summaryrefslogtreecommitdiff
path: root/examples/aif.xml
blob: aa4259bf088d5054977ee0d72d55262d7114bbce (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
<?xml version="1.0" encoding="UTF-8" ?>
<aif xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns="https://aif-ng.io/"
     xsi:schemaLocation="https://aif-ng.io/ http://schema.xml.r00t2.io/projects/aif.xsd"
     chrootPath="/mnt/aif"
     reboot="false">
    <bootstrap>
        <tarball>
            https://arch.mirror.square-r00t.net/iso/latest/archlinux-bootstrap-2020.03.01-x86_64.tar.gz
        </tarball>
        <!--        <tarball>-->
        <!--            file:///tmp/archlinux-bootstrap-2020.01.01-x86_64.tar.gz-->
        <!--        </tarball>-->
        <verify>
            <gpg>
                <sigs>
                    <signatureFile>
                        https://arch.mirror.square-r00t.net/iso/latest/archlinux-bootstrap-2020.03.01-x86_64.tar.gz.sig
                    </signatureFile>
                    <!--                    <signatureFile>-->
                    <!--                        file:///tmp/archlinux-bootstrap-2020.01.01-x86_64.tar.gz.sig-->
                    <!--                    </signatureFile>-->
                </sigs>
                <keys detect="false">
                    <keyID>0x4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC</keyID>
                </keys>
            </gpg>
            <hash>
                <checksumFile hashType="md5" fileType="gnu">
                    http://arch.mirror.square-r00t.net/iso/latest/md5sums.txt
                </checksumFile>
                <checksumFile hashType="sha1" fileType="gnu">
                    http://arch.mirror.square-r00t.net/iso/latest/sha1sums.txt
                </checksumFile>
            </hash>
        </verify>
    </bootstrap>
    <storage>
        <blockDevices>
            <disk id="sda" device="/dev/sda" diskFormat="gpt">
                <!-- Partitions are numbered *in the order they are specified*. -->
                <!-- e.g. "boot" would be /dev/sda1, "secrets1" would be /dev/sda2, etc. -->
                <part id="boot" name="BOOT" label="/boot" start="0%" stop="10%" fsType="fat32">
                    <partitionFlag>esp</partitionFlag>
                </part>
                <part id="secrets1" name="crypted" label="shh" start="10%" stop="20%" fsType="ext4">
                    <partitionFlag>root</partitionFlag>
                </part>
                <part id="lvm_member1" name="jbod" label="dynamic" start="20%" stop="30%" fsType="ext4">
                    <partitionFlag>lvm</partitionFlag>
                </part>
                <part id="raid1_d1" start="30%" stop="55%" fsType="ext4">
                    <partitionFlag>raid</partitionFlag>
                </part>
                <part id="raid1_d2" start="55%" stop="80%" fsType="ext4">
                    <partitionFlag>raid</partitionFlag>
                </part>
                <part id="swapdisk" start="80%" stop="90%" fsType="linux-swap(v1)">
                    <partitionFlag>swap</partitionFlag>
                </part>
                <!-- You can also create a partition with no flags (and not use). -->
                <part id="grow" start="90%" stop="100%" fsType="ext4"/>
            </disk>
        </blockDevices>
        <!-- "Special" devices are processed *in the order they are specified*. This is important if you wish to
             e.g. layer LVM on top of LUKS - you would specify <lvm> before <luks> and reference the
             <luksDev id="SOMETHING" ... > as <pv source="SOMETHING" ... />.
             Of course, a limitation of this is you cannot e.g. first assemble a LUKS volume, then an LVM
             group, and then another LUKS volume - so plan accordingly and/or perform that in
             a <post> script instead. -->
        <luks>
            <luksDev id="luks_secrets" name="secrets" source="secrets1">
                <!-- You can assign multiple secrets (or "keys") to a LUKS volume. -->
                <secrets>
                    <!-- A simple passphrase. -->
                    <passphrase>secrets1</passphrase>
                </secrets>
                <secrets>
                    <!-- A key that uses a keyfile on a mounted path. This example uses the passphrase in
                         a plaintext file, which is in turn read by LUKS. -->
                    <passphrase>secrets1</passphrase>
                    <keyFile>/boot/.decrypt.plaintext</keyFile>
                </secrets>
                <secrets>
                    <!-- This will generate a 4096-byte file of random data. -->
                    <keyFile size="4096">/root/.decrypt.key</keyFile>
                </secrets>
            </luksDev>
        </luks>
        <lvm>
            <volumeGroup id="vg1" name="group1" extentSize="4MiB">
                <physicalVolumes>
                    <pv id="pv1" source="lvm_member1"/>
                </physicalVolumes>
                <logicalVolumes>
                    <!-- Default is to add all available PVs in PhysicalVolumes... -->
                    <lv id="lv1" name="logical1" size="80%"/>
                    <lv id="lv2" name="logical2" size="512MiB">
                        <!-- But you can also explicitly designate them. They have to still be in the same volumeGroup.
                             This is generally speaking a *terrible* idea, though, because it makes getting the
                             sizes right virtually *impossible*. If you do this, you should consistently ONLY use
                             bytes for each LV size and know the size of the PVs/VGs ahead of time. -->
                        <pvMember source="pv1"/>
                    </lv>
                </logicalVolumes>
            </volumeGroup>
        </lvm>
        <mdadm>
            <!-- level can be 0, 1, 4, 5, 6, or 10. RAID 1+0 (which is different from mdadm RAID10) would be done by
                 creating an array with members of a previously defined array. -->
            <array id="mdadm1" name="data" meta="1.2" level="1">
                <member source="raid1_d1"/>
                <member source="raid1_d2"/>
            </array>
        </mdadm>
        <fileSystems>
            <fs id="esp" source="boot" type="vfat">
                <!-- Supports mkfs arguments. Leave off the filesystem type and device name, obviously;
                     those are handled by the above attributes. -->
                <opt name="-F">32</opt>
                <opt name="-n">ESP</opt>
            </fs>
            <fs id="luks" source="luks_secrets" type="ext4">
                <opt name="-L">seekrit</opt>
            </fs>
            <fs id="swap" source="swap" type="swap"/>
            <fs id="vg1-lv1" source="lv1" type="ext4"/>
            <fs id="mdraid" source="mdadm1" type="ext4"/>
        </fileSystems>
        <mountPoints>
            <!-- And you use the id to reference mountpoints as well. Important to note, we mount *filesystems*,
                 not partitions/disks/etc. -->
            <!-- Note that targets should be *outside* of the chroot!
                 e.g. /aif/storage/mountPoints[@target="/mnt/aif/boot"]
                      and
                      /aif/system[@chrootPath="/mnt/aif"]
                      would lead to the filesystem being accessible *inside* the chroot (and thus the completed install)
                      at /boot. -->
            <mount source="luks" target="/mnt/aif">
                <opt name="rw"/>
                <opt name="relatime"/>
                <opt name="compress">lzo</opt>
                <opt name="ssd"/>
                <opt name="space_cache"/>
                <opt name="subvolid">5</opt>
                <opt name="subvol">/</opt>
            </mount>
            <mount source="esp" target="/mnt/aif/boot"/>
            <mount source="swap" target="swap"/>
            <mount source="vg1-lv1" target="/mnt/aif/mnt/pool"/>
            <mount source="mdraid" target="/mnt/aif/mnt/raid"/>
        </mountPoints>
    </storage>
    <network hostname="aiftest.square-r00t.net" provider="netctl">
        <ethernet id="lan" device="auto" defroute="true" searchDomain="domain.tld">
            <addresses>
                <ipv4 auto="true">
                    <address gateway="192.168.1.1">192.168.1.5/24</address>
                </ipv4>
                <ipv6 auto="slaac">
                    <address>fde4:16b9:654b:bbfa::15/64</address>
                </ipv6>
            </addresses>
            <routes>
                <ipv4 auto="true">
                    <route gateway="192.168.1.1">10.1.1.0/24</route>
                    <route gateway="10.1.1.4">172.16.1.20/32</route>
                </ipv4>
                <ipv6 auto="true"/>
            </routes>
            <resolvers>
                <ipv4 auto="false"/>
                <ipv6 auto="false"/>
                <resolver>64.6.64.6</resolver>
                <resolver>4.2.2.1</resolver>
                <resolver>8.8.8.8</resolver>
            </resolvers>
        </ethernet>
        <wireless id="wlan" device="wlp2s0" essid="MyWirelessLan"
                  bssid="00-00-5E-00-53-00" defroute="false" searchDomain="wifi.lan">
            <addresses>
                <ipv4 auto="true"/>
            </addresses>
            <routes>
                <ipv6 auto="true"/>
            </routes>
            <encryption>
                <type>wpa2</type>
                <creds>
                    <psk isKey="false">ABadWiFiPassword</psk>
                    <!-- Or the key itself. See the manual for ways to generate this. -->
                    <!-- <psk isKey="true">ca8981cbe55374c7408af0174604588111b4611832969f87fc5604fe4c36365c</psk> -->
                </creds>
            </encryption>
        </wireless>
    </network>
    <system timezone="EST5EDT">
        <rootPassword>
            <passwordPlain>1ns3cur3p4ssw0rd</passwordPlain>
        </rootPassword>
        <locales>
            <locale name="LANG">en_US.UTF-8</locale>
        </locales>
        <console>
            <text>
                <font>default8x16</font>
            </text>
            <keyboard>
                <map>us</map>
            </keyboard>
        </console>
        <!-- Note: The password hash below is "test"; don't waste your time trying to crack. :) -->
        <users>
            <user name="aifusr"
                  home="/opt/aifusr"
                  sudo="true"
                  comment="A test user for AIF.">
                <password>
                    <passwordHash hashType="(detect)">
                        $6$WtxZKOyaahvvWQRG$TUys60kQhF0ffBdnDSJVTA.PovwCOajjMz8HEHL2H0ZMi0bFpDTQvKA7BqzM3nA.ZMAUxNjpJP1dG/eA78Zgw0
                    </passwordHash>
                </password>
                <xGroup name="admins" create="true"/>
                <xGroup name="wheel"/>
                <xGroup name="users"/>
            </user>
        </users>
        <services>
            <service status="true">sshd</service>
        </services>
    </system>
    <pacman>
        <mirrorList>
            <mirror>http://arch.mirror.square-r00t.net/$repo/os/$arch</mirror>
            <mirror>http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch</mirror>
            <mirror>http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch</mirror>
            <mirror>http://arch.mirrors.ionfish.org/$repo/os/$arch</mirror>
            <mirror>http://mirrors.gigenet.com/archlinux/$repo/os/$arch</mirror>
            <mirror>http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch</mirror>
        </mirrorList>
        <repos>
            <repo name="core" enabled="true" sigLevel="default">
                <include>file:///etc/pacman.d/mirrorlist</include>
            </repo>
            <repo name="extra" enabled="true" sigLevel="default"/>
            <repo name="community" enabled="true" sigLevel="default"/>
            <repo name="multilib" enabled="true" sigLevel="default"/>
            <repo name="testing" enabled="false" sigLevel="default"/>
            <repo name="multilib-testing" enabled="false" sigLevel="default"/>
            <repo name="sqrt" enabled="false" sigLevel="Required">
                <mirror>https://$repo.arch.repo.square-r00t.net</mirror>
            </repo>
        </repos>
        <software>
            <package repo="core">sed</package>
            <package>python</package>
            <package>perl</package>
            <package>openssh</package>
        </software>
    </pacman>
    <bootloader type="grub" target="/boot" efi="true"/>
    <scripts>
        <pre>
            <script>https://aif.square-r00t.net/sample-scripts/pre/first.sh</script>
            <script>https://aif.square-r00t.net/sample-scripts/pre/second.pl</script>
        </pre>
        <post>
            <script>https://aif.square-r00t.net/sample-scripts/post/first.sh</script>
            <script>https://aif.square-r00t.net/sample-scripts/post/second.py</script>
        </post>
    </scripts>
</aif>