From 90b5440f138c0d9281e5a47af00e975decc7522d Mon Sep 17 00:00:00 2001 From: Marc Beninca Date: Mon, 2 Oct 2023 17:30:04 +0200 Subject: [PATCH] hetzner/cp --- bash/hetzner-rescue.sh | 179 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) create mode 100644 bash/hetzner-rescue.sh diff --git a/bash/hetzner-rescue.sh b/bash/hetzner-rescue.sh new file mode 100644 index 0000000..bcd66c4 --- /dev/null +++ b/bash/hetzner-rescue.sh @@ -0,0 +1,179 @@ +function ovh-rescue-configure { +local host="${1}" + local packages=( + 'byobu' 'mosh' + ) + # apt / conf + echo -n "\ +Acquire::AllowInsecureRepositories False; +Acquire::AllowWeakRepositories False; +Acquire::AllowDowngradeToInsecureRepositories False; +Acquire::Check-Valid-Until True; +APT::Install-Recommends False; +APT::Install-Suggests False; +APT::Get::Show-Versions True; +Dir::Etc::SourceParts ''; +Dpkg::Progress True; +" > '/etc/apt/apt.conf' + # apt / sources + echo -n "\ +deb https://deb.debian.org/debian buster main contrib non-free +deb https://deb.debian.org/debian buster-backports main contrib non-free +deb https://deb.debian.org/debian buster-updates main contrib non-free +deb https://deb.debian.org/debian-security buster/updates main contrib non-free +" > '/etc/apt/sources.list' + # bash / rc + main_link_bashrc + # host name + hostname "${host}" + # locales + echo -n "\ +en_US.UTF-8 UTF-8 +fr_FR.UTF-8 UTF-8 +" > '/etc/locale.gen' + # fix alias + rm --force '/usr/share/locale/locale.alias' + ln --symbolic '/etc/locale.alias' '/usr/share/locale/locale.alias' + # generate locales + locale-gen + # update catalog + apt-get update + # + debian_disable_frontend + # install packages + apt-get install --assume-yes "${packages[@]}" + # + apt_clean_cache +} + +function ovh-rescue-install { + local release='buster' + local packages=( + # installed + 'parted' 'mdadm' 'lvm2' + # install + 'lshw' + 'file' 'micro' + 'grub-efi-amd64-bin' 'grub-pc-bin' + 'htop' 'iotop' 'lsof' + 'exa' 'ncdu' 'nnn' 'ranger' 'tree' + 'squashfs-tools' + 'uuid-runtime' + ) + local backports=( + # installed + 'cryptsetup-bin' 'rsync' + # install + 'git' + ) + # update catalog + apt-get update + # + debian_disable_frontend + # upgrade packages + apt-get upgrade --assume-yes + # + apt_clean_cache + # install packages + apt-get install --assume-yes "${packages[@]}" + # + apt_clean_cache + # install backports + apt-get install --assume-yes \ + --target-release "${release}-backports" "${backports[@]}" + # + apt_clean_cache +} + +function ovh-rescue-upload { +local host="${1}" +if [ "${host}" ] ; then + local user='root' + # + local user_host="${user}@${host}" + # remove fingerprints + ssh-keygen -R "${host}" + # copy ssh id + ssh-copy-id \ + -o 'StrictHostKeyChecking=accept-new' \ + "${user_host}" + # upload root + rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" + # call setup + # TODO variable + ssh "${user_host}" -- "source '/etc/bash/main.sh' ; ovh-rescue-configure '${host}'" + # create session + ssh "${user_host}" -- byobu new-session -d + # send keys + ssh "${user_host}" -- byobu send-keys 'ovh-rescue-install' 'C-m' + # attach session + mosh "${user_host}" -- byobu attach-session +else + echo 'Host?' + return 1 +fi +} + +function ovh-rescue-wipe-1-2TB { + local device='/dev/sda' + local unit='mib' + # + lsblk + echo -n 'WIPE' "${device}" '/?\ OR CANCEL /!\' + read + # + parted "${device}" --script mktable gpt + # + parted "${device}" unit "${unit}" mkpart 'crypt' 65795 1907729 + # + parted "${device}" unit "${unit}" mkpart 'boot' 259 65795 + # + parted "${device}" unit "${unit}" mkpart 'esp' 2 259 + parted "${device}" set 3 esp on + # + parted "${device}" unit "${unit}" mkpart bios 1 2 + parted "${device}" set 4 bios_grub on + # wipe bios + dd if='/dev/zero' of='/dev/sda4' + # format esp + mkfs.vfat -F 32 -n 'esp' '/dev/sda3' + # format boot + mkfs.ext4 -F -L 'boot' '/dev/sda2' + # read passphrase + local passphrase + echo -n 'PassPhrase: ' + read -r -s passphrase + # encrypt + echo "${passphrase}" \ + | cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/sda1' + # open + echo "${passphrase}" \ + | cryptsetup luksOpen '/dev/sda1' 'crypt' + # pv + pvcreate '/dev/mapper/crypt' + # vg + vgcreate 'crypt' '/dev/mapper/crypt' + # lv swap + lvcreate --name 'swap' --size '68719476736b' 'crypt' + # lv data + lvcreate --name 'data' --extents '100%FREE' 'crypt' + # format swap + mkswap --label 'swap' '/dev/mapper/crypt-swap' + # format data + mkfs.ext4 -L 'data' '/dev/mapper/crypt-data' + # vg off + vgchange --activate n 'crypt' + # close + cryptsetup luksClose 'crypt' +}