lab/archiso
1
0
Fork 0
mirror of https://git.myvelabs.com/lab/archiso.git synced 2025-12-17 21:26:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

First commit

Browse source
This commit is contained in:
Myve 2024-06-14 07:14:44 +00:00
commit cf02f03a30
5 changed files with 444 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

82
iwd-connect Normal file
View file

@ -0,0 +1,82 @@
#!/usr/bin/env bash
iwd_station=$(iwctl station list | grep connected | awk '{print $(NF-1)}')
[ ${iwd_station} ] || exit 1
clear
iwctl station ${iwd_station} get-networks
while true
do
unset hidden_yes_no
if [ ${1} ]
then
ssid=${1}
else
read -r -p 'Network SSID: ' ssid
fi
if iwctl known-networks list | grep -q -w ${ssid}
then
echo
break
elif iwctl station ${iwd_station} get-networks | grep -q -w ${ssid}
then
echo
break
else
until [[ ${hidden_yes_no} = [yYnN] ]]
do
read -n 1 -r -p 'Is network hidden (y/n): ' hidden_yes_no
[[ ${hidden_yes_no} = [yYnN] ]] || echo -e '\n\n\e[1;31mNot a valid answer, type "y" or "n"\e[0m'
done
echo -e '\n'
if [[ ${hidden_yes_no} = [yY] ]]
then
hidden_network='-hidden'
break
fi
fi
done
while true
do
if iwctl known-networks list | grep -q -w ${ssid}
then
if ! iwctl station ${iwd_station} connect ${ssid} "$2"
then
iwctl station ${iwd_station} connect-hidden ${ssid} "$2"
fi
else
echo -e -n "Enter wifi passphrase for ${ssid} (or leave blank if there is none): "
read -r -p '' wifipass
if [ -z ${wifipass} ]
then
wifipass='""'
fi
iwctl --passphrase ${wifipass} station ${iwd_station} connect${hidden_network} ${ssid} "$2"
fi
if iwctl station ${iwd_station} show | grep -w 'Connected network' | grep -q ${ssid}
then
unset wifipass
clear
iwctl station ${iwd_station} show
until iwctl station ${iwd_station} show | grep -q 'IPv4 address'
do
sleep 3
done
clear
iwctl station ${iwd_station} show
echo -e '\e[1;32mSuccess!\e[0m\n'
exit 0
else
echo -e '\n\e[1;31mInvalid passphrase, try again\e[0m'
fi
done

158
mkiso Normal file
View file

@ -0,0 +1,158 @@
#!/usr/bin/env bash
set -e
# Insert SSH keys here
sshkeys=''
# Fill in iso output directory
isopath=
# Exit if run without sudo
if [ ${EUID} -ne 0 ]
then
echo "Please run as root"
exit 1
fi
# Exit if directory doesn't exist
if ! [ -d ${isopath}/ ]
then
echo "ISO output path isn't specified"
exit 1
fi
# Create work directory
workdir=$(mktemp -d)
cd ${workdir}/
clear
# Download latest releng profile
echo "$(tput setaf 4)$(tput bold):: Downloading necessary files$(tput sgr0)"
curl --fail -s https://git.myvelabs.com/mirrors/archiso/archive/master.tar.gz | tar xz -C .
rsync -a ./archiso/configs/releng ./ --exclude '*reflector*'
rm -r ./archiso/
# Tweak releng profile
# Create directories
mkdir -p ./releng/airootfs/var/lib/iwd
mkdir -p ./releng/airootfs/etc/wireguard
# Download essential arch scripts
curl --fail -s -L https://git.myvelabs.app/lab/archlinux/raw/branch/master/installer.sh >./releng/airootfs/usr/local/bin/installer
curl --fail -s -L https://git.myvelabs.app/lab/archlinux/raw/branch/master/recover.sh >./releng/airootfs/usr/local/bin/recover
# IWD connector
curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/iwd-connect >./releng/airootfs/usr/local/bin/iwd-connect
# ~/.zshrc
curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/zshrc >./releng/airootfs/root/.zshrc
# Copy mirrorlist
cp /etc/pacman.d/mirrorlist ./releng/airootfs/etc/pacman.d/
# Custom pacman.conf
sed -i \
-e '/Color/c\Color' \
-e '/ParallelDownloads/c\ParallelDownloads = 10' \
./releng/pacman.conf
# SSH
echo 'PasswordAuthentication no
AuthenticationMethods publickey' >./releng/airootfs/etc/ssh/sshd_config.d/zz-archiso.conf
mkdir -p ./releng/airootfs/root/.ssh
echo "${sshkeys}" >./releng/airootfs/root/.ssh/authorized_keys
# Remove livecd
find ./releng/ -type f -iname "*livecd*" -exec rm -r -f {} \;
# Modify packages.x86_64
echo 'bash-completion
yubikey-personalization
yubikey-full-disk-encryption
wireguard-tools' >>./releng/packages.x86_64
sed -i 's/^livecd-sounds/#&/' ./releng/packages.x86_64
# # permissions for profiledef.sh
sed -i '/livecd-sound/d' ./releng/profiledef.sh
sed -i 's#^)$# ["/usr/local/bin/recover"]="0:0:755"\
["/usr/local/bin/installer"]="0:0:755"\
["/usr/local/bin/iwd-connect"]="0:0:755"\
["/var/lib/iwd"]="0:0:0700"\
["/etc/wireguard/"]="0:0:0700"\
&#' ./releng/profiledef.sh
# Tweak /etc/motd
sed -i 's/iwctl/iwd-connect/' ./releng/airootfs/etc/motd
# Show IP address at login
sed -i 's#\[Service\]#&\
ExecStartPre=/bin/sh -c '\''sed -i 1q /etc/issue; echo >> /etc/issue; if ping -q -c 1 -W 3 1.1.1.1 >/dev/null; then sed -i "/Arch Linux/a Local IP: $(ip r | awk "{print \\$(NF-2);exit}")" /etc/issue; fi'\''#' ./releng/airootfs/etc/systemd/system/getty@tty1.service.d/autologin.conf
# Bootloader modifications
# Systemd-boot
sed -i 's/beep on/#&/' ./releng/efiboot/loader/loader.conf
sed -i 's/timeout 15/timeout 5/' ./releng/efiboot/loader/loader.conf
mv ./releng/efiboot/loader/entries/02-archiso-x86_64-speech-linux.conf ./releng/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf
sed -i 's/) with speech/, Copy to RAM)/' ./releng/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf
sed -i 's/accessibility=on/copytoram/' ./releng/efiboot/loader/entries/02-archiso-x86_64-ram-linux.conf
# Grub
sed -i 's/timeout=15/timeout=5/' ./releng/grub/grub.cfg
sed -i 's/play 600 988 1 1319 4/#&/' ./releng/grub/grub.cfg
sed -i 's/with speakup screen reader/Copy to RAM/' ./releng/grub/grub.cfg
sed -i 's/timeout=15/timeout=5/' ./releng/grub/loopback.cfg
sed -i 's/with speakup screen reader/Copy to RAM/' ./releng/grub/loopback.cfg
sed -i 's/archlinux-accessibility/archlinux-copy-to-ram/' ./releng/grub/grub.cfg
sed -i 's/accessibility=on/copytoram/' ./releng/grub/grub.cfg
# Syslinux
sed -i 's/TIMEOUT 150/TIMEOUT 50/' ./releng/syslinux/archiso_sys.cfg
sed -i 's/# Accessibility/# Copy to RAM/' ./releng/syslinux/archiso_sys-linux.cfg
sed -i 's/arch64speech/arch64ram/' ./releng/syslinux/archiso_sys-linux.cfg
sed -i 's/speakup screen reader/Copy to RAM option/' ./releng/syslinux/archiso_sys-linux.cfg
sed -i 's/ with speech feedback//' ./releng/syslinux/archiso_sys-linux.cfg
sed -i 's/) with ^speech/, Copy to RAM)/' ./releng/syslinux/archiso_sys-linux.cfg
sed -i 's/accessibility=on/copytoram/' ./releng/syslinux/archiso_sys-linux.cfg
# vconsole.conf
echo 'KEYMAP=us
FONT=ter-224n' >./releng/airootfs/etc/vconsole.conf
# Install ZFS
case ${1} in
zfs)
cat >>./releng/pacman.conf <<'zfs'
[archzfs]
Server = https://archzfs.com/$repo/$arch
zfs
mkdir -p ./releng/airootfs/usr/share/pacman/keyrings
curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/zfs/archzfs-trusted >./releng/airootfs/usr/share/pacman/keyrings/archzfs-trusted
curl --fail -s -L https://git.myvelabs.app/lab/archiso/raw/branch/master/zfs/archzfs.gpg >./releng/airootfs/usr/share/pacman/keyrings/archzfs.gpg
echo 'archzfs-linux' >>./releng/packages.x86_64
;;
esac
# Custom pacman.conf
sed -e '/^#\|^$\|IgnorePkg/d' \
-e "/^\[core\]$\|^\[extra\]$\|^\[archzfs\]$/a\\
CacheServer = https://pacman.myvelabs.com" \
/etc/pacman.conf >./releng/airootfs/etc/pacman.conf
# Begin mkarchiso
if mkarchiso -v -w ./workdir -o ./output ./releng -r
then
case ${1} in
zfs)
rename -- "archlinux" "archzfs" ./output/*
;;
*)
rename -- ".iso" "${version}.iso" ./output/*
;;
esac
mv ./output/*.iso ${isopath}/
cd ~
rm -r -f /tmp/tmp.*/
fi

1
zfs/archzfs-trusted Normal file
View file

@ -0,0 +1 @@
DDF7DB817396A49B2A2723F7403BD972F75D9D76:4:

61
zfs/archzfs.gpg Normal file
View file

@ -0,0 +1,61 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFtDvKwBCADfjeYybNsoGu+NLUQHBQHlV8jfqQMqox/vZXiUD6dm4aWvOpL8
YTT+WWh9aBItUubci8/VK80rAhzB/graYNhBB6XIEnCtEJH5V6PsZIN09avvdIbD
I6jWnQ3s6LuPqVGWOoOxUbEtcnw8Ax+OU6eqZ9v3kMIkx3nXZaHWGDLjhFVW+CiZ
FqhXywQhgvi391KphDMK7daMLW5VphCaiVJbZ8VDoLiDH6X1sRITtgcOAiowT7js
Nl8z334d3Cy4FQ4vrAcPtQbBd2mQbDECLPXoWMTyh+JpYkPCBkF/CTawf8LhQcgs
eHtHt9S7rGtQgbGzuCShM/4g1g9q+GfDLKBHABEBAAG0IkFyY2haRlMgQm90IDxi
dWlsZGJvdEBhcmNoemZzLmNvbT6JAVEEEwEIADsCGwMFCwkIBwIGFQoJCAsCBBYC
AwECHgECF4ACGQEWIQTd99uBc5akmyonI/dAO9ly912ddgUCX7+aSgAKCRBAO9ly
912ddrCpCAChG5Et8ODGXK9KnKGAI9hCIAAumwl1G+lGkEUpBGegyOn093DGB3zV
7RZYl3BPQMdr7KoezxP7RYZdN5XF3vELBlNxy1W7s95HXKbCSVxh8fSXqtyxtDRs
6ISTQ0OnkmG3cSbdc9uyrpxa7lt4wUA3Kq9JHiAZnBoGj0eSZoRq4LGdYJB54xfB
5lN3YqLDjqfVAmwwv6TeWQSRzRj5nxJQWxY/JOTPwh/LRjOtj1YwAqRXA3Q45+bB
T8PZPb1QAqA5g9zvHXOnVyv3wjDb389zXz6I9YUg5+YW8apIN8C2LamZy1rgErxO
1GYQ5k8zZddwiZ3pP0lgTFKba+7EOT9WiQIzBBABCAAdFiEE7+1GyEvRHdl5iZUs
IsaVeeESPOYFAlzrNI4ACgkQIsaVeeESPOZWLg/+N+uUsB8ELWPUXiKVIDuEoL07
cyxYw7Ru2UW3sq/NT2/AkYuHmrXcYD8GYu3LKzzsbhAoUEYtGOX38X7yN1gVOOb1
wmjAP9NwgDJ7anqMxtogC3geplMXLs+Zv7EMS/UvvZf7wCqmhRI07jr8ZZZOXale
LdPICnq9Wm1Ah4k/JGcAEolYuBsTPbPaox4J42+l0GuVEvlTiWnG0G3IFhkvfeJP
iaQJ/9aLiN6qExhJd5Az3Y0l/wq3Kjom31gJZLO4tHnXVoc/82JuIGJkDZDWOC00
FqmX5fiC3k6Tid6Mt5KNb6ySA0Uo4hRl1iQde6XlZVhRUECM+5W9FscaMlWr2Vuu
RDe16/UXtFB0UTlqsJmCg33SwwzxpOLHVpTm4HrBMCtxG7hEeCUpG19ips0D3AdW
mltpNaUtA11yKBj69O9iMepgnmW6mGdpSiuj4khmmTKisfe/e56Tky6vU1BrqrBm
Gv21uKfoeODKwrb36m5dMev6DSYxk0+94kNcS1iM7ZCVJ76JZ+KriSRWIwy0gvp6
bnHs4AlNlZhcjapYyfF6zI26sc15NbEVd9p4HzYGp+NVR/MOuXLGtn2azGb4E1EN
vKuB6OZ1N64Cs1Bnijkd3ZJU1PDxrTVmnWaQZtraL35OksyQMoGUk09uXunNyRPz
71jM0+BBQF0nXhJAzcW0HUFyY2haRlMgQm90IDxib3RAYXJjaHpmcy5jb20+iQFO
BBMBCAA4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE3ffbgXOWpJsqJyP3
QDvZcvddnXYFAl+/mkoACgkQQDvZcvddnXaGBAf8DKyvFLA0ZW8PHWtXbcQk1pzo
OrHfYKnR1bEIZ9rw+OurJPdyv8ONY9D4BxFJ/p2pDDRSoIIRifVHFYnUPpk156/e
z0vxftSDgpBaeq+IU4I2/XlcKu5QDk4RLKGB44w6AolLXYYnFaEtCxPlDF9lYT5+
13eyuD3WJm8rzU8FswuXKmpn40aq3CiXDLyApuVjIf79xhqQfdXgCGdoDHUvZrp1
lAAwAs/9UrPJGjDImv3dF0fTOfQiySeEPmusW0A0kf6FVpYCPAyjCg1CJEBCpzS8
Hu6h9ic1WHjxWRKAqKkPki6YOOGojEO3PVIBJk6jChquGvAyBRfpDGdExMXIlYkC
MwQQAQgAHRYhBO/tRshL0R3ZeYmVLCLGlXnhEjzmBQJc6zSYAAoJECLGlXnhEjzm
mn4P/iRwTZoo/8hg5lwiAvmOau3O5mmYiiQ5ruuy6Y8Gs1p+QQFmXMnNI76TWeU+
lAM26qd8hJAvKCcSyxR/vMtdnDdF4x+nw1oIFcWnX2T9cAwmNLsui+byKpg5KyCu
x3zruwo+oUyGTa5JzjqSZAhRygrB4KvQ29Ja8aF84zlbWeRie3awHChoGKBAXpK+
SKQS+UWRnUNVgrR+BaPhMvGKIU+Y6V5KPNPMy2JIx8sF5NMn+VdsI0FUUWq2PDUS
eCQrSgj4MdOw/WXWUj/z2PIrqn3xsd3cG6eif6zYNuymA8Wvc1gi2IbjfN5mJwre
YAgTVkVDATmyc9uGquQ+qPtyZfsD+jjepswbTGJWESyaq5bNXR7ewbWPXxU9elxs
KSlwSzLo3wIRKIEkySSOp10no5A6/D+W1eHQY/FnZfri/o3bWoQkLD5qYabWLx/Y
iq7f9hURlH86j+9fHeUTyJQSj+JlJYrfkozH5+EZjp2mDaQ3bTbC6/N0OpX89DAZ
cVdHKrGtC9BAH5mlBAW2qouLwnST1q7Ssp7UxNFdllL95cCi54KRz7QBm6U5JFUm
v44Wm6bqHDznHJJ6+Hqd9dJtKs4s6iYVi8hOVm9bH3QyoZ5e4ZQyziS8aAUysFsR
Y6ZKSzFTEn3GIjjGreqbNo43ymTHR3L18EJFo4/bLexGl/3DuQENBFtDvKwBCADV
X/D3KV3lIbzSqVQ0F+kgOXgLxGLT7zilnHbfJlqaYK5Ud03YuSdCntSTDzuzPe4s
8VkFkcGKj0CypZLtyMXFBj7I7poqemv7tJKCwZO6n+JNtHYT6cPehz1WpZEXXuZd
PRzpUV1PJi59p0PYxmfe344p0U2LC9tpXoi/2JlOWI0yz/qbzR8+qT7hnqmeHNhl
2LqAcJcK+8ZgXWO5873Hi+ohrqyaO6zPzHZ6RB4VRq0glIQyXIVgYf/JK0oMZMk5
3uxJm0Sbv3wtU4TzJTQVAf3hgzKJrCeRbZqJ2tovRpnpP8KNiulQ2ARvcZZu5mLk
4j3tgPSZzB9mu/mMVFBxABEBAAGJATYEGAEIACACGwwWIQTd99uBc5akmyonI/dA
O9ly912ddgUCX7+aMgAKCRBAO9ly912ddpUxCACezp4NNi692FjDRu+CR6v34WMb
jagYOgd2XkeNKhb1HhluG1kTvJMJwNt1r6Gyum04vmgJaIMZ2QJ/wTsReSeFA6AY
qpNBMnSB+VFyLF6kY3xR39lsjarZBj3dfz5wT7sN0uGRUopeGEYSTkfgam2Slf97
0MqgF2or/62Dxnb6wFlrnE/TOuy1L7RbMDVWUBmpDVojhMvlq1CL881v6mpCXOCg
tiaKt3o0ZzSPdAABO2MmxLoqySHeEAibybLDSJFlb9BnihP4bkVa8CP0XXA1i5dQ
dCfSm7TlGW7+Zl8RP7o1OMJHQ6GATJF9Oj+Zjg9rPf/EfCg/2wIoZhf8CLjB
=6o8C
-----END PGP PUBLIC KEY BLOCK-----

142
zshrc Normal file
View file

@ -0,0 +1,142 @@
#
# ~/.zshrc
#
# PS1='\e[31m[\u\e[0m@\h \W]\$ '
# iwd connection status
function iwd-status
{
iwctl station $(iwctl station list | grep connected | awk '{print $(NF-1)}') show
}
# Reflector mirrors
function mirrors
{
[ ${1} ] || return 1
echo
reflector --country ${1} --age 24 --latest 20 --protocol https --fastest 25 --sort rate --save /etc/pacman.d/mirrorlist
echo
cat /etc/pacman.d/mirrorlist
echo
}
# Wireguard functions
function wglist
{
if [ ${1} ]
then
ls /etc/wireguard | grep ${1}
else
ls /etc/wireguard
fi
}
function wd
{
for wireguard in $(wg show | grep interface | awk '{print $2}')
do
wg-quick down ${wireguard}
done
}
function wu
{
wd
if [ ${1} ]
then
wg-quick up $(ls /etc/wireguard | grep ${1} | shuf -n 1 | sed "s/.conf//g")
else
wg-quick up $(ls /etc/wireguard | shuf -n 1 | sed "s/.conf//g")
fi
}
# Shortcuts for optional auxilliaries
function install-i3
{
mount -o remount,size=2G /run/archiso/cowspace
pacman -Sy --ask 4 \
xorg xorg-xinit i3-gaps i3status dmenu konsole kate dolphin breeze-icons pipewire-jack phonon-qt5-gstreamer \
firefox firefox-decentraleyes firefox-ublock-origin ttf-dejavu
echo 'exec i3' > ~/.xinitrc
echo -e '\nXDG_CURRENT_DESKTOP=gnome' >/etc/environment
startx
}
function install-zfs
{
mount -o remount,size=2G /run/archiso/cowspace
pacman-key --init
cat >>/etc/pacman.conf <<'EOF'
[archzfs]
Server = https://archzfs.com/$repo/$arch
EOF
pacman-key -r DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76
pacman -Sy --ask 4 archzfs-dkms linux-headers
modprobe zfs
}
# Bash completion
autoload bashcompinit
bashcompinit
function _installer
{
local cur prev
cur=${COMP_WORDS[COMP_CWORD]}
prev=${COMP_WORDS[COMP_CWORD-1]}
case ${COMP_CWORD} in
1)
COMPREPLY=($(compgen -W "arch arch-vm vm arch-passthrough passthrough airgap server homelab recover" -- ${cur}))
;;
*)
COMPREPLY=()
;;
esac
}
complete -F _installer installer
function _iwd-connect
{
iwd_station=$(iwctl station list | grep connected | awk '{print $(NF-1)}')
[ ${iwd_station} ] || return 1
local cur prev
cur=${COMP_WORDS[COMP_CWORD]}
prev=${COMP_WORDS[COMP_CWORD-1]}
case ${COMP_CWORD} in
1)
COMPREPLY=($(compgen -W "$(iwctl station ${iwd_station} get-networks | awk '{print $1}' | grep -v -- 'Available\|---\|.*90m.*\S*')" -- ${cur}))
;;
*)
COMPREPLY=()
;;
esac
}
complete -F _iwd-connect iwd-connect
# Turn off sshd public-key-only authentication
function ssh-off
{
rm /etc/ssh/sshd_config.d/zz-archiso.conf
systemctl restart sshd.service
}
function ssh-on
{
echo 'PasswordAuthentication no
AuthenticationMethods publickey' >/etc/ssh/sshd_config.d/zz-archiso.conf
systemctl restart sshd.service
}