSWORD" | cryptsetup luksFormat ${BTRFS}
printf "$DISK_PASSWORD" | cryptsetup open ${BTRFS} root
echo
echo "Formatting....."
echo y | mkfs.btrfs /dev/mapper/root --force
}
wifi() {
iwctl --passphrase $WIRELESS_PASSWORD station $WIRELESS_INTERFACE connect $SSID
}
show-help() {
echo
echo "debian.sh arguments:"
echo
echo "./debian.sh install [disk]"
echo "./debian.sh backup [device name] [home]"
echo "./debian.sh restore [disk] [backup name] [home]"
echo "./debian.sh chroot [disk]"
echo "./debian.sh wifi"
echo "./debian.sh bootloader [disk]"
echo "./debian.sh initialize [disk]"
echo "./debian.sh snapshot"
echo "./debian.sh reomve-snapshot"
echo "./debian.sh btrfs-tweaks"
echo
}
if [ "$1" = "install" ]; then
install "$2"
elif [ "$1" = "desktop" ]; then
desktop
elif [ "$1" = "kernel-packages" ]; then
kernel-packages
elif [ "$1" = "upgrade-system" ]; then
upgrade-system
elif [ "$1" = "additional-software" ]; then
additional-software
elif [ "$1" = "chroot" ]; then
enter_chroot
elif [ "$1" = "initialize" ]; then
initialize-disk
elif [ "$1" = "wifi" ]; then
wifi
elif [ "$1" = "flatpaks" ]; then
flatpaks
elif [ "$1" = "bootloader" ]; then
bootloader
elif [ "$1" = "snapshot" ]; then
snapshots
elif [ "$1" = "backup" ]; then
net-backup "$2" "$3"
elif [ "$1" = "grub-snapshots" ]; then
grub-snapshots
elif [ "$1" = "btrfs-tweaks" ]; then
btrfs-tweaks
elif [ "$1" = "restore" ]; then
net-restore "$2" "$3" "$4"
elif [ "$1" = "remove-snapshot" ]; then
remove-snapshots
elif [ "$1" = "help" ]; then
show-help
else
show-help
fi