Created
January 28, 2019 13:10
-
-
Save oscartbeaumont/021792d36f9f3e74bafc239babf9f2a8 to your computer and use it in GitHub Desktop.
Test Alpine Linux Deploy Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh#!/bin/sh | |
| # Pre: | |
| # setup-interfaces | |
| # Follow Instruction | |
| # setup-dns -d local 1.1.1.1 1.0.0.1 | |
| # ifup eth0 | |
| ########### | |
| # Check The User Parsed The Correct Arguments | |
| [ -z "$1" ] && echo "Please specify a server hostname (eg. 'server-name'), as the first argument to the script!" && exit 1 | |
| [ -z "$2" ] && echo "Please specify a server drive (eg. '/dev/sda'), as the second argument to the script!" && exit 1 | |
| [ -z "$3" ] && echo "Please specify a root password (eg. 'verysecurepassword'), as the third argument to the script!" && exit 1 | |
| # Setup The Default Values For Optional (Sets To The Values I Use) | |
| SERVER_TIMEZONE=${TIMEZONE:-"Australia/Perth"} | |
| ENCRYPTION_PASSWORD=${ENCRYPTION_PASSWORD:-$3} | |
| KEYBOARD_LAYOUT=${KEYBOARD_LAYOUT:-"us us"} | |
| # Set The System Configuration | |
| eval setup-keymap $KEYBOARD_LAYOUT | |
| setup-timezone -z "$TIMEZONE" | |
| setup-hostname $1 | |
| setup-apkrepos -f | |
| # TODO: HTTPS Apk Setup Now | |
| # TODO: setup-sshd, setup-ntp | |
| # Install Required Software For Disk Encyption | |
| apk update | |
| apk add haveged lvm2 cryptsetup e2fsprogs syslinux | |
| rc-service haveged start | |
| # Setup The Disk Partitions | |
| sed -e 's/\s*\([\+0-9a-zA-Z]*\).*/\1/' << EOF | fdisk ${2} | |
| o # clear the in memory partition table | |
| n # new partition | |
| p # primary partition | |
| 1 # partition number 1 | |
| # default - start at beginning of disk | |
| +100M # 100 MB boot parttion | |
| a # make a partition bootable | |
| 1 # bootable partition is partition 1 | |
| n # new partition | |
| p # primary partition | |
| 2 # partition number 2 | |
| # default - start at end of the boot partiton | |
| # default - use the rest of the available disk space | |
| t # change a partiton type | |
| 2 # use partiton 2 | |
| 8e # sets the LVM PV partiton type | |
| w # write the changes to the disk | |
| q # quit. Everything has been configured | |
| EOF | |
| # Scramble The Data Partition | |
| echo "Scrambling the data partition. This may take a while!" | |
| # haveged -n 0 | dd of=$2 # TODO | |
| # Setup The Encryption and LVM Partitions | |
| echo -n "$ENCRYPTION_PASSWORD" | cryptsetup -q luksFormat "${2}2" - | |
| echo -n "$ENCRYPTION_PASSWORD" | cryptsetup open --type luks "${2}2" lvmcrypt -d - | |
| pvcreate /dev/mapper/lvmcrypt | |
| vgcreate vg0 /dev/mapper/lvmcrypt | |
| lvcreate -n root -l 100%FREE vg0 | |
| mkfs.ext4 /dev/vg0/root | |
| mkfs.ext4 "${2}1" | |
| # Mount The Finished System | |
| mount -t ext4 /dev/vg0/root /mnt | |
| mkdir /mnt/boot | |
| mount -t ext4 "${2}1" /mnt/boot | |
| # Install Alpine | |
| setup-disk -m sys /mnt | |
| # Setup Apline To Decrypt At Boot | |
| echo "lvmcrypt ${2}2 none luks" > /mnt/etc/crypttab | |
| sed -i '/^features="/ s/"$/ cryptsetup"/' /mnt/etc/mkinitfs/mkinitfs.conf | |
| mkinitfs -c /mnt/etc/mkinitfs/mkinitfs.conf -b /mnt/ $(ls /mnt/lib/modules/) | |
| sed -i '/^default_kernel_opts="/ s/"$/ cryptroot='"$(echo $2 | sed -e 's:/:\\/:g')2"' cryptdm=lvmcrypt"/' /mnt/etc/update-extlinux.conf | |
| cat << EOF | chroot /mnt | |
| update-extlinux > /dev/null | |
| EOF | |
| dd bs=440 count=1 conv=notrunc if=/mnt/usr/share/syslinux/mbr.bin of="$2" | |
| # Initial Software Setup | |
| #cat << EOF | chroot /mnt | |
| #EOF | |
| # Unmount The System | |
| umount /mnt/boot | |
| umount /mnt | |
| vgchange -a n | |
| cryptsetup luksClose lvmcrypt | |
| # Down The System | |
| echo "The Setup Process Has Completed. Shutting Down in 3 seconds..." | |
| sleep 3 | |
| poweroff | |
| # TODO: Encryption Hardening |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment