usl-mm/setup-usl-mm

212 lines
5.9 KiB
Text
Raw Permalink Normal View History

2018-09-02 13:01:37 +02:00
#!/bin/bash
pre_reboot_script () {
2018-12-29 23:03:05 +01:00
pass_var=$(dialog --passwordbox "Enter password to crypted partition for containers:" 25 25 --output-fd 1)
pass_var2=$(dialog --passwordbox "Enter password to crypted partition for containers again:" 25 25 --output-fd 1)
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
if [ "$pass_var" == "$pass_var2" ]; then
echo "Passwords match!"
else
echo "Passwords not match!"
exit 1
fi
2018-12-29 22:52:48 +01:00
2019-07-06 23:16:01 +02:00
echo "Doing pacman -Syy"
pacman -Syy
2018-12-29 22:52:48 +01:00
2018-12-29 23:03:05 +01:00
echo "Starting lsblk"
lsblk
read -p "Enter partition to encrypt:" PARTITION
2018-11-11 20:43:32 +01:00
2018-12-29 23:03:05 +01:00
echo "Installing requirements"
2020-04-28 10:50:43 +02:00
pacman -S --noconfirm cryptsetup ecryptfs-utils $(pacman -Q linux | tail -n 1 | awk {'print $1'})-zfs $(pacman -Q linux | tail -n 1 | awk {'print $1'})-headers parted
2019-07-06 23:16:01 +02:00
echo "Loading ZFS kernel module"
modprobe zfs
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Setting timezone to Prague"
timedatectl set-timezone Europe/Prague
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Starting ecryptfs-setup-swap"
ecryptfs-setup-swap -f
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Starting luksFormat"
echo -n "$pass_var" | cryptsetup luksFormat $PARTITION -
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Opening crypted partition"
echo "$pass_var" | cryptsetup open $PARTITION crypt -c -
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Creating zpool"
zpool create crypt /dev/mapper/crypt -o ashift=12
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Enabling compression on zpool"
zfs set compression=on crypt
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Creating datasets crypt/lxd/dir crypt/lxd/storage"
zfs create crypt/lxd
zfs create crypt/lxd/dir
zfs create crypt/lxd/storage
2018-09-02 13:01:37 +02:00
2019-07-06 23:16:01 +02:00
echo "Install snapd and lxd"
pacman -S snapd --noconfirm
2019-08-09 10:53:40 +02:00
systemctl enable snapd
2019-07-06 23:16:01 +02:00
systemctl start snapd
sleep 5
snap install lxd
2024-01-26 16:20:36 +01:00
echo "Switch to 5.19 LXD version"
snap switch --channel 5.19/stable lxd
2019-10-22 22:09:43 +02:00
snap refresh
2018-12-29 23:03:05 +01:00
echo "Stopping and disabling lxd"
2019-08-09 10:53:40 +02:00
snap stop --disable lxd
snap disable lxd
2018-09-02 13:01:37 +02:00
2019-07-06 23:16:01 +02:00
echo "Deleting everything in /var/snap/lxd/common/lxd/*"
rm /var/snap/lxd/common/lxd/* -r
2018-09-02 13:01:37 +02:00
2019-07-06 23:16:01 +02:00
echo "Creating mountpoint /var/snap/lxd/common/lxd to crypt/lxd/dir"
zfs set mountpoint=/var/snap/lxd/common/lxd crypt/lxd/dir
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Configuring sysctl"
echo "vm.swappiness = 1" > /etc/sysctl.d/50-usl-mm.conf
echo "vm.min_free_kbytes = 131072" >> /etc/sysctl.d/50-usl-mm.conf
echo "vm.dirty_background_ratio = 5" >> /etc/sysctl.d/50-usl-mm.conf
2019-07-09 21:10:29 +02:00
echo "fs.inotify.max_queued_events = 1048576" >> /etc/sysctl.d/50-usl-mm.conf
echo "fs.inotify.max_user_instances = 1048576" >> /etc/sysctl.d/50-usl-mm.conf
echo "fs.inotify.max_user_watches = 1048576" >> /etc/sysctl.d/50-usl-mm.conf
echo "kernel.dmesg_restrict = 1" >> /etc/sysctl.d/50-usl-mm.conf
2023-06-16 20:57:38 +02:00
echo "net.netfilter.nf_conntrack_max = 4194304" >> /etc/sysctl.d/50-usl-mm.conf
2023-08-29 22:35:09 +02:00
#Ugly fix
echo "@reboot root /sbin/sysctl -w net.netfilter.nf_conntrack_max=4194304" > /etc/cron.d/conntrack_cron
2018-09-02 13:01:37 +02:00
2019-07-18 15:52:53 +02:00
echo "Configuring arc cache for zfs to min 256MB and max 1536MB + txg_timeout to 3"
2018-12-29 23:03:05 +01:00
echo "options zfs zfs_arc_min=268435456" > /etc/modprobe.d/zfs.conf
echo "options zfs zfs_arc_max=1610612736" >> /etc/modprobe.d/zfs.conf
2019-07-18 15:52:53 +02:00
echo "options zfs zfs_txg_timeout=3" >> /etc/modprobe.d/zfs.conf
2018-09-02 13:01:37 +02:00
2019-07-07 20:54:06 +02:00
echo "Doing mkinitcpio -P"
mkinitcpio -P
2019-07-06 23:16:01 +02:00
echo "Doing pacman -Suu"
pacman -Suu --noconfirm
2018-12-29 23:03:05 +01:00
echo "Creating onstart script in /root"
echo "#!/bin/bash" > /root/onstart
echo "read -p \"Press any button to start...\"" >> /root/onstart
echo "pass_var=\$(dialog --passwordbox \"Enter password:\" 25 25 --output-fd 1)" >> /root/onstart
echo "pass_var2=\$(dialog --passwordbox \"Enter password again:\" 25 25 --output-fd 1)" >> /root/onstart
echo "if [ \"\$pass_var\" == \"\$pass_var2\" ]; then" >> /root/onstart
echo "echo \"Passwords match!\"" >> /root/onstart
echo "else" >> /root/onstart
echo "echo \"Passwords not match!\"" >> /root/onstart
echo "exit 1" >> /root/onstart
echo "fi" >> /root/onstart
2019-07-06 23:16:01 +02:00
echo "echo \"Stopping LXD snap daemon and deleting /var/snap/lxd/common/lxd/*\"" >> /root/onstart
2019-08-09 10:53:40 +02:00
echo "snap disable lxd" >> /root/onstart
2019-07-06 23:16:01 +02:00
echo "rm /var/snap/lxd/common/lxd/* -rf" >> /root/onstart
2018-12-29 23:03:05 +01:00
echo "echo \"Opening encrypted partition\"" >> /root/onstart
echo "echo \$pass_var | cryptsetup open $PARTITION crypt -c -" >> /root/onstart
echo "partprobe" >> /root/onstart
echo "zpool import -d /dev/mapper crypt -f -m" >> /root/onstart
2019-07-06 23:16:01 +02:00
echo "sleep 5" >> /root/onstart
2019-08-09 10:53:40 +02:00
echo "snap enable lxd" >> /root/onstart
2020-04-28 21:04:12 +02:00
echo "snap start lxd" >> /root/onstart
2018-12-29 23:03:05 +01:00
chmod +x /root/onstart
read -p "Press any key for reboot"
reboot
2018-09-02 13:01:37 +02:00
}
post_reboot_script () {
2019-07-06 23:16:01 +02:00
echo "Stopping lxd and delete /var/snap/lxd/common/lxd/*"
systemctl stop snap.lxd.daemon
rm /var/snap/lxd/common/lxd/* -r
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Executing /root/onstart"
bash /root/onstart
2018-09-02 13:01:37 +02:00
2018-12-29 23:03:05 +01:00
echo "Configuring LXD"
2018-09-02 13:01:37 +02:00
lxd waitready
cat <<EOF | lxd init
no
yes
storage
zfs
no
crypt/lxd/storage
no
yes
lxdbr0
10.10.10.1/24
yes
none
no
no
no
EOF
2018-12-29 23:03:05 +01:00
echo "Set screen settings"
echo "startup_message off" >> /root/.screenrc
echo "screen -t htop htop" >> /root/.screenrc
echo "screen -t mc mc" >> /root/.screenrc
echo "screen -t bash bash" >> /root/.screenrc
echo "altscreen on" >> /root/.screenrc
echo "term screen-256color" >> /root/.screenrc
echo "bind 'b' prev" >> /root/.screenrc
echo "bind 'n' next" >> /root/.screenrc
echo "hardstatus alwayslastline" >> /root/.screenrc
echo "autodetach on" >> /root/.screenrc
echo "mousetrack on" >> /root/.screenrc
echo "vbell off" >> /root/.screenrc
echo "termcapinfo xterm* ti@:te@" >> /root/.screenrc
echo "defscrollback 5000" >> /root/.screenrc
echo "scrollback 5000" >> /root/.screenrc
echo "hardstatus string \"%{=b kw} %?%-Lw%?%{=br kw}[%n %t]%{=b kw}%?%+Lw%? %= %c\"" >> /root/.screenrc
echo "Install utilities"
2019-08-18 16:38:37 +02:00
pacman -S --noconfirm mc htop screen smartmontools pv
2018-12-29 23:03:05 +01:00
2020-04-27 22:13:18 +02:00
echo "Setting-up wireguard"
2020-04-27 22:51:10 +02:00
pacman -S --noconfirm wireguard-dkms wireguard-tools
2020-04-27 22:13:18 +02:00
lxc profile set default linux.kernel_modules wireguard
2023-05-03 10:21:20 +02:00
echo "Set max processes to 3000 in default profile in LXD"
lxc profile set default limits.processes 3000
2019-05-03 14:44:06 +02:00
2021-11-09 11:05:32 +01:00
echo "Set refresh.retain=2 in snap"
snap set system refresh.retain=2
2018-12-29 23:03:05 +01:00
read -p "Done, press any key to return to main menu"
main_menu
2018-09-02 13:01:37 +02:00
}
main_menu () {
cmd=(dialog --nocancel --menu "Welcome in setup-lxd-mm!" 22 76 16)
options=(
1 "Pre-reboot script"
2 "Post-reboot script"
)
choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty)
for choice in $choices
do
case $choice in
1)
pre_reboot_script
;;
2)
post_reboot_script
;;
esac
done
clear
}
main_menu