CISS.debian.installer/var/global.var.sh

#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-06-17; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.installer
# SPDX-Security-Contact: security@coresecret.eu

guard_sourcing || return "${ERR_GUARD_SOURCE}"

[[ -f /root/ciss-debian-live-builder.env ]] && . /root/ciss-debian-live-builder.env

### Definition of MUST set global variables.
# shellcheck disable=SC2155
declare -grx VAR_KERNEL_INF=$(mktemp var_kernel_inf.XXXXXXXX)
# shellcheck disable=SC2155
declare -grx VAR_KERNEL_TMP=$(mktemp var_kernel_tmp.XXXXXXXX)
# shellcheck disable=SC2155
declare -grx VAR_KERNEL_SRT=$(mktemp var_kernel_srt.XXXXXXXX)
# shellcheck disable=SC2155
declare -grx VAR_NOTES=$(mktemp var_notes.XXXXXXXX)
# shellcheck disable=SC2155
declare -grx VAR_RESOURCES=$(ulimit)
# shellcheck disable=SC2155
declare -grx VAR_DATE="$(date +%F)"

### Initialize variables of different directories.
declare -grx DIR_BAK="/tmp/.ciss/backup"
declare -grx DIR_LOG="/tmp/.ciss/log"
declare -grx DIR_TMP="/tmp/.ciss/tmp"
# shellcheck disable=SC2153
declare -grx DIR_CNF="${VAR_SETUP_PATH}/.preseed"
declare -grx DIR_INS="${VAR_SETUP_PATH}"

### Initialize variables for logging.
declare -grx LOG_ERR="${DIR_LOG}/ciss_debian_installer_$$_error.log"
declare -grx LOG_EXT="${DIR_LOG}/ciss_debian_installer_$$_exit.log"
declare -grx LOG_INS="${DIR_LOG}/ciss_debian_installer_$$_install.log"
declare -grx LOG_NIC="${DIR_LOG}/ciss_debian_installer_$$_nic.log"
declare -grx LOG_UID="${DIR_LOG}/ciss_debian_installer_$$_uuid.log"
declare -grx LOG_DBS="${DIR_LOG}/ciss_debian_installer_$$_debootstrap.log"
declare -grx LOG_REC="${DIR_LOG}/ciss_debian_installer_$$_recovery.log"

### Initialize the variable of imported and cleaned 'YAML' -> 'BASH-variable'-file.
declare -grx VAR_PRESEED="${DIR_TMP}/combined.var"
declare -grx VAR_SETUP_CONF="${DIR_CNF}/preseed.yaml"
declare -grx VAR_SETUP_PART="${DIR_CNF}/partitioning.yaml"

### Initialize SECRETS.yaml variables.
# shellcheck disable=SC2034
declare -gA   CISS_SECRETS_MAP=()                                # YAML path (w/o '.value' and without 'secrets.') -> varname.
# shellcheck disable=SC2034
declare -g    CISS_SECRETS_AGE="/root/.config/sops/age/keys.txt" # AGE PRIVATE Keyfile to decrypt SOPS encrypted values.
# shellcheck disable=SC2034
declare -gr   CISS_SECRETS_SOURCE="${DIR_CNF}/SECRETS.yaml"      # Effective YAML source used (plain or decrypted stream).

### Base mount paths and variables for debootstrap.
declare -grx TARGET="/target"
declare -grx RECOVERY="/recovery"
declare -grx VAR_SAFE_MNT_BASE="/run/ciss/bootstrap"
declare -gx  VAR_NEED_RUN_IN_TARGET="false"
declare -gx  VAR_RUN_RECOVERY="false"

### Default chroot debug policy.
declare -gx VAR_CHROOT_DEBUG="false"

### Default log level.
declare -gx VAR_DEFAULT_LOG_LEVEL="info"

### Default priority level.
declare -gix VAR_PRIORITY=0
declare -gix VAR_REIONICE_CLASS=2
declare -gix VAR_REIONICE_PRIORITY=4

### 4010_prepare_mounts.sh
declare -gx VAR_CHROOT_ACTIVATED="false"

### 4120_installation_kernel.sh
declare -gx VAR_KERNEL=""

### 4240_update_grub_password.sh
declare -gx VAR_GRUB_PASSWORD="false"

### 4310_dropbear_build.sh
declare -gx VAR_DROPBEAR=""

### 4330_installation_ssh.sh
declare -gx VAR_SSH_PORT=""

### 4470_hardening_ufw.sh
declare -gx VAR_UFW_OUT="deny"

# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh