Spotter-VM/_vm.sh

#!/bin/sh
set -v

# Based on
# https://wiki.alpinelinux.org/wiki/LVM_on_LUKS

# Prerequisites for this script
# setup-interfaces
# ifup eth0

# Ask for passwords
read -sp 'Encryption password:' ENCPWD
echo

# Set up repositories  
cat <<EOF >/etc/apk/repositories
http://dl-cdn.alpinelinux.org/alpine/v3.9/main
http://dl-cdn.alpinelinux.org/alpine/v3.9/community
EOF

# Install disk management tools  
apk --no-cache add lvm2 cryptsetup e2fsprogs syslinux

# Create disk partitions
cat <<EOF | fdisk /dev/sda
n
p
1

+100m
a
1
n
p
2


t
2
8e
w
EOF

# Set up partition encryption
echo -n "${ENCPWD}" | cryptsetup -q luksFormat /dev/sda2
echo -n "${ENCPWD}" | cryptsetup open --type luks /dev/sda2 system

# Set up LVM
pvcreate /dev/mapper/system
vgcreate vg0 /dev/mapper/system
lvcreate -l 100%FREE vg0 -n root

# Format
mkfs.ext4 -m0 /dev/sda1
mkfs.ext4 -m1 /dev/vg0/root

# Mount
mount -t ext4 /dev/vg0/root /mnt
mkdir /mnt/boot
mount -t ext4 /dev/sda1 /mnt/boot

# Install Alpine linux
setup-disk -m sys /mnt

# Update boot-time volume information
BOOT_UUID=$(blkid /dev/sda1 | cut -d' ' -f2 | tr -d '"')
cat <<EOF >/mnt/etc/fstab
/dev/vg0/root                               /       ext4    rw,noatime,data=ordered   0   1
${BOOT_UUID}   /boot   ext4    rw,noatime,data=ordered   0   2
/dev/vg0/swap                               swap    swap    defaults                  0   0
EOF
echo "system /dev/sda2 none luks" >/mnt/etc/crypttab

# Rebuild initfs
sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf
mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules)

# Update extlinux (ignore the errors)
sed -i 's/rootfstype=ext4/rootfstype=ext4 cryptroot=\/dev\/sda2 cryptdm=system/' /mnt/etc/update-extlinux.conf
chroot /mnt update-extlinux
sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf

# Set time zone
chroot /mnt setup-timezone -z Europe/Prague

# Install basic system
apk --no-cache add apache2-utils gettext
wget https://dl.dasm.cz/_vm.tar -O - | tar xf - -C /mnt
chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm
chroot /mnt newaliases
mkdir -p /mnt/root/.ssh /mnt/var/log/lxc
for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix sshd swap urandom vmmgr; do
    ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot
done
ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json

# Disable root login
sed -i 's/root::/root:!:/' /mnt/etc/shadow

# Cleanup
rm -rf /mnt/root
mkdir /mnt/root

# Install bootloader to MBR
dd bs=440 count=1 conv=notrunc if=/mnt/usr/share/syslinux/mbr.bin of=/dev/sda

# Unmount and shut down
umount /mnt/boot
umount /mnt
vgchange -a n
cryptsetup luksClose system
poweroff
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`#!/bin/sh`
Streamline VM provisioning 2018-10-31 22:27:17 +01:00			`set -v`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00
Bump Alpine version to 3.8 2018-07-09 15:14:44 +02:00			`# Based on`
			`# https://wiki.alpinelinux.org/wiki/LVM_on_LUKS`

			`# Prerequisites for this script`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`# setup-interfaces`
			`# ifup eth0`

Streamline VM provisioning 2018-10-31 22:27:17 +01:00			`# Ask for passwords`
Remove extraneous variable 2018-11-02 17:46:16 +01:00			`read -sp 'Encryption password:' ENCPWD`
Streamline VM provisioning 2018-10-31 22:27:17 +01:00			`echo`

Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`# Set up repositories`
			`cat <<EOF >/etc/apk/repositories`
Squashed commit of the following: - Bump basic OS to Alpine 3.9 - Restructure repo and add layer versioning - Use JSON for all metadata - Merge abuild branch (but without abuild) 2019-02-26 20:24:02 +01:00			`http://dl-cdn.alpinelinux.org/alpine/v3.9/main`
			`http://dl-cdn.alpinelinux.org/alpine/v3.9/community`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`EOF`

			`# Install disk management tools`
			`apk --no-cache add lvm2 cryptsetup e2fsprogs syslinux`

			`# Create disk partitions`
			`cat <<EOF \| fdisk /dev/sda`
			`n`
			`p`
			`1`

			`+100m`
			`a`
			`1`
			`n`
			`p`
			`2`


			`t`
			`2`
			`8e`
			`w`
			`EOF`

			`# Set up partition encryption`
Streamline VM provisioning 2018-10-31 22:27:17 +01:00			`echo -n "${ENCPWD}" \| cryptsetup -q luksFormat /dev/sda2`
			`echo -n "${ENCPWD}" \| cryptsetup open --type luks /dev/sda2 system`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00
			`# Set up LVM`
			`pvcreate /dev/mapper/system`
			`vgcreate vg0 /dev/mapper/system`
			`lvcreate -l 100%FREE vg0 -n root`

			`# Format`
			`mkfs.ext4 -m0 /dev/sda1`
			`mkfs.ext4 -m1 /dev/vg0/root`

			`# Mount`
			`mount -t ext4 /dev/vg0/root /mnt`
			`mkdir /mnt/boot`
			`mount -t ext4 /dev/sda1 /mnt/boot`

			`# Install Alpine linux`
			`setup-disk -m sys /mnt`

			`# Update boot-time volume information`
Bump Alpine version to 3.8 2018-07-09 15:14:44 +02:00			`BOOT_UUID=$(blkid /dev/sda1 \| cut -d' ' -f2 \| tr -d '"')`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`cat <<EOF >/mnt/etc/fstab`
Have Docker start cgroups as dependency Reverts commit 5a0a00f296c37f6be8897b0133c18ba1f121dea9. 2018-07-15 19:02:40 +02:00			`/dev/vg0/root / ext4 rw,noatime,data=ordered 0 1`
			`${BOOT_UUID} /boot ext4 rw,noatime,data=ordered 0 2`
			`/dev/vg0/swap swap swap defaults 0 0`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`EOF`
			`echo "system /dev/sda2 none luks" >/mnt/etc/crypttab`

			`# Rebuild initfs`
			`sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf`
			`mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules)`

Bump Alpine version to 3.8 2018-07-09 15:14:44 +02:00			`# Update extlinux (ignore the errors)`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00			`sed -i 's/rootfstype=ext4/rootfstype=ext4 cryptroot=\/dev\/sda2 cryptdm=system/' /mnt/etc/update-extlinux.conf`
			`chroot /mnt update-extlinux`
Prevent extlinux.conf overwrites 2019-03-19 21:46:39 +01:00			`sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00
			`# Set time zone`
			`chroot /mnt setup-timezone -z Europe/Prague`

Streamline VM provisioning 2018-10-31 22:27:17 +01:00			`# Install basic system`
			`apk --no-cache add apache2-utils gettext`
Squashed commit of the following: - Bump basic OS to Alpine 3.9 - Restructure repo and add layer versioning - Use JSON for all metadata - Merge abuild branch (but without abuild) 2019-02-26 20:24:02 +01:00			`wget https://dl.dasm.cz/_vm.tar -O - \| tar xf - -C /mnt`
Implement VPN + SSH configuration 2019-03-22 08:49:00 +01:00			`chroot /mnt apk --no-cache add bridge ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx openssh-server openssh-sftp-server util-linux wireguard-virt@et wireguard-tools-wg@et acme-sh@vm vmmgr@vm`
Fix postfix networks, closes #309, #310 2018-11-13 18:56:25 +01:00			`chroot /mnt newaliases`
Phase out serial TTY, update SSH MOTD 2019-03-22 09:59:33 +01:00			`mkdir -p /mnt/root/.ssh /mnt/var/log/lxc`
Implement VPN + SSH configuration 2019-03-22 08:49:00 +01:00			`for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix sshd swap urandom vmmgr; do`
Streamline VM provisioning 2018-10-31 22:27:17 +01:00			`ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot`
			`done`
Fix VM provisioning, update README 2018-11-01 15:30:28 +01:00			`ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" \| tr -d ':\n' \| sed 's/$2y/$2b/') envsubst </mnt/etc/vmmgr/config.default.json >/mnt/etc/vmmgr/config.json`
Streamline VM provisioning 2018-10-31 22:27:17 +01:00
Fix VM provisioning, update README 2018-11-01 15:30:28 +01:00			`# Disable root login`
			`sed -i 's/root::/root:!:/' /mnt/etc/shadow`
Streamline VM provisioning 2018-10-31 22:27:17 +01:00
			`# Cleanup`
			`rm -rf /mnt/root`
			`mkdir /mnt/root`
Install Alpine as host operating system instead of Debian 2017-12-18 15:45:17 +01:00
			`# Install bootloader to MBR`
			`dd bs=440 count=1 conv=notrunc if=/mnt/usr/share/syslinux/mbr.bin of=/dev/sda`

			`# Unmount and shut down`
			`umount /mnt/boot`
			`umount /mnt`
			`vgchange -a n`
			`cryptsetup luksClose system`
			`poweroff`