config/r815/SETUP
2020-07-11 20:38:30 +02:00

86 lines
2.5 KiB
Plaintext

UEFI boot does not work, so use legacy boot.
Installed with ubuntu-20.04-live-server-amd64.iso
ssh-copy-id
mkdir privat
cd privat
git clone 192.168.1.129:privat/config
cp config/ubuntu-20.04/home/.* ~/
sudo cp config/ubuntu-20.04/home/.* /root
bash config/ubuntu-20.04/packages
add_swap() {
truncate -s 16T /data/swapfile
mkswap swapfile
mkswap -L swap1 /dev/sdc
mkswap -L swap2 /dev/sdd
mkswap -L swap3 /dev/sde
cat >> /etc/fstab <<_EOF
LABEL=swap1 none swap sw,pri=4 0 0
LABEL=swap2 none swap sw,pri=4 0 0
LABEL=swap3 none swap sw,pri=4 0 0
_EOF
}
LVM_extend_to_full_disk() {
lvextend -L +10G /dev/ubuntu-vg/ubuntu-lv
resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
}
Change_LUKS_password_to_USB_cryptkey() {
echo oldpassword:; read oldpassword
echo secretpassword:; read secretpassword
echo newpassword:; read newpassword </mnt/cryptkey.txt
echo "$oldpassword $secretpassword $newpassword"
DISK=/dev/disk/by-path/pci-0000:05:00.0-scsi-0:2:1:0
# Add secretpassword to keyslot 2 (this will be slow to decrypt)
(echo "$oldpassword"; echo "$secretpassword") |
cryptsetup -y -v luksAddKey \
--pbkdf-parallel 1 \
--pbkdf-memory 4000000 --pbkdf argon2id --iter-time 40000 \
${DISK}-part3
# Remove oldpassword from keyslot 1
(echo "$oldpassword") |
cryptsetup -y -v luksRemoveKey ${DISK}-part3
# Add newpassword to keyslot 1 (this will be fast to decrypt)
(echo "$secretpassword"; echo "$newpassword") |
cryptsetup -y -v luksAddKey \
--pbkdf-parallel 1 \
--pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \
${DISK}-part3
# Check that slot 0 and 1 are in use
cryptsetup luksDump ${DISK}-part3
cryptsetup config --priority prefer --key-slot 0 ${DISK}-part3
# This should be fast
(echo "$newpassword"; echo "dummy") |
cryptsetup -y -v luksAddKey \
--pbkdf-parallel 1 \
--pbkdf-memory 100000 --pbkdf argon2id --iter-time 1000 \
${DISK}-part3
# This is still slow
(echo "dummy") |
cryptsetup -y -v luksRemoveKey ${DISK}-part3
}
autodecrypt() {
cd ~tange/privat/config/ubuntu-20.04/
cp usr/share/initramfs-tools/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/cryptroot
update-initramfs -u -k all
}
autofs() {
perl -i.bak -pe 's:#/net:/nfs:' /etc/auto.master
ln -s /nfs/hpdisk/data /data
service autofs restart
ls /data
}