2020-01-08 16:21:01 -01:00
|
|
|
source "$GENTOO_INSTALL_REPO_DIR/scripts/protection.sh" || exit 1
|
|
|
|
source "$GENTOO_INSTALL_REPO_DIR/scripts/internal_config.sh" || exit 1
|
2019-12-31 14:28:42 -01:00
|
|
|
|
|
|
|
|
|
|
|
################################################
|
|
|
|
# Disk configuration
|
|
|
|
|
2020-04-22 21:08:11 +00:00
|
|
|
# This function will be called when the key for a luks device is needed.
|
|
|
|
# Parameters:
|
|
|
|
# $1 will be the id of the luks device as given in `create_luks new_id=<id> ...`.
|
|
|
|
# Example: Keyfile
|
|
|
|
# 1. Generate a 512-bit (or anything < 8MiB) keyfile with
|
|
|
|
# `dd if=/dev/urandom bs=1024 count=1 of=/path/to/keyfile`
|
|
|
|
# 2. Copy the keyfile somewhere safe, but don't delete the original,
|
|
|
|
# which we will use in the live environment.
|
2020-04-22 21:48:36 +00:00
|
|
|
# 3. Use `echo -n /path/to/keyfile` below.
|
2020-04-22 21:08:11 +00:00
|
|
|
# Example: GPG Smartcard
|
|
|
|
# Same as above, but do not store a copy of the keyfile and instead store a
|
|
|
|
# gpg encrypted copy: `cat /path/to/keyfile | gpg --symmetric --cipher-algo AES256 --s2k-digest-algo SHA512 --output /my/permanent/storage/luks-key.gpg`
|
2020-04-22 21:48:36 +00:00
|
|
|
luks_getkeyfile() {
|
2020-04-22 21:08:11 +00:00
|
|
|
case "$1" in
|
2020-04-22 21:48:36 +00:00
|
|
|
#'my_luks_partition') echo -n '/path/to/my_luks_partition_keyfile' ;;
|
|
|
|
*) echo -n "/path/to/luks-keyfile" ;;
|
2020-04-22 21:08:11 +00:00
|
|
|
esac
|
|
|
|
}
|
|
|
|
|
|
|
|
# Below you can see examples of how to use the two provided default schemes.
|
2020-04-21 16:43:17 +00:00
|
|
|
# See the respective functions in internal_config.sh if you
|
|
|
|
# want to use a different disk configuration.
|
2020-04-21 19:52:46 +00:00
|
|
|
|
|
|
|
# Create default scheme (efi/boot, (optional swap), root)
|
|
|
|
# To disable swap, set swap=false
|
|
|
|
#EFI: create_default_disk_layout swap=8GiB /dev/sdX
|
|
|
|
#BIOS: create_default_disk_layout swap=8GiB type=bios /dev/sdX
|
|
|
|
create_default_disk_layout swap=8GiB /dev/sdX
|
|
|
|
|
|
|
|
# Create default scheme from above on each given device,
|
|
|
|
# but create two raid0s for all swap partitions and all root partitions
|
|
|
|
# respectively. Create luks on the root raid.
|
|
|
|
# Hint: You will get N times the swap amount, so be sure to divide beforehand.
|
2020-04-25 13:24:24 +00:00
|
|
|
#create_raid0_luks_layout swap=4GiB /dev/sd{X,Y} # EFI
|
|
|
|
#create_raid0_luks_layout swap=4GiB type=bios /dev/sd{X,Y} # BIOS
|
|
|
|
#create_raid0_luks_layout swap=0 type=bios /dev/sd{X,Y} # BIOS no swap
|
2019-12-31 14:28:42 -01:00
|
|
|
|
|
|
|
################################################
|
2020-01-04 19:55:42 -01:00
|
|
|
# System configuration
|
2020-01-03 21:48:49 -01:00
|
|
|
|
2020-04-21 21:29:06 +00:00
|
|
|
# Enter the desired system hostname here,
|
|
|
|
# be aware that when creating raid arrays, this value will be
|
|
|
|
# recorded in metadata block. If you change it later, you should
|
|
|
|
# also update the metadata.
|
2020-01-06 14:13:42 -01:00
|
|
|
HOSTNAME="gentoo"
|
|
|
|
|
2020-01-03 21:48:49 -01:00
|
|
|
# The timezone for the new system
|
|
|
|
TIMEZONE="Europe/Berlin"
|
|
|
|
|
2020-01-06 14:13:42 -01:00
|
|
|
# The default keymap for the system
|
|
|
|
KEYMAP="de-latin1-nodeadkeys"
|
|
|
|
#KEYMAP="us"
|
|
|
|
|
2020-01-03 21:48:49 -01:00
|
|
|
# A list of additional locales to generate. You should only
|
|
|
|
# add locales here if you really need them and want to localize
|
|
|
|
# your system. Otherwise, leave this list empty, and use C.utf8.
|
|
|
|
LOCALES=""
|
2020-04-19 19:34:36 +00:00
|
|
|
# The locale to set for the system. Be careful, this setting differs from the LOCALES
|
|
|
|
# list entries (e.g. .UTF-8 vs .utf8). Use the name as shown in `eselect locale`
|
2020-01-03 21:48:49 -01:00
|
|
|
LOCALE="C.utf8"
|
|
|
|
# For a german system you could use:
|
|
|
|
# LOCALES="
|
|
|
|
# de_DE.UTF-8 UTF-8
|
|
|
|
# de_DE ISO-8859-1
|
|
|
|
# de_DE@euro ISO-8859-15
|
|
|
|
# " # End of LOCALES
|
|
|
|
# LOCALE="de_DE.utf8"
|
|
|
|
|
2020-01-04 19:55:42 -01:00
|
|
|
|
|
|
|
################################################
|
|
|
|
# Gentoo configuration
|
|
|
|
|
|
|
|
# The selected gentoo mirror
|
|
|
|
GENTOO_MIRROR="https://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo"
|
|
|
|
#GENTOO_MIRROR="https://distfiles.gentoo.org"
|
|
|
|
|
2020-01-06 16:20:47 -01:00
|
|
|
# The architecture of the target system (only tested with amd64)
|
|
|
|
GENTOO_ARCH="amd64"
|
|
|
|
|
2020-01-04 19:55:42 -01:00
|
|
|
# The stage3 tarball to install
|
2020-01-06 16:20:47 -01:00
|
|
|
STAGE3_BASENAME="stage3-$GENTOO_ARCH-hardened+nomultilib"
|
|
|
|
#STAGE3_BASENAME="stage3-$GENTOO_ARCH-hardened-selinux+nomultilib"
|
2020-01-04 19:55:42 -01:00
|
|
|
|
2020-01-05 22:35:15 -01:00
|
|
|
|
|
|
|
################################################
|
|
|
|
# Additional (optional) configuration
|
2020-01-04 19:55:42 -01:00
|
|
|
|
2020-04-25 13:24:24 +00:00
|
|
|
# Array of additional packages to install
|
|
|
|
ADDITIONAL_PACKAGES=("app-editors/neovim")
|
2020-01-06 19:34:44 -01:00
|
|
|
# Install and enable dhcpcd
|
|
|
|
INSTALL_DHCPCD=true
|
2020-01-06 14:13:42 -01:00
|
|
|
# Install and configure sshd (a reasonably secure config is provided, which
|
|
|
|
# only allows the use of ed25519 keys, and requires pubkey authentication)
|
2020-01-05 22:35:15 -01:00
|
|
|
INSTALL_SSHD=true
|
2020-01-06 19:34:44 -01:00
|
|
|
# Install ansible, and add a user for it. This requires INSTALL_SSHD=true
|
2020-01-05 22:35:15 -01:00
|
|
|
INSTALL_ANSIBLE=true
|
|
|
|
# The home directory for the ansible user
|
|
|
|
ANSIBLE_HOME="/var/lib/ansible"
|
2020-01-06 14:13:42 -01:00
|
|
|
# An ssh key to add to the .authorized_keys file for the ansible user.
|
|
|
|
# This variable will become the content of the .authorized_keys file,
|
|
|
|
# so you may specify one key per line.
|
|
|
|
ANSIBLE_SSH_AUTHORIZED_KEYS=""
|
2020-01-05 22:35:15 -01:00
|
|
|
|
|
|
|
|
|
|
|
################################################
|
|
|
|
# Prove that you have read the config
|
|
|
|
|
|
|
|
# To prove that you have read and edited the config
|
|
|
|
# properly, set the following value to true.
|
|
|
|
I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=false
|