diff options
author | Lars Wirzenius <liw@liw.fi> | 2021-12-31 17:21:42 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-01-01 22:01:31 +0200 |
commit | 8b796467fcef03133c40f88ac331b1a0d06033a8 (patch) | |
tree | 3d11453f15824ea71abda70f4b3e3150b712ab9a | |
parent | 9ace8e9b7d0a15cf6aeeedada8bb7646acc8e6b0 (diff) | |
download | v-i-8b796467fcef03133c40f88ac331b1a0d06033a8.tar.gz |
feat: make X220 install work with cryptsetup and everything
Sponsored-by: author
-rw-r--r-- | v-i.vmdb | 12 | ||||
-rw-r--r-- | v-i.yml | 17 | ||||
-rwxr-xr-x | x220.sh | 42 | ||||
-rw-r--r-- | x220.vmdb | 86 | ||||
-rw-r--r-- | x220.yml | 28 |
5 files changed, 151 insertions, 34 deletions
@@ -29,7 +29,7 @@ steps: - unpack-rootfs: / - - debootstrap: buster + - debootstrap: bullseye mirror: http://deb.debian.org/debian target: / unless: rootfs_unpacked @@ -52,12 +52,14 @@ steps: - git - ssh - ansible + - lvm2 - cryptsetup - - pass + - cryptsetup-initramfs +# - pass - dosfstools - - emacs - - gpg - - scdaemon +# - emacs +# - gpg +# - scdaemon tag: / - ansible: / @@ -15,6 +15,23 @@ shell: | sed -i '/^root:[^:]*:/s//root::/' /etc/passwd + - name: "create /root/.ssh" + file: + state: directory + path: /root/.ssh + owner: root + group: root + mode: 0700 + + - name: "set root authorized keys" + copy: + content: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + - name: "configure keyboard layout" copy: content: | @@ -5,17 +5,41 @@ set -eux vi="$1" vmdb2="$2" -git clone -b "$vi" git://git.liw.fi/v-i -git clone -b "$vmdb2" git://git.liw.fi/vmdb2 -git clone git://git.liw.fi/ansibleness -git clone git://git.liw.fi/debian-ansible +gitget() { + local url="$1" + local branch="$2" + local dir="$3" + if [ ! -e "$dir" ]; then + git clone -b "$branch" "$url" + else + (cd "$dir" && git checkout "$branch" && git pull) + fi +} + +git config --global pull.ff only +gitget git://git.liw.fi/v-i "$vi" v-i +gitget git://git.liw.fi/vmdb2 "$vmdb2" vmdb2 +gitget git://git.liw.fi/ansibleness main ansibleness +gitget git://git.liw.fi/debian-ansible main debian-ansible cd v-i export ANSIBLE_LOG=/root/ansible.log export ANSIBLE_ROLES_PATH=/root/debian-ansible/roles:/root/ansibleness/ansible/roles + +if vgdisplay | grep "VG Name" || [ -e /dev/mapper/pv0 ]; then + vgremove --force vg0 || true + ! [ -e /dev/vg0 ] + + pvremove /dev/mapper/pv0 || true + cryptsetup close pv0 + + dd if=/dev/zero of=/dev/sda bs=1M count=20000 oflag=direct status=progress +fi + +rm -f /root/x220.log /root/vmdb2/vmdb2 \ - --verbose \ - --rootfs-tarball /root/rootfs.tar.gz \ - --log /root/x220.log \ - --image /dev/sda \ - x220.vmdb + --verbose \ + --rootfs-tarball /root/rootfs.tar.gz \ + --log /root/x220.log \ + --image /dev/sda \ + x220.vmdb @@ -5,58 +5,110 @@ steps: - mklabel: gpt device: "{{ image }}" + # EFI partition. This MUST be vfat and cleartext so that UEFI BIOS + # can handle it. - mkpart: primary device: "{{ image }}" start: 0% - end: 1G + end: 500M tag: efi + - mkfs: vfat + partition: efi + + # /boot partition. This will be cleartext, because GRUB doesn't seem + # to support LUKS2 yet. + - mkpart: primary + device: "{{ image }}" + start: 500M + end: 1G + tag: boot + + - mkfs: ext2 + partition: boot + + # The physical volume for LVM. This will be encrypted and the + # unlocked, opened variant will be used as the physical volume for + # LVM2. - mkpart: primary device: "{{ image }}" start: 1G end: 100% - tag: / + tag: cleartext_pv0 - - mkfs: vfat - partition: efi + - cryptsetup: cleartext_pv0 + password: asdf + name: pv0 + + - vgcreate: vg0 + physical: + - pv0 + + - lvcreate: vg0 + name: root + size: 10G - mkfs: ext4 - partition: / + partition: root + + # Mount the file systems on top of each other. + - mount: root + + - mount: boot + dirname: /boot + mount-on: root + + - mount: efi + dirname: /boot/efi + mount-on: boot - - mount: / + - virtual-filesystems: root - - virtual-filesystems: / + # Install Debian. - - unpack-rootfs: / + - unpack-rootfs: root - - debootstrap: buster + - debootstrap: bullseye mirror: http://deb.debian.org/debian - target: / + target: root unless: rootfs_unpacked - apt: install packages: - linux-image-amd64 - tag: / + tag: root unless: rootfs_unpacked - - cache-rootfs: / + - cache-rootfs: root unless: rootfs_unpacked + # Create fstab and crypttab + - fstab: root + + # Install additional packages. These are not in the rootfs tarball, + # while I keep changing this list: it's easier and faster to iterate + # if the rootfs tarball doesn't need to be re-generated from + # scratch. - apt: install packages: - - python3 - console-setup - - locales-all + - cryptsetup + - cryptsetup-initramfs + - dosfstools - ifupdown + - locales-all + - lvm2 + - python3 - ssh - tag: / + tag: root - - ansible: / + # Configure the system with Ansible. + - ansible: root playbook: x220.yml + # Install GRUB as the bootloader. - grub: uefi - tag: / + tag: root efi: efi quiet: true image-dev: "{{ image }}" @@ -10,6 +10,28 @@ pre_tasks: + - name: "set hostname manually" + shell: | + echo x220 > /etc/hostname + sed -i 's/^127\.0\.1/127.0.0.1 x220/' /etc/hosts + + - name: "create /root/.ssh" + file: + state: directory + path: /root/.ssh + owner: root + group: root + mode: 0700 + + - name: "set root authorized keys" + copy: + content: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + - name: "configure keyboard layout" copy: content: | @@ -47,12 +69,12 @@ ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 - sane_debian_system_hostname: x220 - sane_debian_system_codename: buster +# sane_debian_system_hostname: x220 + sane_debian_system_codename: bullseye sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: - repo: | - deb http://deb.debian.org/debian buster contrib non-free + deb http://deb.debian.org/debian bullseye contrib non-free unix_users_version: 2 unix_users: |