2020-06-01 16:40:56 +00:00
|
|
|
UEFI boot does not work, so use legacy boot.
|
|
|
|
|
Installed with ubuntu-20.04-live-server-amd64.iso
|
|
|
|
|
|
|
|
|
|
ssh-copy-id
|
2020-07-11 18:38:30 +00:00
|
|
|
mkdir privat
|
|
|
|
|
cd privat
|
2020-06-12 14:24:10 +00:00
|
|
|
git clone 192.168.1.129:privat/config
|
2020-07-11 18:38:30 +00:00
|
|
|
cp config/ubuntu-20.04/home/.* ~/
|
2020-06-12 14:24:10 +00:00
|
|
|
sudo cp config/ubuntu-20.04/home/.* /root
|
|
|
|
|
bash config/ubuntu-20.04/packages
|
2020-11-29 00:22:28 +00:00
|
|
|
sudo cp -a ubuntu-20.04/etc/ /
|
|
|
|
|
|
2020-06-12 14:24:10 +00:00
|
|
|
|
|
|
|
|
add_swap() {
|
|
|
|
|
truncate -s 16T /data/swapfile
|
|
|
|
|
mkswap swapfile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
mkswap -L swap1 /dev/sdc
|
|
|
|
|
mkswap -L swap2 /dev/sdd
|
|
|
|
|
mkswap -L swap3 /dev/sde
|
2020-11-29 00:22:28 +00:00
|
|
|
mkswap -L swap4 /dev/sdc1
|
2020-06-12 14:24:10 +00:00
|
|
|
cat >> /etc/fstab <<_EOF
|
|
|
|
|
LABEL=swap1 none swap sw,pri=4 0 0
|
|
|
|
|
LABEL=swap2 none swap sw,pri=4 0 0
|
|
|
|
|
LABEL=swap3 none swap sw,pri=4 0 0
|
2020-11-29 00:22:28 +00:00
|
|
|
LABEL=swap4 none swap sw,pri=4 0 0
|
2020-06-12 14:24:10 +00:00
|
|
|
_EOF
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-01 16:40:56 +00:00
|
|
|
|
|
|
|
|
LVM_extend_to_full_disk() {
|
2020-11-29 00:22:28 +00:00
|
|
|
while lvextend -L +10G /dev/ubuntu-vg/ubuntu-lv; do
|
|
|
|
|
true
|
|
|
|
|
done
|
2020-06-01 16:40:56 +00:00
|
|
|
resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Change_LUKS_password_to_USB_cryptkey() {
|
|
|
|
|
echo oldpassword:; read oldpassword
|
|
|
|
|
echo secretpassword:; read secretpassword
|
|
|
|
|
echo newpassword:; read newpassword </mnt/cryptkey.txt
|
|
|
|
|
|
|
|
|
|
echo "$oldpassword $secretpassword $newpassword"
|
|
|
|
|
DISK=/dev/disk/by-path/pci-0000:05:00.0-scsi-0:2:1:0
|
|
|
|
|
|
|
|
|
|
# Add secretpassword to keyslot 2 (this will be slow to decrypt)
|
|
|
|
|
(echo "$oldpassword"; echo "$secretpassword") |
|
|
|
|
|
cryptsetup -y -v luksAddKey \
|
|
|
|
|
--pbkdf-parallel 1 \
|
|
|
|
|
--pbkdf-memory 4000000 --pbkdf argon2id --iter-time 40000 \
|
|
|
|
|
${DISK}-part3
|
|
|
|
|
|
|
|
|
|
# Remove oldpassword from keyslot 1
|
|
|
|
|
(echo "$oldpassword") |
|
|
|
|
|
cryptsetup -y -v luksRemoveKey ${DISK}-part3
|
|
|
|
|
|
|
|
|
|
# Add newpassword to keyslot 1 (this will be fast to decrypt)
|
|
|
|
|
(echo "$secretpassword"; echo "$newpassword") |
|
|
|
|
|
cryptsetup -y -v luksAddKey \
|
|
|
|
|
--pbkdf-parallel 1 \
|
|
|
|
|
--pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \
|
|
|
|
|
${DISK}-part3
|
|
|
|
|
|
|
|
|
|
# Check that slot 0 and 1 are in use
|
|
|
|
|
cryptsetup luksDump ${DISK}-part3
|
|
|
|
|
|
2020-07-11 18:38:30 +00:00
|
|
|
cryptsetup config --priority prefer --key-slot 0 ${DISK}-part3
|
2020-06-01 16:40:56 +00:00
|
|
|
# This should be fast
|
|
|
|
|
(echo "$newpassword"; echo "dummy") |
|
|
|
|
|
cryptsetup -y -v luksAddKey \
|
|
|
|
|
--pbkdf-parallel 1 \
|
|
|
|
|
--pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \
|
|
|
|
|
${DISK}-part3
|
|
|
|
|
# This is still slow
|
|
|
|
|
(echo "dummy") |
|
|
|
|
|
cryptsetup -y -v luksRemoveKey ${DISK}-part3
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
autodecrypt() {
|
2020-07-11 18:38:30 +00:00
|
|
|
cd ~tange/privat/config/ubuntu-20.04/
|
2020-06-01 16:40:56 +00:00
|
|
|
cp usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot
|
|
|
|
|
update-initramfs -u -k all
|
|
|
|
|
}
|
2020-07-11 18:38:30 +00:00
|
|
|
|
|
|
|
|
autofs() {
|
|
|
|
|
perl -i.bak -pe 's:#/net:/nfs:' /etc/auto.master
|
|
|
|
|
ln -s /nfs/hpdisk/data /data
|
|
|
|
|
service autofs restart
|
|
|
|
|
ls /data
|
|
|
|
|
}
|
