blob: db67d097ac4765c65810b3c8ac94da3cd53ea17e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
#!/bin/bash
set -e
newuser="flo"
disk=/dev/vda
server=192.168.123.1
pingcheckhost="mirror.server-speed.net"
die() {
echo "$@"
exit 1
}
get_url() {
local url=$1
local default=$2
wget -q -O - "$url" || echo "$default"
}
cmdline_arg() {
local name=$1
local default=$2
local param
for param in $(< /proc/cmdline); do
case "${param}" in
$name=*) echo "${param##*=}" ; return 0 ;;
esac
done
echo $default
}
grep -qE '^flags\s+: .* hypervisor( |$)' /proc/cpuinfo || die "Not running in hypervisor. aborting automatic setup"
dhcpcd -b eth0
# wait for host to be reachable (including dns query)
while ! ping -c1 -W0.3 "$pingcheckhost" >/dev/null; do
sleep 0.2
done
parted -s -- $disk mklabel msdos mkpart primary 1 -0
mkfs.ext4 ${disk}1
mount ${disk}1 /mnt
cat <<EOF >/etc/pacman.d/mirrorlist
Server = http://mirror.server-speed.net/\$repo/os/\$arch
EOF
pacstrap /mnt base syslinux sudo openssh haveged htop git zsh screen dnsutils vim net-tools
genfstab -p /mnt >> /mnt/etc/fstab
mymac=$(ip addr show dev eth0 | sed -rn 's#^\s+link/ether ([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}).*$#\1#p')
get_url "http://$server/hostnames/$mymac" "archvm" > /mnt/etc/hostname
hostname=$(cat /mnt/etc/hostname)
cat << EOF >/mnt/etc/systemd/network/10-static-ethernet.network
[Match]
Name=e*
[Network]
$(get_url "http://$server/network/$hostname")
EOF
ln -s /usr/share/zoneinfo/Europe/Vienna /mnt/etc/localtime
echo "en_US.UTF-8 UTF-8" > /mnt/etc/locale.gen
arch-chroot /mnt locale-gen
echo "LANG=en_US.UTF-8" > /mnt/etc/locale.conf
cat <<EOF > /mnt/etc/vconsole.conf
KEYMAP=de
FONT=
EOF
cat <<EOF >/mnt/boot/syslinux/syslinux.cfg
serial 0 115200
DEFAULT arch
PROMPT 0
TIMEOUT 30
UI menu.c32
LABEL arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
APPEND root=${disk}1 rw logo.nologo elevator=deadline nomodeset
INITRD ../initramfs-linux.img
EOF
cat <<EOF >/mnt/etc/ssh/sshd_config
Port 22
Protocol 2
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
GatewayPorts clientspecified
PrintMotd no # pam does that
UsePrivilegeSeparation sandbox # Default for new installations.
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
Subsystem sftp internal-sftp
Match Group "ssh-password"
PasswordAuthentication yes
EOF
arch-chroot /mnt mkinitcpio -p linux
arch-chroot /mnt syslinux-install_update -aim
arch-chroot /mnt useradd -m -g users -G wheel $newuser
mkdir /mnt/root/.ssh
touch /mnt/root/.ssh/authorized_keys
chmod 700 /mnt/root/.ssh
chmod 600 /mnt/root/.ssh/authorized_keys
cat <<EOF > /mnt/root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAte43fgKVPKvmwhMQcQRYNm27i2cadOIJvpOFA3jPWHFN2YeqxHvgVbAESLOAO/sJ0MqXlQnBc9rr8PbQd67YP7teOBnXLOfX2mofxGEDtP2mtwneAxkMNJcYtxWjPeKL7LF5tknqPb6dXavm4+gJt27CQFFY6DJ+cD0tUUgh17HG6VGiTXF6AgB9aho/ToaMQZ4vCzztvf94kQK2uBYUXsvx4L62ZrEJbIzfB7fynBbl9+deBqsYmWRCbzaYV77YjwLhk9hI/GsUjLkTAB77WbeWJdk7fgJ/PgI69FRMhRlYASRVBqeek6NLcyQ9x54CrUkOFBC5Q+j4yjsDQN7NBw== flo@Marin
EOF
mkdir /mnt/home/$newuser/.ssh
chmod 700 /mnt/home/$newuser/.ssh
cp /mnt/root/.ssh/authorized_keys /mnt/home/$newuser/.ssh/authorized_keys
chmod 600 /mnt/home/$newuser/.ssh/authorized_keys
arch-chroot /mnt chown -R $newuser:users /home/$newuser/.ssh
arch-chroot /mnt passwd -d $newuser
curl https://git.server-speed.net/users/flo/bin/plain/init_new_user.sh | arch-chroot /mnt sudo -u $newuser bash
arch-chroot /mnt chsh -s /bin/zsh $newuser
arch-chroot /mnt systemctl enable multi-user.target sshd haveged systemd-networkd
ln -sf /run/systemd/network/resolv.conf /mnt/etc/resolv.conf
sync
systemctl reboot
|