usi-mm/setup-usi-mm
2024-12-17 13:07:55 +01:00

266 lines
7.8 KiB
Bash
Executable file

#!/bin/bash
pre_reboot_script () {
pass_var=$(dialog --passwordbox "Enter password to crypted partition for containers:" 25 25 --output-fd 1)
pass_var2=$(dialog --passwordbox "Enter password to crypted partition for containers again:" 25 25 --output-fd 1)
if [ "$pass_var" == "$pass_var2" ]; then
echo "Passwords match!"
else
echo "Passwords not match!"
exit 1
fi
echo "Install net-tools"
apt install net-tools -y
echo "Exec ifconfig"
ifconfig
read -p "Enter interface for configure bridge:" NET_IF
echo "Starting lsblk"
lsblk
read -p "Enter partition to encrypt:" PARTITION
echo "Installing requirements"
apt install cryptsetup ecryptfs-utils zfsutils-linux lzop -y
echo "Setting timezone to Prague"
timedatectl set-timezone Europe/Prague
echo "Starting ecryptfs-setup-swap"
ecryptfs-setup-swap -f
echo "Starting luksFormat"
echo -n "$pass_var" | cryptsetup luksFormat $PARTITION -
echo "Opening crypted partition"
echo "$pass_var" | cryptsetup open $PARTITION crypt -c -
echo "Creating zpool"
zpool create crypt /dev/mapper/crypt -o ashift=12
echo "Enabling compression on zpool"
zfs set compression=on crypt
echo "Creating datasets crypt/lxd/dir crypt/lxd/storage"
zfs create crypt/lxd
zfs create crypt/lxd/dir
zfs create crypt/lxd/storage
echo "Installing Incus"
curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc
sh -c 'cat <<EOF > /etc/apt/sources.list.d/zabbly-incus-lts-6.0.sources
Enabled: yes
Types: deb
URIs: https://pkgs.zabbly.com/incus/lts-6.0
Suites: $(. /etc/os-release && echo ${VERSION_CODENAME})
Components: main
Architectures: $(dpkg --print-architecture)
Signed-By: /etc/apt/keyrings/zabbly.asc
EOF'
apt update
apt install incus -y
incus ls
incus admin shutdown
systemctl stop incus
systemctl stop incus.socket
systemctl stop incus-user.socket
echo "Deleting everything in /var/lib/incus/*"
rm /var/lib/incus/* -r
echo "Setting mountpoint /var/lib/incus to crypt/lxd/dir"
zfs set mountpoint=/var/lib/incus crypt/lxd/dir
echo "Starting Incus"
systemctl start incus.socket
systemctl start incus-user.socket
systemctl start incus
incus ls
echo "Configuring sysctl"
echo "vm.swappiness = 1" > /etc/sysctl.d/50-usi-mm.conf
echo "vm.min_free_kbytes = 131072" >> /etc/sysctl.d/50-usi-mm.conf
echo "vm.dirty_background_ratio = 5" >> /etc/sysctl.d/50-usi-mm.conf
echo "fs.inotify.max_queued_events = 1048576" >> /etc/sysctl.d/50-usi-mm.conf
echo "fs.inotify.max_user_instances = 1048576" >> /etc/sysctl.d/50-usi-mm.conf
echo "fs.inotify.max_user_watches = 1048576" >> /etc/sysctl.d/50-usi-mm.conf
echo "kernel.dmesg_restrict = 1" >> /etc/sysctl.d/50-usi-mm.conf
echo "net.netfilter.nf_conntrack_max = 4194304" >> /etc/sysctl.d/50-usi-mm.conf
#Ugly fix
echo "@reboot root /sbin/sysctl -w net.netfilter.nf_conntrack_max=4194304" > /etc/cron.d/conntrack_cron
echo "Configuring arc cache for zfs to min 256MB and max 1536MB + txg_timeout to 3"
echo "options zfs zfs_arc_min=268435456" > /etc/modprobe.d/zfs.conf
echo "options zfs zfs_arc_max=1610612736" >> /etc/modprobe.d/zfs.conf
echo "options zfs zfs_txg_timeout=3" >> /etc/modprobe.d/zfs.conf
echo "Doing update-initramfs -u"
update-initramfs -u
echo "Configuring network to use bridge"
echo "auto lo" > /etc/network/interfaces
echo "iface lo inet loopback" >> /etc/network/interfaces
echo " " >> /etc/network/interfaces
echo "iface $NET_IF inet manual" >> /etc/network/interfaces
echo "iface $NET_IF inet6 manual" >> /etc/network/interfaces
echo "auto br0" >> /etc/network/interfaces
echo "iface br0 inet dhcp" >> /etc/network/interfaces
echo " bridge_ports $NET_IF" >> /etc/network/interfaces
echo " bridge_stp off" >> /etc/network/interfaces
echo " bridge_fd 0" >> /etc/network/interfaces
echo " " >> /etc/network/interfaces
echo "iface br0 inet6 auto" >> /etc/network/interfaces
echo " bridge_ports $NET_IF" >> /etc/network/interfaces
echo " bridge_stp off" >> /etc/network/interfaces
echo " bridge_fd 0" >> /etc/network/interfaces
echo "Add DNS to systemd-resolved"
echo "[Resolve]" > /etc/systemd/resolved.conf
echo "DNS=8.8.8.8" >> /etc/systemd/resolved.conf
echo "FallbackDNS=1.1.1.1" >> /etc/systemd/resolved.conf
echo "Purging netplan,disabling dhcpcd and install ifupdown"
apt purge nplan netplan.io -y
rm /etc/netplan/* -f
apt install bridge-utils ifupdown -y
echo "Disabling systemd-networkd-wait-online"
systemctl disable systemd-networkd-wait-online
echo "Doing apt update and apt dist-upgrade"
apt update
apt dist-upgrade -y
echo "Creating onstart script in /root"
echo "#!/bin/bash" > /root/onstart
echo "read -p \"Press any button to start...\"" >> /root/onstart
echo "pass_var=\$(dialog --passwordbox \"Enter password:\" 25 25 --output-fd 1)" >> /root/onstart
echo "pass_var2=\$(dialog --passwordbox \"Enter password again:\" 25 25 --output-fd 1)" >> /root/onstart
echo "if [ \"\$pass_var\" == \"\$pass_var2\" ]; then" >> /root/onstart
echo "echo \"Passwords match!\"" >> /root/onstart
echo "else" >> /root/onstart
echo "echo \"Passwords not match!\"" >> /root/onstart
echo "exit 1" >> /root/onstart
echo "fi" >> /root/onstart
echo "echo \"Stopping Incus daemons and deleting /var/lib/incus/*\"" >> /root/onstart
echo "systemctl stop incus" >> /root/onstart
echo "systemctl stop incus.socket" >> /root/onstart
echo "systemctl stop incus-user.socket" >> /root/onstart
echo "rm /var/lib/incus/* -rf" >> /root/onstart
echo "echo \"Opening encrypted partition\"" >> /root/onstart
echo "echo \$pass_var | cryptsetup open $PARTITION crypt -c -" >> /root/onstart
echo "partprobe" >> /root/onstart
echo "zpool import -d /dev/mapper crypt -f -m" >> /root/onstart
echo "systemctl start incus-user.socket" >> /root/onstart
echo "systemctl start incus.socket" >> /root/onstart
echo "systemctl start incus" >> /root/onstart
chmod +x /root/onstart
read -p "Press any key for reboot"
reboot
}
post_reboot_script () {
echo "Executing /root/onstart"
bash /root/onstart
echo "Configuring LXD"
incus admin waitready
cat <<EOF | incus admin init
no
yes
storage
zfs
no
crypt/lxd/storage
yes
lxdbr0
10.10.10.1/24
yes
none
no
no
no
EOF
echo "Set screen settings"
echo "startup_message off" >> /root/.screenrc
echo "screen -t htop htop" >> /root/.screenrc
echo "screen -t mc mc" >> /root/.screenrc
echo "screen -t bash bash" >> /root/.screenrc
echo "altscreen on" >> /root/.screenrc
echo "term screen-256color" >> /root/.screenrc
echo "bind 'b' prev" >> /root/.screenrc
echo "bind 'n' next" >> /root/.screenrc
echo "hardstatus alwayslastline" >> /root/.screenrc
echo "autodetach on" >> /root/.screenrc
echo "mousetrack on" >> /root/.screenrc
echo "vbell off" >> /root/.screenrc
echo "termcapinfo xterm* ti@:te@" >> /root/.screenrc
echo "defscrollback 5000" >> /root/.screenrc
echo "scrollback 5000" >> /root/.screenrc
echo "hardstatus string \"%{=b kw} %?%-Lw%?%{=br kw}[%n %t]%{=b kw}%?%+Lw%? %= %c\"" >> /root/.screenrc
echo "Install utilities"
apt install -y mc htop screen zfsnap smartmontools pv
echo "Setting-up wireguard"
apt update
apt install wireguard -y
incus profile set default linux.kernel_modules wireguard
echo "Set max processes to 3000 in default profile in LXD"
incus profile set default limits.processes 3000
read -p "Done, press any key to return to main menu"
main_menu
}
install_uptrack () {
cd /tmp
wget https://ksplice.oracle.com/uptrack/dist/focal/uptrack.deb
apt install python3-pycurl -y
dpkg -i uptrack.deb
uptrack-upgrade -y
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 82562EA9AD986DA3
read -p "Done, press any key to return to main menu"
main_menu
}
main_menu () {
cmd=(dialog --nocancel --menu "Welcome in setup-usi-mm!" 22 76 16)
options=(
1 "Pre-reboot script"
2 "Post-reboot script"
3 "Install uptrack-upgrade"
)
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
for choice in $choices
do
case $choice in
1)
pre_reboot_script
;;
2)
post_reboot_script
;;
3)
install_uptrack
;;
esac
done
clear
}
main_menu