blob: aa857be37d67be4f5076ee054312b74d6ee4a47a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#!/usr/bin/env bash
set -eu
set -o pipefail
host="${1:-partofme}"
conf_location="/usr/local/share/puppet-tozt"
conf_repo="git://github.com/doy/puppet-tozt"
ssh_opts="-o ControlMaster=auto -o ControlPath=~/.ssh/puppet-tozt-%r-%h-%p -o ControlPersist=5"
run() {
# shellcheck disable=SC2086,SC2029
ssh $ssh_opts root@"$host" "$@"
}
copy() {
# shellcheck disable=SC2086,SC2029
scp -r $ssh_opts "$1" root@"$host":"$2"
}
# configure the mdadm arrays
run "echo 'ARRAY /dev/md2 metadata=0.90 UUID=6bf2e365:10a7910f:52419904:51489ef3' >> /etc/mdadm.conf"
# detect the persistent disks properly on boot
run "sed -i 's/^HOOKS=(base udev.*block /&mdadm encrypt lvm2 /' /etc/mkinitcpio.conf"
# ensure we have the latest linux version, otherwise wireguard will fail to
# build and install the correct kernel modules
run "pacman -Syu --noconfirm"
# reboot to get our disks detected and to make sure we're actually running the
# latest kernel, or else loading the wireguard modules will fail
# suppress errors here because typically sshd will drop your connection before
# the reboot command gets a chance to return successfully
run "reboot" || true
while ! run true; do
sleep 5
done
run "pacman -S --noconfirm git puppet ruby-shadow"
run "mkdir -p '$conf_location'"
run "cd '$conf_location' && git clone '$conf_repo' ."
run "cd '$conf_location' && git submodule update --init --recursive"
copy /mnt/puppet/partofme/ /usr/local/share/puppet-tozt/modules/secret/files
run "cd '$conf_location' && puppet apply --modulepath=./modules manifests"
echo "Done"
|
