From e82614a2795675030af0982fcf3403cc0f72ec6c Mon Sep 17 00:00:00 2001 From: dev Date: Thu, 4 Aug 2016 12:30:21 -0500 Subject: [PATCH] Seeding some initial scripts --- ShadowArch/Makefile | 23 +++++ ShadowArch/shadowarch | 154 ++++++++++++++++++++++++++++++++++ ShadowArch/shadowarch-tar-gen | 2 + 3 files changed, 179 insertions(+) create mode 100644 ShadowArch/Makefile create mode 100644 ShadowArch/shadowarch create mode 100755 ShadowArch/shadowarch-tar-gen diff --git a/ShadowArch/Makefile b/ShadowArch/Makefile new file mode 100644 index 0000000..a4e3b6f --- /dev/null +++ b/ShadowArch/Makefile @@ -0,0 +1,23 @@ +HTTPROOT = "/srv/http/aninix.net" +HTTPUSER = http + +echoroot: + @echo ${HTTPROOT} + @echo ${HTTPUSER} + +install: script webpresent + +webpresent: shadowarch + /root/bin/shadowarch-tar-gen + cp ./shadowarch ${HTTPROOT} + chown ${HTTPUSER} ${HTTPROOT}/shadowarch + +script: shadowarch-tar-gen + cp shadowarch-tar-gen /root/bin + chmod 0700 /root/bin/shadowarch-tar-gen + chown root:root /root/bin/shadowarch-tar-gen + +configure: + vim Makefile + + diff --git a/ShadowArch/shadowarch b/ShadowArch/shadowarch new file mode 100644 index 0000000..a519c9d --- /dev/null +++ b/ShadowArch/shadowarch @@ -0,0 +1,154 @@ +#!/bin/bash + +function header () { + tput setaf 1 + tput bold + echo $@ + tput sgr0 + return +} +function help() { + echo Usage: ${0} '[-s] [-e]' + echo '\-s Create a layout for an AniNIX::Spartacus' + echo '\-e Encrypt the root partition' + exit 1; +} + +spartacus=0; +encrypt=0; +disk="/dev/sda" +bootpart=1; +rootpart=2; +datapart=99; +while getopts "sed:" OPTION +do + case $OPTION in + s) spartacus=1 ;; + e) encrypt=1 ;; + d) disk=${OPTARG} ;; + *) help + esac +done + +header Confirm options: +echo Spartacus set to: $spartacus +echo Encryption set to: $encrypt +echo Disk to use: $disk +printf "Is this OK? Type YES to continue: " +read answer +if [ "$answer" != "YES" ]; then + echo User did not confirm. + exit 1; +fi + +## REMOVE this section to not format the first disk. You will have to layout your own space. ## + +header Allocating space +shred -n 1 -v --random-source=/dev/zero "$disk" +if [ $spartacus -eq 1 ]; then + # Insert an ExFAT data partition ahead of the rest. + export datapart=1; + export bootpart=$((bootpart+1)) + export rootpart=$(($rootpart+1)) + # Break the disk up into 4ths -- 2/4 go to data, 1/4 go to boot, and 1/4 to root + export disksize=$(($(fdisk -l $disk | head -n 1 | cut -f 5 -d ' ') / 1048576)) # Return disk size in MB + if [ "$disksize" == "" ]; then echo "Can't identify disk size"; exit 1; fi + if [ "$disksize" -lt 7788 ]; then echo "This drive is too small to be a Spartacus."; exit 1; fi # Must be 8GB or more to have 2GB root. + export bootsize=$(($disksize / 4)) + export datasize=$(($disksize / 2)) + printf 'mklabel msdos\nmkpart primary ext4 1MiB %s\nmkpart primary ext4 %s %s\nmkpart primary ext4 %s 100%%FREE\nprint\nquit\n' $datasize"MiB" $datasize"MiB" $(($datasize+$bootsize))"MiB" $(($datasize+$bootsize))"MiB" | parted "$disk" + #create data partition + pacman -Sy exfat-utils --noconfirm + mkfs.exfat "$disk""$datapart" + exfatlabel "$disk""$datapart" "AS-XPLATFRM" +else + # One 200MB boot and the rest is root + printf 'mklabel msdos\nmkpart primary ext4 1MiB 201MiB\nmkpart primary ext4 513MiB 100%%FREE\nprint\nquit\n' | parted "$disk" +fi +header Making ext4 boot partition on "$disk""$bootpart" +mkfs.ext4 "$disk""$bootpart" +tune2fs -L "BOOT" "$disk""$bootpart" + +header Making root and mountpoints +if [ $encrypt -eq 1 ]; then + header Making encrypted root on "$disk""$rootpart" + modprobe dm-crypt + modprobe serpent_generic + header Formatting root -- make sure to enter YES followed by a strong passphrase. + cryptsetup luksFormat -c serpent-xts-plain64 -h sha512 --key-size 512 "$disk""$rootpart" + header Unlocking root + cryptsetup luksOpen "$disk""$rootpart" cryptroot + mkfs.xfs /dev/mapper/cryptroot + xfs_admin -L ROOT /dev/mapper/cryptroot + mount /dev/mapper/cryptroot /mnt +else + header Making root on "$disk""$rootpart" + mkfs.xfs "$disk""$rootpart" + xfs_admin -L ROOT "$disk""$rootpart" + mount "$disk""$rootpart" /mnt +fi + +mkdir /mnt/boot +mount "$disk""$bootpart" /mnt/boot + +## END REMOVE ## + +# Install ArchLinux with basic clients for the AniNIX Services. +# * git for AniNIX::Bazaar +# * lynx for WebServer and Wiki +# * openssh for SSH/SFTP +# * irssi for IRC +# * make for source packages +# * tor for anonymity +# Uncomment the remaining packages for a desktop environment. +header Installing ArchLinux to root +yes "" | pacstrap -i /mnt base base-devel grub efibootmgr openssh git make lynx irssi vim wget tor torsocks # xorg-server xfce4 seamonkey + +header Create FSTAB +genfstab -U /mnt >> /mnt/etc/fstab + +header Set time +sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /mnt/etc/locale.gen +arch-chroot /mnt locale-gen +ln -s /usr/share/zoneinfo/America/Chicago /mnt/etc/localtime +arch-chroot /mnt hwclock --systohc --utc + +header Setup bootloader +if [ $encrypt -eq 1 ]; then + export hookstring="$(grep 'HOOKS=' /mnt/etc/mkinitcpio.conf | grep -v '#')" + sed -i 's#'"$hookstring"'#HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"#' /mnt/etc/mkinitcpio.conf + export rootuuid="$(blkid "$disk""$rootpart" | cut -f 2 -d '"')" + sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cryptdevice=UUID='$rootuuid':cryptroot root=/dev/mapper/cryptroot"' /etc/default/grub +fi +arch-chroot /mnt mkinitcpio -p linux +arch-chroot /mnt grub-install --target=i386-pc "$disk" +arch-chroot /mnt grub-mkconfig -o /boot/grub/grub-cfg + +header Set networking +arch-chroot /mnt systemctl enable netctl +export interface=$(ip link list | grep "state" | cut -f 2 -d ":" | cut -f 2 -d " " | grep -v lo) +cp /mnt/etc/netctl/examples/ethernet-dhcp /mnt/etc/netctl/$interface +sed -i 's/eth0/'$interface'/' /mnt/etc/netctl/$interface +echo 'DNSSearch="aninix.net"' >> /mnt/etc/netctl/$interface +arch-chroot /mnt systemctl enable netctl +arch-chroot /mnt netctl enable $interface + +# Set prompt and vimrc for ShadowArch +header Setting ShadowArch customizations. +echo 'PS1="\[\033[00;31m\][ AniNIX::\h(\[\033[01;32m\]ShadowArch\[\033[00;31m\]) \[\033[00;36m\]\u \[\033[01;37m\]\d \T \[\033[00;35m\]\w\[\033[00;31m\] ] \n|\[\033[m\]> "' >> /mnt/etc/bash.bashrc +sed -i '/PS1=/d' /mnt/etc/skel/.bashrc +cd /mnt/etc/ +wget https://aninix.net/shadowarch.tar +rm -Rf /etc/skel /etc/vimrc +tar xvf shadowarch.tar +rm shadowarch.tar + +# Set password +header Set new root passphrase +arch-chroot /mnt passwd + +header Installed ShadowArch! Press enter to reboot. +read + +# Reboot +shutdown -r now diff --git a/ShadowArch/shadowarch-tar-gen b/ShadowArch/shadowarch-tar-gen new file mode 100755 index 0000000..b172e93 --- /dev/null +++ b/ShadowArch/shadowarch-tar-gen @@ -0,0 +1,2 @@ +#!/bin/bash +tar cvf /srv/http/aninix.net/shadowarch.tar /etc/vimrc /etc/skel