271 lines
13 KiB
XML
271 lines
13 KiB
XML
<?xml version="1.0" encoding="UTF-8" ?>
|
|
<aif xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xmlns="https://aif-ng.io/"
|
|
xsi:schemaLocation="https://aif-ng.io/ http://schema.xml.r00t2.io/projects/aif.xsd"
|
|
chrootPath="/mnt/aif"
|
|
reboot="false">
|
|
<bootstrap>
|
|
<!-- <tarball>-->
|
|
<!-- https://arch.mirror.square-r00t.net/iso/latest/archlinux-bootstrap-2019.12.01-x86_64.tar.gz-->
|
|
<!-- </tarball>-->
|
|
<tarball>
|
|
file:///tmp/archlinux-bootstrap-2019.12.01-x86_64.tar.gz
|
|
</tarball>
|
|
<verify>
|
|
<gpg>
|
|
<sigs>
|
|
<!-- <signatureFile>-->
|
|
<!-- https://arch.mirror.square-r00t.net/iso/latest/archlinux-bootstrap-2019.12.01-x86_64.tar.gz.sig-->
|
|
<!-- </signatureFile>-->
|
|
<signatureFile>
|
|
file:///tmp/archlinux-bootstrap-2019.12.01-x86_64.tar.gz.sig
|
|
</signatureFile>
|
|
</sigs>
|
|
<keys detect="false">
|
|
<keyID>0x4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC</keyID>
|
|
</keys>
|
|
</gpg>
|
|
<hash>
|
|
<checksumFile hashType="md5" fileType="gnu">
|
|
http://arch.mirror.square-r00t.net/iso/latest/md5sums.txt
|
|
</checksumFile>
|
|
<checksumFile hashType="sha1" fileType="gnu">
|
|
http://arch.mirror.square-r00t.net/iso/latest/sha1sums.txt
|
|
</checksumFile>
|
|
</hash>
|
|
</verify>
|
|
</bootstrap>
|
|
<storage>
|
|
<blockDevices>
|
|
<disk id="sda" device="/dev/sda" diskFormat="gpt">
|
|
<!-- Partitions are numbered *in the order they are specified*. -->
|
|
<!-- e.g. "boot" would be /dev/sda1, "secrets1" would be /dev/sda2, etc. -->
|
|
<part id="boot" name="BOOT" label="/boot" start="0%" stop="10%" fsType="fat32">
|
|
<partitionFlag>esp</partitionFlag>
|
|
</part>
|
|
<part id="secrets1" name="crypted" label="shh" start="10%" stop="20%" fsType="ext4">
|
|
<partitionFlag>root</partitionFlag>
|
|
</part>
|
|
<part id="lvm_member1" name="jbod" label="dynamic" start="20%" stop="30%" fsType="ext4">
|
|
<partitionFlag>lvm</partitionFlag>
|
|
</part>
|
|
<part id="raid1_d1" start="30%" stop="55%" fsType="ext4">
|
|
<partitionFlag>raid</partitionFlag>
|
|
</part>
|
|
<part id="raid1_d2" start="55%" stop="80%" fsType="ext4">
|
|
<partitionFlag>raid</partitionFlag>
|
|
</part>
|
|
<part id="swapdisk" start="80%" stop="90%" fsType="linux-swap(v1)">
|
|
<partitionFlag>swap</partitionFlag>
|
|
</part>
|
|
<!-- You can also create a partition with no flags (and not use). -->
|
|
<part id="grow" start="90%" stop="100%" fsType="ext4"/>
|
|
</disk>
|
|
</blockDevices>
|
|
<!-- "Special" devices are processed *in the order they are specified*. This is important if you wish to
|
|
e.g. layer LVM on top of LUKS - you would specify <lvm> before <luks> and reference the
|
|
<luksDev id="SOMETHING" ... > as <pv source="SOMETHING" ... />.
|
|
Of course, a limitation of this is you cannot e.g. first assemble a LUKS volume, then an LVM
|
|
group, and then another LUKS volume - so plan accordingly and/or perform that in
|
|
a <post> script instead. -->
|
|
<luks>
|
|
<luksDev id="luks_secrets" name="secrets" source="secrets1">
|
|
<!-- You can assign multiple secrets (or "keys") to a LUKS volume. -->
|
|
<secrets>
|
|
<!-- A simple passphrase. -->
|
|
<passphrase>secrets1</passphrase>
|
|
</secrets>
|
|
<secrets>
|
|
<!-- A key that uses a keyfile on a mounted path. This example uses the passphrase in
|
|
a plaintext file, which is in turn read by LUKS. -->
|
|
<passphrase>secrets1</passphrase>
|
|
<keyFile>/boot/.decrypt.plaintext</keyFile>
|
|
</secrets>
|
|
<secrets>
|
|
<!-- This will generate a 4096-byte file of random data. -->
|
|
<keyFile size="4096">/root/.decrypt.key</keyFile>
|
|
</secrets>
|
|
</luksDev>
|
|
</luks>
|
|
<lvm>
|
|
<volumeGroup id="vg1" name="group1" extentSize="4MiB">
|
|
<physicalVolumes>
|
|
<pv id="pv1" source="lvm_member1"/>
|
|
</physicalVolumes>
|
|
<logicalVolumes>
|
|
<!-- Default is to add all available PVs in PhysicalVolumes... -->
|
|
<lv id="lv1" name="logical1" size="80%"/>
|
|
<lv id="lv2" name="logical2" size="512MiB">
|
|
<!-- But you can also explicitly designate them. They have to still be in the same volumeGroup.
|
|
This is generally speaking a *terrible* idea, though, because it makes getting the
|
|
sizes right virtually *impossible*. If you do this, you should consistently ONLY use
|
|
bytes for each LV size and know the size of the PVs/VGs ahead of time. -->
|
|
<pvMember source="pv1"/>
|
|
</lv>
|
|
</logicalVolumes>
|
|
</volumeGroup>
|
|
</lvm>
|
|
<mdadm>
|
|
<!-- level can be 0, 1, 4, 5, 6, or 10. RAID 1+0 (which is different from mdadm RAID10) would be done by
|
|
creating an array with members of a previously assembled array. -->
|
|
<array id="mdadm1" name="data" meta="1.2" level="1">
|
|
<member source="raid1_d1"/>
|
|
<member source="raid1_d2"/>
|
|
</array>
|
|
</mdadm>
|
|
<fileSystems>
|
|
<fs id="esp" source="boot" type="vfat">
|
|
<!-- Supports mkfs arguments. Leave off the filesystem type and device name, obviously;
|
|
those are handled by the above attributes. -->
|
|
<opt name="-F">32</opt>
|
|
<opt name="-n">ESP</opt>
|
|
</fs>
|
|
<fs id="luks" source="luks_secrets" type="ext4">
|
|
<opt name="-L">seekrit</opt>
|
|
</fs>
|
|
<fs id="swap" source="swap" type="swap"/>
|
|
<fs id="vg1-lv1" source="lv1" type="ext4"/>
|
|
<fs id="mdraid" source="mdadm1" type="ext4"/>
|
|
</fileSystems>
|
|
<mountPoints>
|
|
<!-- And you use the id to reference mountpoints as well. Important to note, we mount *filesystems*,
|
|
not partitions/disks/etc. -->
|
|
<!-- Note that targets should be *outside* of the chroot!
|
|
e.g. /aif/storage/mountPoints[@target="/mnt/aif/boot"]
|
|
and
|
|
/aif/system[@chrootPath="/mnt/aif"]
|
|
would lead to the filesystem being accessible *inside* the chroot (and thus the completed install)
|
|
at /boot. -->
|
|
<mount source="luks" target="/mnt/aif">
|
|
<opt name="rw"/>
|
|
<opt name="relatime"/>
|
|
<opt name="compress">lzo</opt>
|
|
<opt name="ssd"/>
|
|
<opt name="space_cache"/>
|
|
<opt name="subvolid">5</opt>
|
|
<opt name="subvol">/</opt>
|
|
</mount>
|
|
<mount source="esp" target="/mnt/aif/boot"/>
|
|
<mount source="swap" target="swap"/>
|
|
<mount source="vg1-lv1" target="/mnt/aif/mnt/pool"/>
|
|
<mount source="mdraid" target="/mnt/aif/mnt/raid"/>
|
|
</mountPoints>
|
|
</storage>
|
|
<network hostname="aiftest.square-r00t.net" provider="netctl">
|
|
<ethernet id="lan" device="auto" defroute="true" searchDomain="domain.tld">
|
|
<addresses>
|
|
<ipv4 auto="true">
|
|
<address gateway="192.168.1.1">192.168.1.5/24</address>
|
|
</ipv4>
|
|
<ipv6 auto="slaac">
|
|
<address>fde4:16b9:654b:bbfa::15/64</address>
|
|
</ipv6>
|
|
</addresses>
|
|
<routes>
|
|
<ipv4 auto="true">
|
|
<route gateway="192.168.1.1">10.1.1.0/24</route>
|
|
<route gateway="10.1.1.4">172.16.1.20/32</route>
|
|
</ipv4>
|
|
<ipv6 auto="true"/>
|
|
</routes>
|
|
<resolvers>
|
|
<ipv4 auto="false"/>
|
|
<ipv6 auto="false"/>
|
|
<resolver>64.6.64.6</resolver>
|
|
<resolver>4.2.2.1</resolver>
|
|
<resolver>8.8.8.8</resolver>
|
|
</resolvers>
|
|
</ethernet>
|
|
<wireless id="wlan" device="wlp2s0" essid="MyWirelessLan"
|
|
bssid="00-00-5E-00-53-00" defroute="false" searchDomain="wifi.lan">
|
|
<addresses>
|
|
<ipv4 auto="true"/>
|
|
</addresses>
|
|
<routes>
|
|
<ipv6 auto="true"/>
|
|
</routes>
|
|
<encryption>
|
|
<type>wpa2</type>
|
|
<creds>
|
|
<psk isKey="false">ABadWiFiPassword</psk>
|
|
<!-- Or the key itself. See the manual for ways to generate this. -->
|
|
<!-- <psk isKey="true">ca8981cbe55374c7408af0174604588111b4611832969f87fc5604fe4c36365c</psk> -->
|
|
</creds>
|
|
</encryption>
|
|
</wireless>
|
|
</network>
|
|
<system timezone="EST5EDT">
|
|
<rootPassword>
|
|
<passwordPlain>1ns3cur3p4ssw0rd</passwordPlain>
|
|
</rootPassword>
|
|
<locales>
|
|
<locale name="LANG">en_US.UTF-8</locale>
|
|
</locales>
|
|
<console>
|
|
<text>
|
|
<font>default8x16</font>
|
|
</text>
|
|
<keyboard>
|
|
<map>us</map>
|
|
</keyboard>
|
|
</console>
|
|
<!-- Note: The password hash below is "test"; don't waste your time trying to crack. :) -->
|
|
<users>
|
|
<user name="aifusr"
|
|
home="/opt/aifusr"
|
|
sudo="true"
|
|
comment="A test user for AIF.">
|
|
<password>
|
|
<passwordHash hashType="(detect)">
|
|
$6$WtxZKOyaahvvWQRG$TUys60kQhF0ffBdnDSJVTA.PovwCOajjMz8HEHL2H0ZMi0bFpDTQvKA7BqzM3nA.ZMAUxNjpJP1dG/eA78Zgw0
|
|
</passwordHash>
|
|
</password>
|
|
<xGroup name="admins" create="true"/>
|
|
<xGroup name="wheel"/>
|
|
<xGroup name="users"/>
|
|
</user>
|
|
</users>
|
|
<services>
|
|
<service status="true">sshd</service>
|
|
</services>
|
|
</system>
|
|
<pacman>
|
|
<repos>
|
|
<repo name="core" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
|
|
<repo name="extra" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
|
|
<repo name="community" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
|
|
<repo name="multilib" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
|
|
<repo name="testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
|
|
<repo name="multilib-testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
|
|
<repo name="archlinuxfr" enabled="false" sigLevel="Optional TrustedOnly"
|
|
mirror="http://repo.archlinux.fr/$arch"/>
|
|
</repos>
|
|
<mirrorList>
|
|
<mirror>http://arch.mirror.square-r00t.net/$repo/os/$arch</mirror>
|
|
<mirror>http://mirror.us.leaseweb.net/archlinux/$repo/os/$arch</mirror>
|
|
<mirror>http://ftp.osuosl.org/pub/archlinux/$repo/os/$arch</mirror>
|
|
<mirror>http://arch.mirrors.ionfish.org/$repo/os/$arch</mirror>
|
|
<mirror>http://mirrors.gigenet.com/archlinux/$repo/os/$arch</mirror>
|
|
<mirror>http://mirror.jmu.edu/pub/archlinux/$repo/os/$arch</mirror>
|
|
</mirrorList>
|
|
<software>
|
|
<package repo="core">sed</package>
|
|
<package>python</package>
|
|
<package>perl</package>
|
|
<package>openssh</package>
|
|
</software>
|
|
</pacman>
|
|
<bootloader type="grub" target="/boot" efi="true"/>
|
|
<scripts>
|
|
<pre>
|
|
<script>https://aif.square-r00t.net/sample-scripts/pre/first.sh</script>
|
|
<script>https://aif.square-r00t.net/sample-scripts/pre/second.pl</script>
|
|
</pre>
|
|
<post>
|
|
<script>https://aif.square-r00t.net/sample-scripts/post/first.sh</script>
|
|
<script>https://aif.square-r00t.net/sample-scripts/post/second.py</script>
|
|
</post>
|
|
</scripts>
|
|
</aif>
|
|
|