function hetzner-rescue-configure { local host="${1}" local package local packages=( 'mosh' 'screen' 'tmux' 'byobu' 'apt-file' ) # apt / conf echo -n "\ Acquire::AllowInsecureRepositories False; Acquire::AllowWeakRepositories False; Acquire::AllowDowngradeToInsecureRepositories False; Acquire::Check-Valid-Until True; APT::Install-Recommends False; APT::Install-Suggests False; APT::Get::Show-Versions True; Dir::Etc::SourceParts ''; Dpkg::Progress True; " > '/etc/apt/apt.conf' # apt / sources echo -n "\ deb https://deb.debian.org/debian bookworm main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-backports main non-free-firmware contrib non-free deb https://deb.debian.org/debian bookworm-updates main non-free-firmware contrib non-free deb https://deb.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free " > '/etc/apt/sources.list' # bash / rc main_link_bashrc mv .bashrc .bashrc.old # host name hostname "${host}" # locales echo -n "\ en_US.UTF-8 UTF-8 fr_FR.UTF-8 UTF-8 " > '/etc/locale.gen' # generate locales locale-gen # update catalog apt-get update # debian_disable_frontend # install packages for package in "${packages[@]}" ; do echo ; echo "${package}" apt-get install \ --assume-yes \ "${package}" apt_clean_cache done # update catalog apt-get update } function hetzner-rescue-install { local package local release='bookworm' local packages=( # installed 'dmidecode' 'efibootmgr' 'pciutils' 'usbutils' 'parted' 'mdadm' 'cryptsetup-bin' 'lvm2' 'btrfs-progs' 'dosfstools' 'git' 'nano' 'python3' 'rsync' 'vim' 'file' 'htop' 'lsof' 'man-db' 'tree' 'uuid-runtime' # install 'lshw' 'squashfs-tools' 'grub-efi-amd64-bin' 'grub-pc-bin' 'libdigest-sha3-perl' 'micro' 'iotop' 'exa' 'ipcalc' 'lf' 'ncdu' 'nnn' 'ranger' ) local backports=( ) # update catalog apt-get update # debian_disable_frontend # upgrade packages apt-get upgrade --assume-yes # apt_clean_cache # install packages for package in "${packages[@]}" ; do echo ; echo "${package}" apt-get install \ --assume-yes \ "${package}" apt_clean_cache done # install backports for package in "${backports[@]}" ; do echo ; echo "${package}" apt-get install \ --assume-yes \ --target-release "${release}-backports" \ "${package}" apt_clean_cache done } function hetzner-rescue-upload { local host="${1}" if [ "${host}" ] ; then local user='root' # local user_host="${user}@${host}" # remove fingerprints ssh-keygen -R "${host}" # copy ssh id ssh-copy-id \ -o 'StrictHostKeyChecking=accept-new' \ "${user_host}" # upload root rsync --delete --recursive "${MAIN_BASH_ROOT}/" "${user_host}:/etc/bash/" # call setup # TODO variable ssh "${user_host}" -- "source '/etc/bash/main.sh' ; hetzner-rescue-configure '${host}'" # create session ssh "${user_host}" -- byobu new-session -d # send keys ssh "${user_host}" -- byobu send-keys 'hetzner-rescue-install' 'C-m' # attach session mosh "${user_host}" -- byobu attach-session else echo 'Host?' return 1 fi } function hetzner-rescue-wipe-12-10-10 { local device local devices=( '/dev/sdc' '/dev/sda' '/dev/sdb' ) local members local number local unit='mib' # lsblk echo -n 'WIPE' "${device}" '/?\ OR CANCEL /!\' read # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}" # parted "${device}" --script mktable gpt # parted "${device}" unit "${unit}" \ mkpart "crypt-${number}" 22359 9537535 # parted "${device}" unit "${unit}" \ mkpart "boot-${number}" 513 22359 # parted "${device}" unit "${unit}" \ mkpart "esp-${number}" 2 513 parted "${device}" set 3 esp on # parted "${device}" unit "${unit}" \ mkpart "bios-${number}" 1 2 parted "${device}" set 4 bios_grub on done # parted "${device}" unit "${unit}" \ mkpart 'extra' 9537535 11444223 # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}" # wipe bios dd if='/dev/zero' of="${device}4" done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}" # format esp dd if='/dev/zero' of="${device}3" mkfs.vfat -F 32 -n "esp-${number}" "${device}3" done # number=0 for device in "${devices[@]}" ; do ((number++)) echo ; echo "#${number}: ${device}" # wipe boot dd if='/dev/zero' of="${device}2" bs='1G' status='progress' done # members=() for device in "${devices[@]}" ; do members+=("${device}2") done mdadm \ --create '/dev/md/boot' \ --name 'boot' \ --uuid '6234a0eb:29a3a847:1dbd5ec4:bada5579' \ --metadata 1 \ --level 0 \ --raid-devices ${#devices[@]} \ "${members[@]}" # members=() for device in "${devices[@]}" ; do members+=("${device}1") done mdadm \ --create '/dev/md/crypt' \ --name 'crypt' \ --uuid '006234a0:eb29a3a8:471dbd5e:c4bada55' \ --metadata 1 \ --level 0 \ --raid-devices ${#devices[@]} \ "${members[@]}" } function hetzner-rescue-wipe-12-10-10-extra { # format boot mkfs.ext4 -F -L 'boot' '/dev/sda2' # read passphrase local passphrase echo -n 'PassPhrase: ' read -r -s passphrase # encrypt echo "${passphrase}" \ | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/sda1' # open echo "${passphrase}" \ | cryptsetup luksOpen '/dev/sda1' 'crypt' # pv pvcreate '/dev/mapper/crypt' # vg vgcreate 'crypt' '/dev/mapper/crypt' # lv swap lvcreate --name 'swap' --size '68719476736b' 'crypt' # lv data lvcreate --name 'data' --extents '100%FREE' 'crypt' # format swap mkswap --label 'swap' '/dev/mapper/crypt-swap' # format data mkfs.ext4 -L 'data' '/dev/mapper/crypt-data' # vg off vgchange --activate n 'crypt' # close cryptsetup luksClose 'crypt' }