#! /usr/bin/env sh ovh_rescue_configure() { local host="${1}" local release="bookworm" # apt / conf printf "\ Acquire::AllowInsecureRepositories False; Acquire::AllowWeakRepositories False; Acquire::AllowDowngradeToInsecureRepositories False; Acquire::Check-Valid-Until True; APT::Install-Recommends False; APT::Install-Suggests False; APT::Get::Show-Versions True; Dir::Etc::SourceParts \"\"; Dpkg::Progress True; " >"/etc/apt/apt.conf.d/apt.conf" # apt / sources printf "\ deb https://deb.debian.org/debian ${release} main non-free-firmware contrib non-free deb https://deb.debian.org/debian ${release}-backports main non-free-firmware contrib non-free deb https://deb.debian.org/debian ${release}-updates main non-free-firmware contrib non-free deb https://deb.debian.org/debian-security ${release}-security main non-free-firmware contrib non-free " >"/etc/apt/sources.list" # bash / rc main_link_bashrc # host name hostname "${host}" # locales printf "\ en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 " >"/etc/locale.gen" # generate locales locale-gen # update catalog apt-get update # debian_disable_frontend # install backports apt-get install --assume-yes \ --target-release "${release}-backports" \ "tmux" # clean cache apt_clean_cache # install packages apt-get install --assume-yes \ "byobu" \ "mosh" # clean cache apt_clean_cache } ovh_rescue_install() { local release="bookworm" # update catalog apt-get update # debian_disable_frontend # upgrade packages apt-get upgrade --assume-yes # apt_clean_cache # install packages apt-get install --assume-yes \ "file" "htop" "iotop" "lsof" "rsync" \ \ "parted" "mdadm" "cryptsetup-bin" "lvm2" \ "lshw" \ "micro" \ "exa" "ncdu" "nnn" "ranger" "tree" \ "squashfs-tools" \ "git" # clean cache apt_clean_cache # install backports apt-get install --assume-yes \ --target-release "${release}-backports" \ "grub-pc-bin" \ \ "grub-efi-amd64-bin" # clean cache apt_clean_cache } ovh_rescue_upload() { local host="${1}" if [ "${host}" ]; then local user="root" # local user_host="${user}@${host}" # remove fingerprints ssh-keygen -R "${host}" # copy ssh id ssh-copy-id \ -o "StrictHostKeyChecking=accept-new" \ "${user_host}" # upload root rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" # call setup # TODO variable ssh "${user_host}" -- \ "source \"/etc/bash/main.sh\" ; ovh_rescue_configure \"${host}\"" # create session ssh "${user_host}" -- byobu new-session -d # send keys ssh "${user_host}" -- byobu send-keys "ovh-rescue-install" "C-m" # attach session mosh "${user_host}" -- byobu attach-session else echo "Host?" return 1 fi } ovh_rescue_wipe_1_2TB() { local device="/dev/sda" local unit="mib" # lsblk printf "%s" "WIPE ${device} /?\\ OR CANCEL /!\\" read -r # parted "${device}" --script mktable gpt # parted "${device}" unit "${unit}" mkpart "crypt" 65795 1907729 # parted "${device}" unit "${unit}" mkpart "boot" 259 65795 # parted "${device}" unit "${unit}" mkpart "esp" 2 259 parted "${device}" set 3 esp on # parted "${device}" unit "${unit}" mkpart bios 1 2 parted "${device}" set 4 bios_grub on # wipe bios dd if="/dev/zero" of="/dev/sda4" # format esp mkfs.vfat -F 32 -n "esp" "/dev/sda3" # format boot mkfs.ext4 -F -L "boot" "/dev/sda2" # read passphrase local passphrase printf "PassPhrase: " read -r -s passphrase # encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type "luks2" \ --pbkdf "argon2id" \ --cipher "aes-xts-plain64" \ --iter-time 8192 \ --key-size 512 \ --hash "sha512" \ --use-random \ luksFormat \ "/dev/sda1" # open echo "${passphrase}" | cryptsetup luksOpen "/dev/sda1" "crypt" # pv pvcreate "/dev/mapper/crypt" # vg vgcreate "crypt" "/dev/mapper/crypt" # lv swap lvcreate --name "swap" --size "68719476736b" "crypt" # lv data lvcreate --name "data" --extents "100%FREE" "crypt" # format swap mkswap --label "swap" "/dev/mapper/crypt-swap" # format data mkfs.ext4 -L "data" "/dev/mapper/crypt-data" # vg off vgchange --activate "n" "crypt" # close cryptsetup luksClose "crypt" }