1 files changed, 201 insertions, 0 deletions
diff --git a/bin/yoda b/bin/yoda
new file mode 100755
index 0000000..db1e2ad
--- /dev/null
+++ b/bin/yoda
@@ -0,0 +1,201 @@
+#!/bin/sh
+# Setup an archlinux system to a media
+
+version='yoda-0.1'
+
+help() {
+  echo 'usage: yoda [-CFV] [-H host] dev
+Install arch to a bootable dev. Media dev is entirely erased then
+provisionned with an EFI boot partition and a root partition.
+
+The following steps are performed:
+0: prepare device (erase/randomize). Long.
+1: partition a 256MB GPT boot and a root partition (the rest)
+2: encrypt root partition (dm-crypt + LUKS)
+3: format partitions
+4: mount partitions
+5: install phase 1 (pacstrap)
+6: install phase 2 (chroot actions)
+
+options:
+-C       crypt root partition with dm-crypt+LUKS
+-F       format root filesystem without journal (USB-Flash)
+-H host  set hostnanme to host
+-S steps skips some steps (i.e. -S 02 to avoid crypt)
+-V       print version
+'
+}
+
+die() { echo "$0: fatal: $@" >&2; exit 1; }
+
+# return 1 in any of arg is to be skipped, 0 otherwise
+skip() {
+  for i; do
+    case $toskip in (*$i*) return 0;; esac
+  done
+  return 1
+}
+
+# Step 0: Prepare by wiping all data and randomize (very long).
+step0() {
+	cryptsetup open --type plain -d /dev/urandom "$dev" to_be_wiped
+	dd if=/dev/zero of=/dev/mapper/to_be_wiped bs=1M status=progress || true
+	cryptsetup close to_be_wiped
+}
+
+# Step 1: Partitions: GPT boot EFI 256 MB, encrypted root: all the rest.
+step1() {
+	fdisk "$dev" << \EOT
+g
+n
+
+
++256M
+t
+1
+n
+
+
+
+p
+w
+EOT
+}
+
+# Step 2: Encrypt root partition.
+step2() {
+  rootpart="/dev/mapper/$par"
+	cryptsetup -y -v luksFormat ${dev}2
+	cryptsetup open ${dev}2 $par
+}
+
+# Step 3: Format partitions.
+step3() {
+	mkfs.fat -F32 "${dev}1"
+	yes | mkfs.ext4 "$rootpart"
+}
+
+# Step 4: Mount partitions.
+step4() {
+	mount "$rootpart" /mnt
+	mkdir /mnt/boot
+	mount ${dev}1 /mnt/boot
+  trap cleanup EXIT
+}
+
+# Step 5: install some packages.
+step5() {
+	#pacstrap /mnt base linux linux-firmware vi wireless_tools wpa_supplicant
+	pacstrap /mnt base mkinitcpio
+	genfstab -U /mnt > /mnt/etc/fstab
+}
+
+# Step 6: further configs
+step6() {
+  # Remove root password.
+  sed -i -r 's/^root:[^:]+:/root::/' /mnt/etc/shadow
+
+  # Configure initramfs
+  skip 2 &&
+    hooks="base udev autodetect modconf block filesystems keyboard fsck" ||
+    hooks="base systemd keyboard sd-vconsole modconf block autodetect sd-encrypt filesystems fsck"
+  cat > /mnt/etc/mkinitcpio.conf << EOT
+MODULES=()
+BINARIES=()
+FILES=()
+HOOKS=($hooks)
+EOT
+
+  cat > /mnt/etc/mkinitcpio.d/linux.preset << \EOT
+# mkinitcpio preset file for the 'linux' package
+
+ALL_config="/etc/mkinitcpio.conf"
+ALL_kver="/boot/vmlinuz-linux"
+
+PRESETS=('default')
+
+#default_config="/etc/mkinitcpio.conf"
+default_image="/boot/initramfs-linux.img"
+#default_options=""
+EOT
+
+	cat > /mnt/etc/hosts << \EOT
+127.0.0.1	localhost
+::1		localhost
+127.0.1.1	yoda.localdomain yoda
+EOT
+
+	cat > /mnt/etc/locale.gen << \EOT
+en_US.UTF-8 UTF-8
+fr_FR.UTF-8 UTF-8
+EOT
+
+	echo yoda > /mnt/etc/hostname
+	echo 'KEYMAP=fr-latin1' > /mnt/etc/vconsole.conf
+	echo 'LANG=en_US.UTF-8' > /mnt/etc/locale.conf
+	ln -sf /usr/share/zoneinfo/Europe/Paris /mnt/etc/localtime
+
+	arch-chroot /mnt << \EOT
+locale-gen
+pacman --noconfirm -S linux linux-firmware vi wireless_tools wpa_supplicant
+bootctl --path=/boot install
+EOT
+
+	cat > /mnt/boot/loader/loader.conf << \EOT
+default arch
+timeout 4
+console-mode max
+EOT
+
+  if skip 2; then
+    uid=$(blkid -p -s UUID -o value "${dev}2")
+    rdopt="root=/dev/disk/by-uuid/$uid"
+  else 
+    uid=$(blkid -p -s UUID -o value "${dev}2")
+    rdopt="rd.luks.name=$uid=root root=/dev/mapper/root"
+  fi
+	cat > /mnt/boot/loader/entries/arch.conf << EOT
+title   Yoda Arch Linux
+linux   /vmlinuz-linux
+initrd  /initramfs-linux.img
+options $rdopt net.ifnames=0 rw
+EOT
+}
+
+cleanup() {
+	echo "Flushing and unmounting $dev"
+	umount /mnt/boot /mnt
+	cryptsetup close "$par"
+	echo "$dev is ready"
+}
+
+# Main
+while getopts :CFH:S:V opt; do
+  case $opt in
+    (C) crypto=1 ;;
+    (F) flash=1 ;;
+    (H) hostname=$OPTARG ;;
+    (S) toskip="$toskip$OPTARG" ;;
+    (V) echo $version && exit ;;
+    (*) help; exit 1 ;;
+  esac
+done
+shift $((OPTIND - 1))
+
+[ "$(id -u)" = 0 ] || die "not root"
+[ "$1" ] && dev=$1 || die 'no device'
+par=${dev##*/}root
+rootpart="${dev}2"
+
+echo -n "Device $dev will be completely erased. Continue ? Y/N "
+read -r resp && [ "$resp" = 'Y' ] || exit
+
+skip 0 || step0
+skip 1 || step1
+skip 2 || step2
+skip 3 || step3
+skip 4 || step4
+skip 5 || step5
+skip 6 || step6
+
+# vim: ts=2 sw=2 et