summaryrefslogtreecommitdiffstats
path: root/setup-arch-vm
blob: db67d097ac4765c65810b3c8ac94da3cd53ea17e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/bash

set -e

newuser="flo"
disk=/dev/vda
server=192.168.123.1
pingcheckhost="mirror.server-speed.net"

die() {
	echo "$@"
	exit 1
}

get_url() {
	local url=$1
	local default=$2
	wget -q -O - "$url" || echo "$default"
}

cmdline_arg() {
	local name=$1
	local default=$2
	local param
	for param in $(< /proc/cmdline); do
		case "${param}" in
			$name=*) echo "${param##*=}" ; return 0 ;;
		esac
	done

	echo $default
}

grep -qE '^flags\s+: .* hypervisor( |$)' /proc/cpuinfo || die "Not running in hypervisor. aborting automatic setup"

dhcpcd -b eth0

# wait for host to be reachable (including dns query)
while ! ping -c1 -W0.3 "$pingcheckhost" >/dev/null; do
	sleep 0.2
done

parted -s -- $disk mklabel msdos mkpart primary 1 -0

mkfs.ext4 ${disk}1
mount ${disk}1 /mnt
cat <<EOF >/etc/pacman.d/mirrorlist
Server = http://mirror.server-speed.net/\$repo/os/\$arch
EOF

pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools
genfstab -p /mnt >> /mnt/etc/fstab

mymac=$(ip addr show dev eth0 | sed -rn 's#^\s+link/ether ([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}).*$#\1#p')

get_url "http://$server/hostnames/$mymac" "archvm" > /mnt/etc/hostname
hostname=$(cat /mnt/etc/hostname)

cat << EOF >/mnt/etc/systemd/network/10-static-ethernet.network
[Match]
Name=e*

[Network]
$(get_url "http://$server/network/$hostname")
EOF

ln -s /usr/share/zoneinfo/Europe/Vienna /mnt/etc/localtime
echo "en_US.UTF-8 UTF-8" > /mnt/etc/locale.gen
arch-chroot /mnt locale-gen

echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
cat <<EOF > /mnt/etc/vconsole.conf
KEYMAP=de
FONT=
EOF

cat <<EOF >/mnt/boot/syslinux/syslinux.cfg
serial 0 115200
DEFAULT arch
PROMPT 0
TIMEOUT 30
UI menu.c32

LABEL arch
	MENU LABEL Arch Linux
	LINUX ../vmlinuz-linux
	APPEND root=${disk}1 rw logo.nologo elevator=deadline nomodeset
	INITRD ../initramfs-linux.img
EOF

cat <<EOF >/mnt/etc/ssh/sshd_config
Port 22
Protocol 2
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
GatewayPorts clientspecified
PrintMotd no # pam does that
UsePrivilegeSeparation sandbox          # Default for new installations.
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
Subsystem       sftp    internal-sftp
Match Group "ssh-password"
        PasswordAuthentication yes
EOF

arch-chroot /mnt mkinitcpio -p linux
arch-chroot /mnt syslinux-install_update -aim
arch-chroot /mnt useradd -m -g users -G wheel $newuser
mkdir /mnt/root/.ssh
touch /mnt/root/.ssh/authorized_keys
chmod 700 /mnt/root/.ssh
chmod 600 /mnt/root/.ssh/authorized_keys
cat <<EOF > /mnt/root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAte43fgKVPKvmwhMQcQRYNm27i2cadOIJvpOFA3jPWHFN2YeqxHvgVbAESLOAO/sJ0MqXlQnBc9rr8PbQd67YP7teOBnXLOfX2mofxGEDtP2mtwneAxkMNJcYtxWjPeKL7LF5tknqPb6dXavm4+gJt27CQFFY6DJ+cD0tUUgh17HG6VGiTXF6AgB9aho/ToaMQZ4vCzztvf94kQK2uBYUXsvx4L62ZrEJbIzfB7fynBbl9+deBqsYmWRCbzaYV77YjwLhk9hI/GsUjLkTAB77WbeWJdk7fgJ/PgI69FRMhRlYASRVBqeek6NLcyQ9x54CrUkOFBC5Q+j4yjsDQN7NBw== flo@Marin
EOF

mkdir /mnt/home/$newuser/.ssh
chmod 700 /mnt/home/$newuser/.ssh
cp /mnt/root/.ssh/authorized_keys /mnt/home/$newuser/.ssh/authorized_keys
chmod 600 /mnt/home/$newuser/.ssh/authorized_keys
arch-chroot /mnt chown -R $newuser:users /home/$newuser/.ssh
arch-chroot /mnt passwd -d $newuser

curl https://git.server-speed.net/users/flo/bin/plain/init_new_user.sh | arch-chroot /mnt sudo -u $newuser bash
arch-chroot /mnt chsh -s /bin/zsh $newuser

arch-chroot /mnt systemctl enable multi-user.target sshd haveged systemd-networkd
ln -sf /run/systemd/network/resolv.conf /mnt/etc/resolv.conf

sync
systemctl reboot