#!/bin/bash echo "Installing dialog" apt update apt install dialog -y pre_reboot_script () { pass_var=$(dialog --passwordbox "Enter password to crypted partition for containers:" 25 25 --output-fd 1) pass_var2=$(dialog --passwordbox "Enter password to crypted partition for containers again:" 25 25 --output-fd 1) if [ "$pass_var" == "$pass_var2" ]; then echo "Passwords match!" else echo "Passwords not match!" exit 1 fi echo "Install net-tools" apt install net-tools -y echo "Exec ifconfig" ifconfig read -p "Enter interface for configure bridge:" NET_IF echo "Starting lsblk" lsblk read -p "Enter partition to encrypt:" PARTITION echo "Installing requirements" apt install cryptsetup ecryptfs-utils zfsutils-linux lzop -y echo "Setting timezone to Prague" timedatectl set-timezone Europe/Prague echo "Starting ecryptfs-setup-swap" ecryptfs-setup-swap -f echo "Starting luksFormat" echo -n "$pass_var" | cryptsetup luksFormat $PARTITION - echo "Opening crypted partition" echo "$pass_var" | cryptsetup open $PARTITION crypt -c - echo "Creating zpool" zpool create crypt /dev/mapper/crypt -o ashift=12 echo "Enabling compression on zpool" zfs set compression=on crypt echo "Creating datasets crypt/lxd/dir crypt/lxd/storage" zfs create crypt/lxd zfs create crypt/lxd/dir zfs create crypt/lxd/storage echo "Installing Incus" curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc sh -c 'cat < /etc/apt/sources.list.d/zabbly-incus-lts-6.0.sources Enabled: yes Types: deb URIs: https://pkgs.zabbly.com/incus/lts-6.0 Suites: $(. /etc/os-release && echo ${VERSION_CODENAME}) Components: main Architectures: $(dpkg --print-architecture) Signed-By: /etc/apt/keyrings/zabbly.asc EOF' apt update apt install incus -y incus ls incus admin shutdown systemctl stop incus systemctl stop incus.socket systemctl stop incus-user.socket echo "Deleting everything in /var/lib/incus/*" rm /var/lib/incus/* -r echo "Setting mountpoint /var/lib/incus to crypt/lxd/dir" zfs set mountpoint=/var/lib/incus crypt/lxd/dir echo "Starting Incus" systemctl start incus.socket systemctl start incus-user.socket systemctl start incus incus ls echo "Configuring sysctl" echo "vm.swappiness = 1" > /etc/sysctl.d/50-usi-mm.conf echo "vm.min_free_kbytes = 131072" >> /etc/sysctl.d/50-usi-mm.conf echo "vm.dirty_background_ratio = 5" >> /etc/sysctl.d/50-usi-mm.conf echo "fs.inotify.max_queued_events = 1048576" >> /etc/sysctl.d/50-usi-mm.conf echo "fs.inotify.max_user_instances = 1048576" >> /etc/sysctl.d/50-usi-mm.conf echo "fs.inotify.max_user_watches = 1048576" >> /etc/sysctl.d/50-usi-mm.conf echo "kernel.dmesg_restrict = 1" >> /etc/sysctl.d/50-usi-mm.conf echo "net.netfilter.nf_conntrack_max = 4194304" >> /etc/sysctl.d/50-usi-mm.conf echo "nf_conntrack" >> /etc/modules echo "Configuring arc cache for zfs to min 256MB and max 1536MB + txg_timeout to 3" echo "options zfs zfs_arc_min=268435456" > /etc/modprobe.d/zfs.conf echo "options zfs zfs_arc_max=1610612736" >> /etc/modprobe.d/zfs.conf echo "options zfs zfs_txg_timeout=3" >> /etc/modprobe.d/zfs.conf echo "Doing update-initramfs -u" update-initramfs -u echo "Configuring network to use bridge" echo "auto lo" > /etc/network/interfaces echo "iface lo inet loopback" >> /etc/network/interfaces echo " " >> /etc/network/interfaces echo "iface $NET_IF inet manual" >> /etc/network/interfaces echo "iface $NET_IF inet6 manual" >> /etc/network/interfaces echo "auto br0" >> /etc/network/interfaces echo "iface br0 inet dhcp" >> /etc/network/interfaces echo " bridge_ports $NET_IF" >> /etc/network/interfaces echo " bridge_stp off" >> /etc/network/interfaces echo " bridge_fd 0" >> /etc/network/interfaces echo " " >> /etc/network/interfaces echo "iface br0 inet6 auto" >> /etc/network/interfaces echo " bridge_ports $NET_IF" >> /etc/network/interfaces echo " bridge_stp off" >> /etc/network/interfaces echo " bridge_fd 0" >> /etc/network/interfaces echo "Add DNS to systemd-resolved" echo "[Resolve]" > /etc/systemd/resolved.conf echo "DNS=8.8.8.8" >> /etc/systemd/resolved.conf echo "FallbackDNS=1.1.1.1" >> /etc/systemd/resolved.conf echo "Purging netplan,disabling dhcpcd and install ifupdown" apt purge nplan netplan.io -y rm /etc/netplan/* -f apt install bridge-utils ifupdown -y echo "Disabling systemd-networkd-wait-online" systemctl disable systemd-networkd-wait-online echo "Doing apt update and apt dist-upgrade" apt update apt dist-upgrade -y echo "Creating onstart script in /root" echo "#!/bin/bash" > /root/onstart echo "read -p \"Press any button to start...\"" >> /root/onstart echo "pass_var=\$(dialog --passwordbox \"Enter password:\" 25 25 --output-fd 1)" >> /root/onstart echo "pass_var2=\$(dialog --passwordbox \"Enter password again:\" 25 25 --output-fd 1)" >> /root/onstart echo "if [ \"\$pass_var\" == \"\$pass_var2\" ]; then" >> /root/onstart echo "echo \"Passwords match!\"" >> /root/onstart echo "else" >> /root/onstart echo "echo \"Passwords not match!\"" >> /root/onstart echo "exit 1" >> /root/onstart echo "fi" >> /root/onstart echo "echo \"Stopping Incus daemons and deleting /var/lib/incus/*\"" >> /root/onstart echo "systemctl stop incus" >> /root/onstart echo "systemctl stop incus.socket" >> /root/onstart echo "systemctl stop incus-user.socket" >> /root/onstart echo "rm /var/lib/incus/* -rf" >> /root/onstart echo "echo \"Opening encrypted partition\"" >> /root/onstart echo "echo \$pass_var | cryptsetup open $PARTITION crypt -c -" >> /root/onstart echo "partprobe" >> /root/onstart echo "zpool import -d /dev/mapper crypt -f -m" >> /root/onstart echo "systemctl start incus-user.socket" >> /root/onstart echo "systemctl start incus.socket" >> /root/onstart echo "systemctl start incus" >> /root/onstart chmod +x /root/onstart read -p "Press any key for reboot" reboot } post_reboot_script () { echo "Executing /root/onstart" bash /root/onstart echo "Configuring LXD" incus admin waitready cat <> /root/.screenrc echo "screen -t htop htop" >> /root/.screenrc echo "screen -t mc mc" >> /root/.screenrc echo "screen -t bash bash" >> /root/.screenrc echo "altscreen on" >> /root/.screenrc echo "term screen-256color" >> /root/.screenrc echo "bind 'b' prev" >> /root/.screenrc echo "bind 'n' next" >> /root/.screenrc echo "hardstatus alwayslastline" >> /root/.screenrc echo "autodetach on" >> /root/.screenrc echo "mousetrack on" >> /root/.screenrc echo "vbell off" >> /root/.screenrc echo "termcapinfo xterm* ti@:te@" >> /root/.screenrc echo "defscrollback 5000" >> /root/.screenrc echo "scrollback 5000" >> /root/.screenrc echo "hardstatus string \"%{=b kw} %?%-Lw%?%{=br kw}[%n %t]%{=b kw}%?%+Lw%? %= %c\"" >> /root/.screenrc echo "Install utilities" apt install -y mc htop screen zfsnap smartmontools pv echo "Setting-up wireguard" apt update apt install wireguard -y incus profile set default linux.kernel_modules wireguard echo "Set max processes to 3000 in default profile in LXD" incus profile set default limits.processes 3000 read -p "Done, press any key to return to main menu" main_menu } install_uptrack () { cd /tmp wget https://ksplice.oracle.com/uptrack/dist/focal/uptrack.deb apt install python3-pycurl -y dpkg -i uptrack.deb uptrack-upgrade -y apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 82562EA9AD986DA3 read -p "Done, press any key to return to main menu" main_menu } main_menu () { cmd=(dialog --nocancel --menu "Welcome in setup-usi-mm!" 22 76 16) options=( 1 "Pre-reboot script" 2 "Post-reboot script" 3 "Install uptrack-upgrade" ) choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) for choice in $choices do case $choice in 1) pre_reboot_script ;; 2) post_reboot_script ;; 3) install_uptrack ;; esac done clear } main_menu