getch 0.1.6 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +17 -26
- data/assets/system.conf +38 -0
- data/lib/cmdline.rb +128 -0
- data/lib/getch/command.rb +31 -21
- data/lib/getch/config/gentoo.rb +22 -23
- data/lib/getch/config/void.rb +8 -10
- data/lib/getch/config.rb +5 -2
- data/lib/getch/filesystem/clean.rb +15 -15
- data/lib/getch/filesystem/device.rb +3 -1
- data/lib/getch/filesystem/ext4/config.rb +8 -4
- data/lib/getch/filesystem/ext4/deps.rb +3 -1
- data/lib/getch/filesystem/ext4/device.rb +2 -3
- data/lib/getch/filesystem/ext4/encrypt/config.rb +12 -7
- data/lib/getch/filesystem/ext4/encrypt/deps.rb +4 -2
- data/lib/getch/filesystem/ext4/encrypt/device.rb +5 -3
- data/lib/getch/filesystem/ext4/encrypt/format.rb +4 -1
- data/lib/getch/filesystem/ext4/encrypt/mount.rb +3 -2
- data/lib/getch/filesystem/ext4/encrypt/partition.rb +21 -21
- data/lib/getch/filesystem/ext4/encrypt/void.rb +22 -21
- data/lib/getch/filesystem/ext4/encrypt.rb +2 -0
- data/lib/getch/filesystem/ext4/format.rb +3 -0
- data/lib/getch/filesystem/ext4/mount.rb +3 -0
- data/lib/getch/filesystem/ext4/partition.rb +9 -6
- data/lib/getch/filesystem/ext4/void.rb +8 -7
- data/lib/getch/filesystem/ext4.rb +2 -0
- data/lib/getch/filesystem/lvm/config.rb +7 -22
- data/lib/getch/filesystem/lvm/deps.rb +6 -4
- data/lib/getch/filesystem/lvm/device.rb +2 -0
- data/lib/getch/filesystem/lvm/encrypt/config.rb +12 -9
- data/lib/getch/filesystem/lvm/encrypt/deps.rb +6 -3
- data/lib/getch/filesystem/lvm/encrypt/device.rb +4 -2
- data/lib/getch/filesystem/lvm/encrypt/format.rb +4 -0
- data/lib/getch/filesystem/lvm/encrypt/mount.rb +3 -0
- data/lib/getch/filesystem/lvm/encrypt/partition.rb +7 -7
- data/lib/getch/filesystem/lvm/encrypt/void.rb +20 -19
- data/lib/getch/filesystem/lvm/encrypt.rb +2 -0
- data/lib/getch/filesystem/lvm/format.rb +3 -0
- data/lib/getch/filesystem/lvm/mount.rb +3 -0
- data/lib/getch/filesystem/lvm/partition.rb +8 -5
- data/lib/getch/filesystem/lvm/void.rb +7 -6
- data/lib/getch/filesystem/lvm.rb +2 -0
- data/lib/getch/filesystem/mount.rb +19 -12
- data/lib/getch/filesystem/partition.rb +16 -8
- data/lib/getch/filesystem/zfs/config.rb +9 -23
- data/lib/getch/filesystem/zfs/deps.rb +22 -57
- data/lib/getch/filesystem/zfs/device.rb +3 -1
- data/lib/getch/filesystem/zfs/encrypt/config.rb +10 -26
- data/lib/getch/filesystem/zfs/encrypt/deps.rb +25 -60
- data/lib/getch/filesystem/zfs/encrypt/device.rb +3 -1
- data/lib/getch/filesystem/zfs/encrypt/format.rb +12 -8
- data/lib/getch/filesystem/zfs/encrypt/mount.rb +13 -8
- data/lib/getch/filesystem/zfs/encrypt/partition.rb +18 -15
- data/lib/getch/filesystem/zfs/encrypt/void.rb +23 -22
- data/lib/getch/filesystem/zfs/encrypt.rb +2 -0
- data/lib/getch/filesystem/zfs/format.rb +9 -5
- data/lib/getch/filesystem/zfs/mount.rb +9 -7
- data/lib/getch/filesystem/zfs/partition.rb +15 -12
- data/lib/getch/filesystem/zfs/void.rb +20 -20
- data/lib/getch/filesystem/zfs.rb +2 -0
- data/lib/getch/filesystem.rb +2 -0
- data/lib/getch/gentoo/boot.rb +21 -72
- data/lib/getch/gentoo/bootloader.rb +68 -0
- data/lib/getch/gentoo/chroot.rb +26 -33
- data/lib/getch/gentoo/config.rb +30 -26
- data/lib/getch/gentoo/sources.rb +55 -66
- data/lib/getch/gentoo/stage.rb +12 -12
- data/lib/getch/gentoo/use.rb +3 -7
- data/lib/getch/gentoo/use_flag.rb +77 -51
- data/lib/getch/gentoo.rb +22 -8
- data/lib/getch/guard.rb +50 -43
- data/lib/getch/helpers.rb +155 -143
- data/lib/getch/log.rb +7 -5
- data/lib/getch/options.rb +16 -14
- data/lib/getch/states.rb +10 -3
- data/lib/getch/version.rb +1 -1
- data/lib/getch/void/boot.rb +18 -14
- data/lib/getch/void/chroot.rb +20 -19
- data/lib/getch/void/config.rb +20 -17
- data/lib/getch/void/stage.rb +13 -14
- data/lib/getch/void.rb +7 -1
- data/lib/getch.rb +13 -5
- data.tar.gz.sig +0 -0
- metadata +6 -5
- metadata.gz.sig +0 -0
- data/lib/getch/filesystem/.mount.rb.swp +0 -0
- data/lib/getch/filesystem/zfs/encrypt/.mount.rb.swp +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 46439ee6483306d467923074b461ad5df9d9f7a9a32981936952b586e85173f9
|
4
|
+
data.tar.gz: e4232a6832086eafb46e9f29da73b461762c65c6232071cf2854c9ddb7680e2f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8689b833a86f39c1b5a310ed193e588399fed86384012015f04251d39175e3bd6121a7f65540086fc1556f831017a6d56467a3325ec29f78651295adcdd3ed23
|
7
|
+
data.tar.gz: ac28be3804fddb3f995a8b86c438d447216547078855ca103ac4151a038934a9e7369a8a96500165b14ca38fdcac6ece31bbb5a1324e036b553ad76a0f456621
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/README.md
CHANGED
@@ -1,4 +1,15 @@
|
|
1
1
|
# Getch
|
2
|
+
|
3
|
+
<div align="center">
|
4
|
+
<br/>
|
5
|
+
|
6
|
+
[![Gem Version](https://badge.fury.io/rb/getch.svg)](https://badge.fury.io/rb/getch)
|
7
|
+
![GitHub Workflow Status (branch)](https://img.shields.io/github/workflow/status/szorfein/getch/Rubocop/develop)
|
8
|
+
[![Ruby Style Guide](https://img.shields.io/badge/code_style-rubocop-brightgreen.svg)](https://github.com/rubocop/rubocop)
|
9
|
+
![GitHub](https://img.shields.io/github/license/szorfein/ardecy)
|
10
|
+
|
11
|
+
</div>
|
12
|
+
|
2
13
|
A CLI tool to install Gentoo or Void Linux with default:
|
3
14
|
+ DNS over HTTPS (with [Quad9](https://www.quad9.net/)).
|
4
15
|
+ Vim | Nano installed.
|
@@ -40,7 +51,7 @@ With `gem` installed:
|
|
40
51
|
$ gem cert --add <(curl -Ls https://raw.githubusercontent.com/szorfein/getch/master/certs/szorfein.pem)
|
41
52
|
$ gem install getch -P HighSecurity
|
42
53
|
|
43
|
-
If you want to try the
|
54
|
+
If you want to try from the source:
|
44
55
|
|
45
56
|
# git clone https://github.com/szorfein/getch
|
46
57
|
# cd getch
|
@@ -91,43 +102,23 @@ If a old volume group exist, `getch` may fail to partition your disk. You have t
|
|
91
102
|
To decrypt your disk on BIOS system, you have to enter your password twice. One time for Grub and another time for Genkernel. [post](https://wiki.archlinux.org/index.php/GRUB#Encrypted_/boot).
|
92
103
|
Also with GRUB, only a `us` keymap is working.
|
93
104
|
|
94
|
-
#### ZFS for Gentoo
|
95
|
-
When Gentoo boot the first time, the pool may fail to start, it's happen when the pool has not been `export` to the ISO. So just `export` your pool from the genkernel shell:
|
96
|
-
|
97
|
-
The zpool name should be visible (rpool-150ed here), so enter in the Genkernel shell:
|
98
|
-
|
99
|
-
> shell
|
100
|
-
zpool import -f -N -R /tmp rpool-150ed
|
101
|
-
zpool export -a
|
102
|
-
|
103
|
-
Then, just reboot now, it's all.
|
104
|
-
|
105
|
-
*INFO*: To create the zpool, getch use the 5 fist characters from the `partuuid`, just replace `sdX` by your real device:
|
106
|
-
|
107
|
-
# ls -l /dev/disk/by-partuuid/ | grep sdX4
|
108
|
-
-> 150ed969...
|
109
|
-
|
110
|
-
The pool will be called `rpool-150ed`.
|
111
|
-
|
112
105
|
#### ZFS for Void Linux - Enable the boot pool
|
113
106
|
You have some extras step to do after booting to enable the boot pool, you need this pool when you update your system. It's used mainly by Grub and Dracut.
|
114
107
|
By default, your /boot is empty because your boot pool is not imported...
|
115
108
|
|
116
|
-
# zpool import -N
|
117
|
-
# zfs mount
|
109
|
+
# zpool import -f -d /dev/disk/by-id -N bpool-150ed
|
110
|
+
# zfs mount bpool-150ed/BOOT/void
|
118
111
|
# ls /boot
|
119
112
|
|
120
113
|
You should see something in the boot (initramfs, vmlinuz).. Recreate the initramfs.
|
121
114
|
|
122
115
|
# xbps-reconfigure -fa
|
123
116
|
|
124
|
-
|
117
|
+
Make the `bpool` available at the boot:
|
125
118
|
|
126
|
-
# zfs set
|
127
|
-
# echo "bpool150ed/BOOT/void /boot zfs defaults 0 0" >> /etc/fstab
|
128
|
-
# mount /boot
|
119
|
+
# zfs set canmount=on bpool-150ed/BOOT/void
|
129
120
|
|
130
|
-
|
121
|
+
And reboot, the `/boot` partition should be mounted automatically after that.
|
131
122
|
|
132
123
|
#### ZFS Encrypted with Void
|
133
124
|
Well, another weird issue, the first time you boot on your encrypted pool, nothing append. Dracut try to mount inexistent device. Just wait for enter in the shell:
|
data/assets/system.conf
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# Disable SysReq
|
2
|
+
kernel.sysrq = 0
|
3
|
+
|
4
|
+
# No core dump of executable setuid
|
5
|
+
fs.suid_dumpable = 0
|
6
|
+
|
7
|
+
# Prohibit unreferencing links to files
|
8
|
+
fs.protected_symlinks = 1
|
9
|
+
fs.protected_hardlinks = 1
|
10
|
+
|
11
|
+
# Activate ASLR
|
12
|
+
kernel.randomize_va_space = 2
|
13
|
+
|
14
|
+
# Prohibit mapping of memory in low addresses (0)
|
15
|
+
vm.mmap_min_addr = 65536
|
16
|
+
|
17
|
+
# Larger choice space for PID values
|
18
|
+
kernel.pid_max = 65536
|
19
|
+
|
20
|
+
# Obfuscation of addresses memory kernel
|
21
|
+
kernel.kptr_restrict = 1
|
22
|
+
|
23
|
+
# Access restriction to the dmesg buffer
|
24
|
+
kernel.dmesg_restrict = 1
|
25
|
+
|
26
|
+
# Restricts the use of the perf system
|
27
|
+
kernel.perf_event_paranoid = 2
|
28
|
+
kernel.perf_event_max_sample_rate = 1
|
29
|
+
kernel.perf_cpu_time_max_percent = 1
|
30
|
+
|
31
|
+
# Avoid non-ancestor ptrace access to running processes and their credentials.
|
32
|
+
kernel.yama.ptrace_scope = 1
|
33
|
+
|
34
|
+
# Disable User Namespaces
|
35
|
+
user.max_user_namespaces = 0
|
36
|
+
|
37
|
+
# Turn off unprivileged eBPF access.
|
38
|
+
kernel.unprivileged_bpf_disabled = 1
|
data/lib/cmdline.rb
ADDED
@@ -0,0 +1,128 @@
|
|
1
|
+
module CmdLine
|
2
|
+
def echo(path, content, mode = 0700)
|
3
|
+
f = File.new path, 'w'
|
4
|
+
f.write "#{content}\n"
|
5
|
+
f.chmod mode
|
6
|
+
f.close
|
7
|
+
end
|
8
|
+
|
9
|
+
class Kernel
|
10
|
+
include CmdLine
|
11
|
+
|
12
|
+
# man kernel-install
|
13
|
+
# use /etc/kernel/cmdline by default
|
14
|
+
def initialize(arg)
|
15
|
+
@dir = arg[:workdir]
|
16
|
+
@file = "#{@dir}/cmdline"
|
17
|
+
@line = ''
|
18
|
+
end
|
19
|
+
|
20
|
+
def main
|
21
|
+
puts ' > Generate cmdline for Kernel...'
|
22
|
+
cpu_mitigations
|
23
|
+
distrust_cpu
|
24
|
+
kernel_hardening
|
25
|
+
quiet
|
26
|
+
|
27
|
+
puts " >> Writing cmdline to #{@file}..."
|
28
|
+
echo @file, "#{@line}\n", 0644
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def cpu_mitigations
|
34
|
+
@line << 'mds=full,nosmt'
|
35
|
+
@line << ' l1tf=full,force'
|
36
|
+
@line << ' kvm.nx_huge_pages=force'
|
37
|
+
end
|
38
|
+
|
39
|
+
def distrust_cpu
|
40
|
+
@line << ' random.trust_cpu=off'
|
41
|
+
end
|
42
|
+
|
43
|
+
def kernel_hardening
|
44
|
+
@line << ' slab_nomerge'
|
45
|
+
@line << ' slub_debug=FZ'
|
46
|
+
@line << ' init_on_alloc=1 init_on_free=1'
|
47
|
+
@line << ' mce=0'
|
48
|
+
@line << ' pti=on'
|
49
|
+
@line << ' vsyscall=none'
|
50
|
+
@line << ' page_alloc.shuffle=1'
|
51
|
+
@line << ' debugfs=off'
|
52
|
+
end
|
53
|
+
|
54
|
+
def quiet
|
55
|
+
@line << ' quiet loglevel=0'
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
class Grub
|
60
|
+
include CmdLine
|
61
|
+
|
62
|
+
def initialize(arg)
|
63
|
+
@conf = arg[:workdir]
|
64
|
+
@default_alias = 'GRUB_CMDLINE_LINUX_DEFAULT'
|
65
|
+
@cmd_alias = 'GRUB_CMDLINE_LINUX'
|
66
|
+
end
|
67
|
+
|
68
|
+
def main
|
69
|
+
puts ' > Generate cmdline for Grub...'
|
70
|
+
cpu_mitigations
|
71
|
+
distrust_cpu
|
72
|
+
kernel_hardening
|
73
|
+
quiet
|
74
|
+
end
|
75
|
+
|
76
|
+
private
|
77
|
+
|
78
|
+
def cpu_mitigations
|
79
|
+
lines = []
|
80
|
+
lines << add_linux('mds=full,nosmt')
|
81
|
+
lines << add_linux('l1tf=full,force')
|
82
|
+
lines << add_linux('kvm.nx_huge_pages=force')
|
83
|
+
|
84
|
+
puts " >> Writing to #{@conf}/40_cpu_mitigations.cfg"
|
85
|
+
echo "#{@conf}/40_cpu_mitigations.cfg", lines.join("\n"), 0755
|
86
|
+
end
|
87
|
+
|
88
|
+
def distrust_cpu
|
89
|
+
lines = []
|
90
|
+
lines << add_linux('random.trust_cpu=off')
|
91
|
+
|
92
|
+
puts " >> Writing to #{@conf}/40_distrust_cpu.cfg"
|
93
|
+
echo "#{@conf}/40_distrust_cpu.cfg", lines.join("\n"), 0755
|
94
|
+
end
|
95
|
+
|
96
|
+
def kernel_hardening
|
97
|
+
lines = []
|
98
|
+
lines << add_linux('slab_nomerge')
|
99
|
+
lines << add_linux('slub_debug=FZ')
|
100
|
+
lines << add_linux('init_on_alloc=1 init_on_free=1')
|
101
|
+
lines << add_linux('mce=0')
|
102
|
+
lines << add_linux('pti=on')
|
103
|
+
lines << add_linux('vsyscall=none')
|
104
|
+
lines << add_linux('page_alloc.shuffle=1')
|
105
|
+
lines << add_linux('debugfs=off')
|
106
|
+
|
107
|
+
puts " >> Writing to #{@conf}/40_kernel_hardening.cfg"
|
108
|
+
echo "#{@conf}/40_kernel_hardening.cfg", lines.join("\n"), 0755
|
109
|
+
end
|
110
|
+
|
111
|
+
def quiet
|
112
|
+
lines = []
|
113
|
+
lines << "#{@default_alias}=\"$(echo \"$#{@default_alias}\" | LANG=C str_replace \"quiet\" \"\")\""
|
114
|
+
lines << add_linux_default('quiet loglevel=0')
|
115
|
+
|
116
|
+
puts " >> Writing to #{@conf}/41_quiet.cfg"
|
117
|
+
echo "#{@conf}/41_quiet.cfg", lines.join("\n"), 0755
|
118
|
+
end
|
119
|
+
|
120
|
+
def add_linux(arg)
|
121
|
+
"#{@cmd_alias}=\"$#{@cmd_alias} #{arg}\""
|
122
|
+
end
|
123
|
+
|
124
|
+
def add_linux_default(arg)
|
125
|
+
"#{@default_alias}=\"$#{@default_alias} #{arg}\""
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
data/lib/getch/command.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'open3'
|
2
4
|
|
3
5
|
module Getch
|
@@ -9,7 +11,7 @@ module Getch
|
|
9
11
|
end
|
10
12
|
|
11
13
|
def run!
|
12
|
-
@log.info
|
14
|
+
@log.info 'Running command: ' + @cmd.gsub(/\"/, '')
|
13
15
|
|
14
16
|
Open3.popen3(@cmd) do |stdin, stdout, stderr, wait_thr|
|
15
17
|
stdin.close_write
|
@@ -18,7 +20,7 @@ module Getch
|
|
18
20
|
# only stderr
|
19
21
|
begin
|
20
22
|
@log.debug stderr.readline until stderr.eof.nil?
|
21
|
-
rescue
|
23
|
+
rescue
|
22
24
|
end
|
23
25
|
|
24
26
|
begin
|
@@ -61,7 +63,7 @@ module Getch
|
|
61
63
|
data = f.read_nonblock(@block_size)
|
62
64
|
puts data if OPTIONS[:verbose]
|
63
65
|
rescue EOFError
|
64
|
-
puts
|
66
|
+
puts
|
65
67
|
rescue => e
|
66
68
|
puts "Fatal - #{e}"
|
67
69
|
end
|
@@ -79,13 +81,13 @@ module Getch
|
|
79
81
|
|
80
82
|
def run!
|
81
83
|
@log.info "Running emerge: #{@cmd}"
|
82
|
-
system(
|
84
|
+
system('chroot', @gentoo, '/bin/bash', '-c', "source /etc/profile && #{@cmd}")
|
83
85
|
read_exit
|
84
86
|
end
|
85
87
|
|
86
88
|
def pkg!
|
87
89
|
@log.info "Running emerge pkg: #{@cmd}"
|
88
|
-
system(
|
90
|
+
system('chroot', @gentoo, '/bin/bash', '-c', "source /etc/profile && emerge --changed-use #{@cmd}")
|
89
91
|
read_exit
|
90
92
|
end
|
91
93
|
|
@@ -113,10 +115,8 @@ module Getch
|
|
113
115
|
&& env-update \
|
114
116
|
&& cd /usr/src/linux \
|
115
117
|
&& #{@cmd}\""
|
116
|
-
Open3.popen2e(cmd) do |
|
117
|
-
|
118
|
-
puts line
|
119
|
-
end
|
118
|
+
Open3.popen2e(cmd) do |_, stdout_err, wait_thr|
|
119
|
+
stdout_err.each { |l| puts l }
|
120
120
|
|
121
121
|
exit_status = wait_thr.value
|
122
122
|
unless exit_status.success?
|
@@ -129,23 +129,21 @@ module Getch
|
|
129
129
|
|
130
130
|
class Bask
|
131
131
|
def initialize(cmd)
|
132
|
-
@gentoo = MOUNTPOINT
|
133
132
|
@cmd = cmd
|
134
133
|
@log = Getch::Log.new
|
135
|
-
@version =
|
134
|
+
@version = '0.6'
|
135
|
+
@config = "#{MOUNTPOINT}/etc/kernel/config.d"
|
136
|
+
download_bask unless Dir.exist? "#{MOUNTPOINT}/root/bask-#{@version}"
|
136
137
|
end
|
137
138
|
|
138
139
|
def run!
|
139
|
-
download_bask if ! Dir.exist? "#{MOUNTPOINT}/root/bask-#{@version}"
|
140
140
|
@log.info "Running Bask: #{@cmd}"
|
141
|
-
cmd = "chroot #{
|
141
|
+
cmd = "chroot #{MOUNTPOINT} /bin/bash -c \"source /etc/profile \
|
142
142
|
&& env-update \
|
143
143
|
&& cd /root/bask-#{@version} \
|
144
144
|
&& ./bask.sh #{@cmd} -k /usr/src/linux\""
|
145
|
-
Open3.popen2e(cmd) do |
|
146
|
-
|
147
|
-
puts line
|
148
|
-
end
|
145
|
+
Open3.popen2e(cmd) do |_, stdout_err, wait_thr|
|
146
|
+
stdout_err.each { |l| puts l }
|
149
147
|
|
150
148
|
exit_status = wait_thr.value
|
151
149
|
unless exit_status.success?
|
@@ -155,15 +153,27 @@ module Getch
|
|
155
153
|
end
|
156
154
|
end
|
157
155
|
|
158
|
-
|
156
|
+
def cp
|
157
|
+
Helpers.mkdir @config
|
158
|
+
Helpers.cp(
|
159
|
+
"#{MOUNTPOINT}/root/bask-#{@version}/config.d/#{@cmd}",
|
160
|
+
"#{@config}/#{@cmd}"
|
161
|
+
)
|
162
|
+
end
|
163
|
+
|
164
|
+
def add(content)
|
165
|
+
Helpers.add_file "#{@config}/#{@cmd}", content
|
166
|
+
end
|
167
|
+
|
168
|
+
private
|
159
169
|
|
160
170
|
def download_bask
|
161
|
-
@log.info
|
162
|
-
url = "https://github.com/szorfein/bask/archive/
|
171
|
+
@log.info 'Installing Bask...'
|
172
|
+
url = "https://github.com/szorfein/bask/archive/refs/tags/#{@version}.tar.gz"
|
163
173
|
file = "bask-#{@version}.tar.gz"
|
164
174
|
|
165
175
|
Dir.chdir("#{MOUNTPOINT}/root")
|
166
|
-
Helpers
|
176
|
+
Helpers.get_file_online(url, file)
|
167
177
|
Getch::Command.new("tar xzf #{file}").run!
|
168
178
|
end
|
169
179
|
end
|
data/lib/getch/config/gentoo.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module Config
|
3
5
|
class Gentoo
|
@@ -8,15 +10,14 @@ module Getch
|
|
8
10
|
def ethernet
|
9
11
|
conf = "#{@systemd_net_dir}/network/20-ethernet.network"
|
10
12
|
datas = [
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
"",
|
13
|
+
'[Match]',
|
14
|
+
'Name=en*',
|
15
|
+
'Name=eth*',
|
16
|
+
'[Network]',
|
17
|
+
'DHCP=yes',
|
18
|
+
'IPv6PrivacyExtensions=yes',
|
19
|
+
'[DHCP]',
|
20
|
+
'RouteMetric=512',
|
20
21
|
]
|
21
22
|
File.write(conf, datas.join("\n"), mode: 'w')
|
22
23
|
end
|
@@ -24,15 +25,14 @@ module Getch
|
|
24
25
|
def wifi
|
25
26
|
conf = "#{@systemd_net_dir}/network/20-wireless.network"
|
26
27
|
datas = [
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
"",
|
28
|
+
'[Match]',
|
29
|
+
'Name=wlp*',
|
30
|
+
'Name=wlan*',
|
31
|
+
'[Network]',
|
32
|
+
'DHCP=yes',
|
33
|
+
'IPv6PrivacyExtensions=yes',
|
34
|
+
'[DHCP]',
|
35
|
+
'RouteMetric=1024',
|
36
36
|
]
|
37
37
|
File.write(conf, datas.join("\n"), mode: 'w')
|
38
38
|
end
|
@@ -40,12 +40,11 @@ module Getch
|
|
40
40
|
def dns
|
41
41
|
conf = "#{@systemd_net_dir}/resolved.conf.d/dns_over_tls.conf"
|
42
42
|
datas = [
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
"",
|
43
|
+
'[Resolve]',
|
44
|
+
'DNS=9.9.9.9#dns.quad9.net',
|
45
|
+
'DNSOverTLS=yes',
|
47
46
|
]
|
48
|
-
Helpers
|
47
|
+
Helpers.create_dir("#{@systemd_net_dir}/resolved.conf.d")
|
49
48
|
File.write(conf, datas.join("\n"), mode: 'w')
|
50
49
|
|
51
50
|
Getch::Chroot.new('systemctl enable systemd-networkd').run!
|
data/lib/getch/config/void.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
|
1
|
+
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Getch
|
4
4
|
module Config
|
@@ -6,7 +6,7 @@ module Getch
|
|
6
6
|
include Helpers::Void
|
7
7
|
|
8
8
|
def initialize
|
9
|
-
@service_dir =
|
9
|
+
@service_dir = '/etc/runit/runsvdir/default/'
|
10
10
|
end
|
11
11
|
|
12
12
|
# Enable dhcpcd service
|
@@ -19,10 +19,9 @@ module Getch
|
|
19
19
|
def dns
|
20
20
|
conf = "#{MOUNTPOINT}/etc/resolv.conf"
|
21
21
|
content = [
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
"",
|
22
|
+
'nameserver 9.9.9.9',
|
23
|
+
'nameserver 2620:fe::fe',
|
24
|
+
'options rotate',
|
26
25
|
]
|
27
26
|
File.write(conf, content.join("\n"), mode: 'w', chmod: 0644)
|
28
27
|
end
|
@@ -31,9 +30,8 @@ module Getch
|
|
31
30
|
def wifi
|
32
31
|
conf = "#{MOUNTPOINT}/etc/iwd/main.conf"
|
33
32
|
content = [
|
34
|
-
|
35
|
-
|
36
|
-
"",
|
33
|
+
'[General]',
|
34
|
+
'UseDefaultInterface=true',
|
37
35
|
]
|
38
36
|
File.write(conf, content.join("\n"), mode: 'a', chmod: 0644)
|
39
37
|
# Enabling dbus and iwd
|
@@ -42,7 +40,7 @@ module Getch
|
|
42
40
|
end
|
43
41
|
|
44
42
|
def shell
|
45
|
-
command
|
43
|
+
command 'chsh -s /bin/bash'
|
46
44
|
end
|
47
45
|
end
|
48
46
|
end
|
data/lib/getch/config.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require_relative 'config/gentoo'
|
2
4
|
require_relative 'config/void'
|
3
5
|
|
@@ -30,8 +32,9 @@ module Getch
|
|
30
32
|
pwd = File.expand_path(File.dirname(__FILE__))
|
31
33
|
dest = "#{Getch::MOUNTPOINT}/etc/sysctl.d/"
|
32
34
|
|
33
|
-
Helpers
|
34
|
-
Helpers
|
35
|
+
Helpers.mkdir dest
|
36
|
+
Helpers.cp("#{pwd}/../../assets/network-stack.conf", dest)
|
37
|
+
Helpers.cp("#{pwd}/../../assets/system.conf", dest)
|
35
38
|
end
|
36
39
|
|
37
40
|
def shell
|
@@ -2,24 +2,24 @@ module Getch
|
|
2
2
|
module FileSystem
|
3
3
|
module Clean
|
4
4
|
def self.clean_hdd(disk)
|
5
|
-
return
|
5
|
+
return unless disk
|
6
6
|
raise ArgumentError, "Disk #{disk} is no found." if ! File.exist? "/dev/#{disk}"
|
7
|
+
|
7
8
|
puts
|
8
9
|
print "Cleaning data on #{disk}, can be long, avoid this on Flash Memory (SSD,USB,...) ? [y,N] "
|
9
10
|
case gets.chomp
|
10
11
|
when /^y|^Y/
|
11
12
|
bloc=`blockdev --getbsz /dev/#{disk}`.chomp
|
12
|
-
Helpers
|
13
|
-
else
|
14
|
-
return
|
13
|
+
Helpers.sys("dd if=/dev/urandom of=/dev/#{disk} bs=#{bloc} status=progress")
|
15
14
|
end
|
16
15
|
end
|
17
16
|
|
18
17
|
def self.clean_struct(disk)
|
19
|
-
return
|
20
|
-
raise ArgumentError, "Disk #{disk} is no found."
|
21
|
-
|
22
|
-
Helpers
|
18
|
+
return unless disk
|
19
|
+
raise ArgumentError, "Disk #{disk} is no found." unless File.exist? "/dev/#{disk}"
|
20
|
+
|
21
|
+
Helpers.sys("sgdisk -Z /dev/#{disk}")
|
22
|
+
Helpers.sys("wipefs -a /dev/#{disk}")
|
23
23
|
end
|
24
24
|
|
25
25
|
def self.hdd(*disks)
|
@@ -34,23 +34,23 @@ module Getch
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def self.external_disk(root_disk, *disks)
|
37
|
-
disks.each
|
38
|
-
unless d && d !=
|
37
|
+
disks.each do |d|
|
38
|
+
unless d && d != '' && d != nil && d == root_disk
|
39
39
|
hdd(d)
|
40
40
|
end
|
41
|
-
|
41
|
+
end
|
42
42
|
end
|
43
43
|
|
44
44
|
def self.old_vg(disk, vg)
|
45
45
|
oldvg = `vgdisplay | grep #{vg}`.chomp
|
46
|
-
Helpers
|
47
|
-
Helpers
|
46
|
+
Helpers.sys("vgremove -f #{vg}") if oldvg != ''
|
47
|
+
Helpers.sys("pvremove -f #{disk}") if oldvg != '' and File.exist? disk
|
48
48
|
end
|
49
49
|
|
50
50
|
def self.old_zpool
|
51
51
|
oldzpool = `zpool status | grep pool:`.gsub(/pool: /, '').delete(' ').split("\n")
|
52
|
-
if oldzpool[0] !=
|
53
|
-
oldzpool.each { |p| Helpers
|
52
|
+
if oldzpool[0] != '' and $?.success?
|
53
|
+
oldzpool.each { |p| Helpers.sys("zpool destroy #{p}") if p }
|
54
54
|
end
|
55
55
|
end
|
56
56
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Getch
|
2
4
|
module FileSystem
|
3
5
|
module Ext4
|
@@ -16,7 +18,8 @@ module Getch
|
|
16
18
|
end
|
17
19
|
|
18
20
|
def systemd_boot
|
19
|
-
return
|
21
|
+
return unless Helpers.efi?
|
22
|
+
|
20
23
|
esp = '/efi'
|
21
24
|
dir = "#{@root_dir}/#{esp}/loader/entries/"
|
22
25
|
datas_gentoo = [
|
@@ -28,7 +31,8 @@ module Getch
|
|
28
31
|
end
|
29
32
|
|
30
33
|
def grub
|
31
|
-
return if Helpers
|
34
|
+
return if Helpers.efi?
|
35
|
+
|
32
36
|
file = "#{@root_dir}/etc/default/grub"
|
33
37
|
cmdline = "GRUB_CMDLINE_LINUX=\"resume=PARTUUID=#{@partuuid_swap} root=PARTUUID=#{@partuuid_root} init=#{@init} rw slub_debug=P page_poison=1 slab_nomerge pti=on vsyscall=none spectre_v2=on spec_store_bypass_disable=seccomp iommu=force\"\n"
|
34
38
|
File.write(file, cmdline, mode: 'a')
|
@@ -37,8 +41,8 @@ module Getch
|
|
37
41
|
private
|
38
42
|
|
39
43
|
def gen_uuid
|
40
|
-
@partuuid_root = Helpers
|
41
|
-
@partuuid_swap = Helpers
|
44
|
+
@partuuid_root = Helpers.partuuid(@dev_root)
|
45
|
+
@partuuid_swap = Helpers.partuuid(@dev_swap)
|
42
46
|
@uuid_root = `lsblk -o "UUID" #{@dev_root} | tail -1`.chomp() if @dev_root
|
43
47
|
@uuid_esp = `lsblk -o "UUID" #{@dev_esp} | tail -1`.chomp() if @dev_esp
|
44
48
|
@uuid_home = `lsblk -o "UUID" #{@dev_home} | tail -1`.chomp() if @dev_home
|