aif-ng/examples/aif.xml

201 lines
9.7 KiB
XML
Raw Normal View History

2017-03-06 07:32:34 -05:00
<?xml version="1.0" encoding="UTF-8" ?>
<aif xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://aif-ng.io/"
xsi:schemaLocation="http://aif-ng.io/ http://aif-ng.io/aif.xsd"
version="v2_rewrite"><!-- When we release, this should match the tagged release (e.g. 0.2.0) -->
2017-03-06 07:48:42 -05:00
<storage>
2019-10-28 03:40:26 -04:00
<blockDevices>
<disk id="sda" device="/dev/sda" diskFormat="gpt">
2019-10-28 03:40:26 -04:00
<!-- Partitions are numbered *in the order they are specified*. -->
<!-- e.g. "boot" would be /dev/sda1, "secrets1" would be /dev/sda2, etc. -->
<part id="boot" name="BOOT" label="/boot" start="0%" stop="10%" fsType="fat32">
<partitionFlag>esp</partitionFlag>
</part>
<part id="secrets1" name="crypted" label="shh" start="10%" stop="20%" fsType="ext4">
<partitionFlag>root</partitionFlag>
</part>
<part id="lvm_member1" name="jbod" label="dynamic" start="20%" stop="30%" fsType="ext4">
<partitionFlag>lvm</partitionFlag>
</part>
<part id="raid1_d1" start="30%" stop="55%" fsType="ext4">
<partitionFlag>raid</partitionFlag>
</part>
<part id="raid1_d2" start="55%" stop="80%" fsType="ext4">
<partitionFlag>raid</partitionFlag>
</part>
<part id="swapdisk" start="80%" stop="90%" fsType="linux-swap(v1)">
<partitionFlag>swap</partitionFlag>
</part>
<!-- You can also create a partition with no flags (and not use). -->
<part id="grow" start="90%" stop="100%" fsType="ext4"/>
2019-10-28 03:40:26 -04:00
</disk>
</blockDevices>
<!-- "Special" devices are processed *in the order they are specified*. This is important if you wish to
e.g. layer LVM on top of LUKS - you would specify <lvm> before <luks> and reference the
<luksDev id="SOMETHING" ... > as <pv source="SOMETHING" ... />.
2019-10-28 03:40:26 -04:00
Of course, a limitation of this is you cannot e.g. first assemble a LUKS volume, then an LVM
group, and then another LUKS volume - so plan accordingly and/or perform that in
a <post> script instead. -->
<luks>
2019-10-28 01:26:31 -04:00
<luksDev id="luks_secrets" name="secrets" source="secrets1">
<!-- You can assign multiple secrets (or "keys") to a LUKS volume. -->
<secrets>
2019-10-28 01:26:31 -04:00
<!-- A simple passphrase. -->
<passphrase>secrets1</passphrase>
</secrets>
<secrets>
<!-- A key that uses a keyfile on a mounted path. This example uses the passphrase in
a plaintext file, which is in turn read by LUKS. -->
<passphrase>secrets1</passphrase>
<keyFile>/boot/.decrypt.plaintext</keyFile>
</secrets>
<secrets>
<!-- This will generate a 4096-byte file of random data. -->
<keyFile size="4096">/root/.decrypt.key</keyFile>
</secrets>
</luksDev>
</luks>
<lvm>
<volumeGroup id="vg1" name="group1">
<physicalVolumes>
<pv id="pv1" source="lvm_member1"/>
</physicalVolumes>
<logicalVolumes>
<!-- Default is to add all available PVs in PhysicalVolumes... -->
<lv id="lv1" name="logical1" size="80%"/>
<!-- But you can also explicitly designate them. They have to still be in the same volumeGroup though. -->
<lv id="lv2" name="logical2" size="20%">
<pvMember source="pv1"/>
</lv>
</logicalVolumes>
</volumeGroup>
</lvm>
<mdadm>
<!-- level can be 0, 1, 4, 5, 6, or 10. RAID 1+0 (which is different from mdadm RAID10) would be done by
creating an array with members of a previously assembled array. -->
2019-10-29 15:42:09 -04:00
<array id="mdadm1" name="data" meta="1.2" level="1">
<member source="raid1_d1"/>
<member source="raid1_d2"/>
</array>
</mdadm>
<fileSystems>
<fs id="esp" source="boot" type="vfat">
<!-- Supports mkfs arguments. Leave off the filesystem type and device name, obviously;
those are handled by the above attributes. -->
<opt name="-F">32</opt>
<opt name="-n">ESP</opt>
</fs>
<fs id="luks" source="luks_secrets" type="ext4">
<opt name="-L">seekrit</opt>
</fs>
<fs id="swap" source="swap" type="swap"/>
<fs id="vg1-lv1" source="lv1" type="ext4"/>
<fs id="mdraid" source="mdadm1" type="ext4"/>
</fileSystems>
2019-10-28 01:26:31 -04:00
<mountPoints>
<!-- And you use the id to reference mountpoints as well. Important to note, we mount *filesystems*,
not partitions/disks/etc. -->
<!-- Note that targets should be *outside* of the chroot!
e.g. /aif/storage/mountPoints[@target="/mnt/aif/boot"]
and
/aif/system[@chrootPath="/mnt/aif"]
would lead to the filesystem being accessible *inside* the chroot (and thus the completed install)
at /boot. -->
<mount source="luks" target="/mnt/aif">
2019-10-28 01:26:31 -04:00
<opt name="rw"/>
<opt name="relatime"/>
<opt name="compress">lzo</opt>
<opt name="ssd"/>
<opt name="space_cache"/>
<opt name="subvolid">5</opt>
<opt name="subvol">/</opt>
</mount>
<mount source="esp" target="/mnt/aif/boot"/>
2019-10-28 01:26:31 -04:00
<mount source="swap" target="swap"/>
<mount source="vg1-lv1" target="/mnt/aif/mnt/pool"/>
<mount source="mdraid" target="/mnt/aif/mnt/raid"/>
2019-10-28 01:26:31 -04:00
</mountPoints>
2017-03-06 07:48:42 -05:00
</storage>
2017-03-06 08:30:31 -05:00
<network hostname="aiftest.square-r00t.net">
2019-10-28 01:26:31 -04:00
<iface device="auto">
<addresses>
<ipv4>
<address>dhcp</address>
</ipv4>
<ipv6>
<address>slaac</address>
<address>fde4:16b9:654b:bbfa::15/64</address>
</ipv6>
</addresses>
<resolvers>
<resolver>8.8.8.8</resolver>
</resolvers>
</iface>
2017-03-06 08:30:31 -05:00
</network>
2019-10-28 01:26:31 -04:00
<system timezone="EST5EDT" chrootPath="/mnt/aif" reboot="0">
2019-10-28 03:40:26 -04:00
<rootPassword>
<passwordPlain>1ns3cur3p4ssw0rd</passwordPlain>
</rootPassword>
2019-10-28 01:26:31 -04:00
<locales>
<locale name="LANG">en_US.UTF-8</locale>
</locales>
2019-10-28 03:40:26 -04:00
<!-- Note: The password hashe below is "test"; don't waste your time trying to crack. :) -->
<users>
2017-03-08 11:50:06 -05:00
<user name="aifusr"
2019-10-28 01:26:31 -04:00
home="/opt/aifusr"
2017-03-08 11:50:06 -05:00
sudo="true"
comment="A test user for AIF.">
2019-10-28 03:40:26 -04:00
<password>
<passwordHash hashType="(detect)">
$6$WtxZKOyaahvvWQRG$TUys60kQhF0ffBdnDSJVTA.PovwCOajjMz8HEHL2H0ZMi0bFpDTQvKA7BqzM3nA.ZMAUxNjpJP1dG/eA78Zgw0
</passwordHash>
</password>
2019-10-28 01:26:31 -04:00
<xGroup name="admins" create="true"/>
<xGroup name="wheel"/>
<xGroup name="users"/>
2017-03-08 11:50:06 -05:00
</user>
</users>
2019-10-28 03:40:26 -04:00
<services>
<service status="1">sshd</service>
</services>
2017-03-08 11:50:06 -05:00
</system>
2017-03-06 08:30:31 -05:00
<pacman>
<repos>
2019-10-28 01:26:31 -04:00
<repo name="core" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="extra" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="community" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="multilib" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="multilib-testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="archlinuxfr" enabled="false" sigLevel="Optional TrustedOnly"
mirror="http://repo.archlinux.fr/$arch"/>
2017-03-06 08:30:31 -05:00
</repos>
<mirrorList>
<mirror>http://arch.mirror.square-r00t.net/$repo/os/$arch</mirror>
2017-03-08 11:50:06 -05:00
<mirror>http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch</mirror>
<mirror>http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch</mirror>
<mirror>http://arch.mirrors.ionfish.org/$repo/os/$arch</mirror>
<mirror>http://mirrors.gigenet.com/archlinux/$repo/os/$arch</mirror>
<mirror>http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch</mirror>
</mirrorList>
2017-03-06 08:30:31 -05:00
<software>
2019-10-28 03:40:26 -04:00
<package repo="core">sed</package>
<package>python</package>
<package>perl</package>
<package>openssh</package>
2017-03-06 08:30:31 -05:00
</software>
</pacman>
2019-10-28 01:26:31 -04:00
<bootloader type="grub" target="/boot" efi="true"/>
<scripts>
2019-10-28 03:40:26 -04:00
<pre>
<script>https://aif.square-r00t.net/sample-scripts/pre/first.sh</script>
<script>https://aif.square-r00t.net/sample-scripts/pre/second.pl</script>
</pre>
<post>
<script>https://aif.square-r00t.net/sample-scripts/post/first.sh</script>
<script>https://aif.square-r00t.net/sample-scripts/post/second.py</script>
</post>
</scripts>
2017-03-07 18:36:56 -05:00
</aif>
2019-11-03 01:40:23 -05:00