Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-12-22 13:45:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
750cd5e985
graphene-os-server-infrastr.../deploy-initial
Daniel Micay 750cd5e985 replace urandom with random 
These both use the same CSPRNG on modern kernels, but random waits for
CSPRNG initialization instead of only attempting to initialize it.
2024-06-17 15:04:13 -04:00

60 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
set -o errexit -o nounset -o pipefail
. hosts.sh
. deploy.sh
readonly remote=root@$ip
# check for Arch ISO
ssh $remote '[[ $(grep IMAGE_ID /etc/os-release) = "IMAGE_ID=archlinux" ]]' || exit 5
ssh $remote '[[ $(grep IMAGE_VERSION /etc/os-release) = "IMAGE_VERSION=2024.06.01" ]]' || exit 5
ssh $remote "sfdisk /dev/$drive -w always <<< ';'"
ssh $remote "mkfs.xfs -d agcount=$agcount -f /dev/${drive}1"
rsync -cv pacman.d/mirrorlist $remote:/etc/pacman.d/mirrorlist
ssh $remote "mount /dev/${drive}1 /mnt"
ssh $remote "pacstrap -K /mnt $(tr '\n' ' ' < packages/$host)"
ssh $remote "echo $hostname >/mnt/etc/hostname"
rsync -cpv --chmod=644 systemd/network/$host.link $remote:/mnt/etc/systemd/network/10-public.link
rsync -cpv --chmod=644 systemd/network/$host.network $remote:/mnt/etc/systemd/network/10-public.network
rsync -cpv --chmod=644 crypttab environment fstab hosts locale.conf pacman.conf pacreport.conf resolv.conf $remote:/mnt/etc/
rsync -cv grub $remote:/mnt/etc/default/grub
ssh $remote "arch-chroot /mnt grub-install /dev/$drive"
ssh $remote "arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg"
rsync -cv unbound.conf $remote:/mnt/etc/unbound/unbound.conf
if [[ $host = @(0.grapheneos.network|1.grapheneos.network|2.grapheneos.network|3.grapheneos.network) ]]; then
cp chrony.conf chrony.conf.tmp
echo -e '\nallow' >> chrony.conf.tmp
rsync -cv chrony.conf.tmp $remote:/mnt/etc/chrony.conf
rm chrony.conf.tmp
else
rsync -cv chrony.conf $remote:/mnt/etc/chrony.conf
fi
ssh $remote mkdir -vp /mnt/etc/sysconfig
rsync -cpv --chmod 644 sysconfig/chronyd $remote:/mnt/etc/sysconfig/chronyd
rsync -cv authorized_keys $remote:/mnt/root/.ssh/authorized_keys
cp ssh/sshd_config ssh/sshd_config.tmp
sed -i "s/{{ssh_users}}/${hosts_ssh_users[$host]:-root}/g" ssh/sshd_config.tmp
rsync -cv ssh/sshd_config.tmp $remote:/mnt/etc/ssh/sshd_config
rm ssh/sshd_config.tmp
ssh $remote "arch-chroot /mnt systemctl enable chronyd.service fstrim.timer logrotate.timer plocate-updatedb.timer systemd-networkd.service sshd.service unbound.service"
ssh $remote "arch-chroot /mnt systemctl disable remote-fs.target systemd-network-generator.service"
ssh $remote "dd if=/dev/random of=/mnt/swapfile bs=1M count=$swap status=progress"
password=$(head -c32 <(tr -dc A-Za-z0-9 </dev/random))
echo password: $password
ssh $remote "echo root:$password | arch-chroot /mnt chpasswd"
ssh $remote umount /mnt
ssh $remote reboot
Reference in New Issue View Git Blame Copy Permalink