mirror of
https://github.com/kevinveenbirkenbach/linux-image-manager.git
synced 2024-11-12 18:51:04 +01:00
Continued implementation of encryption procedures for pi
This commit is contained in:
parent
d6bb5a2d18
commit
19bd0979b3
10
configuration/packages/server/luks.txt
Normal file
10
configuration/packages/server/luks.txt
Normal file
@ -0,0 +1,10 @@
|
||||
# Packages to install LUKS on servers
|
||||
sudo
|
||||
git
|
||||
rsync
|
||||
base-devel
|
||||
uboot-tools
|
||||
dropbear
|
||||
mkinitcpio-utils
|
||||
mkinitcpio-netconf
|
||||
mkinitcpio-dropbear
|
@ -93,6 +93,16 @@ overwritte_device_with_zeros(){
|
||||
fi
|
||||
}
|
||||
|
||||
get_packages(){
|
||||
for package_collection in "$@"
|
||||
do
|
||||
package_collection_path="$PACKAGE_PATH""$package_collection.txt" &&
|
||||
info "Loading package collection from $package_collection_path..." &&
|
||||
echo "$(sed -e "/^#/d" -e "s/#.*//" "$package_collection_path" | tr '\n' ' ')" ||
|
||||
error
|
||||
done
|
||||
}
|
||||
|
||||
HEADER(){
|
||||
echo
|
||||
echo "${COLOR_YELLOW}The"
|
||||
|
@ -6,13 +6,6 @@
|
||||
# shellcheck disable=SC2086 # Deactivating escaping warning, because it's wrong concerning pacman_packages
|
||||
source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||
|
||||
get_packages(){
|
||||
for package_collection in "$@"
|
||||
do
|
||||
echo "$(sed -e "/^#/d" -e "s/#.*//" "$PACKAGE_PATH""$package_collection.txt" | tr '\n' ' ')" || error "Loading package wasn't possible."
|
||||
done
|
||||
}
|
||||
|
||||
install_yay_packages_if_needed(){
|
||||
info "Checking yay packages [ $1 ]..."
|
||||
for package in $1; do
|
||||
|
@ -370,6 +370,27 @@ if [ "$update_system" == "y" ]
|
||||
) | chroot "$root_mount_path" /bin/bash || error
|
||||
fi
|
||||
|
||||
question "Should the system be encrypted?(y/N)" && read -r encrypt_system
|
||||
if [ "$encrypt_system" == "y" ]
|
||||
then
|
||||
# @see https://gist.github.com/gea0/4fc2be0cb7a74d0e7cc4322aed710d38
|
||||
search_hooks="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)"
|
||||
replace_hooks="HOOKS=(base udev autodetect modconf block sleep netconf dropbear encryptssh filesystems keyboard fsck)"
|
||||
mkinitcpio_path="/etc/mkinitcpio.conf"
|
||||
mkinitcpio_rescue_path="$mkinitcpio_path.$(date +%s).rescue"
|
||||
search_modules="MODULES=()"
|
||||
replace_modules="MODULES=(g_cdc usb_f_acm usb_f_ecm smsc95xx g_ether)"
|
||||
info "Setup encryption..." &&
|
||||
(
|
||||
echo "yes | pacman -S --needed $(get_packages "server/luks")"
|
||||
echo "cp -v /home/$target_username/.ssh/authorized_keys /etc/dropbear/root_key"
|
||||
echo "cp -v $mkinitcpio_path $mkinitcpio_rescue_path"
|
||||
echo "sed -i 's/$search_modules/$replace_modules/g' $mkinitcpio_path"
|
||||
echo "sed -i 's/$search_hooks/$replace_hooks/g' $mkinitcpio_path"
|
||||
echo "mkinitcpio -P"
|
||||
) | chroot "$root_mount_path" /bin/bash || error
|
||||
fi
|
||||
|
||||
# question "Do you want to copy all Wifi passwords to the device?(y/n)" && read -r copy_wifi
|
||||
# if [ "$copy_wifi" = "y" ]
|
||||
# then
|
||||
|
Loading…
Reference in New Issue
Block a user