h908714124 · January 18, 2026 18:53
diff --git a/luks.cfg b/luks.cfg
 %include /tmp/vbox.txt

 bootloader --sdboot
 network --device=link --hostname=box
 text

 # mkpasswd -m yescrypt --stdin <<< $MY_PW
 user --name core --iscrypted --groups wheel --password "$y$j9T$el9zAYHYnL4Oq7jQ9eeYx/$wK0wzF89ZEiy5/WBN1LEnEdeDExDlHofqT/BUzjriS2"
 sshkey --username core "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWj91O8R5KPdkb87xHnqj6Q6rWLQR7nNhvYaltFxKoxIv+CKtLjJIhIF4CZmhpmQUJd2venqzU7mzOq3XsPtu7zOu5iXINgso4FFeja19LFaNPIbWaOB+Qyg44VImV77xLgykJITOrIkYsAnWJHctQr8Uj3MckH4uNQVVvS3/yyGUN6G//mrDXUDHUb+j3IPa//09MudhSPpA7XfFl5ZokVGRJCDVAjGJ04gEf858ZfeBfuwSk1g1kAC2GWQA/O33fqdfC4vrTsyHsgCgTruyC2yaN8t/+9zi5hL+X8+8726z0rZKRFbwdp9iIymYxJiAQbvHaPqgq3ZEWqbw/l9y9VgE2TLl/f4dG25K4KW1a6EImL4GOZm+ljRE440VGrhJn8H7OO61Q11p8jzLb/nNi835EFigfqnXhYkiXtZrAOwPdJogaZGBKV9pPnSEsdqaU61qC4dRXzXsAhPwjQUVo+pAMpjlJqqJhUWdNjsRuCqQ1F/02bjauqY1wSJfcB83Ytgp3XqwJRGu3lUrIMDOny3s/TB571kaxxs5NiqBo1SlEUdKspYQs5ttdwenCCHbOkbwpNn3KIIw7GXYBXZVlJBaVkpi9PmWdB3RbD9eWl/Mj4/95vDe1QbDmNxC122RZfbaoYaLUeCpIeL/YqWX6VGxO8iZCTOSgayHvyBtQrQ=="
 reboot

 %pre
 cat << "EOF" > /tmp/pre.sh
 get_disk() {
  # hoping to find exactly one disk that is not mounted and not removable
  lsblk -n --filter "TYPE=='disk' && RM==0" -o MOUNTPOINT,KNAME | sed -n -E 's/^\s+(\S+)$/\1/p'
 }
 is_mount_possible() {
  local label
  for label in ESP linuxboot linuxroot; do
    [[ $(blkid --label $label) ]] || return 1
  done
  return 0
 }
 luks_open() {
  echo -n temppass > /tmp/temppass
  chmod 600 /tmp/temppass
  local uuid device
  device=$(blkid --label linuxroot)
  uuid=$(cryptsetup luksUUID $device)
  cryptsetup luksOpen -q --disable-external-tokens --key-file /tmp/temppass $device luks-$uuid 2> /dev/null || return 1
  vgchange -ay
 }
 print_cleaninstall() {
  echo "clearpart --all --initlabel"
  echo "zerombr"
  echo "part /boot/efi --size=1024 --label=ESP"
  echo "part /boot --fstype=ext4 --size=200 --label=linuxboot"
  echo "part pv.0 --grow --encrypted --passphrase=temppass"
  echo "volgroup vgroot pv.0"
  echo "logvol / --vgname=vgroot --fstype=ext4 --size=4096" --name=root
  echo "logvol /home --vgname=vgroot --fstype=ext4 --size=1024" --name=home
 }
 print_reinstall() {
  echo "mount $(blkid --label ESP) /boot/efi"
  echo "mount --reformat=ext4 $(blkid --label linuxboot) /boot"
  echo "mount --reformat=ext4 /dev/mapper/vgroot-root /"
  echo "mount /dev/mapper/vgroot-home /home"
 }
 print_storage() {
  local disk
  disk="$(get_disk)"
  echo "ignoredisk --only-use=$disk" > /tmp/vbox.txt
  if ! is_mount_possible; then
    print_cleaninstall >> /tmp/vbox.txt
    return 0
  fi
  lsblk
  while true; do
    read -p "Try preserve existing partition on $(blkid --label linuxroot) ? [Y/n] "
    if [[ -z $REPLY || $REPLY =~ [Yy] ]]; then
      luks_open || exit 1
      lsblk
      print_reinstall >> /tmp/vbox.txt
      break
    elif [[ $REPLY =~ [nN] ]]; then
      print_cleaninstall >> /tmp/vbox.txt
      break
    fi
  done
 }
 printf '\033[2J'
 printf '\033[H'
 echo $0
 print_storage
 echo
 echo "Storage config:"
 echo
 cat /tmp/vbox.txt
 echo
 echo "Proceeding with installation in 10 seconds..."
 sleep 10
 rm -r /tmp/stop
 sleep 3
 EOF
 chmod +x /tmp/pre.sh
 return 2> /dev/null || {
  tmux select-window -t2
  touch /tmp/stop
  tmux send-keys -t2 "/tmp/pre.sh" C-m
  while [[ -f /tmp/stop ]]; do
    sleep 2
  done
  tmux select-window -t1
 }
 %end

 %post
 get_parent() {
  lsblk -n --filter "KNAME=='$1'" -o PKNAME
 }
 get_path() {
  lsblk -n --filter "KNAME=='$1'" -o PATH
 }
 get_root() {
  lsblk -n --filter "MOUNTPOINT=='/'" -o KNAME
 }
 configure_auto_unlock() {
  mkdir -p /tmp/rd.live.overlay/etc
  echo -n temppass > /tmp/rd.live.overlay/temppass
  chmod 600 /tmp/rd.live.overlay/temppass
  while read -r name dev luksfile luksoptions; do
    echo $name $dev /temppass $luksoptions
  done < /etc/crypttab > /tmp/rd.live.overlay/etc/crypttab
  kernel_version=$(basename $(ls -d -1 /usr/lib/modules/*x86_64))
  image=$(find /boot/efi -name $kernel_version)/initrd
  dracut -f --include /tmp/rd.live.overlay / $image $kernel_version
 }
 return 2> /dev/null || {
  # could not label pv.0 in %pre, so do it now
  [[ $(blkid --label linuxroot) ]] || {
    cryptsetup config $(get_path $(get_parent $(get_parent $(get_root)))) --label linuxroot
  }
  configure_auto_unlock
 }
 %end

 %packages
 @core
 vim-enhanced
 vim-default-editor
 %end
	%include /tmp/vbox.txt

	bootloader --sdboot
	network --device=link --hostname=box
	text

	# mkpasswd -m yescrypt --stdin <<< $MY_PW
	user --name core --iscrypted --groups wheel --password "$y$j9T$el9zAYHYnL4Oq7jQ9eeYx/$wK0wzF89ZEiy5/WBN1LEnEdeDExDlHofqT/BUzjriS2"
	sshkey --username core "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDWj91O8R5KPdkb87xHnqj6Q6rWLQR7nNhvYaltFxKoxIv+CKtLjJIhIF4CZmhpmQUJd2venqzU7mzOq3XsPtu7zOu5iXINgso4FFeja19LFaNPIbWaOB+Qyg44VImV77xLgykJITOrIkYsAnWJHctQr8Uj3MckH4uNQVVvS3/yyGUN6G//mrDXUDHUb+j3IPa//09MudhSPpA7XfFl5ZokVGRJCDVAjGJ04gEf858ZfeBfuwSk1g1kAC2GWQA/O33fqdfC4vrTsyHsgCgTruyC2yaN8t/+9zi5hL+X8+8726z0rZKRFbwdp9iIymYxJiAQbvHaPqgq3ZEWqbw/l9y9VgE2TLl/f4dG25K4KW1a6EImL4GOZm+ljRE440VGrhJn8H7OO61Q11p8jzLb/nNi835EFigfqnXhYkiXtZrAOwPdJogaZGBKV9pPnSEsdqaU61qC4dRXzXsAhPwjQUVo+pAMpjlJqqJhUWdNjsRuCqQ1F/02bjauqY1wSJfcB83Ytgp3XqwJRGu3lUrIMDOny3s/TB571kaxxs5NiqBo1SlEUdKspYQs5ttdwenCCHbOkbwpNn3KIIw7GXYBXZVlJBaVkpi9PmWdB3RbD9eWl/Mj4/95vDe1QbDmNxC122RZfbaoYaLUeCpIeL/YqWX6VGxO8iZCTOSgayHvyBtQrQ=="
	reboot

	%pre
	cat << "EOF" > /tmp/pre.sh
	get_disk() {
	# hoping to find exactly one disk that is not mounted and not removable
	lsblk -n --filter "TYPE=='disk' && RM==0" -o MOUNTPOINT,KNAME \| sed -n -E 's/^\s+(\S+)$/\1/p'
	}
	is_mount_possible() {
	local label
	for label in ESP linuxboot linuxroot; do
	[[ $(blkid --label $label) ]] \|\| return 1
	done
	return 0
	}
	luks_open() {
	echo -n temppass > /tmp/temppass
	chmod 600 /tmp/temppass
	local uuid device
	device=$(blkid --label linuxroot)
	uuid=$(cryptsetup luksUUID $device)
	cryptsetup luksOpen -q --disable-external-tokens --key-file /tmp/temppass $device luks-$uuid 2> /dev/null \|\| return 1
	vgchange -ay
	}
	print_cleaninstall() {
	echo "clearpart --all --initlabel"
	echo "zerombr"
	echo "part /boot/efi --size=1024 --label=ESP"
	echo "part /boot --fstype=ext4 --size=200 --label=linuxboot"
	echo "part pv.0 --grow --encrypted --passphrase=temppass"
	echo "volgroup vgroot pv.0"
	echo "logvol / --vgname=vgroot --fstype=ext4 --size=4096" --name=root
	echo "logvol /home --vgname=vgroot --fstype=ext4 --size=1024" --name=home
	}
	print_reinstall() {
	echo "mount $(blkid --label ESP) /boot/efi"
	echo "mount --reformat=ext4 $(blkid --label linuxboot) /boot"
	echo "mount --reformat=ext4 /dev/mapper/vgroot-root /"
	echo "mount /dev/mapper/vgroot-home /home"
	}
	print_storage() {
	local disk
	disk="$(get_disk)"
	echo "ignoredisk --only-use=$disk" > /tmp/vbox.txt
	if ! is_mount_possible; then
	print_cleaninstall >> /tmp/vbox.txt
	return 0
	fi
	lsblk
	while true; do
	read -p "Try preserve existing partition on $(blkid --label linuxroot) ? [Y/n] "
	if [[ -z $REPLY \|\| $REPLY =~ [Yy] ]]; then
	luks_open \|\| exit 1
	lsblk
	print_reinstall >> /tmp/vbox.txt
	break
	elif [[ $REPLY =~ [nN] ]]; then
	print_cleaninstall >> /tmp/vbox.txt
	break
	fi
	done
	}
	printf '\033[2J'
	printf '\033[H'
	echo $0
	print_storage
	echo
	echo "Storage config:"
	echo
	cat /tmp/vbox.txt
	echo
	echo "Proceeding with installation in 10 seconds..."
	sleep 10
	rm -r /tmp/stop
	sleep 3
	EOF
	chmod +x /tmp/pre.sh
	return 2> /dev/null \|\| {
	tmux select-window -t2
	touch /tmp/stop
	tmux send-keys -t2 "/tmp/pre.sh" C-m
	while [[ -f /tmp/stop ]]; do
	sleep 2
	done
	tmux select-window -t1
	}
	%end

	%post
	get_parent() {
	lsblk -n --filter "KNAME=='$1'" -o PKNAME
	}
	get_path() {
	lsblk -n --filter "KNAME=='$1'" -o PATH
	}
	get_root() {
	lsblk -n --filter "MOUNTPOINT=='/'" -o KNAME
	}
	configure_auto_unlock() {
	mkdir -p /tmp/rd.live.overlay/etc
	echo -n temppass > /tmp/rd.live.overlay/temppass
	chmod 600 /tmp/rd.live.overlay/temppass
	while read -r name dev luksfile luksoptions; do
	echo $name $dev /temppass $luksoptions
	done < /etc/crypttab > /tmp/rd.live.overlay/etc/crypttab
	kernel_version=$(basename $(ls -d -1 /usr/lib/modules/*x86_64))
	image=$(find /boot/efi -name $kernel_version)/initrd
	dracut -f --include /tmp/rd.live.overlay / $image $kernel_version
	}
	return 2> /dev/null \|\| {
	# could not label pv.0 in %pre, so do it now
	[[ $(blkid --label linuxroot) ]] \|\| {
	cryptsetup config $(get_path $(get_parent $(get_parent $(get_root)))) --label linuxroot
	}
	configure_auto_unlock
	}
	%end

	%packages
	@core
	vim-enhanced
	vim-default-editor
	%end
No results found