From 15042704b931e02b4dbcfcee1d0dab586c4c16ef Mon Sep 17 00:00:00 2001
From: Georg Pfuetzenreuter
Date: Tue, 29 Nov 2022 12:27:06 +0100
Subject: Init

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
---
 README.md        |  12 ++++
 bootstrap-ovh.sh |   5 ++
 bootstrap.sh     | 177 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 fdisk-bios       |  21 +++++++
 makeluks.sh      |  12 ++++
 makesubvols.sh   |  15 +++++
 mountsubvols.sh  |  11 ++++
 rescue.sh        |  24 ++++++++
 8 files changed, 277 insertions(+)
 create mode 100644 README.md
 create mode 100644 bootstrap-ovh.sh
 create mode 100755 bootstrap.sh
 create mode 100644 fdisk-bios
 create mode 100755 makeluks.sh
 create mode 100755 makesubvols.sh
 create mode 100755 mountsubvols.sh
 create mode 100644 rescue.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..513b11a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,12 @@
+This houses scripts to install openSUSE from within another GNU/Linux distribution. Useful for VPS hosting providers not offering an option to upload custom ISO images.
+
+Example for OVH's Debian based "rescue system":
+```
+./boostrap-ovh.sh /dev/sdb bios toor unlock
+```
+Where `/dev/sdb` is the disk to install the system on (it will be wiped), `bios` is the boot mode (alternative would be `efi`), `toor` is the root passphrase, and `unlock` is the LUKS passphrase.
+
+There is lots to be improved in the bootstrap script to make it more universal - currently it's assuming a configuration I personally like.
+
+Known bugs:
+ - after the first boot, the crypto disk might not be found - reboot, ./rescue.sh, `dracut '' $kernel -f`, reboot
diff --git a/bootstrap-ovh.sh b/bootstrap-ovh.sh
new file mode 100644
index 0000000..8d1dac3
--- /dev/null
+++ b/bootstrap-ovh.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -Ceux
+
+apt install -y btrfs-progs cryptsetup zypper
+./bootstrap.sh "$1" "$2" "$3" "$4"
diff --git a/bootstrap.sh b/bootstrap.sh
new file mode 100755
index 0000000..5299f7b
--- /dev/null
+++ b/bootstrap.sh
@@ -0,0 +1,177 @@
+#!/bin/sh
+set -Ceu
+
+disk="$1"
+mode="$2"
+rootpass="$3"
+lukspass="$4"
+
+if [ -z "$disk" ]
+then
+	echo 'Please specify a disk.'
+	exit 1
+fi
+
+if [ ! -b "$disk" ]
+then
+	echo 'Specified disk cannot possibly be a disk.'
+	exit 1
+fi
+
+if [ -z "$mode" ]
+then
+	mode='bios'
+fi
+
+if [ "$mode" = 'efi']
+then
+	if [ ! -d "$fstab-mode" ]
+	then
+		echo 'Please provide your own fstab script.'
+		exit 1
+	fi
+fi
+
+if ! command -v mkfs.btrfs
+then
+	echo 'BtrFS progs not installed.'
+	exit 1
+fi
+if ! command -v zypper
+then
+	echo 'Zypper not installed.'
+	exit 1
+fi
+if ! command -v cryptsetup
+then
+	echo 'Cryptsetup not installed.'
+	exit 1
+fi
+
+bios='1'
+boot='2'
+swap='3'
+root='4'
+
+echo 'Wiping your data ...'
+fdisk -w always "$disk" < "fdisk-$mode"
+
+echo 'Formatting encrypted partitions ...'
+./makeluks.sh "$disk" "$lukspass"
+
+echo 'Creating filesystems ...'
+mkfs.btrfs -f "${disk}${boot}"
+mkfs.btrfs /dev/mapper/cr_root
+
+echo 'Mount root ...'
+mount /dev/mapper/cr_root /mnt
+
+echo 'Creating subvolumes ...'
+./makesubvols.sh
+btrfs subvolume set-default $(btrfs subvolume list /mnt | grep "@/.snapshots/1/snapshot" | grep -oP '(?<=ID )[0-9]+') /mnt
+
+echo 'Remounting root ...'
+umount /mnt
+mount /dev/mapper/cr_root /mnt
+
+echo 'Creating directory structure ...'
+set -x
+mkdir /mnt/.snapshots
+mkdir /mnt/home
+mkdir /mnt/opt
+mkdir /mnt/root
+mkdir /mnt/srv
+mkdir /mnt/tmp
+mkdir /mnt/usr
+mkdir /mnt/usr/local
+mkdir /mnt/var
+set +x
+
+echo 'Mounting subvolumes ...'
+./mountsubvols.sh
+
+echo 'Mounting boot ...'
+mkdir /mnt/boot
+mount "${disk}${boot}" /mnt/boot
+mkdir /mnt/boot/grub2
+mkdir /mnt/boot/grub2/i386-pc
+
+echo 'Mounting slaves ...'
+for dir in proc sys dev run
+do
+        mkdir "/mnt/$dir"
+done
+mount --types proc /proc /mnt/proc
+mount --rbind /sys /mnt/sys
+mount --make-rslave /mnt/sys
+mount --rbind /dev /mnt/dev
+mount --make-rslave /mnt/dev
+mount --bind /run /mnt/run
+mount --make-slave /mnt/run
+
+echo 'Enabling swap partition ...'
+mkswap /dev/mapper/cr_swap
+swapon /dev/mapper/cr_swap
+
+echo 'Bootstrapping packages ...'
+zypper --root /mnt ar --refresh https://download.opensuse.org/distribution/leap/15.4/repo/oss/ OSS
+zypper --root /mnt ref
+zypper -n --root /mnt in --no-recommends \
+	kernel-default grub2 zypper vim-small shadow util-linux wicked iputils btrfsprogs openssh-server dmraid openSUSE-release openSUSE-build-key ca-certificates
+
+echo 'Generating fstab ...'
+rootuuid="$(blkid -o value -s UUID /dev/mapper/cr_root)"
+swapuuid="$(blkid -o value -s UUID /dev/mapper/cr_swap)"
+bootuuid="$(blkid -o value -s UUID ${disk}${boot})"
+tee /mnt/etc/fstab <<EOF
+UUID=$rootuuid  /                      btrfs  defaults              0  0
+UUID=$bootuuid  /boot                  btrfs  defaults              0  0
+#UUID=$swapuuid  swap                   swap   defaults              0  0
+UUID=$rootuuid  /.snapshots            btrfs  subvol=/@/.snapshots  0  0
+UUID=$rootuuid  /var                   btrfs  subvol=/@/var         0  0
+UUID=$rootuuid  /usr/local             btrfs  subvol=/@/usr/local   0  0
+UUID=$rootuuid  /tmp                   btrfs  subvol=/@/tmp         0  0
+UUID=$rootuuid  /srv                   btrfs  subvol=/@/srv         0  0
+UUID=$rootuuid  /root                  btrfs  subvol=/@/root        0  0
+UUID=$rootuuid  /opt                   btrfs  subvol=/@/opt         0  0
+UUID=$rootuuid  /home                  btrfs  subvol=/@/home        0  0
+EOF
+
+echo 'Generating crypttab ...'
+rawswapuuid="$(blkid -o value -s UUID ${disk}${swap})"
+tee /mnt/etc/crypttab <<EOF
+cr_swap UUID=$rawswapuuid  /dev/urandom  swap
+EOF
+
+echo 'Writing network configuration ...'
+tee /mnt/etc/sysconfig/network/ifcfg-eth0 <<EOF
+BOOTPROTO=dhcp
+STARTMODE=auto
+EOF
+
+echo 'Installing bootloader ...'
+kernel="$(ls /mnt/lib/modules)"
+sed -i -e 's/GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT="splash=verbose loglevel=3"/' /mnt/etc/default/grub
+chroot /mnt <<EOS
+dracut '' $kernel
+grub2-install $disk
+grub2-mkconfig -o /boot/grub2/grub.cfg
+echo 'Setting root passphrase ...'
+echo 'root:$rootpass' | chpasswd
+echo 'Enabling sshd ...'
+systemctl enable sshd
+EOS
+if [ "$mode" = 'efi' ]; then
+echo 'Installing shim ...'
+chroot /mnt <<EOS
+shim-install --config-file=/boot/grub2/grub.cfg
+EOS
+fi
+
+echo 'Entering chroot for manual tasks ...'
+chroot /mnt
+
+echo 'Unmounting ...'
+umount -R /mnt
+cryptsetup luksClose cr_root
+cryptsetup luksClose cr_swap
diff --git a/fdisk-bios b/fdisk-bios
new file mode 100644
index 0000000..736d2ec
--- /dev/null
+++ b/fdisk-bios
@@ -0,0 +1,21 @@
+g
+n
+1
+
++1M
+t
+4
+n
+2
+
++512M
+n
+3
+
++1G
+n
+4
+
+
+p
+w
diff --git a/makeluks.sh b/makeluks.sh
new file mode 100755
index 0000000..e8ffdb0
--- /dev/null
+++ b/makeluks.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -Ceux
+
+partswap="${1}3"
+partroot="${1}4"
+lukspass="$2"
+
+echo "$lukspass" | cryptsetup -q luksFormat "$partswap"
+echo "$lukspass" | cryptsetup -q luksFormat "$partroot"
+
+echo "$lukspass" | cryptsetup -q luksOpen "$partswap" cr_swap
+echo "$lukspass" | cryptsetup -q luksOpen "$partroot" cr_root
diff --git a/makesubvols.sh b/makesubvols.sh
new file mode 100755
index 0000000..bb41aac
--- /dev/null
+++ b/makesubvols.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -Ceux
+
+btrfs subvolume create /mnt/@
+btrfs subvolume create /mnt/@/.snapshots
+mkdir /mnt/@/.snapshots/1
+btrfs subvolume create /mnt/@/.snapshots/1/snapshot
+btrfs subvolume create /mnt/@/home
+btrfs subvolume create /mnt/@/opt
+btrfs subvolume create /mnt/@/root
+btrfs subvolume create /mnt/@/srv
+btrfs subvolume create /mnt/@/tmp
+mkdir /mnt/@/usr/
+btrfs subvolume create /mnt/@/usr/local
+btrfs subvolume create /mnt/@/var
diff --git a/mountsubvols.sh b/mountsubvols.sh
new file mode 100755
index 0000000..0a653b2
--- /dev/null
+++ b/mountsubvols.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -Ceux
+
+mount /dev/mapper/cr_root /mnt/.snapshots -o subvol=@/.snapshots
+mount /dev/mapper/cr_root /mnt/home -o subvol=@/home
+mount /dev/mapper/cr_root /mnt/opt -o subvol=@/opt
+mount /dev/mapper/cr_root /mnt/root -o subvol=@/root
+mount /dev/mapper/cr_root /mnt/srv -o subvol=@/srv
+mount /dev/mapper/cr_root /mnt/tmp -o subvol=@/tmp
+mount /dev/mapper/cr_root /mnt/usr/local -o subvol=@/usr/local
+mount /dev/mapper/cr_root /mnt/var -o subvol=@/var
diff --git a/rescue.sh b/rescue.sh
new file mode 100644
index 0000000..0ec9bc4
--- /dev/null
+++ b/rescue.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+set -Ceu
+
+cryptsetup luksOpen "$1" cr_root
+mount /dev/mapper/cr_root /mnt
+mount /dev/mapper/cr_root /mnt/.snapshots -o subvol=@/.snapshots
+mount /dev/mapper/cr_root /mnt/home -o subvol=@/home
+mount /dev/mapper/cr_root /mnt/opt -o subvol=@/opt
+mount /dev/mapper/cr_root /mnt/root -o subvol=@/root
+mount /dev/mapper/cr_root /mnt/srv -o subvol=@/srv
+mount /dev/mapper/cr_root /mnt/tmp -o subvol=@/tmp
+mount /dev/mapper/cr_root /mnt/usr/local -o subvol=@/usr/local
+mount /dev/mapper/cr_root /mnt/var -o subvol=@/var
+
+mount "$2" /mnt/boot
+mount --types proc /proc /mnt/proc
+mount --rbind /sys /mnt/sys
+mount --make-rslave /mnt/sys
+mount --rbind /dev /mnt/dev
+mount --make-rslave /mnt/dev
+mount --bind /run /mnt/run
+mount --make-slave /mnt/run
+
+chroot /mnt
-- 
cgit v1.2.3