rescue_hetzner_install() { local package local release='bookworm' local packages=( # installed 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' 'btrfs-progs' 'dosfstools' 'git' 'nano' 'python3' 'rsync' 'vim' 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' # install 'lshw' 'duperemove' 'squashfs-tools' 'grub-efi-amd64-bin' 'grub-pc-bin' 'libdigest-sha3-perl' 'micro' 'iotop' 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' ) local backports=( ) # update catalog apt-get update # debian_disable_frontend # upgrade packages apt-get upgrade --assume-yes # apt_clean_cache # install packages for package in "${packages[@]}"; do echo echo "${package}" apt-get install \ --assume-yes \ "${package}" apt_clean_cache done # install backports for package in "${backports[@]}"; do echo echo "${package}" apt-get install \ --assume-yes \ --target-release "${release}-backports" \ "${package}" apt_clean_cache done } rescue_hetzner_upload() { local host="${1}" local hostname="${2}" if [ "${hostname}" ]; then local user="root" # local user_host="${user}@${host}" # remove fingerprints ssh-keygen -R "${host}" # copy ssh id ssh-copy-id \ -o "StrictHostKeyChecking=accept-new" \ "${user_host}" # upload root rsync --delete --recursive \ "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" # call setup # TODO variable ssh "${user_host}" -- "\ source \"/etc/bash/main.sh\" ; rescue_configure \"${hostname}\"" # create session ssh "${user_host}" -- byobu new-session -d # send keys ssh "${user_host}" -- byobu send-keys "rescue_hetzner_install" "C-m" # attach session mosh "${user_host}" -- byobu attach-session else echo "Host?" return 1 fi } rescue_hetzner_wipe_8_8_0_init() { local device local devices=( '/dev/sda' '/dev/sdb' ) local members local number local passphrase local unit='mib' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # lsblk echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' read # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}" # parted "${device}" \ --script \ mktable gpt # parted "${device}" \ unit "${unit}" \ mkpart "crypt-${number}" 33282 7630885 # parted "${device}" \ unit "${unit}" \ mkpart "boot-${number}" 514 33282 # parted "${device}" \ unit "${unit}" \ mkpart "esp-${number}" 2 514 parted "${device}" \ set 3 esp on # parted "${device}" \ unit "${unit}" \ mkpart "bios-${number}" 1 2 parted "${device}" \ set 4 bios_grub on done # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}4" # wipe bios dd \ if='/dev/zero' of="${device}4" done # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}3" # format esp dd \ if='/dev/zero' of="${device}3" bs='1M' mkfs.vfat \ -F 32 \ -S 4096 \ -i "0000000${number}" \ -n "esp-${number}" \ "${device}3" # mount esp mkdir --parents "/media/esp/${number}" mount "${device}3" "/media/esp/${number}" done # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}2" # wipe boot dd status='progress' \ if='/dev/zero' of="${device}2" bs='1G' count=1 done # members=() for device in "${devices[@]}"; do members+=("${device}2") done mdadm \ --create '/dev/md/boot' \ --level 0 \ --metadata 1 \ --name 'md:boot' \ --raid-devices ${#devices[@]} \ --uuid '00000000:00000000:00000000:00000002' \ "${members[@]}" # mkfs.btrfs --force \ --checksum 'sha256' \ --label 'boot' \ --uuid '00000000-0000-0000-0000-00000000000b' \ '/dev/md/boot' # mount boot mkdir --parents '/media/boot' mount \ --options 'autodefrag,compress-force=zstd' \ '/dev/md/boot' '/media/boot' # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}1" # wipe crypt head dd status='progress' \ if='/dev/zero' of="${device}1" bs='1G' count=1 done # members=() for device in "${devices[@]}"; do members+=("${device}1") done mdadm \ --create '/dev/md/crypt' \ --level 0 \ --metadata 1 \ --name 'md:crypt' \ --raid-devices ${#devices[@]} \ --uuid '00000000:00000000:00000000:00000001' \ "${members[@]}" # encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" | cryptsetup luksOpen '/dev/md/crypt' 'crypt' } rescue_hetzner_wipe_8_8_1_zero() { # wipe crypt dd status='progress' \ if='/dev/zero' of='/dev/mapper/crypt' bs='8G' } rescue_hetzner_wipe_8_8_2_make() { local passphrase # close cryptsetup luksClose 'crypt' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" | cryptsetup luksOpen '/dev/md/crypt' 'crypt' # format crypt mkfs.btrfs --force \ --checksum 'sha256' \ --label 'crypt' \ --uuid '00000000-0000-0000-0000-00000000000c' \ '/dev/mapper/crypt' # mount crypt mkdir --parents '/media/crypt' mount \ --options 'autodefrag,compress-force=zstd' \ '/dev/mapper/crypt' '/media/crypt' # make swap file btrfs filesystem mkswapfile \ --size '64g' \ --uuid '00000000-0000-0000-0000-000000000005' \ '/media/crypt/swap' } rescue_hetzner_wipe_8_8_3_close() { umount '/media/boot' # umount '/media/crypt' && cryptsetup luksClose 'crypt' }