diff --git a/create_pools.sh b/create_pools.sh deleted file mode 100755 index c5419dd..0000000 --- a/create_pools.sh +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash - -BY_ID=/dev/disk/by-id -DISK1=${BY_ID}/wwn-0x5000c5004fdf987b -DISK2=${BY_ID}/wwn-0x5000c5004fdfcad4 - -# Pre-clean - -sgdisk --zap-all ${DISK1} -sgdisk --zap-all ${DISK2} - -# Partitioning - -sgdisk -n1:1M:+512M -t1:EF00 ${DISK1} -sgdisk -n2:0:+512M -t2:BF01 ${DISK1} -sgdisk -n3:0:0 -t3:BF01 ${DISK1} - -sgdisk -n1:+512M:+512M -t1:BF01 ${DISK2} -sgdisk -n2:0:0 -t2:BF01 ${DISK2} - -mkfs.vfat ${DISK1}-part1 - -# Verify - -sgdisk --print ${DISK1} -sgdisk --print ${DISK2} - -read -p "Are you sure? " -n 1 -r -echo -if [[ ! $REPLY =~ ^[Yy]$ ]] -then - [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 -fi - -# Env - -set -x -encryption_options=(-O encryption=on -O keylocation=prompt -O keyformat=passphrase) -bpool_mirror_arg=${DISK2}-part1 -rpool_mirror_arg=${DISK2}-part2 -#set +x - - -# Create ZFS pools - -rm -rf /mnt/* - -zpool create -f \ - "${encryption_options[@]}" \ - -o ashift=12 \ - -O acltype=posixacl \ - -O compression=off \ - -O dnodesize=auto \ - -O relatime=on \ - -O xattr=sa \ - -O normalization=formD \ - -O devices=off \ - -O mountpoint=/ \ - -R /mnt \ - rpool mirror ${DISK1}-part3 ${rpool_mirror_arg} - -zfs create -o canmount=noauto -o mountpoint=/ rpool/root - -mkdir -p /mnt/boot - -zpool create \ - -d -o ashift=12 \ - -O devices=off \ - -O mountpoint=/boot \ - -R /mnt/ \ - bpool mirror ${DISK1}-part2 ${bpool_mirror_arg} - -mkdir -p /mnt/boot/efi - -mount ${DISK1}-part1 /mnt/boot/efi diff --git a/guide_rosa.txt b/guide_rosa.txt deleted file mode 100644 index c95d237..0000000 --- a/guide_rosa.txt +++ /dev/null @@ -1,218 +0,0 @@ -------------------------------------- -## HOST -Permit root login, disable ipv6, keyfile, install dropbear e configure (porta, fix ip) e upgrade initraf, script dentro initramfs blocca riavvio e fa partire bear, console su kernel -check backport in repository debian - -# Install zfs -Site: https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Buster%20Root%20on%20ZFS.html#step-1-prepare-the-install-environment -Site: https://saveriomiroddi.github.io/Installing-Ubuntu-on-a-ZFS-root-with-encryption-and-mirroring/#procedure - -echo "deb http://deb.debian.org/debian buster main contrib" >> /etc/apt/sources.list -echo "deb http://deb.debian.org/debian buster-backports main contrib" >> /etc/apt/sources.list -apt-get update -apt install --yes gdisk dkms dpkg-dev linux-headers-$(uname -r) -apt install --yes -t buster-backports --no-install-recommends zfs-dkms -modprobe zfs -apt install --yes -t buster-backports zfsutils-linux - -# Dropbear install -# Site: https://hamy.io/post/0009/how-to-install-luks-encrypted-ubuntu-18.04.x-server-and-enable-remote-unlocking/ -# Site: https://matt.ucc.asn.au/dropbear/dropbear.html - -apt-get --yes install dropbear-initramfs -echo 'DROPBEAR_OPTIONS="-s -j -k -p 4747"' >> /etc/dropbear-initramfs/config -# Generate local key with ssh-keygen -t rsa -b 4096 and copy to machine -COPY_LOCAL_SSH_KEY="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLkDWpZ9MfP47Q9gzapCRxwXCLdYT6zOid5ras7cdmuHZEDtCA/sSpn6Ro3g/EF8FaDNltG26NMnTV1q3hWY19hK1ukL6QMnCQ+SxeowQ7RcPV9kHuybA9VtIhfEBN3hyWmzm7S2G4tDZlF2cKRe9G6yTHiNVcQLoCSYULo6gFPw== hank@joe" -#echo "no-port-forwarding,no-agent-forwarding,no-x11-forwarding ssh-rsa $COPY_LOCAL_SSH_KEY" >> /etc/dropbear-initramfs/authorized_keys -echo "$COPY_LOCAL_SSH_KEY" >> /etc/dropbear-initramfs/authorized_keys - -# IP-GATEWAY-NETMASK-DEVINAME (Insert network static ip server value) -echo 'IP="192.168.69.116::192.168.69.1:255.255.255.0::enp1s0:off"' >> /etc/initramfs-tools/initramfs.conf - -file: /usr/share/initramfs-tools/scripts/local -search: local_mount_root - -file: /usr/share/initramfs-tools/init -search: local_bottom - -count_steps=0 -max_steps=60 #Wait 1 hour and boot -while [ ! -f "/condor" ] && [ "$count_steps" -lt "$max_steps" ] -do - count_steps=$(( count_steps + 1)) - sleep 60 - echo "DROPBEAR ACTIVE $count_steps min." -done -echo "End" - -update-initramfs -u - ---- REBOOT --- (Access with dropbear) -## initramfs -mkdir /mnt -cd /root -cp -a bin boot etc home initrd.img initrd.img.old lib lib32 lib64 libx32 media mnt opt root sbin srv tmp usr var vmlinuz vmlinuz.old /mnt/ -cd / -umount /root -mkdir /mnt/proc -mkdir /mnt/sys -mkdir /mnt/run -#mkdir /mnt/tmp -mkdir /mnt/dev -mount -o rbind /proc/ /mnt/proc/ -mount -o rbind /sys/ /mnt/sys/ -mount -o rbind /run/ /mnt/run/ -mount -o rbind /dev/ /mnt/dev/ - - -## chroot mode -chroot /mnt /bin/bash --login -modprobe zfs - -# !!! Remember to copy boot directory -mount /dev/vda2 /mnt/ -cp -a /mnt/* /boot/ -umount /mnt - -# !!! SET GOOD NAME DEVICE HD -first_disk_id="/dev/vda" -second_disk_id="/dev/vdb" -# Delete data on disk -sgdisk --zap-all $first_disk_id -sgdisk --zap-all $second_disk_id - -# Partion Disk with uefi space -sgdisk -n1:1M:+512M -t1:EF00 $first_disk_id # EFI boot -sgdisk -n2:0:+512M -t2:BF01 $first_disk_id # Boot pool -sgdisk -n3:0:0 -t3:BF01 $first_disk_id # Root pool - -sgdisk -n1:+512M:+512M -t1:BF01 $second_disk_id # Boot pool -sgdisk -n2:0:0 -t2:BF01 $second_disk_id # Root pool - -# Check partition -sgdisk --print /dev/vda -sgdisk --print /dev/vdb - -#Install manager fat file system for UEFI boot and format -apt-get install dosfstools -modprobe vfat -modprobe nls_cp437 -modprobe nls_ascii -mkfs.fat -F 32 -n EFI ${first_disk_id}1 - -#Set variables -bpool_mirror_arg=${second_disk_id}1 - -encryption_options=(-O encryption=on -O keylocation=prompt -O keyformat=passphrase) -rpool_mirror_arg=${second_disk_id}2 - -zpool create "${encryption_options[@]}" -o ashift=12 -O acltype=posixacl -O compression=off -O dnodesize=auto -O relatime=on -O xattr=sa -O normalization=formD -O devices=off -O mountpoint=/ -R /mnt rpool mirror ${first_disk_id}3 $rpool_mirror_arg - -zfs create -o canmount=noauto -o mountpoint=/ rpool/root - -mkdir /mnt/boot -zpool create -d -o ashift=12 -O devices=off -O mountpoint=/boot -R /mnt/ bpool mirror ${first_disk_id}2 $bpool_mirror_arg - -cp -rf --preserve=all bin boot etc home initrd.img initrd.img.old lib lib32 lib64 libx32 media opt root sbin srv usr var vmlinuz vmlinuz.old tmp /mnt/ -mkdir /mnt/{dev,proc,sys,run} - -exit # Esci da chroot - -mount -o rbind /dev/ /mnt/mnt/dev/ -mount -o rbind /sys/ /mnt/mnt/sys/ -mount -o rbind /proc/ /mnt/mnt/proc/ -mount -o rbind /run/ /mnt/mnt/run/ - -chroot /mnt/mnt/ /bin/bash --login - -first_disk_id="/dev/vda" -# !!! Comment line /etc/fstab -sed -i "s/^/#/g" /etc/fstab - -apt install --yes zfs-initramfs zfs-dkms grub-efi-amd64-signed shim-signed - -echo PARTUUID=$(blkid -s PARTUUID -o value ${first_disk_id}1) /boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab - -mkdir /boot/efi -# note modprobe nls_cp437 modprobe nls_ascii modprobe vfat -mount /dev/vda1 /boot/efi/ - -grub-install -grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=debian --recheck - -perl -i -pe 's/(GRUB_CMDLINE_LINUX=")/${1}root=ZFS=rpool /' /etc/default/grub -echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub -update-grub - - -cat > /etc/systemd/system/zfs-import-bpool.service <> /etc/fstab - -echo RESUME=none > /etc/initramfs-tools/conf.d/resume - -mount /boot -mount /boot/efi - -# reconfigure initramfs -# clean script code from vi /usr/share/initramfs-tools/init -# modify /usr/share/initramfs-tools/scripts/zfs - ZFS_CMD="${ZPOOL} import -N ${ZPOOL_FORCE} ${ZPOOL_IMPORT_OPTS}" - ZFS_STDERR="$($ZFS_CMD "$pool" 2>&1)" - ZFS_ERROR="$?" - log_begin_msg "\nWait for Passowrd Encrypt Pool!!!\n" - #/sbin/zpool import -f rpool - #/sbin/zfs load-key -L prompt rpool - while [ ! -f "condor" ] - do - echo -e "Wathing for Key!\n" - sleep 60 - done - /sbin/zfs set mountpoint=/root rpool - /sbin/zfs mount rpool - /sbin/zpool import -f bpool - /sbin/zfs set mountpoint=/root/boot bpool - -KERNEL=`ls /usr/lib/modules/ | cut -d/ -f1 | sed 's/linux-image-//'` -update-initramfs -u -k $KERNEL -exit - -# initramfs -sync -umount -l -r /boot/efi -umount -l -r /boot -umount -l -r /mnt/mnt/dev/ -umount -l -r /mnt/mnt/proc -umount -l -r /mnt/mnt/sys -umount -l -r /mnt/mnt/run -umount -l -r /mnt/dev/ -umount -l -r /mnt/proc -umount -l -r /mnt/sys -umount -l -r /mnt/run -umount -l -r /mnt/mnt - -==== REBOOT AND LOGIN WITH DROPBEAR -ssh -c aes256-ctr -p 4747 root@HOST-IP -/sbin/zfs load-key -L prompt rpool && touch /condor diff --git a/install_zfsonlinux.sh b/install_zfsonlinux.sh deleted file mode 100755 index f1dc471..0000000 --- a/install_zfsonlinux.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -echo -e "\e[31m\e[1mATTENTION\e[0m - -This script will attempt to install the current ZFSonLinux release -which is available in the ZFSonLinux git repository to the Rescue -System. \e[31m\e[1mIf this script fails, do not contact Hetzner Support, as -it is provided AS-IS and Hetzner will not support the installation -or usage of ZFSonLinux due to License imcompatiblity (see below)\e[0m. -" - -echo -e "\e[31m\e[1mLicenses of ZFS and Linux are incompatible\e[0m - -ZFS is licensed under the Common Development and Distribution License (CDDL), -and the Linux kernel is licensed under the GNU General Public License Version 2 -(GPL-2). While both are free open source licenses they are restrictive -licenses. The combination of them causes problems because it prevents using -pieces of code exclusively available under one license with pieces of code -exclusively available under the other in the same binary. - -Please be aware that distributing of the binaries may lead to infringing. - -Press \e[31m\e[1my\e[0m to accept this." -read -p "" -n 1 ;echo -if [[ ! $REPLY =~ ^[Yy]$ ]]; then - exit 1 -fi - -cd $(mktemp -d) -wget $(curl -Ls https://api.github.com/repos/zfsonlinux/zfs/releases/latest| grep "browser_download_url.*tar.gz"|grep -E "tar.gz\"$"| cut -d '"' -f 4) -apt update && apt install libssl-dev uuid-dev zlib1g-dev libblkid-dev -y && tar xfv zfs*.tar.gz && rm *.tar.gz && cd zfs* && ./configure && make -j $(nproc) && make install && ldconfig && modprobe zfs || echo -e "\e[31m\e[1mInstall failed, please fix manually!\e[0m" diff --git a/zfs.patch b/zfs.patch deleted file mode 100644 index 9457528..0000000 --- a/zfs.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/tmp/zfs.script b/usr/share/initramfs-tools/scripts/zfs -index dbc4e253f11..a795fd39f60 100644 ---- a/tmp/zfs.script -+++ b/usr/share/initramfs-tools/scripts/zfs -@@ -405,6 +405,8 @@ decrypt_fs() - ENCRYPTIONROOT="$(get_fs_value "${fs}" encryptionroot)" - KEYLOCATION="$(get_fs_value "${ENCRYPTIONROOT}" keylocation)" - -+ echo "${ENCRYPTIONROOT}" > /run/zfs_fs_name -+ - # If root dataset is encrypted... - if ! [ "${ENCRYPTIONROOT}" = "-" ]; then - KEYSTATUS="$(get_fs_value "${ENCRYPTIONROOT}" keystatus)" -@@ -418,6 +420,7 @@ decrypt_fs() - - # Prompt with plymouth, if active - elif [ -e /bin/plymouth ] && /bin/plymouth --ping 2>/dev/null; then -+ echo "plymouth" > /run/zfs_console_askpwd_cmd - while [ $TRY_COUNT -gt 0 ]; do - plymouth ask-for-password --prompt "Encrypted ZFS password for ${ENCRYPTIONROOT}" | \ - $ZFS load-key "${ENCRYPTIONROOT}" && break -@@ -426,6 +429,7 @@ decrypt_fs() - - # Prompt with systemd, if active - elif [ -e /run/systemd/system ]; then -+ echo "systemd-ask-password" > /run/zfs_console_askpwd_cmd - while [ $TRY_COUNT -gt 0 ]; do - systemd-ask-password "Encrypted ZFS password for ${ENCRYPTIONROOT}" --no-tty | \ - $ZFS load-key "${ENCRYPTIONROOT}" && break -@@ -434,7 +438,8 @@ decrypt_fs() - - # Prompt with ZFS tty, otherwise - else -- # Setting "printk" temporarily to "7" will allow prompt even if kernel option "quiet" -+ # Temporarily setting "printk" to "7" allows the prompt to appear even when the "quiet" kernel option has been used -+ echo "load-key" > /run/zfs_console_askpwd_cmd - storeprintk="$(awk '{print $1}' /proc/sys/kernel/printk)" - echo 7 > /proc/sys/kernel/printk - $ZFS load-key "${ENCRYPTIONROOT}" -@@ -964,6 +969,11 @@ mountroot() - mount_fs "$fs" - done - -+ touch /run/zfs_unlock_complete -+ if [ -e /run/zfs_unlock_complete_notify ]; then -+ read zfs_unlock_complete_notify < /run/zfs_unlock_complete_notify -+ fi -+ - # ------------ - # Debugging information - if [ -n "${ZFS_DEBUG}" ] -