From ca17f9ccc28159ee474dcfef34cc5d79d8c4c9f9 Mon Sep 17 00:00:00 2001 From: teldra Date: Tue, 8 Feb 2022 20:41:09 +0100 Subject: [PATCH] progress --- etc/base | 44 ++++++++ etc/functions | 23 +++++ files/bash/editor.sh | 13 +++ files/bash/xbps-aliase.sh | 15 +++ files/bin/joinvpn | 41 ++++++++ files/bin/pinentry-chooser | 22 ++++ files/bin/void-backup | 132 ++++++++++++++++++++++++ files/bin/void-createbackupcontainer | 95 +++++++++++++++++ files/bin/void-snapshot | 85 +++++++++++++++ files/bin/void-update | 74 +++++++++++++ files/btrbk/btrbk.conf.void | 78 ++++++++++++++ files/gnupg/gpg-agent.conf | 7 ++ files/grub-btrfs/void.conf | 19 ++++ files/nm/30-wg0 | 21 ++++ files/nm/dns-servers.conf | 2 + files/nm/unmanaged-tun.conf | 3 + files/nm/unmanaged-wg.conf | 3 + files/profile/append-path.sh | 16 +++ files/sudoers/10-common | 9 ++ files/udev/99-ioschedulers.rules | 1 + files/udev/99-mount-media.rules | 1 + files/wireguard/wg0.conf | 13 +++ files/xbps/20-repo-rotce.de-pakete.conf | 2 + files/xbps/50-no-extract.conf | 1 + files/xorg/10-keyboard.conf | 8 ++ files/xorg/dbus-launch.sh | 6 ++ main.sh | 5 + 27 files changed, 739 insertions(+) create mode 100644 files/bash/editor.sh create mode 100644 files/bash/xbps-aliase.sh create mode 100644 files/bin/joinvpn create mode 100755 files/bin/pinentry-chooser create mode 100644 files/bin/void-backup create mode 100644 files/bin/void-createbackupcontainer create mode 100644 files/bin/void-snapshot create mode 100755 files/bin/void-update create mode 100644 files/btrbk/btrbk.conf.void create mode 100755 files/gnupg/gpg-agent.conf create mode 100644 files/grub-btrfs/void.conf create mode 100755 files/nm/30-wg0 create mode 100644 files/nm/dns-servers.conf create mode 100644 files/nm/unmanaged-tun.conf create mode 100644 files/nm/unmanaged-wg.conf create mode 100644 files/profile/append-path.sh create mode 100644 files/sudoers/10-common create mode 100644 files/udev/99-ioschedulers.rules create mode 100644 files/udev/99-mount-media.rules create mode 100644 files/wireguard/wg0.conf create mode 100644 files/xbps/20-repo-rotce.de-pakete.conf create mode 100644 files/xbps/50-no-extract.conf create mode 100644 files/xorg/10-keyboard.conf create mode 100644 files/xorg/dbus-launch.sh diff --git a/etc/base b/etc/base index 7685974..59590a4 100644 --- a/etc/base +++ b/etc/base @@ -98,4 +98,48 @@ sed -i '/^if/i [ "$(id -u)" -eq 0 ] && return' /etc/profile.d/zz-locale-user.sh echo '0 * * * * /usr/bin/void-snapshot cron #void.system' > /var/spool/cron/root + +vbin "${FILESDIR}/bin/joinvpn" +vbin "${FILESDIR}/bin/void-update" +vbin "${FILESDIR}/bin/void-backup" +vbin "${FILESDIR}/bin/void-snapshot" +vbin "${FILESDIR}/bin/void-createbackupcontainer" +vbin "${FILESDIR}/bin/pinentry-chooser" + +vmkdir etc/sudoers.d +vinstall "${FILESDIR}/sudoers/10-common" 700 etc/sudoers.d + +vmkdir etc/bash/bashrc.d +vinstall "${FILESDIR}/bash/xbps-aliase.sh" 755 etc/bash/bashrc.d +vinstall "${FILESDIR}/bash/editor.sh" 755 etc/bash/bashrc.d + +vmkdir usr/lib/udev/rules.d +vinstall "${FILESDIR}/udev/99-mount-media.rules" 744 usr/lib/udev/rules.d +vinstall "${FILESDIR}/udev/99-ioschedulers.rules" 744 usr/lib/udev/rules.d + +vmkdir etc/btrbk +vinstall "${FILESDIR}/btrbk/btrbk.conf.void" 744 etc/btrbk + +vmkdir etc/xbps.d +vinstall "${FILESDIR}/xbps/50-no-extract.conf" 755 etc/xbps.d +vinstall "${FILESDIR}/xbps/20-repo-rotce.de-pakete.conf" 755 etc/xbps.d + +vmkdir etc/default/grub-btrfs +vinstall "${FILESDIR}/grub-btrfs/void.conf" 755 etc/default/grub-btrfs + +vmkdir etc/NetworkManager/conf.d +vmkdir etc/NetworkManager/dispatcher.d +vinstall "${FILESDIR}/nm/unmanaged-wg.conf" 644 etc/NetworkManager/conf.d +vinstall "${FILESDIR}/nm/unmanaged-tun.conf" 644 etc/NetworkManager/conf.d +vinstall "${FILESDIR}/nm/30-wg0" 744 etc/NetworkManager/dispatcher.d + +vmkdir etc/profile.d +vinstall "${FILESDIR}/profile/append-path.sh" 644 etc/profile.d zz-append-path.sh + +vmkdir usr/share/X11/xorg.conf.d +vinstall "${FILESDIR}/xorg/10-keyboard.conf" 644 usr/share/X11/xorg.conf.d + +vmkdir etc/skel +vinstall "${FILESDIR}/gnupg/gpg-agent.conf" 700 etc/skel + } diff --git a/etc/functions b/etc/functions index 94f4a32..18a7e56 100644 --- a/etc/functions +++ b/etc/functions @@ -139,3 +139,26 @@ ignorepkg() { ignorepkgs+=( "$i" ) done } + +vmkdir() { + mkdir -p /"$1" + chmod 755 /"$1" +} + +vinstall() { + src="$1"; tgt="$3"; rights="$2" + if [ "$4" ]; then + cp "${src}" "/${tgt}/${4}" + chmod="/${tgt}/${4}" + else + cp "${src}" "/${tgt}" + chmod="/${tgt}" + + fi + chmod -R "${rights}" "${chmod}" +} + +vbin() { + cp -rf "$1" /usr/bin/ + chmod 0755 /usr/bin/"$(basename $1)" +} diff --git a/files/bash/editor.sh b/files/bash/editor.sh new file mode 100644 index 0000000..ebf10a7 --- /dev/null +++ b/files/bash/editor.sh @@ -0,0 +1,13 @@ +if command -v nano > /dev/null; then + e=nano +elif command -v nvim > /dev/null; then + e=nvim +elif command -v vim > /dev/null; then + e=vim +fi + +export EDITOR="${e}" +export VISUAL="${e}" +export SUDO_EDITOR="${e}" +unset e + diff --git a/files/bash/xbps-aliase.sh b/files/bash/xbps-aliase.sh new file mode 100644 index 0000000..e48fac0 --- /dev/null +++ b/files/bash/xbps-aliase.sh @@ -0,0 +1,15 @@ +[ "$(id -u)" -eq 0 ] && return +alias xu="sudo void-update" +alias xr="sudo xbps-remove -R" +alias xs="xbps-query -Rs" +alias backup="sudo void-backup" +alias snapshot="sudo void-snapshot" + +echo "xu = sudo void-update updaten" +echo "xi = sudo xbps-install -S installieren" +echo "xr = sudo xbps-remove -R deinstallieren" +echo "xs = xbps-query -Rs suchen" +echo "" +echo "backup backup machen" +echo "snapshot snapshots einstellen" +echo "" diff --git a/files/bin/joinvpn b/files/bin/joinvpn new file mode 100644 index 0000000..756b058 --- /dev/null +++ b/files/bin/joinvpn @@ -0,0 +1,41 @@ +#!/bin/bash +basewgfolder="/etc/wireguard" + +if [ $UID -ne 0 ]; then + echo "Keine Rootrechte" + exit 1 +fi +umask 0077 +mkdir -p "${basewgfolder}/wg0" +cd "${basewgfolder}/wg0" + + +if [[ -f "${basewgfolder}/wg0/privkey" ]]; then + read -p "Address: " ADDRESS + read -p "PublicKey: " PUBKEY_SERVER + read -p "Endpoint: " ENDPOINT + read -p "Port: " PORT + { echo "[Interface]"; + echo "Address = ${ADDRESS}"; + echo "PostUp = wg set %i private-key /etc/wireguard/wg0/wg0.key <(cat /etc/wireguard/wg0/privkey)"; + echo "[Peer]"; + echo "PublicKey = ${PUBKEY_SERVER}"; + echo "Endpoint = ${ENDPOINT}:${PORT}"; + echo "AllowedIPs = fd23::23:0:0/96"; + echo "PresharedKey = $(cat psk)"; + echo "PersistentKeepalive = 25"; } > "${basewgfolder}/wg0.conf" +else + test -f privkey || wg genkey > privkey + test -f pubkey || wg pubkey < privkey > pubkey + test -f psk || wg genpsk > psk + echo "Frage O nach den den folgenden Daten und wenn du sie hast, starte das hier nochmal" + echo "Address" + echo "PublicKey" + echo "Endpoint" + echo "Port" + echo "" + echo "Schicke ihm verschlüsselt (Jabber oder Email) folgende Daten:" + echo "PublicKey = $(cat pubkey)" + echo "PresharedKey = $(cat psk)" + echo "Hostname = ${HOSTNAME}" +fi diff --git a/files/bin/pinentry-chooser b/files/bin/pinentry-chooser new file mode 100755 index 0000000..1e90e90 --- /dev/null +++ b/files/bin/pinentry-chooser @@ -0,0 +1,22 @@ +#!/bin/sh + +case $PINENTRY_USER_DATA in +tty) + exec pinentry-curses "$@" + ;; +*) + if ! test -x ~/.config/pinentry; then + for i in pinentry-kwallet pinentry-qt pinentry-gnome3 pinentry-gtk-2 pinentry-emacs pinentry-dmenu pinentry-curses pinentry-tty; do + if command -v "${i}" > /dev/null; then + echo "#!/bin/sh" > ~/.config/pinentry + echo "${i} \${@}" >> ~/.config/pinentry + chmod +x ~/.config/pinentry + break + fi + done + fi + + exec ~/.config/pinentry "$@" + ;; +esac + diff --git a/files/bin/void-backup b/files/bin/void-backup new file mode 100644 index 0000000..fdcb835 --- /dev/null +++ b/files/bin/void-backup @@ -0,0 +1,132 @@ +#!/bin/bash +export LANG="en_US.UTF-8" +backupcfg="/etc/backup.cfg" +ziel="/var/lib/backup/ziel" +cfg="/etc/btrbk/btrbk.conf.void" + +fhelp() { + echo "Nutze es so:" + echo "sudo backup" + echo "sudo backup poweroff (um den Rechner nach dem Backup herunterzufahren.)" + #echo "sudo backup update (um den Rechner nach dem Backup up zu daten.)" + #echo "update und poweroff sind mixbar" + echo "sudo backup passwd (um das Passwort für die Backupfestplatte zu ändern.)" +} + +if [ "${UID}" -ne "0" ]; then + echo "Keine Rootrechte." + exit 1 +fi + +for argval in "$@" +do + case "${argval}" in + power|poweroff|p) + poweroff=y + ;; + help|-h|--help|h) + fhelp + exit + ;; + update) update=y ;; + passwd) passwd=y ;; + clean) do=clean ;; + run) do=run ;; + esac +done + +test -z "${do}" && do=run + +if [[ ! -f /etc/btrbk/btrbk.conf ]]; then + if [[ -f "${backupcfg}" ]]; then + source "${backupcfg}" + else + echo "${backupcfg} fehlt." + echo "Diese Datei wird normalerweise durch \`void-createbackupcontainer\`" + echo "angelegt. Bitte Sprich mit deinem Systemadministrator." + fi + + if [ -z "${UUID}" ]; then + echo "Keine Backupplatte angegeben." + exit 1 + fi + + if [ ! -e "/dev/disk/by-uuid/${UUID}" ]; then + echo "Bitte Backupfestplatte anschliessen." + exit 1 + fi + + if [ -e /tmp/backup ]; then + echo "Es läuft schon ein Backupvorgang oder wurde nicht richtig beendet." + echo "Bei letzterem: 'sudo rm -rf /tmp/backup'" + exit 1 + fi + touch /tmp/backup + + if [[ "${passwd}" == "y" ]]; then + cryptsetup luksChangeKey "/dev/disk/by-uuid/${UUID}" + rm -rf /tmp/backup + exit 0 + fi + + function finish { + sync + if [ "${poweroff}" = "y" ]; then + shutdown -h now + fi + sleep 4 + umount "${ziel}" + echo " " + echo " " + if [[ "${MOUNTEDBY}" == "script" ]]; then + cryptsetup close "luks-${UUID}" + echo "Festplatte kann nun sicher entfernt werden." + elif [[ "${MOUNTEDBY}" == "de" ]]; then + echo "Festplatte bitte mit der grafischen Oberflaeche auswerfen (wie ein USB-Stick)" + echo "" + echo "oder:" + echo "sudo umount /dev/mapper/luks-${UUID}" + echo "sudo cryptsetup close luks-${UUID}" + echo "" + fi + rm -rf /tmp/backup + echo "FERTIG" + + } + trap finish EXIT + + if mountpoint -q -x "/dev/mapper/luks-${UUID}" > /dev/null; then + MOUNTEDBY="de" + else + if ! cryptsetup open UUID="${UUID}" "luks-${UUID}"; then + echo "Konnte /dev/disk/by-uuid/${UUID} nicht öffnen." + exit + fi + MOUNTEDBY="script" + fi + + if ! mount "/dev/mapper/luks-${UUID}" "${ziel}"; then + echo "Konnte /dev/mapper/luks-${UUID} in ${ziel} nicht mounten." + exit + fi +else + cfg="/etc/btrbk/btrbk.conf" +fi + +if mountpoint -q /var/lib/backup/quelle/bootfs; then + mkdir -p /var/lib/backup/quelle/bootfs/system/backup "/var/lib/backup/ziel/void/bootfs" + boot="backupboot" +fi + +mkdir -p /var/lib/backup/quelle/rootfs/system/backup "/var/lib/backup/ziel/void/rootfs" "/var/lib/backup/ziel/void/homefs" +for t in backup "${boot}"; do + if [[ "${t}" ]]; then + btrbk --config="${cfg}" --progress --quiet clean "${t}" + if ! btrbk --config="${cfg}" --progress --quiet "${do}" "${t}"; then + btrbk --config="${cfg}" --progress --quiet clean + echo "Wegen Fehler nicht herunterfahren." + poweroff=n + exit + fi + fi +done diff --git a/files/bin/void-createbackupcontainer b/files/bin/void-createbackupcontainer new file mode 100644 index 0000000..1497ab9 --- /dev/null +++ b/files/bin/void-createbackupcontainer @@ -0,0 +1,95 @@ +#!/bin/bash +backupcfg="/etc/backup.cfg" + +if [ $UID -ne 0 ]; then + echo "Keine Rootrechte." + exit 1 +fi + +#test -f "${backupcfg}" && echo "${backupcfg} existiert" && exit 1 + +# find all disks +declare -A disk_tmp=() +declare -A disk=() +index=0 +for i in $(find /dev/disk/by-id/ -type l -printf "%P\n" | grep usb | grep -v part | tac ); do + name="$(readlink -f /dev/disk/by-id/"${i}")" + if [[ "${name}" =~ *"^[0-9]+$"* ]]; then + continue + fi + if [[ "${name}" == *"dm"* ]]; then + continue + fi + if [[ "${name}" == *"/dev/sr"* ]]; then + continue + fi + if blkid "${name}"|grep -q UUID; then + size="$(fdisk -l "${name}" | head -n1 | awk '{print $3}')" + else + continue + fi + size=$(awk "BEGIN { printf(\"%.0f\n\", ${size}); }") + uuid=$(blkid -o value -s UUID ${name}) + index=$(( index + 1 )) + disk_tmp+=( [${index}.id]="${i}" [${index}.name]="${name}" [${index}.uuid]="${uuid}" [${index}.size]="${size}" ) +done +disk_tmp+=( [count]="${index}" ) + +if [[ "${disk_tmp[count]}" -eq 0 ]]; then + echo "No Disk attached." + exit 1 +fi +# show devices +echo "Devices:" +for i in $(seq 1 "${disk_tmp[count]}"); do + echo "${disk_tmp[${i}.id]}" + echo " - uuid: ${disk_tmp[${i}.uuid]}" + echo " - name: ${disk_tmp[${i}.name]}" + echo " - size: ${disk_tmp[${i}.size]}" +done + +# choose device +found= +while read -p "Which Device? [${disk_tmp[1.uuid]}]: " output; do + test -z "${output}" && output="${disk_tmp[1.uuid]}" + for i in $(seq 1 "${disk_tmp[count]}"); do + if [[ "${disk_tmp[${i}.id]}" == "${output}" ]] || [[ "${disk_tmp[${i}.name]}" == "${output}" ]] || [[ "${disk_tmp[${i}.uuid]}" == "${output}" ]]; then + found=1 + id="${disk_tmp[${i}.id]}" + break + fi + done + [[ "${found}" ]] && break + echo "${output} not found" +done + +echo "g +n +1 + + +w +q" | fdisk "/dev/disk/by-id/${id}" + +UUID=$(blkid -o value -s UUID "/dev/disk/by-id/${id}-part1") + +if ! cryptsetup luksFormat UUID="${UUID}"; then + echo "Konnte /dev/disk/by-uuid/${UUID} nicht verschluesseln." + exit 1 +else + if ! cryptsetup open UUID="${UUID}" "luks-${UUID}"; then + echo "Konnte /dev/disk/by-uuid/${UUID} nicht verschluesseln." + exit 1 + fi +fi + +if ! mkfs.btrfs -f "/dev/mapper/luks-${UUID}"; then + echo "Konnte /dev/mapper/luks-${UUID} nicht formatieren" + exit 1 +fi + +cryptsetup close "luks-${UUID}" + +echo "UUID=\"${UUID}\"" > "${backupcfg}" + +echo "Erstellen des Containers fertig." diff --git a/files/bin/void-snapshot b/files/bin/void-snapshot new file mode 100644 index 0000000..579137c --- /dev/null +++ b/files/bin/void-snapshot @@ -0,0 +1,85 @@ +#!/bin/bash +if [ "${UID}" -ne "0" ]; then + echo "Keine Rootrechte." + exit 1 +fi + +infos() { + echo "Snapshots sind Kopien der Dateien die keinen zusätzlichen Platz" + echo "benötigen." + echo "" + echo "Es wird bei jedem Update vom Betriebsystem ein Snapshot angelegt." + echo "Es wird jede volle Stunde vom Betriebsystem ein Snapshot angelegt." + echo "So ist das Betriebssystem auch bei Problemen bootbar." + echo "" + echo "Optional kann auch jede Stunde ein Snapshot der persönlichen Daten" + echo "angelegt werden. Dann verliert man bei versehentlichem löschen" + echo "maximal die Arbeit einer Stunde." + echo "Dafür folgendes im Terminal ausführen:" + echo 'echo REGULAR_SNAPSHOT_HOME=1 | sudo tee -a /etc/void-snapshot.cfg' + echo "" + echo "Nur für Experten:" + echo 'echo NO_UPDATE_GRUB=1 | sudo tee -a /etc/void-snapshot.cfg' +} + +cron="" +update="" +case $1 in + update) + update=1 + word="update" + ;; + cron) + cron=1 + word="regular" + ;; + *) + infos + exit + ;; +esac + +if [ "$#" -eq "0" ]; then + infos + exit +fi + +cfg="/etc/btrbk/btrbk.conf.void" +test -f "/etc/btrbk/btrbk.conf" && cfg="/etc/btrbk/btrbk.conf" + +if mountpoint -q /var/lib/backup/quelle/bootfs; then + mkdir -p "/var/lib/backup/quelle/bootfs/system/snapshots/${word}" + if ! btrbk --config="${cfg}" --quiet run "${word}boot"; then + btrbk --config="${cfg}" --quiet clean "${word}boot" + echo "fail: btrbk --config=${cfg} --quiet run ${word}boot" + exit + fi +fi + +mkdir -p "/var/lib/backup/quelle/rootfs/system/snapshots/${word}" +if ! btrbk --config="${cfg}" --quiet run "${word}root"; then + btrbk --config="${cfg}" --quiet clean "${word}root" + echo "fail: btrbk --config=${cfg} --quiet run ${word}root" + exit +fi + +test -f /etc/void-snapshot.cfg && . /etc/void-snapshot.cfg + +if [[ -z "${NO_UPDATE_GRUB}" ]]; then + if ! update-grub 2> /dev/null; then + echo update-grub failed + exit + fi +fi + +if [ "${cron}" ]; then + if [ "${REGULAR_SNAPSHOT_HOME}" ]; then + mkdir -p "/var/lib/backup/quelle/rootfs/system/snapshots/${word}" + if ! btrbk --config="${cfg}" --quiet run "${word}home"; then + btrbk --config="${cfg}" --quiet clean "${word}home" + echo "fail: btrbk --config=${cfg} --quiet clean ${word}home" + exit + fi + fi +fi + diff --git a/files/bin/void-update b/files/bin/void-update new file mode 100755 index 0000000..9a3198c --- /dev/null +++ b/files/bin/void-update @@ -0,0 +1,74 @@ +#!/bin/bash + +if [ $UID -ne 0 ]; then + echo "Keine Rootrechte." + exit 1 +fi + +RESTART="" + +set -Eeuo pipefail + +RESTART= +echo "Synchronisiere Repositorys." +xbps-install -S > /dev/null + +#mapfile -t updatedpkgs < <(xbps-install -un|awk '{print $1}') +updatedpkgs="$(xbps-install -un|awk '{print $1}')" + +if [[ -z "${updatedpkgs}" ]]; then + echo "Keine Updates" + exit +else + echo "${updatedpkgs}" + echo "Es sind Updates da!" + while read -p "Installieren? [Y/n] " answer; do + test -z "${answer}" && answer="y" + case "${answer}" in + n*|N*|*o|*O) + exit + ;; + y*|Y*|j*|J*) + break + ;; + esac + done + if grep -q -Pe '^(?!.*linux-).*^linux' <<< "${updatedpkgs}"; then + RESTART=1 + fi +fi + +echo "Lege Snapshot an." +void-snapshot update + +echo "Entferne nicht benutzte Pakete." +xbps-remove -oy > /dev/null + +echo "Räume den Cache auf." +xbps-remove -Oy > /dev/null + +echo "Installiere Updates." +if ! xbps-install -uy; then + echo "Update failed." + exit +fi + +if [[ "$RESTART" ]]; then + echo "Lösche alte Kernel." + vkpurge list | head -n -1 | xargs -r vkpurge rm +else + echo "Überprüfe ob neustart notwenidig ist." + if [[ "$(xcheckrestart)" ]]; then + RESTART=1 + fi +fi + +if [[ "${RESTART}" ]]; then + echo ""; echo "Bitte den Computer neu starten!" +else + echo ""; echo "Kein neustart notwendig!" +fi + +echo "" +echo "Update fertig." + diff --git a/files/btrbk/btrbk.conf.void b/files/btrbk/btrbk.conf.void new file mode 100644 index 0000000..0192dbd --- /dev/null +++ b/files/btrbk/btrbk.conf.void @@ -0,0 +1,78 @@ +transaction_syslog daemon +lockfile /tmp/btrbk.lock +incremental yes +btrfs_commit_delete after +timestamp_format long +noauto yes +backend btrfs-progs-sudo + +# Update snapshots +volume /var/lib/backup/quelle/bootfs + group updateboot updatestats allstats snapshotstats + snapshot_dir system/snapshots/update + snapshot_preserve_min latest + snapshot_preserve no + subvolume bootfs + +volume /var/lib/backup/quelle/rootfs + group updateroot updatestats allstats snapshotstats + snapshot_dir system/snapshots/update + snapshot_preserve_min latest + snapshot_preserve no + subvolume rootfs + + +# Regular snapshots +volume /var/lib/backup/quelle/bootfs + group regularboot regularstats allstats snapshotstats + snapshot_dir system/snapshots/regular + snapshot_preserve_min 4h + snapshot_preserve no + subvolume bootfs + +volume /var/lib/backup/quelle/rootfs + group regularroot regularstats allstats snapshotstats + snapshot_dir system/snapshots/regular + snapshot_preserve_min 4h + snapshot_preserve no + subvolume rootfs + +volume /var/lib/backup/quelle/rootfs + group regularhome regularstats allstats snapshotstats + snapshot_dir system/snapshots/regular + snapshot_preserve_min 4h + snapshot_preserve no + subvolume homefs + + +# Backup +volume /var/lib/backup/quelle/bootfs + group backupboot backupstats allstats + snapshot_dir system/backup + snapshot_preserve_min latest + snapshot_preserve no + target_preserve_min latest + target_preserve no + subvolume bootfs + target send-receive /var/lib/backup/ziel/void/bootfs + +volume /var/lib/backup/quelle/rootfs + group backup backupstats allstats + snapshot_dir system/backup + snapshot_preserve_min latest + snapshot_preserve no + target_preserve_min latest + target_preserve no + subvolume rootfs + target send-receive /var/lib/backup/ziel/void/rootfs + +volume /var/lib/backup/quelle/rootfs + group backup backupstats allstats + snapshot_dir system/backup + snapshot_preserve_min latest + snapshot_preserve no + target_preserve_min latest + target_preserve no + subvolume homefs + target send-receive /var/lib/backup/ziel/void/homefs + diff --git a/files/gnupg/gpg-agent.conf b/files/gnupg/gpg-agent.conf new file mode 100755 index 0000000..db044b3 --- /dev/null +++ b/files/gnupg/gpg-agent.conf @@ -0,0 +1,7 @@ +pinentry-program /usr/bin/pinentry-chooser +enable-ssh-support + +default-cache-ttl 28800 +max-cache-ttl 86400 +ignore-cache-for-signing + diff --git a/files/grub-btrfs/void.conf b/files/grub-btrfs/void.conf new file mode 100644 index 0000000..c57fe7a --- /dev/null +++ b/files/grub-btrfs/void.conf @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +# Ignore specific path during run "grub-mkconfig". +# Only exact paths are ignored. +# e.g : if `specific path` = @, only `@` snapshot will be ignored. +# Default: ("@") +GRUB_BTRFS_IGNORE_SPECIFIC_PATH=("@" "rootfs" "bootfs" "homefs") + +# Ignore prefix path during run "grub-mkconfig". +# Any path starting with the specified string will be ignored. +# e.g : if `prefix path` = @, all snapshots beginning with "@/..." will be ignored. +# Default: ("var/lib/docker" "@var/lib/docker" "@/var/lib/docker") +GRUB_BTRFS_IGNORE_PREFIX_PATH=("var/lib/docker" "@var/lib/docker" "@/var/lib/docker" "system/backup") + +GRUB_BTRFS_SUBMENUNAME="Void Linux Snapshots" +GRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION="true" +GRUB_BTRFS_DISPLAY_PATH_SNAPSHOT="false" +GRUB_BTRFS_TITLE_FORMAT="d" +GRUB_BTRFS_LIMIT="20" diff --git a/files/nm/30-wg0 b/files/nm/30-wg0 new file mode 100755 index 0000000..591b223 --- /dev/null +++ b/files/nm/30-wg0 @@ -0,0 +1,21 @@ +#!/bin/sh +INTERFACE=$1 +ACTION=$2 + +if [ -f /etc/wireguard/wg0.conf ]; then + case "$INTERFACE" in + tun*|wg*) + exit 0 + ;; + *) + case "$ACTION" in + up) + wg-quick up wg0 + ;; + down) + wg-quick down wg0 + ;; + esac + ;; + esac +fi diff --git a/files/nm/dns-servers.conf b/files/nm/dns-servers.conf new file mode 100644 index 0000000..d18800c --- /dev/null +++ b/files/nm/dns-servers.conf @@ -0,0 +1,2 @@ +[global-dns-domain-*] +servers=::1,159.69.114.157 diff --git a/files/nm/unmanaged-tun.conf b/files/nm/unmanaged-tun.conf new file mode 100644 index 0000000..90d244e --- /dev/null +++ b/files/nm/unmanaged-tun.conf @@ -0,0 +1,3 @@ +[keyfile] +unmanaged-devices=interface-name:wg* + diff --git a/files/nm/unmanaged-wg.conf b/files/nm/unmanaged-wg.conf new file mode 100644 index 0000000..90d244e --- /dev/null +++ b/files/nm/unmanaged-wg.conf @@ -0,0 +1,3 @@ +[keyfile] +unmanaged-devices=interface-name:wg* + diff --git a/files/profile/append-path.sh b/files/profile/append-path.sh new file mode 100644 index 0000000..7504b27 --- /dev/null +++ b/files/profile/append-path.sh @@ -0,0 +1,16 @@ +appendpath () { + case ":$PATH:" in + *:"$1":*) + ;; + *) + PATH="${PATH:+$PATH:}$1" + esac +} + +if [ $(id -u) -eq 0 ]; then + appendpath "/root/.local/bin" +else + appendpath "/home/$(id -un)/.local/bin" +fi +export PATH + diff --git a/files/sudoers/10-common b/files/sudoers/10-common new file mode 100644 index 0000000..48bcf9c --- /dev/null +++ b/files/sudoers/10-common @@ -0,0 +1,9 @@ +Defaults timestamp_timeout=15 +Defaults !tty_tickets +Defaults umask = 022 +Defaults passprompt="[sudo] Password: " +Defaults env_keep += "EDITOR" +Defaults env_keep += "SSH_CONNECTION" +Defaults env_keep += "TMUX" + +%wheel ALL=(ALL) ALL diff --git a/files/udev/99-ioschedulers.rules b/files/udev/99-ioschedulers.rules new file mode 100644 index 0000000..88e5a46 --- /dev/null +++ b/files/udev/99-ioschedulers.rules @@ -0,0 +1 @@ +ACTION=="add|change", KERNEL=="sd[a-z]|mmcblk[0-9]*", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="mq-deadline" diff --git a/files/udev/99-mount-media.rules b/files/udev/99-mount-media.rules new file mode 100644 index 0000000..4694716 --- /dev/null +++ b/files/udev/99-mount-media.rules @@ -0,0 +1 @@ +ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1" diff --git a/files/wireguard/wg0.conf b/files/wireguard/wg0.conf new file mode 100644 index 0000000..6fc3ce3 --- /dev/null +++ b/files/wireguard/wg0.conf @@ -0,0 +1,13 @@ +[Interface] +Address = fd23::23:5:200/64, 10.23.5.200/16 +PrivateKey = gPxQ+J61DCyOfJj0wXVfAL1zeFnlhenDiIXTyeZ9NUc= +DNS = fd23::23:5:2, 10.23.5.2 + +[Peer] +PublicKey = ZJwTV2l+N+vFwL0KFQb5xpAPqwVcf0YvEMFzTaIoAU8= +Endpoint = 10.1.1.2:51820 +PresharedKey = 4KUpGmysJLNsX5sdFPpVsyW5ONloXj7WTNpNtqTSZ9U= + +####AllowedIPs = ::0/0, 0.0.0.0/0 leitet den ganzen traffic ueber den server +AllowedIPs = fd23::/64, 10.23.0.0/16 +PersistentKeepalive = 25 diff --git a/files/xbps/20-repo-rotce.de-pakete.conf b/files/xbps/20-repo-rotce.de-pakete.conf new file mode 100644 index 0000000..c870200 --- /dev/null +++ b/files/xbps/20-repo-rotce.de-pakete.conf @@ -0,0 +1,2 @@ +repository=https://rotce.de/pakete + diff --git a/files/xbps/50-no-extract.conf b/files/xbps/50-no-extract.conf new file mode 100644 index 0000000..f162ddc --- /dev/null +++ b/files/xbps/50-no-extract.conf @@ -0,0 +1 @@ +noextract=/usr/bin/xq diff --git a/files/xorg/10-keyboard.conf b/files/xorg/10-keyboard.conf new file mode 100644 index 0000000..4f1177d --- /dev/null +++ b/files/xorg/10-keyboard.conf @@ -0,0 +1,8 @@ +Section "InputClass" + Identifier "keyboard" + MatchIsKeyboard "yes" + Option "XkbLayout" "de" + Option "XkbVariant" "nodeadkeys" + #Option "XkbOptions" "grp:alt_shift_toggle" +EndSection + diff --git a/files/xorg/dbus-launch.sh b/files/xorg/dbus-launch.sh new file mode 100644 index 0000000..4fb06f0 --- /dev/null +++ b/files/xorg/dbus-launch.sh @@ -0,0 +1,6 @@ +if [ "$DESKTOP_SESSION" = "i3" ]; then + if which dbus-launch >/dev/null && test -z "$DBUS_SESSION_BUS_ADDRESS"; then + eval "$(dbus-launch --sh-syntax --exit-with-x11)" + fi +fi + diff --git a/main.sh b/main.sh index d05e324..c82f177 100755 --- a/main.sh +++ b/main.sh @@ -252,6 +252,8 @@ do_chroot() { cp -rf "${tmp_target}" "${target}/tmp/vinstaller/run" + mkdir -p "${target}/tmp/vinstaller/files" + echo "USERNAME=${USERNAME}" > "${vars}" echo "PASS=${PASS}" >> "${vars}" echo "HOSTNAME=${HOSTNAME}" >> "${vars}" @@ -268,6 +270,9 @@ do_chroot() { cat < "${target}/tmp/vinstaller/main_chroot" #!/usr/bin/bash + +FILESDIR=/tmp/vinstaller/files + . /tmp/vinstaller/functions . /tmp/vinstaller/vars