function hetzner-rescue-configure { local hostname="${1}" local package local packages=( 'mosh' 'screen' 'tmux' 'byobu' 'apt-file' ) # apt / conf echo -n "\ Acquire::AllowInsecureRepositories False; Acquire::AllowWeakRepositories False; Acquire::AllowDowngradeToInsecureRepositories False; Acquire::Check-Valid-Until True; APT::Install-Recommends False; APT::Install-Suggests False; APT::Get::Show-Versions True; Dir::Etc::SourceParts ''; Dpkg::Progress True; " > '/etc/apt/apt.conf' # apt / sources echo -n "\ deb https://deb.debian.org/debian bookworm main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-backports main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-updates main non-free-firmware contrib non-free deb https://deb.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free " > '/etc/apt/sources.list' # bash / rc main_link_bashrc mv .bashrc .bashrc.old # host name hostname "${hostname}" # locales echo -n "\ en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 " > '/etc/locale.gen' # generate locales locale-gen # update catalog apt-get update # debian_disable_frontend # install packages for package in "${packages[@]}" ; do echo ; echo "${package}" apt-get install \ --assume-yes \ "${package}" apt_clean_cache done # update catalog apt-get update } function hetzner-rescue-install { local package local release='bookworm' local packages=( # installed 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' 'btrfs-progs' 'dosfstools' 'git' 'nano' 'python3' 'rsync' 'vim' 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' # install 'lshw' 'squashfs-tools' 'grub-efi-amd64-bin' 'grub-pc-bin' 'libdigest-sha3-perl' 'micro' 'iotop' 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' ) local backports=( ) # update catalog apt-get update # debian_disable_frontend # upgrade packages apt-get upgrade --assume-yes # apt_clean_cache # install packages for package in "${packages[@]}" ; do echo ; echo "${package}" apt-get install \ --assume-yes \ "${package}" apt_clean_cache done # install backports for package in "${backports[@]}" ; do echo ; echo "${package}" apt-get install \ --assume-yes \ --target-release "${release}-backports" \ "${package}" apt_clean_cache done } function hetzner-rescue-upload { local host="${1}" local hostname="${2}" if [ "${hostname}" ] ; then local user='root' # local user_host="${user}@${host}" # remove fingerprints ssh-keygen -R "${host}" # copy ssh id ssh-copy-id \ -o 'StrictHostKeyChecking=accept-new' \ "${user_host}" # upload root rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" # call setup # TODO variable ssh "${user_host}" -- "source '/etc/bash/main.sh' ; hetzner-rescue-configure '${hostname}'" # create session ssh "${user_host}" -- byobu new-session -d # send keys ssh "${user_host}" -- byobu send-keys 'hetzner-rescue-install' 'C-m' # attach session mosh "${user_host}" -- byobu attach-session else echo 'Host?' return 1 fi } function hetzner-rescue-wipe-8-8-0 { local device local devices=( '/dev/sda' '/dev/sdb' ) local members local number local passphrase local unit='mib' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # lsblk echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' read # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}" # parted "${device}" --script mktable gpt # parted "${device}" unit "${unit}" \ mkpart "crypt-${number}" 33282 7630885 # parted "${device}" unit "${unit}" \ mkpart "boot-${number}" 514 33282 # parted "${device}" unit "${unit}" \ mkpart "esp-${number}" 2 514 parted "${device}" set 3 esp on # parted "${device}" unit "${unit}" \ mkpart "bios-${number}" 1 2 parted "${device}" set 4 bios_grub on done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}4" # wipe bios dd \ if='/dev/zero' of="${device}4" done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}3" # format esp dd \ if='/dev/zero' of="${device}3" bs='1M' mkfs.vfat \ -F 32 \ -S 4096 \ -i "0000000${number}" \ -n "esp-${number}" \ "${device}3" done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}2" # wipe boot dd status='progress' \ if='/dev/zero' of="${device}2" bs='1G' count=1 done # members=() for device in "${devices[@]}" ; do members+=("${device}2") done mkfs.btrfs --force \ --label 'boot' \ --uuid '00000000-0000-0000-0000-00000000000b' \ --checksum 'sha256' \ --data 'raid0' \ "${members[@]}" # mount boot mkdir --parents '/media/boot' mount \ --options 'autodefrag,compress=zstd' \ "${members}" '/media/boot' # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}1" # wipe crypt head dd status='progress' \ if='/dev/zero' of="${device}1" bs='1G' count=1 done # members=() for device in "${devices[@]}" ; do members+=("${device}1") done mdadm \ --create '/dev/md/crypt' \ --name 'crypt' \ --uuid '00000000:00000000:00000000:00000000' \ --metadata 1 \ --level 0 \ --raid-devices ${#devices[@]} \ "${members[@]}" # encrypt echo "${passphrase}" \ | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" \ | cryptsetup luksOpen '/dev/md/crypt' 'crypt' } function hetzner-rescue-wipe-8-8-1 { # wipe crypt dd status='progress' \ if='/dev/zero' of='/dev/mapper/crypt' bs='8G' } function hetzner-rescue-wipe-8-8-2 { local passphrase # close cryptsetup luksClose 'crypt' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # encrypt echo "${passphrase}" \ | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" \ | cryptsetup luksOpen '/dev/md/crypt' 'crypt' # format crypt mkfs.btrfs --force \ --label 'crypt' \ --uuid '00000000-0000-0000-0000-00000000000c' \ --checksum 'sha256' \ '/dev/mapper/crypt' # mount crypt mkdir --parents '/media/crypt' mount \ --options 'autodefrag,compress=zstd' \ '/dev/mapper/crypt' '/media/crypt' # make swap file btrfs filesystem mkswapfile \ --size '64g' \ --uuid '00000000-0000-0000-0000-000000000005' \ '/media/crypt/swap' } function hetzner-rescue-wipe-8-8-3-close { umount '/media/boot' # umount '/media/crypt' \ && cryptsetup luksClose 'crypt' } function hetzner-rescue-wipe-12-10-10-0 { local device local devices=( '/dev/sdc' '/dev/sda' '/dev/sdb' ) local members local number local passphrase local unit='mib' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # lsblk echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' read # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}" # parted "${device}" --script mktable gpt # parted "${device}" unit "${unit}" \ mkpart "crypt-${number}" 22359 9537535 # parted "${device}" unit "${unit}" \ mkpart "boot-${number}" 513 22359 # parted "${device}" unit "${unit}" \ mkpart "esp-${number}" 2 513 parted "${device}" set 3 esp on # parted "${device}" unit "${unit}" \ mkpart "bios-${number}" 1 2 parted "${device}" set 4 bios_grub on done # parted "${device}" unit "${unit}" \ mkpart 'extra' 9537535 11444223 # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}4" # wipe bios dd \ if='/dev/zero' of="${device}4" done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}3" # format esp dd \ if='/dev/zero' of="${device}3" bs='1M' mkfs.vfat -F 32 -n "esp-${number}" "${device}3" done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}2" # wipe boot dd status='progress' \ if='/dev/zero' of="${device}2" bs='1G' done # members=() for device in "${devices[@]}" ; do members+=("${device}2") done mdadm \ --create '/dev/md/boot' \ --name 'boot' \ --uuid '6234a0eb:29a3a847:1dbd5ec4:bada5579' \ --metadata 1 \ --level 0 \ --raid-devices ${#devices[@]} \ "${members[@]}" # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}1" # wipe crypt head dd status='progress' \ if='/dev/zero' of="${device}1" bs='1G' count=1 done # members=() for device in "${devices[@]}" ; do members+=("${device}1") done mdadm \ --create '/dev/md/crypt' \ --name 'crypt' \ --uuid '006234a0:eb29a3a8:471dbd5e:c4bada55' \ --metadata 1 \ --level 0 \ --raid-devices ${#devices[@]} \ "${members[@]}" # format boot mkfs.ext4 \ -F \ -L 'boot' \ -U '6234a0eb-29a3-a847-1dbd-5ec4bada5579' \ '/dev/md/boot' # encrypt echo "${passphrase}" \ | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" \ | cryptsetup luksOpen '/dev/md/crypt' 'crypt' # wipe crypt dd status='progress' \ if='/dev/zero' of='/dev/mapper/crypt' bs='16G' } function hetzner-rescue-wipe-12-10-10-1 { local passphrase # close cryptsetup luksClose 'crypt' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # encrypt echo "${passphrase}" \ | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" \ | cryptsetup luksOpen '/dev/md/crypt' 'crypt' # pv pvcreate '/dev/mapper/crypt' # vg vgcreate 'crypt' '/dev/mapper/crypt' # lv swap lvcreate --name 'swap' --size '137438953472b' 'crypt' # lv data lvcreate --name 'data' --extents '100%FREE' 'crypt' # format swap mkswap \ --label 'swap' \ -U '06234a0e-b29a-3a84-71db-d5ec4bada557' \ '/dev/mapper/crypt-swap' # format data mkfs.ext4 \ -L 'data' \ -U '006234a0-eb29-a3a8-471d-bd5ec4bada55' \ '/dev/mapper/crypt-data' # vg off vgchange --activate n 'crypt' # close cryptsetup luksClose 'crypt' }