mirror of
https://github.com/kevinveenbirkenbach/linux-image-manager.git
synced 2024-11-14 11:31:04 +01:00
Continued implementation of encryption procedures for pi
This commit is contained in:
parent
d6bb5a2d18
commit
19bd0979b3
10
configuration/packages/server/luks.txt
Normal file
10
configuration/packages/server/luks.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Packages to install LUKS on servers
|
||||||
|
sudo
|
||||||
|
git
|
||||||
|
rsync
|
||||||
|
base-devel
|
||||||
|
uboot-tools
|
||||||
|
dropbear
|
||||||
|
mkinitcpio-utils
|
||||||
|
mkinitcpio-netconf
|
||||||
|
mkinitcpio-dropbear
|
@ -93,6 +93,16 @@ overwritte_device_with_zeros(){
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_packages(){
|
||||||
|
for package_collection in "$@"
|
||||||
|
do
|
||||||
|
package_collection_path="$PACKAGE_PATH""$package_collection.txt" &&
|
||||||
|
info "Loading package collection from $package_collection_path..." &&
|
||||||
|
echo "$(sed -e "/^#/d" -e "s/#.*//" "$package_collection_path" | tr '\n' ' ')" ||
|
||||||
|
error
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
HEADER(){
|
HEADER(){
|
||||||
echo
|
echo
|
||||||
echo "${COLOR_YELLOW}The"
|
echo "${COLOR_YELLOW}The"
|
||||||
|
@ -6,13 +6,6 @@
|
|||||||
# shellcheck disable=SC2086 # Deactivating escaping warning, because it's wrong concerning pacman_packages
|
# shellcheck disable=SC2086 # Deactivating escaping warning, because it's wrong concerning pacman_packages
|
||||||
source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
source "$(dirname "$(readlink -f "${0}")")/../base.sh" || (echo "Loading base.sh failed." && exit 1)
|
||||||
|
|
||||||
get_packages(){
|
|
||||||
for package_collection in "$@"
|
|
||||||
do
|
|
||||||
echo "$(sed -e "/^#/d" -e "s/#.*//" "$PACKAGE_PATH""$package_collection.txt" | tr '\n' ' ')" || error "Loading package wasn't possible."
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
install_yay_packages_if_needed(){
|
install_yay_packages_if_needed(){
|
||||||
info "Checking yay packages [ $1 ]..."
|
info "Checking yay packages [ $1 ]..."
|
||||||
for package in $1; do
|
for package in $1; do
|
||||||
|
@ -370,6 +370,27 @@ if [ "$update_system" == "y" ]
|
|||||||
) | chroot "$root_mount_path" /bin/bash || error
|
) | chroot "$root_mount_path" /bin/bash || error
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
question "Should the system be encrypted?(y/N)" && read -r encrypt_system
|
||||||
|
if [ "$encrypt_system" == "y" ]
|
||||||
|
then
|
||||||
|
# @see https://gist.github.com/gea0/4fc2be0cb7a74d0e7cc4322aed710d38
|
||||||
|
search_hooks="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)"
|
||||||
|
replace_hooks="HOOKS=(base udev autodetect modconf block sleep netconf dropbear encryptssh filesystems keyboard fsck)"
|
||||||
|
mkinitcpio_path="/etc/mkinitcpio.conf"
|
||||||
|
mkinitcpio_rescue_path="$mkinitcpio_path.$(date +%s).rescue"
|
||||||
|
search_modules="MODULES=()"
|
||||||
|
replace_modules="MODULES=(g_cdc usb_f_acm usb_f_ecm smsc95xx g_ether)"
|
||||||
|
info "Setup encryption..." &&
|
||||||
|
(
|
||||||
|
echo "yes | pacman -S --needed $(get_packages "server/luks")"
|
||||||
|
echo "cp -v /home/$target_username/.ssh/authorized_keys /etc/dropbear/root_key"
|
||||||
|
echo "cp -v $mkinitcpio_path $mkinitcpio_rescue_path"
|
||||||
|
echo "sed -i 's/$search_modules/$replace_modules/g' $mkinitcpio_path"
|
||||||
|
echo "sed -i 's/$search_hooks/$replace_hooks/g' $mkinitcpio_path"
|
||||||
|
echo "mkinitcpio -P"
|
||||||
|
) | chroot "$root_mount_path" /bin/bash || error
|
||||||
|
fi
|
||||||
|
|
||||||
# question "Do you want to copy all Wifi passwords to the device?(y/n)" && read -r copy_wifi
|
# question "Do you want to copy all Wifi passwords to the device?(y/n)" && read -r copy_wifi
|
||||||
# if [ "$copy_wifi" = "y" ]
|
# if [ "$copy_wifi" = "y" ]
|
||||||
# then
|
# then
|
||||||
|
Loading…
Reference in New Issue
Block a user