From b40c5e069908fb0c343422ae7d9b2cd6ee1f7217 Mon Sep 17 00:00:00 2001 From: terem42 <9478806+terem42@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:31:31 +0200 Subject: [PATCH 1/3] Fix dropbear setup (#60) fix dropbear across Ubuntu and Debian variants --- hetzner-debian10-zfs-setup.sh | 7 ++++--- hetzner-debian11-zfs-setup.sh | 3 ++- hetzner-debian12-zfs-setup.sh | 15 +++++++++------ hetzner-ubuntu18-zfs-setup.sh | 23 ++++++++++++----------- hetzner-ubuntu20-zfs-setup.sh | 3 ++- hetzner-ubuntu22-zfs-setup.sh | 3 ++- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/hetzner-debian10-zfs-setup.sh b/hetzner-debian10-zfs-setup.sh index 9590c0a..cb427e9 100644 --- a/hetzner-debian10-zfs-setup.sh +++ b/hetzner-debian10-zfs-setup.sh @@ -769,7 +769,8 @@ if [[ $v_encrypt_rpool == "1" ]]; then echo "=========set up dropbear==============" chroot_execute "apt install --yes dropbear-initramfs" - + + mkdir -p "$c_zfs_mount_dir/etc/dropbear-initramfs" cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear-initramfs/authorized_keys" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" @@ -796,7 +797,7 @@ CONF echo "========running packages upgrade===========" chroot_execute "apt upgrade --yes" -chroot_execute "apt autoremove --yes" +chroot_execute "apt purge cryptsetup* --yes" echo "===========add static route to initramfs via hook to add default routes for Hetzner due to Debian/Ubuntu initramfs DHCP bug =========" mkdir -p "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount" @@ -829,7 +830,7 @@ auto lo iface lo inet loopback iface lo inet6 loopback -auto eth0 +allow-hotplug eth0 iface eth0 inet dhcp iface eth0 inet6 dhcp CONF diff --git a/hetzner-debian11-zfs-setup.sh b/hetzner-debian11-zfs-setup.sh index cb19010..db20137 100644 --- a/hetzner-debian11-zfs-setup.sh +++ b/hetzner-debian11-zfs-setup.sh @@ -774,7 +774,7 @@ if [[ $v_encrypt_rpool == "1" ]]; then echo "=========set up dropbear==============" chroot_execute "apt install --yes dropbear-initramfs" - + cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear-initramfs/authorized_keys" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" @@ -801,6 +801,7 @@ CONF echo "========running packages upgrade===========" chroot_execute "apt upgrade --yes" +chroot_execute "apt purge cryptsetup* --yes" echo "===========add static route to initramfs via hook to add default routes for Hetzner due to Debian/Ubuntu initramfs DHCP bug =========" mkdir -p "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount" diff --git a/hetzner-debian12-zfs-setup.sh b/hetzner-debian12-zfs-setup.sh index 2d5b3b9..955786b 100644 --- a/hetzner-debian12-zfs-setup.sh +++ b/hetzner-debian12-zfs-setup.sh @@ -773,21 +773,22 @@ if [[ $v_encrypt_rpool == "1" ]]; then echo "=========set up dropbear==============" chroot_execute "apt install --yes dropbear-initramfs" - - cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear-initramfs/authorized_keys" + + mkdir -p "$c_zfs_mount_dir/etc/dropbear/initramfs" + cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear/initramfs/authorized_keys" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" chroot_execute "ssh-keygen -p -i -m pem -N '' -f /etc/ssh/ssh_host_rsa_key_temp" - chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key_temp /etc/dropbear-initramfs/dropbear_rsa_host_key" + chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key_temp /etc/dropbear/initramfs/dropbear_rsa_host_key" rm -rf "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_ecdsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_ecdsa_key_temp" chroot_execute "ssh-keygen -p -i -m pem -N '' -f /etc/ssh/ssh_host_ecdsa_key_temp" - chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key_temp /etc/dropbear-initramfs/dropbear_ecdsa_host_key" + chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key_temp /etc/dropbear/initramfs/dropbear_ecdsa_host_key" chroot_execute "rm -rf /etc/ssh/ssh_host_ecdsa_key_temp" rm -rf "$c_zfs_mount_dir/etc/ssh/ssh_host_ecdsa_key_temp" - rm -rf "$c_zfs_mount_dir/etc/dropbear-initramfs/dropbear_dss_host_key" + rm -rf "$c_zfs_mount_dir/etc/dropbear/initramfs/dropbear_dss_host_key" fi echo "============setup root prompt============" @@ -804,7 +805,7 @@ cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/root/.ssh/authorized_keys" echo "========running packages upgrade and autoremove===========" chroot_execute "apt upgrade --yes" -chroot_execute "apt autoremove --yes" +chroot_execute "apt purge cryptsetup* --yes" echo "===========add static route to initramfs via hook to add default routes for Hetzner due to Debian/Ubuntu initramfs DHCP bug =========" mkdir -p "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount" @@ -839,6 +840,8 @@ chmod 755 "$c_zfs_mount_dir/etc/network/interfaces" echo "======= update initramfs ==========" chroot_execute "update-initramfs -u -k all" +chroot_execute "apt remove cryptsetup* --yes" + echo "======= update grub ==========" chroot_execute "update-grub" diff --git a/hetzner-ubuntu18-zfs-setup.sh b/hetzner-ubuntu18-zfs-setup.sh index 57b7a34..e1c4a85 100644 --- a/hetzner-ubuntu18-zfs-setup.sh +++ b/hetzner-ubuntu18-zfs-setup.sh @@ -770,17 +770,17 @@ if [[ $v_encrypt_rpool == "1" ]]; then rm -rf "$c_zfs_mount_dir/etc/dropbear-initramfs/dropbear_dss_host_key" - cd "$c_zfs_mount_dir/root" - wget http://ftp.de.debian.org/debian/pool/main/libt/libtommath/libtommath1_1.1.0-3_amd64.deb - wget http://ftp.de.debian.org/debian/pool/main/d/dropbear/dropbear-bin_2018.76-5_amd64.deb - wget http://ftp.de.debian.org/debian/pool/main/d/dropbear/dropbear-initramfs_2018.76-5_all.deb + #cd "$c_zfs_mount_dir/root" + #wget http://ftp.de.debian.org/debian/pool/main/libt/libtommath/libtommath1_1.1.0-3_amd64.deb + #wget http://ftp.de.debian.org/debian/pool/main/d/dropbear/dropbear-bin_2018.76-5_amd64.deb + #wget http://ftp.de.debian.org/debian/pool/main/d/dropbear/dropbear-initramfs_2018.76-5_all.deb - chroot_execute "dpkg -i /root/libtommath1_1.1.0-3_amd64.deb" - chroot_execute "dpkg -i /root/dropbear-bin_2018.76-5_amd64.deb" - chroot_execute "dpkg -i /root/dropbear-initramfs_2018.76-5_all.deb" + #chroot_execute "dpkg -i /root/libtommath1_1.1.0-3_amd64.deb" + #chroot_execute "dpkg -i /root/dropbear-bin_2018.76-5_amd64.deb" + #chroot_execute "dpkg -i /root/dropbear-initramfs_2018.76-5_all.deb" - rm $c_zfs_mount_dir/root/*.deb - cd /root + #rm $c_zfs_mount_dir/root/*.deb + #cd /root fi echo "============setup root prompt============" @@ -793,6 +793,7 @@ CONF echo "========running packages upgrade===========" chroot_execute "apt upgrade --yes" +chroot_execute "apt purge cryptsetup* --yes" echo "===========add static route to initramfs via hook to add default routes due to Ubuntu initramfs DHCP bug =========" mkdir -p "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount" @@ -816,8 +817,8 @@ esac configure_networking -ip route add 172.31.1.1/255.255.255.255 dev ens3 -ip route add default via 172.31.1.1 dev ens3 +ip route add 172.31.1.1/255.255.255.255 dev eth0 +ip route add default via 172.31.1.1 dev eth0 CONF chmod 755 "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount/static-route" diff --git a/hetzner-ubuntu20-zfs-setup.sh b/hetzner-ubuntu20-zfs-setup.sh index 5f3bed4..b77d2f3 100644 --- a/hetzner-ubuntu20-zfs-setup.sh +++ b/hetzner-ubuntu20-zfs-setup.sh @@ -755,7 +755,7 @@ done if [[ $v_encrypt_rpool == "1" ]]; then echo "=========set up dropbear==============" chroot_execute "apt install --yes dropbear-initramfs" - + cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear-initramfs/authorized_keys" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" @@ -794,6 +794,7 @@ CONF echo "========running packages upgrade===========" chroot_execute "apt upgrade --yes" +chroot_execute "apt purge cryptsetup* --yes" echo "===========add static route to initramfs via hook to add default routes due to Ubuntu initramfs DHCP bug =========" mkdir -p "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount" diff --git a/hetzner-ubuntu22-zfs-setup.sh b/hetzner-ubuntu22-zfs-setup.sh index d04dd09..1426a87 100644 --- a/hetzner-ubuntu22-zfs-setup.sh +++ b/hetzner-ubuntu22-zfs-setup.sh @@ -754,7 +754,7 @@ done if [[ $v_encrypt_rpool == "1" ]]; then echo "=========set up dropbear==============" - chroot_execute "apt install --yes dropbear-initramfs" + chroot_execute "apt install --yes dropbear-initramfs" cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear-initramfs/authorized_keys" @@ -794,6 +794,7 @@ CONF echo "========running packages upgrade===========" chroot_execute "apt upgrade --yes" +chroot_execute "apt purge cryptsetup* --yes" echo "===========add static route to initramfs via hook to add default routes due to Ubuntu initramfs DHCP bug =========" mkdir -p "$c_zfs_mount_dir/usr/share/initramfs-tools/scripts/init-premount" From 6c015b895d4a9b83b93c19d09b550b3793e5967b Mon Sep 17 00:00:00 2001 From: terem42 <9478806+terem42@users.noreply.github.com> Date: Fri, 6 Oct 2023 20:32:34 +0200 Subject: [PATCH 2/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 92ca3e0..5b5b62c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![shellcheck](https://github.com/terem42/zfs-hetzner-vm/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/terem42/zfs-hetzner-vm/actions/workflows/shellcheck.yml) -Scripts to install Debian 11, 10 or Ubuntu 18 LTS, 20 LTS, 22 LTS with ZFS root on Hetzner root servers (virtual and dedicated).
+Scripts to install Debian 10, 11, 12 or Ubuntu 18 LTS, 20 LTS, 22 LTS with ZFS root on Hetzner root servers (virtual and dedicated).
__WARNING:__ all data on the disk will be destroyed. ## How to use: From 27bb8d83022883679147b1805870cd3715b35aad Mon Sep 17 00:00:00 2001 From: terem42 <9478806+terem42@users.noreply.github.com> Date: Fri, 6 Oct 2023 21:50:03 +0200 Subject: [PATCH 3/3] Update hetzner-ubuntu22-zfs-setup.sh --- hetzner-ubuntu22-zfs-setup.sh | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) diff --git a/hetzner-ubuntu22-zfs-setup.sh b/hetzner-ubuntu22-zfs-setup.sh index 1426a87..e40eed7 100644 --- a/hetzner-ubuntu22-zfs-setup.sh +++ b/hetzner-ubuntu22-zfs-setup.sh @@ -754,34 +754,23 @@ done if [[ $v_encrypt_rpool == "1" ]]; then echo "=========set up dropbear==============" - chroot_execute "apt install --yes dropbear-initramfs" - - cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear-initramfs/authorized_keys" + chroot_execute "apt install --yes dropbear-initramfs" + + mkdir -p "$c_zfs_mount_dir/etc/dropbear/initramfs" + cp /root/.ssh/authorized_keys "$c_zfs_mount_dir/etc/dropbear/initramfs/authorized_keys" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" chroot_execute "ssh-keygen -p -i -m pem -N '' -f /etc/ssh/ssh_host_rsa_key_temp" - chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key_temp /etc/dropbear-initramfs/dropbear_rsa_host_key" + chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key_temp /etc/dropbear/initramfs/dropbear_rsa_host_key" rm -rf "$c_zfs_mount_dir/etc/ssh/ssh_host_rsa_key_temp" cp "$c_zfs_mount_dir/etc/ssh/ssh_host_ecdsa_key" "$c_zfs_mount_dir/etc/ssh/ssh_host_ecdsa_key_temp" chroot_execute "ssh-keygen -p -i -m pem -N '' -f /etc/ssh/ssh_host_ecdsa_key_temp" - chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key_temp /etc/dropbear-initramfs/dropbear_ecdsa_host_key" + chroot_execute "/usr/lib/dropbear/dropbearconvert openssh dropbear /etc/ssh/ssh_host_ecdsa_key_temp /etc/dropbear/initramfs/dropbear_ecdsa_host_key" chroot_execute "rm -rf /etc/ssh/ssh_host_ecdsa_key_temp" rm -rf "$c_zfs_mount_dir/etc/ssh/ssh_host_ecdsa_key_temp" - rm -rf "$c_zfs_mount_dir/etc/dropbear-initramfs/dropbear_dss_host_key" - - cd "$c_zfs_mount_dir/root" - wget http://ftp.de.debian.org/debian/pool/main/libt/libtommath/libtommath1_1.2.0-6_amd64.deb - wget http://ftp.de.debian.org/debian/pool/main/d/dropbear/dropbear-bin_2020.81-3_amd64.deb - wget http://ftp.de.debian.org/debian/pool/main/d/dropbear/dropbear-initramfs_2020.81-3_all.deb - - chroot_execute "dpkg -i /root/libtommath1_1.2.0-6_amd64.deb" - chroot_execute "dpkg -i /root/dropbear-bin_2020.81-3_amd64.deb" - chroot_execute "dpkg -i /root/dropbear-initramfs_2020.81-3_all.deb" - - rm $c_zfs_mount_dir/root/*.deb - cd /root + rm -rf "$c_zfs_mount_dir/etc/dropbear/initramfs/dropbear_dss_host_key" fi echo "============setup root prompt============"