#!/bin/bash set -euo pipefail BASEDIR="$(dirname "${0}" | sed "s|^\.|${PWD}|")" source \ /etc/os-release source \ "${BASEDIR}/system.conf" if [[ ! "${DISK}" == **/dev/disk/by-id/** ]]; then if [[ "${DISK}" == **/dev/nvme** ]]; then PART3='p3' else PART3='3' fi else PART3='-part3' fi # if [[ ! "${*}" = *--no-part* ]]; then if [[ "${ENCRYPTION}" == 'yes' ]]; then ZPOOL_PASSWORD='A' ZPOOL_PASSWORD_VERIFY='B' printf \ '\033[?47h\033[2J\033[H' while [[ ! "${ZPOOL_PASSWORD}" == "${ZPOOL_PASSWORD_VERIFY}" ]] || [[ -z "${ZPOOL_PASSWORD}" ]] || [[ "${#ZPOOL_PASSWORD}" -lt '8' ]]; do printf \ "\nEnter a password to encrypt your root pool (minimum 8 characters):\n" read \ -r \ -s \ ZPOOL_PASSWORD printf \ "\nVerify the password to encrypt your root pool:\n" read \ -r \ -s \ ZPOOL_PASSWORD_VERIFY if [[ ! "${ZPOOL_PASSWORD}" == "${ZPOOL_PASSWORD_VERIFY}" ]]; then printf \ "ERROR:\tPasswords do not match!\n" elif [[ -z "${ZPOOL_PASSWORD}" ]]; then printf \ "ERROR:\tPassword is empty!\n" elif [[ "${#ZPOOL_PASSWORD}" -lt '8' ]]; then printf \ "ERROR:\tPassword is too short!\n" fi done printf \ '\033[?47l' mkdir \ -p \ /etc/zfs/keys/ printf \ "${ZPOOL_PASSWORD}\n" | tee /etc/zfs/keys/${HOSTNAME,,}.key &> /dev/null chmod \ 000 \ /etc/zfs/keys/${HOSTNAME,,}.key zpool create \ -o ashift=12 \ -o autotrim=on \ -o compatibility=openzfs-2.1-linux \ -O encryption=on \ -O keylocation=file:///etc/zfs/keys/${HOSTNAME,,}.key \ -O keyformat=passphrase \ -O acltype=posixacl \ -O xattr=sa \ -O dnodesize=auto \ -O compression=zstd-3 \ -O normalization=formD \ -O relatime=on \ -O canmount=off \ -O mountpoint=/ \ -R /mnt \ ${HOSTNAME,,} \ ${DISK}${PART3} else zpool create \ -o ashift=12 \ -o autotrim=on \ -o compatibility=openzfs-2.1-linux \ -O encryption=off \ -O acltype=posixacl \ -O xattr=sa \ -O dnodesize=auto \ -O compression=zstd-3 \ -O normalization=formD \ -O relatime=on \ -O canmount=off \ -O mountpoint=/ \ -R /mnt \ ${HOSTNAME,,} \ ${DISK}${PART3} fi zfs create \ -o canmount=off \ -o mountpoint=none \ ${HOSTNAME,,}/ROOT # else # zpool import \ # -N \ # -R \ # /mnt \ # ${HOSTNAME,,} # # zfs load-key \ # -r \ # -L prompt \ # ${HOSTNAME,,} # fi zfs create \ -o canmount=noauto \ -o mountpoint=/ \ ${HOSTNAME,,}/ROOT/${ID} zfs mount \ ${HOSTNAME,,}/ROOT/${ID} # if [[ ! "${*}" = *--no-part* ]]; then zfs create \ ${HOSTNAME,,}/home zfs create \ -o mountpoint=/root \ ${HOSTNAME,,}/home/root chmod \ 700 \ /mnt/root zfs create \ -o canmount=off \ -o mountpoint=/var \ ${HOSTNAME,,}/var zfs create \ -o canmount=off \ ${HOSTNAME,,}/var/lib zfs create \ ${HOSTNAME,,}/var/log zfs create \ ${HOSTNAME,,}/var/spool zfs create \ -o com.sun:auto-snapshot=false \ ${HOSTNAME,,}/var/cache zfs create \ -o com.sun:auto-snapshot=false \ ${HOSTNAME,,}/var/lib/nfs zfs create \ -o com.sun:auto-snapshot=false \ ${HOSTNAME,,}/var/tmp chmod \ 1777 \ /mnt/var/tmp zfs create \ -o mountpoint=/srv \ ${HOSTNAME,,}/srv zfs create \ -o canmount=off \ -o mountpoint=/usr \ ${HOSTNAME,,}/usr zfs create \ ${HOSTNAME,,}/usr/local zfs create \ ${HOSTNAME,,}/var/games zfs create \ ${HOSTNAME,,}/var/lib/AccountsService zfs create \ ${HOSTNAME,,}/var/lib/NetworkManager zfs create \ ${HOSTNAME,,}/var/www zfs create \ -o com.sun:auto-snapshot=false \ -o mountpoint=/tmp \ ${HOSTNAME,,}/tmp if [[ "${ENCRYPTION}" == 'yes' ]]; then zfs create \ -o com.sun:auto-snapshot=false \ -o mountpoint=/etc/zfs/keys \ ${HOSTNAME,,}/keystore fi zpool set \ bootfs=${HOSTNAME,,}/ROOT/${ID} \ ${HOSTNAME,,} # else # zfs mount \ # ${HOSTNAME,,}/home # # zfs mount \ # ${HOSTNAME,,}/home/root # # zfs mount \ # ${HOSTNAME,,}/var/log # # zfs mount \ # ${HOSTNAME,,}/var/spool # # zfs mount \ # ${HOSTNAME,,}/var/cache # # zfs mount \ # ${HOSTNAME,,}/var/lib/nfs # # zfs mount \ # ${HOSTNAME,,}/var/tmp # # zfs mount \ # ${HOSTNAME,,}/srv # # zfs mount \ # ${HOSTNAME,,}/usr/local # # zfs mount \ # ${HOSTNAME,,}/var/games # # zfs mount \ # ${HOSTNAME,,}/var/lib/AccountsService # # zfs mount \ # ${HOSTNAME,,}/var/lib/NetworkManager # # zfs mount \ # ${HOSTNAME,,}/var/www # # zfs mount \ # ${HOSTNAME,,}/keystore # fi if [[ "${ID}" == 'fedora' ]]; then "${BASEDIR}/base-fedora.sh" -1 fi # if [[ ! "${*}" = *--no-part* ]]; then zfs create \ ${HOSTNAME,,}/var/mail chmod \ 1777 \ /mnt/tmp # else # zfs mount \ # ${HOSTNAME,,}/var/mail # fi