#! /usr/bin/env sh ovh_rescue_configure() { local hostname="${1}" local release="bookworm" local package # apt / conf printf "\ Acquire::AllowInsecureRepositories False; Acquire::AllowWeakRepositories False; Acquire::AllowDowngradeToInsecureRepositories False; Acquire::Check-Valid-Until True; APT::Install-Recommends False; APT::Install-Suggests False; APT::Get::Show-Versions True; Dir::Etc::SourceParts \"\"; Dpkg::Progress True; " >"/etc/apt/apt.conf.d/apt.conf" # apt / sources printf "%s" "\ deb https://deb.debian.org/debian \ ${release} main non-free-firmware contrib non-free deb https://deb.debian.org/debian \ ${release}-backports main non-free-firmware contrib non-free deb https://deb.debian.org/debian \ ${release}-updates main non-free-firmware contrib non-free deb https://deb.debian.org/debian-security \ ${release}-security main non-free-firmware contrib non-free " >"/etc/apt/sources.list" # bash / rc main_link_bashrc mv .bashrc .bashrc.old # host name hostname "${hostname}" # locales printf "\ en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 " >"/etc/locale.gen" # generate locales locale-gen # update catalog apt-get update # disable frontend debian_disable_frontend # install backports set "tmux" for package in "${@}"; do echo echo "${package}" apt-get install --assume-yes \ --target-release "${release}-backports" \ "${package}" apt_clean_cache done # install packages set "apt-file" "mosh" "byobu" for package in "${@}"; do echo echo "${package}" apt-get install --assume-yes \ "${package}" apt_clean_cache done # update catalog apt-get update } ovh_rescue_install() { local package local release="bookworm" # update catalog apt-get update # disable frontend debian_disable_frontend # upgrade packages apt-get upgrade --assume-yes # clean cache apt_clean_cache # install packages set \ "man-db" \ "dmidecode" "efibootmgr" "lshw" "pciutils" "usbutils" \ "parted" "mdadm" "cryptsetup-bin" "lvm2" \ "btrfs-progs" "dosfstools" "duperemove" "squashfs-tools" \ "git" "micro" "nano" "python3" "rsync" "vim" \ "exa" "lf" "ncdu" "nnn" "ranger" "tree" \ "file" "htop" "iotop" "ipcalc" "libdigest-sha3-perl" "lsof" for package in "${@}"; do echo echo "${package}" apt-get install --assume-yes \ "${package}" apt_clean_cache done # install backports set \ "grub-pc-bin" \ \ "grub-efi-amd64-bin" for package in "${@}"; do echo echo "${package}" apt-get install --assume-yes \ --target-release "${release}-backports" \ "${package}" apt_clean_cache done } ovh_rescue_upload() { local host="${1}" local hostname="${2}" if [ "${hostname}" ]; then local user="root" # local user_host="${user}@${host}" # remove fingerprints ssh-keygen -R "${host}" # copy ssh id ssh-copy-id \ -o "StrictHostKeyChecking=accept-new" \ "${user_host}" # upload root rsync --delete --recursive \ "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" # call setup # TODO variable ssh "${user_host}" -- "\ source \"/etc/bash/main.sh\" ; ovh_rescue_configure \"${hostname}\"" # create session ssh "${user_host}" -- byobu new-session -d # send keys ssh "${user_host}" -- byobu send-keys "ovh_rescue_install" "C-m" # attach session mosh "${user_host}" -- byobu attach-session else echo "Host?" return 1 fi } ovh_rescue_wipe_vle2_0_init() { local device="/dev/sdb" local passphrase local unit="mib" # read passphrase printf "PassPhrase: " read -r -s passphrase # warn lsblk printf "%s" "WIPE ${device} /?\\ OR CANCEL /!\\" read -r # parted "${device}" --script mktable gpt # parted "${device}" unit "${unit}" mkpart "crypt" 4610 40960 # parted "${device}" unit "${unit}" mkpart "boot" 514 4610 # parted "${device}" unit "${unit}" mkpart "esp" 2 514 parted "${device}" set 3 esp on # parted "${device}" unit "${unit}" mkpart bios 1 2 parted "${device}" set 4 bios_grub on # bios / wipe dd if="/dev/zero" of="${device}4" # esp / wipe dd if="/dev/zero" of="${device}3" bs="1M" # esp / format mkfs.vfat \ -F 32 \ -S 4096 \ -i "00000001" \ -n "esp" \ "${device}3" # esp / mount mkdir --parents "/media/esp" mount "${device}3" "/media/esp" # boot / wipe dd status="progress" if="/dev/zero" of="${device}2" bs="1G" count=1 # boot / format mkfs.btrfs --force \ --checksum "sha256" \ --label "boot" \ --uuid "00000000-0000-0000-0000-00000000000b" \ "${device}2" # boot / mount mkdir --parents "/media/boot" mount --options "autodefrag,compress-force=zstd" \ "${device}2" "/media/boot" # crypt / wipe dd status="progress" if="/dev/zero" of="${device}1" bs="1G" count=1 # crypt / encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type "luks2" \ --pbkdf "argon2id" \ --cipher "aes-xts-plain64" \ --iter-time 4096 \ --key-size 512 \ --hash "sha512" \ --use-random \ luksFormat \ "${device}1" # crypt / open echo "${passphrase}" | cryptsetup luksOpen "${device}1" "crypt" } ovh_rescue_wipe_vle2_1_zero() { # crypt / zero dd status="progress" if="/dev/zero" of="/dev/mapper/crypt" bs="1G" } ovh_rescue_wipe_vle2_2_make() { local passphrase # crypt / close cryptsetup luksClose "crypt" # read passphrase printf "PassPhrase: " read -r -s passphrase # crypt / encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type "luks2" \ --pbkdf "argon2id" \ --cipher "aes-xts-plain64" \ --iter-time 4096 \ --key-size 512 \ --hash "sha512" \ --use-random \ luksFormat \ "${device}1" # crypt / open echo "${passphrase}" | cryptsetup luksOpen "${device}1" "crypt" # crypt / format mkfs.btrfs --force \ --checksum "sha256" \ --label "crypt" \ --uuid "00000000-0000-0000-0000-00000000000c" \ "${device}1" # crypt / mount mkdir --parents "/media/crypt" mount --options "autodefrag,compress-force=zstd" \ "${device}1" "/media/crypt" # crypt / swap btrfs filesystem mkswapfile \ --size "4g" \ --uuid "00000000-0000-0000-0000-000000000005" \ "/media/crypt/swap" } ovh_rescue_wipe_vle2_3_close() { umount "/media/boot" umount "/media/crypt" && cryptsetup luksClose "crypt" }