diff --git a/bash/rescue-hetzner.sh b/bash/rescue-hetzner.sh index dcbab30..49ad0a5 100644 --- a/bash/rescue-hetzner.sh +++ b/bash/rescue-hetzner.sh @@ -1,13 +1,13 @@ rescue_hetzner_configure() { local hostname="${1}" - local package - local packages=( - 'mosh' - 'screen' 'tmux' 'byobu' - 'apt-file' - ) - # apt / conf - echo -n "\ + local package + local packages=( + 'mosh' + 'screen' 'tmux' 'byobu' + 'apt-file' + ) + # apt / conf + echo -n "\ Acquire::AllowInsecureRepositories False; Acquire::AllowWeakRepositories False; Acquire::AllowDowngradeToInsecureRepositories False; @@ -18,309 +18,309 @@ APT::Get::Show-Versions True; Dir::Etc::SourceParts ''; Dpkg::Progress True; " > '/etc/apt/apt.conf' - # apt / sources - echo -n "\ + # apt / sources + echo -n "\ deb https://deb.debian.org/debian bookworm main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-backports main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-updates main non-free-firmware contrib non-free deb https://deb.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free " > '/etc/apt/sources.list' - # bash / rc - main_link_bashrc - mv .bashrc .bashrc.old - # host name - hostname "${hostname}" - # locales - echo -n "\ + # bash / rc + main_link_bashrc + mv .bashrc .bashrc.old + # host name + hostname "${hostname}" + # locales + echo -n "\ en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 " > '/etc/locale.gen' - # generate locales - locale-gen - # update catalog - apt-get update - # - debian_disable_frontend - # install packages - for package in "${packages[@]}" ; do - echo ; echo "${package}" - apt-get install \ - --assume-yes \ - "${package}" - apt_clean_cache - done - # update catalog - apt-get update + # generate locales + locale-gen + # update catalog + apt-get update + # + debian_disable_frontend + # install packages + for package in "${packages[@]}" ; do + echo ; echo "${package}" + apt-get install \ + --assume-yes \ + "${package}" + apt_clean_cache + done + # update catalog + apt-get update } rescue_hetzner_install() { - local package - local release='bookworm' - local packages=( - # installed - 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' - 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' - 'btrfs-progs' 'dosfstools' - 'git' 'nano' 'python3' 'rsync' 'vim' - 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' - # install - 'lshw' - 'duperemove' 'squashfs-tools' - 'grub-efi-amd64-bin' 'grub-pc-bin' - 'libdigest-sha3-perl' 'micro' - 'iotop' - 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' - ) - local backports=( - ) - # update catalog - apt-get update - # - debian_disable_frontend - # upgrade packages - apt-get upgrade --assume-yes - # - apt_clean_cache - # install packages - for package in "${packages[@]}" ; do - echo ; echo "${package}" - apt-get install \ - --assume-yes \ - "${package}" - apt_clean_cache - done - # install backports - for package in "${backports[@]}" ; do - echo ; echo "${package}" - apt-get install \ - --assume-yes \ - --target-release "${release}-backports" \ - "${package}" - apt_clean_cache - done + local package + local release='bookworm' + local packages=( + # installed + 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' + 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' + 'btrfs-progs' 'dosfstools' + 'git' 'nano' 'python3' 'rsync' 'vim' + 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' + # install + 'lshw' + 'duperemove' 'squashfs-tools' + 'grub-efi-amd64-bin' 'grub-pc-bin' + 'libdigest-sha3-perl' 'micro' + 'iotop' + 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' + ) + local backports=( + ) + # update catalog + apt-get update + # + debian_disable_frontend + # upgrade packages + apt-get upgrade --assume-yes + # + apt_clean_cache + # install packages + for package in "${packages[@]}" ; do + echo ; echo "${package}" + apt-get install \ + --assume-yes \ + "${package}" + apt_clean_cache + done + # install backports + for package in "${backports[@]}" ; do + echo ; echo "${package}" + apt-get install \ + --assume-yes \ + --target-release "${release}-backports" \ + "${package}" + apt_clean_cache + done } rescue_hetzner_upload() { local host="${1}" local hostname="${2}" if [ "${hostname}" ] ; then - local user='root' - # - local user_host="${user}@${host}" - # remove fingerprints - ssh-keygen -R "${host}" - # copy ssh id - ssh-copy-id \ - -o 'StrictHostKeyChecking=accept-new' \ - "${user_host}" - # upload root - rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" - # call setup - # TODO variable - ssh "${user_host}" -- "source '/etc/bash/main.sh' ; rescue_hetzner_configure '${hostname}'" - # create session - ssh "${user_host}" -- byobu new-session -d - # send keys - ssh "${user_host}" -- byobu send-keys 'rescue_hetzner_install' 'C-m' - # attach session - mosh "${user_host}" -- byobu attach-session + local user='root' + # + local user_host="${user}@${host}" + # remove fingerprints + ssh-keygen -R "${host}" + # copy ssh id + ssh-copy-id \ + -o 'StrictHostKeyChecking=accept-new' \ + "${user_host}" + # upload root + rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" + # call setup + # TODO variable + ssh "${user_host}" -- "source '/etc/bash/main.sh' ; rescue_hetzner_configure '${hostname}'" + # create session + ssh "${user_host}" -- byobu new-session -d + # send keys + ssh "${user_host}" -- byobu send-keys 'rescue_hetzner_install' 'C-m' + # attach session + mosh "${user_host}" -- byobu attach-session else - echo 'Host?' - return 1 + echo 'Host?' + return 1 fi } rescue_hetzner_wipe_8_8_0_init() { - local device - local devices=( - '/dev/sda' - '/dev/sdb' - ) - local members - local number - local passphrase - local unit='mib' - # read passphrase - echo -n 'PassPhrase: ' - read -r -s passphrase - # - lsblk - echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' - read - # - number=0 - for device in "${devices[@]}" ; do - ((number++)) - echo ; echo "#${number}: ${device}" - # - parted "${device}" --script mktable gpt - # - parted "${device}" unit "${unit}" \ - mkpart "crypt-${number}" 33282 7630885 - # - parted "${device}" unit "${unit}" \ - mkpart "boot-${number}" 514 33282 - # - parted "${device}" unit "${unit}" \ - mkpart "esp-${number}" 2 514 - parted "${device}" set 3 esp on - # - parted "${device}" unit "${unit}" \ - mkpart "bios-${number}" 1 2 - parted "${device}" set 4 bios_grub on - done - # - number=0 - for device in "${devices[@]}" ; do - ((number++)) - echo ; echo "#${number}: ${device}4" - # wipe bios - dd \ - if='/dev/zero' of="${device}4" - done - # - number=0 - for device in "${devices[@]}" ; do - ((number++)) - echo ; echo "#${number}: ${device}3" - # format esp - dd \ - if='/dev/zero' of="${device}3" bs='1M' - mkfs.vfat \ - -F 32 \ - -S 4096 \ - -i "0000000${number}" \ - -n "esp-${number}" \ - "${device}3" - # mount esp - mkdir --parents "/media/esp/${number}" - mount "${device}3" "/media/esp/${number}" - done - # - number=0 - for device in "${devices[@]}" ; do - ((number++)) - echo ; echo "#${number}: ${device}2" - # wipe boot - dd status='progress' \ - if='/dev/zero' of="${device}2" bs='1G' count=1 - done - # - members=() - for device in "${devices[@]}" ; do - members+=("${device}2") - done - mdadm \ - --create '/dev/md/boot' \ - --level 0 \ - --metadata 1 \ - --name 'md:boot' \ - --raid-devices ${#devices[@]} \ - --uuid '00000000:00000000:00000000:00000002' \ - "${members[@]}" - # - mkfs.btrfs --force \ - --checksum 'sha256' \ - --label 'boot' \ - --uuid '00000000-0000-0000-0000-00000000000b' \ - '/dev/md/boot' - # mount boot - mkdir --parents '/media/boot' - mount \ - --options 'autodefrag,compress-force=zstd' \ - '/dev/md/boot' '/media/boot' - # - number=0 - for device in "${devices[@]}" ; do - ((number++)) - echo ; echo "#${number}: ${device}1" - # wipe crypt head - dd status='progress' \ - if='/dev/zero' of="${device}1" bs='1G' count=1 - done - # - members=() - for device in "${devices[@]}" ; do - members+=("${device}1") - done - mdadm \ - --create '/dev/md/crypt' \ - --level 0 \ - --metadata 1 \ - --name 'md:crypt' \ - --raid-devices ${#devices[@]} \ - --uuid '00000000:00000000:00000000:00000001' \ - "${members[@]}" - # encrypt - echo "${passphrase}" \ - | cryptsetup \ - --verbose \ - --batch-mode \ - --type 'luks2' \ - --pbkdf 'argon2id' \ - --cipher 'aes-xts-plain64' \ - --iter-time 8192 \ - --key-size 512 \ - --hash 'sha512' \ - --use-random \ - luksFormat \ - '/dev/md/crypt' - # open - echo "${passphrase}" \ - | cryptsetup luksOpen '/dev/md/crypt' 'crypt' + local device + local devices=( + '/dev/sda' + '/dev/sdb' + ) + local members + local number + local passphrase + local unit='mib' + # read passphrase + echo -n 'PassPhrase: ' + read -r -s passphrase + # + lsblk + echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' + read + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}" + # + parted "${device}" --script mktable gpt + # + parted "${device}" unit "${unit}" \ + mkpart "crypt-${number}" 33282 7630885 + # + parted "${device}" unit "${unit}" \ + mkpart "boot-${number}" 514 33282 + # + parted "${device}" unit "${unit}" \ + mkpart "esp-${number}" 2 514 + parted "${device}" set 3 esp on + # + parted "${device}" unit "${unit}" \ + mkpart "bios-${number}" 1 2 + parted "${device}" set 4 bios_grub on + done + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}4" + # wipe bios + dd \ + if='/dev/zero' of="${device}4" + done + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}3" + # format esp + dd \ + if='/dev/zero' of="${device}3" bs='1M' + mkfs.vfat \ + -F 32 \ + -S 4096 \ + -i "0000000${number}" \ + -n "esp-${number}" \ + "${device}3" + # mount esp + mkdir --parents "/media/esp/${number}" + mount "${device}3" "/media/esp/${number}" + done + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}2" + # wipe boot + dd status='progress' \ + if='/dev/zero' of="${device}2" bs='1G' count=1 + done + # + members=() + for device in "${devices[@]}" ; do + members+=("${device}2") + done + mdadm \ + --create '/dev/md/boot' \ + --level 0 \ + --metadata 1 \ + --name 'md:boot' \ + --raid-devices ${#devices[@]} \ + --uuid '00000000:00000000:00000000:00000002' \ + "${members[@]}" + # + mkfs.btrfs --force \ + --checksum 'sha256' \ + --label 'boot' \ + --uuid '00000000-0000-0000-0000-00000000000b' \ + '/dev/md/boot' + # mount boot + mkdir --parents '/media/boot' + mount \ + --options 'autodefrag,compress-force=zstd' \ + '/dev/md/boot' '/media/boot' + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}1" + # wipe crypt head + dd status='progress' \ + if='/dev/zero' of="${device}1" bs='1G' count=1 + done + # + members=() + for device in "${devices[@]}" ; do + members+=("${device}1") + done + mdadm \ + --create '/dev/md/crypt' \ + --level 0 \ + --metadata 1 \ + --name 'md:crypt' \ + --raid-devices ${#devices[@]} \ + --uuid '00000000:00000000:00000000:00000001' \ + "${members[@]}" + # encrypt + echo "${passphrase}" \ + | cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/md/crypt' + # open + echo "${passphrase}" \ + | cryptsetup luksOpen '/dev/md/crypt' 'crypt' } rescue_hetzner_wipe_8_8_1_zero() { - # wipe crypt - dd status='progress' \ - if='/dev/zero' of='/dev/mapper/crypt' bs='8G' + # wipe crypt + dd status='progress' \ + if='/dev/zero' of='/dev/mapper/crypt' bs='8G' } rescue_hetzner_wipe_8_8_2_make() { - local passphrase - # close - cryptsetup luksClose 'crypt' - # read passphrase - echo -n 'PassPhrase: ' - read -r -s passphrase - # encrypt - echo "${passphrase}" \ - | cryptsetup \ - --verbose \ - --batch-mode \ - --type 'luks2' \ - --pbkdf 'argon2id' \ - --cipher 'aes-xts-plain64' \ - --iter-time 8192 \ - --key-size 512 \ - --hash 'sha512' \ - --use-random \ - luksFormat \ - '/dev/md/crypt' - # open - echo "${passphrase}" \ - | cryptsetup luksOpen '/dev/md/crypt' 'crypt' - # format crypt - mkfs.btrfs --force \ - --checksum 'sha256' \ - --label 'crypt' \ - --uuid '00000000-0000-0000-0000-00000000000c' \ - '/dev/mapper/crypt' - # mount crypt - mkdir --parents '/media/crypt' - mount \ - --options 'autodefrag,compress-force=zstd' \ - '/dev/mapper/crypt' '/media/crypt' - # make swap file - btrfs filesystem mkswapfile \ - --size '64g' \ - --uuid '00000000-0000-0000-0000-000000000005' \ - '/media/crypt/swap' + local passphrase + # close + cryptsetup luksClose 'crypt' + # read passphrase + echo -n 'PassPhrase: ' + read -r -s passphrase + # encrypt + echo "${passphrase}" \ + | cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/md/crypt' + # open + echo "${passphrase}" \ + | cryptsetup luksOpen '/dev/md/crypt' 'crypt' + # format crypt + mkfs.btrfs --force \ + --checksum 'sha256' \ + --label 'crypt' \ + --uuid '00000000-0000-0000-0000-00000000000c' \ + '/dev/mapper/crypt' + # mount crypt + mkdir --parents '/media/crypt' + mount \ + --options 'autodefrag,compress-force=zstd' \ + '/dev/mapper/crypt' '/media/crypt' + # make swap file + btrfs filesystem mkswapfile \ + --size '64g' \ + --uuid '00000000-0000-0000-0000-000000000005' \ + '/media/crypt/swap' } rescue_hetzner_wipe_8_8_3_close() { - umount '/media/boot' - # - umount '/media/crypt' \ - && cryptsetup luksClose 'crypt' + umount '/media/boot' + # + umount '/media/crypt' \ + && cryptsetup luksClose 'crypt' }