setup/clone/clone

#!/bin/bash

echo ">>> Loading configuration file";
source clone.conf;
echo "<<< done";


[ ! -e ./tmp -o ! -d ./tmp ] && mkdir ./tmp;
[ ! -e ./server -o ! -d ./server ] && mkdir ./server;
[ ! -e ./server/maintenance -o ! -d ./server/maintenance ] && mkdir ./server/maintenance;






# [!] Check parameter : device file
#========================================================#

echo ">>> [!] Checking parameter : device";
# (1) Check parameter existence #
test $# -lt 1 && echo "Missing parameter : device" && exit;

# (2) Check USB and not a hard drive !!!!!!!!!! #
device_type=$(udevadm info --query=all -n $1 | grep -E "ID_BUS" | awk '{print $2}' | sed 's/ID_BUS=//');

test $device_type != "usb" && echo ">>> ERROR: device type is $device_type, \"usb\" expected." && exit;

echo "<<< done";


DEV="$1";






# [1] Init device layout (gpt table)
#========================================================#
step1(){
	echo -e "\n>>> [1] Checking for mounted partitions ($DEV)";

	# (1) List partitions of this device #
	mounted_partitions=$( cat /proc/mounts | awk '{print $1}' | grep "$DEV" );

	# if nothing found -> next step
	test -z "$mounted_partitions" && echo "<<< done" && step2;

	for mounted in $mounted_partitions; do
		
		read -p "    (!) umount $mounted (y/n) [n]" unmount;

		test -n "$unmount" && test $unmount = "y" && sudo umount $mounted 2> /dev/null > /dev/null && echo "    > unmounted";
	done;
	echo "<<< done";

	step2;
}






# [2] Initialize GTP Table
#========================================================#
step2(){
	echo -e "\n>>> [2] Formatting disk ($DEV)";

	# (1) Confirmation #
	read -p"    (!) Erase the whole disk ? it is irreversible! (y/n) [n]" confirm_format;
	test -z "$confirm_format"   && echo "<<< aborting" && exit;
	test $confirm_format != "y" && echo "<<< aborting" && exit;

	# (2) Init gpt entry #
	echo -e "g\nw" | sudo fdisk $DEV 2> /dev/null > /dev/null;

	echo "<<< done";

	step3;
}







# [3] Burn image to device
#========================================================#
step3(){
	echo -e "\n>>> [3] Burning image into disk ($DEV)";

	# (1) Confirmation #
	read -p"    (!) Burn the whole disk ? it is irreversible! (y/n) [n]" confirm_burn;
	test -z "$confirm_burn"   && echo "<<< aborting" && exit;
	test $confirm_burn != "y" && echo "<<< aborting" && exit;

	# (2) Burning image into disk #
	( dd if=./original.img | pv -s $(du -bs ./original.img | awk '{print $1}') | sudo dd of=$DEV bs=4M ) \
		|| $( echo "<<< error: dd command failed" && exit );

	echo "<<< done";

	step4;
}






# [4] Mount partition
#========================================================#
step4(){
	echo -e "\n>>> [4] Mounting partition ${DEV}2";

	# [1] Mount device partition
	sudo mount ${DEV}2 /mnt || $( echo "<<< error: can't mount" && exit );

	echo "<<< done";

	step5;
}






# [5] Updating users
#========================================================#
step5(){
	echo -e "\n>>> [5] Updating users' structure";

	# (1) emulate `useradd sats` #
	echo "    (.) emulate \`useradd sats\`";
	echo "        - /etc/shadow";
	cat ./utility/shadow_append | sudo tee -a /mnt/etc/shadow  > /dev/null;
	cat ./utility/shadow_append | sudo tee -a /mnt/etc/shadow- > /dev/null;
	echo "        - /etc/passwd";
	cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd  > /dev/null;
	cat ./utility/passwd_append | sudo tee -a /mnt/etc/passwd- > /dev/null;

	# (2) Emulate `groupadd` then `usermod` #
	echo "    (.) emulate \`groupadd sats\`";
	echo "        - /etc/group";
	echo "    (.) emulate \`groupadd ssh-key\`";
	echo "        - /etc/group";
	echo "    (.) emulate \`usermod -a -G ssh-key,sats sats\`";
	echo "    (.) emulate \`usermod -a -G ssh-key pi\`";
	echo "        - /etc/group";
	cat ./utility/group_append | sudo tee -a /mnt/etc/group > /dev/null;
	cat ./utility/group_append | sudo tee -a /mnt/etc/group- > /dev/null;

	echo "<<< done":

	step6;
}







# [6] Manage SSH keys #
#========================================================#
step6(){
	echo -e "\n>>> [6] Manage ssh keys";

	# (1) Create ssh key pair #
	echo "    (.) Create ssh key [ecdsa:521]";
	ssh-keygen -t ecdsa -b 521 -C "[ECDSA:521] SATS" -f ./tmp/id_ecdsa -P "" 2> /dev/null > /dev/null;

	# (2) Add public key to server's `authorized_keys` file #
	echo "    (.) Add public key to server's list";
	test ! -e ./server/authorized_keys && touch ./server/authorized_keys;
	cat ./tmp/id_ecdsa.pub >> ./server/authorized_keys;

# (3) Create ssh file system #
	echo "    (.) Init ssh folder (/home/sats/.ssh)";
	sudo mkdir -p /mnt/home/sats/.ssh;
	

	# (4) Add both keys to sats files #
	echo "    (.) Add keys to ssh folder";
	sudo mv ./tmp/id_ecdsa /mnt/home/sats/.ssh/id_ecdsa;
	sudo mv ./tmp/id_ecdsa.pub /mnt/home/sats/.ssh/id_ecdsa.pub;


	# (5) Add maintenance keys #
	echo "    (.) Add maintenance keys (for 'pi' user)";
	sudo mkdir -p /mnt/home/pi/.ssh;
	sudo touch /mnt/home/pi/.ssh/authorized_keys;
	cat ./server/maintenance/*.pub | sudo tee /mnt/home/pi/.ssh/authorized_keys > /dev/null;

	# (6) Set up permissions #
	echo "    (.) Set up permissions";
	sudo chown -R 1000:1000 /mnt/home/pi/.ssh;
	sudo chmod 550 /mnt/home/pi/.ssh;
	sudo chmod 400 /mnt/home/pi/.ssh/authorized_keys;

	sudo chown -R 666:666 /mnt/home/sats/;
	sudo chmod 400 /mnt/home/sats/.ssh/*;

	# (7) Restrict access to pubkey only (no password) #
	echo "    (.) Restrict access to pubkey";
	cat ./utility/sshd_config_append | sudo tee -a /mnt/etc/ssh/sshd_config > /dev/null;

	# (8) Define config alias with ssh-key #
	echo "    (.) Define alias config";
	echo -e "Host\tsmmp-server\n\tHostname\t$SERVER_HOSTNAME\n\tUser\t$SERVER_USERNAME\n\tIdentityFile\t~/.ssh/id_ecdsa\n\tStrictHostKeyChecking\tno" | sudo tee /mnt/home/sats/.ssh/config > /dev/null;
	sudo chown 666:666 /mnt/home/sats/.ssh/config;
	sudo chmod 444 /mnt/home/sats/.ssh/config;
	


	echo "<<< done";

	step7;
}







# [7] Set up systemd services
#========================================================#
step7(){
	echo -e "\n>>> [7] Set up systemd background";


	# (1) Create link in order to be handled #
	echo "    (.) Emulate \`systemctl set-default multi-user.target\`";
	sudo ln -fs /lib/systemd/system/multi-user.target /mnt/etc/systemd/system/default.target;

	#echo "    (.) Set autologin for tty1.service";
	#sudo mkdir -pv /mnt/etc/systemd/system/getty@tty1.service.d;
	#sudo touch /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf; 
	#cat ./utility/autologin_overload.conf | sudo tee /mnt/etc/systemd/system/getty@tty1.service.d/autologin.conf > /dev/null;

	# (2) Install sats-boot service #
	echo "    (.) Create sats-boot service";
	echo "        - /lib/systemd/system";
	sudo cp ./utility/sats-boot.service /mnt/lib/systemd/system/sats-boot.service;

	echo "    (.) Create sats-boot script";
	if [ $LOCK_PI -eq 1 ]; then
		sudo cp ./utility/sats-boot /mnt/home/pi/sats-boot;
	else
		sudo cp ./utility/sats-boot_withoutlock /mnt/home/pi/sats-boot;
	fi;
	sudo chown 1000:1000 /mnt/home/pi/sats-boot;
	sudo chmod 770 /mnt/home/pi/sats-boot;

	echo "    (.) Emulate \`systemctl enable sats-boot\`";
	sudo ln -fs /lib/systemd/system/sats-boot.service /mnt/etc/systemd/system/multi-user.target.wants/sats-boot.service;
	


	echo "<<< done";

	step8;
}







# [8] Manage Network config
#========================================================#
step8(){
	echo -e "\n>>> [8] Set up WiFi configuration";

	echo -e "network={\n\tssid=\"$WIFI_SSID\"\n\tpsk=\"$WIFI_PASS\"\n}" | sudo tee -a /mnt/etc/wpa_supplicant/wpa_supplicant.conf > /dev/null;

	echo "<<< done";

	step9;
}






# [9] Set up SATS daemon
#========================================================#
step9(){

	echo -e "\n>>> [9] Set up SATS operating folder";


	# (1) Create operating folder #
	echo "    (.) Create operating folder";
	sudo mkdir -p /mnt/home/sats/satsd/source;
	sudo mkdir -p /mnt/home/sats/satsd/log;
	sudo mkdir -p /mnt/home/sats/satsd/conf;
	sudo touch /mnt/home/sats/satsd/first_install;

	# (2) Set up SATS botting script #
	echo "    (.) Set up SATS booting script";
	cat ./utility/sats-loop | sudo tee /mnt/home/sats/satsd/sats-loop > /dev/null;

	# (3) Set up service unit #
	echo "    (.) Set up service unit (sats-loop.service)";
	cat ./utility/sats-loop.service | sudo tee /mnt/lib/systemd/system/sats-loop.service > /dev/null;

	# (4) Enable startup service unit #
	echo "    (.) Emulate \`systemctl enable sats-loop.service\`";
	sudo mkdir -p /mnt/etc/systemd/system/multi-user.target.wants;
	sudo ln -fs /lib/systemd/system/sats-loop.service /mnt/etc/systemd/system/multi-user.target.wants/sats-loop.service;

	# (5) Adjust permissions #
	echo "    (.) Adjust permissions";
	sudo chown -R 666:666 /mnt/home/sats/satsd;
	sudo chmod -R 770 /mnt/home/sats/satsd;
	

	echo "<<< done";

	step10;

}







# [10] BLablslkfjdlkdsjfks
#========================================================#
step10(){

	sudo umount /mnt;

}







# [0] Step choice
#========================================================#
echo -e "\nSTEPS";
echo "(1) Unmount mounted partitions";
echo "(2) Format disk (gpt table)";
echo "(3) Burn image into disk";
echo "(4) Mount / partition";
echo "(5) Update users and groups";
echo "(6) Manage ssh keys";
echo "(7) Set up systemd background";
echo "(8) Set up WiFi config";
echo "(9) Set up SATS daemon";
read -p "step: " step;

case $step in
	"1") step1;;
	"2") step2;;
	"3") step3;;
	"4") step4;;
	"5") step5;;
	"6") step6;;
	"7") step7;;
	"8") step8;;
	"9") step9;;
	*) echo "wrong step"; exit;;
esac;