#!/bin/sh set -v # Based on # https://wiki.alpinelinux.org/wiki/LVM_on_LUKS # Prerequisites for this script # setup-interfaces # ifup eth0 # Ask for passwords read -sp 'Encryption password:' ENCPWD echo # Set up repositories cat </etc/apk/repositories http://dl-cdn.alpinelinux.org/alpine/v3.13/main http://dl-cdn.alpinelinux.org/alpine/v3.13/community EOF # Install disk management tools apk --no-cache add lvm2 cryptsetup e2fsprogs syslinux # Create disk partitions cat </mnt/etc/fstab /dev/vg0/root / ext4 rw,noatime,data=ordered 0 1 UUID=${BOOT_UUID} /boot ext4 rw,noatime,data=ordered 0 2 /dev/vg0/swap swap swap defaults 0 0 EOF echo "system UUID=${CRYPT_UUID} none luks" >/mnt/etc/crypttab # Rebuild initfs sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules) # Update extlinux (ignore the errors) sed -i "s/rootfstype=ext4/rootfstype=ext4 cryptroot=UUID=${CRYPT_UUID} cryptdm=system/" /mnt/etc/update-extlinux.conf chroot /mnt update-extlinux sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf # Set time zone chroot /mnt setup-timezone -z Europe/Prague # Install basic system apk --no-cache add apache2-utils gettext wget https://repo.spotter.cz/vm.tar.gz -O - | tar xzf - -C /mnt envsubst /mnt/boot/extlinux.conf.new mv /mnt/boot/extlinux.conf.new /mnt/boot/extlinux.conf chroot /mnt apk --no-cache add ca-certificates curl e2fsprogs-extra gettext iptables kbd-misc logrotate postfix nginx openssh-server openssh-sftp-server util-linux podman@edgecommunity spoc@spotter vmmgr@spotter chroot /mnt newaliases for SERVICE in consolefont crond iptables networking nginx ntpd podman postfix spoc swap urandom vmmgr; do ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot done ADMINPWD=$(htpasswd -bnBC 10 '' "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst /mnt/etc/vmmgr/config.json.new mv /mnt/etc/vmmgr/config.json.new /mnt/etc/vmmgr/config.json # Cleanup rm -rf /mnt/root mkdir -p /mnt/root/.ssh # Install bootloader to MBR dd bs=440 count=1 conv=notrunc if=/mnt/usr/share/syslinux/mbr.bin of=/dev/sda # Unmount and shut down umount /mnt/boot umount /mnt vgchange -a n cryptsetup luksClose system poweroff