#!/bin/sh set -v # Based on # https://wiki.alpinelinux.org/wiki/LVM_on_LUKS # Prerequisites for this script # setup-interfaces # ifup eth0 # Ask for passwords read -sp 'Encryption password:' ENCPWD echo # Set up repositories cat </etc/apk/repositories http://dl-cdn.alpinelinux.org/alpine/v3.9/main http://dl-cdn.alpinelinux.org/alpine/v3.9/community EOF # Install disk management tools apk --no-cache add lvm2 cryptsetup e2fsprogs syslinux # Create disk partitions cat </mnt/etc/fstab /dev/vg0/root / ext4 rw,noatime,data=ordered 0 1 ${BOOT_UUID} /boot ext4 rw,noatime,data=ordered 0 2 /dev/vg0/swap swap swap defaults 0 0 EOF echo "system /dev/sda2 none luks" >/mnt/etc/crypttab # Rebuild initfs sed -i 's/lvm/lvm cryptsetup/' /mnt/etc/mkinitfs/mkinitfs.conf mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt $(ls /mnt/lib/modules) # Update extlinux (ignore the errors) sed -i 's/rootfstype=ext4/rootfstype=ext4 cryptroot=\/dev\/sda2 cryptdm=system/' /mnt/etc/update-extlinux.conf chroot /mnt update-extlinux sed -i 's/overwrite=1/overwrite=0/' /mnt/etc/update-extlinux.conf # Set time zone chroot /mnt setup-timezone -z Europe/Prague # Install basic system apk --no-cache add apache2-utils gettext wget https://dl.dasm.cz/_vm.tar -O - | tar xf - -C /mnt chroot /mnt apk --no-cache add ca-certificates curl bridge e2fsprogs-extra gettext iptables kbd-misc libressl lxc postfix nginx util-linux acme-sh@vm vmmgr@vm chroot /mnt newaliases mkdir /mnt/var/log/lxc for SERVICE in cgroups consolefont crond iptables networking nginx ntpd postfix swap urandom vmmgr; do ln -s /etc/init.d/${SERVICE} /mnt/etc/runlevels/boot done ADMINPWD=$(htpasswd -bnBC 10 "" "${ENCPWD}" | tr -d ':\n' | sed 's/$2y/$2b/') envsubst /mnt/etc/vmmgr/config.json # Disable root login sed -i 's/root::/root:!:/' /mnt/etc/shadow # Cleanup rm -rf /mnt/root mkdir /mnt/root # Install bootloader to MBR dd bs=440 count=1 conv=notrunc if=/mnt/usr/share/syslinux/mbr.bin of=/dev/sda # Unmount and shut down umount /mnt/boot umount /mnt vgchange -a n cryptsetup luksClose system poweroff