feat(iso): Allow supplementary password/settings file (#9)

README.md

@@ -117,12 +117,31 @@ To get a zpool with unencrypted datasets export the shell variable `ARCHZBM_ZFSP
 export ARCHZBM_ZFSPROPS_NO_ENCRYPTION=yup
 ```
 
+### Passwords
+
+By default both the zpool password and the account password for `root` are literally `password`. While you can certainly change these after initial system setup you can also optionally set these passwords in a settings file named `archzbm_settings.env` that lives in your current working directory where you're about to execute the script. File format is identical to shell variable assignments of the form `VAR=value` or `VAR='value'`.
+
+If `./archzbm_settings.env` exists the script will `source` its content and `export` all variables for use in future steps. Only known variables are:
+
+```
+ARCHZBM_ZPOOL_PASSWORD='a fancy password'
+ARCHZBM_ROOT_PASSWORD='t0psecr3t!'
+```
+
+The script does create a second user named `build` but doesn't set a password on account creation. As such no password variable can be set for it in `./archzbm_settings.env`. It's intended as a helper for system setup tasks such as `sudo -u build paru -S <package>` where an account password is irrelevant since `root` can always `sudo` whatever it wants. You will not be able to log in to the `build` account yourself although you certainly could set a password for it. Instead we suggest you create a proper user account for yourself. Your newly installed Arch Linux comes with an `/etc/motd` greeting that summarizes this as:
+
+```
+useradd --create-home --shell /bin/bash --user-group --groups wheel <user>
+passwd <user>
+```
+
 # Steps
 
 The script takes the following installation steps.
 
 1. Install ZFS tools and kernel module with [github.com/eoli3n/archiso-zfs](https://github.com/eoli3n/archiso-zfs)
 1. Create one ZFS zpool on top of zpool partition, encrypted and compressed datasets, password `password`
+    1. _See paragraph [Passwords](#passwords) to predefine your own passwords in a settings file_
     1. _See paragraphs [Compression](#compression)/[Encryption](#encryption) to optionally disable properties_
 1. Create dataset for Arch Linux and `/home`
 1. Install Arch Linux into pool
@@ -156,7 +175,7 @@ After installation you're going to want to at least touch these points in your n
 - Hostname: Installation chose a pseudo-randomly generated 8-character string with `pwgen`
     - Check `hostnamectl set-hostname <hostname>`
 - Unprivileged user accounts: The OS was installed with `root` and unprivileged `build` users
-- Passwords
+- Unless you had a settings file per [Passwords](#passwords) you're going to want to change passwords now:
     - ZFS: The password for all datasets underneath `zpool` is `password`.
     - Local `root` account: The local `root` account's password is `password`.
 - Arch User Repository (AUR) helper: We installed [paru](https://github.com/Morganamilo/paru) as our AUR helper, we installed from GitHub via `makepkg -si` then replaced itself with its [paru-bin](https://aur.archlinux.org/packages/paru-bin) version from AUR.
@@ -193,7 +212,7 @@ After installation you're going to want to at least touch these points in your n
 
 # Password change
 
-After installation you're going to want to change your ZFS encryption password.
+After installation you're going to want to change your ZFS encryption password (unless you preconfigured a good zpool password in a settings file per [Passwords](#passwords)). At any rate you still want to be familiar with the process and its caveat in case you ever need a zpool password change or want to do one now.
 
 ## Steps
 

setup.sh

@@ -256,8 +256,14 @@ function no_zpool_exists () {
 }
 
 function set_zpool_password () {
+    local zpool_password
+    if [[ "${ARCHZBM_ZPOOL_PASSWORD}" ]]; then
+        zpool_password="${ARCHZBM_ZPOOL_PASSWORD}"
+    else
+        zpool_password='password'
+    fi
     # May or may not have a newline at the end, ZFS doesn't care
-    printf -- '%s' 'password' > '/etc/zfs/'"${zpool_name}"'.key'
+    printf -- '%s' "${zpool_password}" > '/etc/zfs/'"${zpool_name}"'.key'
     chmod '000' '/etc/zfs/'"${zpool_name}"'.key'
 }
 
@@ -319,6 +325,18 @@ function export_pool () {
     zpool export "${zpool_name}"
 }
 
+function load_settings_file () {
+    local working_dir settings_file settings_abs
+    working_dir="$(pwd)"
+    settings_file='archzbm_settings.env'
+    settings_abs="${working_dir}"'/'"${settings_file}"
+    if [[ -r "${settings_abs}" ]]; then
+        set -a
+        source "${settings_abs}"
+        set +a
+    fi
+}
+
 function setup_zpool () {
     #1.8
     local drive_by_id
@@ -764,7 +782,13 @@ function install_os_in_chroot () {
 
 function set_root_pw () {
     #3.2
-    printf -- '%s\n' 'root:password' | chpasswd --crypt-method 'SHA512' --root '/mnt'
+    local root_password
+    if [[ "${ARCHZBM_ROOT_PASSWORD}" ]]; then
+        root_password="${ARCHZBM_ROOT_PASSWORD}"
+    else
+        root_password='password'
+    fi
+    printf -- '%s\n' 'root:'"${root_password}" | chpasswd --crypt-method 'SHA512' --root '/mnt'
 }
 
 function configure_networking () {
@@ -893,6 +917,7 @@ function main () {
         install_pkgs 'jq'                       #1.5
         install_zfs                             #1.6
         uefi_or_bios                            #1.7
+        load_settings_file
         setup_zpool                             #1.8
         mount_system                            #1.9
         copy_zpool_cache                        #1.10