Universal secure LXD Install script
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 

62 lines
2.2 KiB

#!/bin/bash
# Use with first argument with codename of new ubuntu distro(eoan,focal, etc)
IFS='
'
current_release=$(lsb_release -c | awk {'print $2'})
export DEBIAN_FRONTEND=noninteractive
apt update
apt dist-upgrade -y -o Dpkg::Options::="--force-confold"
apt install rpl -y
snap install --channel 4.5/stable lxd
if [ $current_release == bionic ]; then
lxd.migrate -yes
fi
zfs set mountpoint=/var/snap/lxd/common/lxd crypt/lxd/dir
rpl $current_release $1 /etc/apt/sources.list
rpl $current_release $1 /etc/apt/sources.list.d/*
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 82562EA9AD986DA3
apt update
apt dist-upgrade -y -o Dpkg::Options::="--force-confold"
echo "Creating onstart-new script in /root"
echo "#!/bin/bash" > /root/onstart-new
echo "read -p \"Press any button to start...\"" >> /root/onstart-new
echo "pass_var=\$(dialog --passwordbox \"Enter password:\" 25 25 --output-fd 1)" >> /root/onstart-new
echo "pass_var2=\$(dialog --passwordbox \"Enter password again:\" 25 25 --output-fd 1)" >> /root/onstart-new
echo "if [ \"\$pass_var\" == \"\$pass_var2\" ]; then" >> /root/onstart-new
echo "echo \"Passwords match!\"" >> /root/onstart-new
echo "else" >> /root/onstart-new
echo "echo \"Passwords not match!\"" >> /root/onstart-new
echo "exit 1" >> /root/onstart-new
echo "fi" >> /root/onstart-new
echo "echo \"Stopping LXD snap daemon and deleting /var/snap/lxd/common/lxd/*\"" >> /root/onstart-new
echo "snap disable lxd" >> /root/onstart-new
echo "rm /var/snap/lxd/common/lxd/* -rf" >> /root/onstart-new
echo "echo \"Opening encrypted partition\"" >> /root/onstart-new
for i in $(cat /root/onstart | grep "cryptsetup open")
do echo "$i" >> /root/onstart-new
done
echo "partprobe" >> /root/onstart-new
for i in $(cat /root/onstart | grep "zpool import")
do echo "$i" >> /root/onstart-new
done
echo "snap enable lxd" >> /root/onstart-new
for i in $(cat /root/onstart | grep "iptables")
do echo "$i" >> /root/onstart-new
done
for i in $(cat /root/onstart | grep "firewall")
do echo "$i" >> /root/onstart-new
done
chmod +x /root/onstart-new
mv /root/onstart /root/onstart-old
mv /root/onstart-new /root/onstart
zfs set mountpoint=/var/snap/lxd/common/lxd crypt/lxd/dir
snap switch --channel 4.5/stable lxd
snap refresh
read -p "Press any key for reboot"
reboot