diff --git a/bash/rescue-hetzner.sh b/bash/rescue-hetzner.sh index 676568d..d170c95 100644 --- a/bash/rescue-hetzner.sh +++ b/bash/rescue-hetzner.sh @@ -1,10 +1,10 @@ rescue_hetzner_configure() { -local hostname="${1}" + local hostname="${1}" local package local packages=( - 'mosh' - 'screen' 'tmux' 'byobu' - 'apt-file' + 'mosh' + 'screen' 'tmux' 'byobu' + 'apt-file' ) # apt / conf echo -n "\ @@ -17,14 +17,14 @@ APT::Install-Suggests False; APT::Get::Show-Versions True; Dir::Etc::SourceParts ''; Dpkg::Progress True; -" > '/etc/apt/apt.conf' +" >'/etc/apt/apt.conf' # apt / sources echo -n "\ deb https://deb.debian.org/debian bookworm main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-backports main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-updates main non-free-firmware contrib non-free deb https://deb.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free -" > '/etc/apt/sources.list' +" >'/etc/apt/sources.list' # bash / rc main_link_bashrc mv .bashrc .bashrc.old @@ -34,7 +34,7 @@ deb https://deb.debian.org/debian-security bookworm-security main non-free-firmw echo -n "\ en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 -" > '/etc/locale.gen' +" >'/etc/locale.gen' # generate locales locale-gen # update catalog @@ -42,11 +42,12 @@ fr_FR.UTF-8 UTF-8 # debian_disable_frontend # install packages - for package in "${packages[@]}" ; do - echo ; echo "${package}" + for package in "${packages[@]}"; do + echo + echo "${package}" apt-get install \ - --assume-yes \ - "${package}" + --assume-yes \ + "${package}" apt_clean_cache done # update catalog @@ -57,19 +58,19 @@ rescue_hetzner_install() { local package local release='bookworm' local packages=( - # installed - 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' - 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' - 'btrfs-progs' 'dosfstools' - 'git' 'nano' 'python3' 'rsync' 'vim' - 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' - # install - 'lshw' - 'duperemove' 'squashfs-tools' - 'grub-efi-amd64-bin' 'grub-pc-bin' - 'libdigest-sha3-perl' 'micro' - 'iotop' - 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' + # installed + 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' + 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' + 'btrfs-progs' 'dosfstools' + 'git' 'nano' 'python3' 'rsync' 'vim' + 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' + # install + 'lshw' + 'duperemove' 'squashfs-tools' + 'grub-efi-amd64-bin' 'grub-pc-bin' + 'libdigest-sha3-perl' 'micro' + 'iotop' + 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' ) local backports=( ) @@ -82,20 +83,22 @@ rescue_hetzner_install() { # apt_clean_cache # install packages - for package in "${packages[@]}" ; do - echo ; echo "${package}" + for package in "${packages[@]}"; do + echo + echo "${package}" apt-get install \ - --assume-yes \ - "${package}" + --assume-yes \ + "${package}" apt_clean_cache done # install backports - for package in "${backports[@]}" ; do - echo ; echo "${package}" + for package in "${backports[@]}"; do + echo + echo "${package}" apt-get install \ - --assume-yes \ - --target-release "${release}-backports" \ - "${package}" + --assume-yes \ + --target-release "${release}-backports" \ + "${package}" apt_clean_cache done } @@ -103,7 +106,7 @@ rescue_hetzner_install() { rescue_hetzner_upload() { local host="${1}" local hostname="${2}" - if [ "${hostname}" ] ; then + if [ "${hostname}" ]; then local user='root' # local user_host="${user}@${host}" @@ -111,8 +114,8 @@ rescue_hetzner_upload() { ssh-keygen -R "${host}" # copy ssh id ssh-copy-id \ - -o 'StrictHostKeyChecking=accept-new' \ - "${user_host}" + -o 'StrictHostKeyChecking=accept-new' \ + "${user_host}" # upload root rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" # call setup @@ -149,131 +152,139 @@ rescue_hetzner_wipe_8_8_0_init() { read # number=0 - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do ((number++)) - echo ; echo "#${number}: ${device}" + echo + echo "#${number}: ${device}" # - parted "${device}" --script mktable gpt + parted "${device}" --script \ + mktable gpt # - parted "${device}" unit "${unit}" \ - mkpart "crypt-${number}" 33282 7630885 + parted "${device}" \ + unit "${unit}" mkpart "crypt-${number}" 33282 7630885 # - parted "${device}" unit "${unit}" \ - mkpart "boot-${number}" 514 33282 + parted "${device}" \ + unit "${unit}" mkpart "boot-${number}" 514 33282 # - parted "${device}" unit "${unit}" \ - mkpart "esp-${number}" 2 514 - parted "${device}" set 3 esp on + parted "${device}" \ + unit "${unit}" mkpart "esp-${number}" 2 514 + parted "${device}" \ + set 3 esp on # - parted "${device}" unit "${unit}" \ - mkpart "bios-${number}" 1 2 - parted "${device}" set 4 bios_grub on + parted "${device}" \ + unit "${unit}" mkpart "bios-${number}" 1 2 + parted "${device}" \ + set 4 bios_grub on done # number=0 - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do ((number++)) - echo ; echo "#${number}: ${device}4" + echo + echo "#${number}: ${device}4" # wipe bios dd \ - if='/dev/zero' of="${device}4" + if='/dev/zero' of="${device}4" done # number=0 - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do ((number++)) - echo ; echo "#${number}: ${device}3" + echo + echo "#${number}: ${device}3" # format esp dd \ - if='/dev/zero' of="${device}3" bs='1M' + if='/dev/zero' of="${device}3" bs='1M' mkfs.vfat \ - -F 32 \ - -S 4096 \ - -i "0000000${number}" \ - -n "esp-${number}" \ - "${device}3" + -F 32 \ + -S 4096 \ + -i "0000000${number}" \ + -n "esp-${number}" \ + "${device}3" # mount esp mkdir --parents "/media/esp/${number}" mount "${device}3" "/media/esp/${number}" done # number=0 - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do ((number++)) - echo ; echo "#${number}: ${device}2" + echo + echo "#${number}: ${device}2" # wipe boot dd status='progress' \ - if='/dev/zero' of="${device}2" bs='1G' count=1 + if='/dev/zero' of="${device}2" bs='1G' count=1 done # members=() - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do members+=("${device}2") done mdadm \ - --create '/dev/md/boot' \ - --level 0 \ - --metadata 1 \ - --name 'md:boot' \ - --raid-devices ${#devices[@]} \ - --uuid '00000000:00000000:00000000:00000002' \ - "${members[@]}" + --create '/dev/md/boot' \ + --level 0 \ + --metadata 1 \ + --name 'md:boot' \ + --raid-devices ${#devices[@]} \ + --uuid '00000000:00000000:00000000:00000002' \ + "${members[@]}" # mkfs.btrfs --force \ - --checksum 'sha256' \ - --label 'boot' \ - --uuid '00000000-0000-0000-0000-00000000000b' \ - '/dev/md/boot' + --checksum 'sha256' \ + --label 'boot' \ + --uuid '00000000-0000-0000-0000-00000000000b' \ + '/dev/md/boot' # mount boot mkdir --parents '/media/boot' mount \ - --options 'autodefrag,compress-force=zstd' \ - '/dev/md/boot' '/media/boot' + --options 'autodefrag,compress-force=zstd' \ + '/dev/md/boot' '/media/boot' # number=0 - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do ((number++)) - echo ; echo "#${number}: ${device}1" + echo + echo "#${number}: ${device}1" # wipe crypt head dd status='progress' \ - if='/dev/zero' of="${device}1" bs='1G' count=1 + if='/dev/zero' of="${device}1" bs='1G' count=1 done # members=() - for device in "${devices[@]}" ; do + for device in "${devices[@]}"; do members+=("${device}1") done mdadm \ - --create '/dev/md/crypt' \ - --level 0 \ - --metadata 1 \ - --name 'md:crypt' \ - --raid-devices ${#devices[@]} \ - --uuid '00000000:00000000:00000000:00000001' \ - "${members[@]}" + --create '/dev/md/crypt' \ + --level 0 \ + --metadata 1 \ + --name 'md:crypt' \ + --raid-devices ${#devices[@]} \ + --uuid '00000000:00000000:00000000:00000001' \ + "${members[@]}" # encrypt - echo "${passphrase}" \ - | cryptsetup \ - --verbose \ - --batch-mode \ - --type 'luks2' \ - --pbkdf 'argon2id' \ - --cipher 'aes-xts-plain64' \ - --iter-time 8192 \ - --key-size 512 \ - --hash 'sha512' \ - --use-random \ - luksFormat \ - '/dev/md/crypt' + echo "${passphrase}" | + cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/md/crypt' # open - echo "${passphrase}" \ - | cryptsetup luksOpen '/dev/md/crypt' 'crypt' + echo "${passphrase}" | + cryptsetup luksOpen '/dev/md/crypt' 'crypt' } rescue_hetzner_wipe_8_8_1_zero() { # wipe crypt dd status='progress' \ - if='/dev/zero' of='/dev/mapper/crypt' bs='8G' + if='/dev/zero' of='/dev/mapper/crypt' bs='8G' } rescue_hetzner_wipe_8_8_2_make() { @@ -284,43 +295,43 @@ rescue_hetzner_wipe_8_8_2_make() { echo -n 'PassPhrase: ' read -r -s passphrase # encrypt - echo "${passphrase}" \ - | cryptsetup \ - --verbose \ - --batch-mode \ - --type 'luks2' \ - --pbkdf 'argon2id' \ - --cipher 'aes-xts-plain64' \ - --iter-time 8192 \ - --key-size 512 \ - --hash 'sha512' \ - --use-random \ - luksFormat \ - '/dev/md/crypt' + echo "${passphrase}" | + cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/md/crypt' # open - echo "${passphrase}" \ - | cryptsetup luksOpen '/dev/md/crypt' 'crypt' + echo "${passphrase}" | + cryptsetup luksOpen '/dev/md/crypt' 'crypt' # format crypt mkfs.btrfs --force \ - --checksum 'sha256' \ - --label 'crypt' \ - --uuid '00000000-0000-0000-0000-00000000000c' \ - '/dev/mapper/crypt' + --checksum 'sha256' \ + --label 'crypt' \ + --uuid '00000000-0000-0000-0000-00000000000c' \ + '/dev/mapper/crypt' # mount crypt mkdir --parents '/media/crypt' mount \ - --options 'autodefrag,compress-force=zstd' \ - '/dev/mapper/crypt' '/media/crypt' + --options 'autodefrag,compress-force=zstd' \ + '/dev/mapper/crypt' '/media/crypt' # make swap file btrfs filesystem mkswapfile \ - --size '64g' \ - --uuid '00000000-0000-0000-0000-000000000005' \ - '/media/crypt/swap' + --size '64g' \ + --uuid '00000000-0000-0000-0000-000000000005' \ + '/media/crypt/swap' } rescue_hetzner_wipe_8_8_3_close() { umount '/media/boot' # - umount '/media/crypt' \ - && cryptsetup luksClose 'crypt' + umount '/media/crypt' && + cryptsetup luksClose 'crypt' }