1 files changed, 62 insertions, 0 deletions

diff --git a/guix-strap/guix-crypt b/guix-strap/guix-crypt
new file mode 100755
index 0000000..dd7c496
--- /dev/null
+++ b/guix-strap/guix-crypt
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+source ./guix-log
+source ./guix-env
+
+CRYPT_PARTITION=""
+EFI_PARTITION=""
+PASSWORD=""
+PASSWORD_CONFIRM=""
+
+EVENT "Setting up disk encryption with luks"
+
+if [[ $DISK == sd* ]]; then
+    CRYPT_PARTITION="$DISK""2"
+    EFI_PARTITION="$DISK""1"
+elif [[ $DISK == nvme** ]]; then
+    CRYPT_PARTITION="$DISK""p2"
+    EFI_PARTITION="$DISK""p1"
+else
+    ERROR "Unsupported drive type, must be sata or nvme!"
+    exit 1
+fi
+
+get_password() {
+    read -s -p "LUKS password: " PASSWORD
+    read -s -p "Confirm password: " PASSWORD_CONFIRM
+    if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
+        exit 0
+    else
+        ERROR "Passwords do not match"
+        get_password
+    fi
+}
+
+get_password
+
+EVENT "Setting up luks"
+
+cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
+YES
+$PASSWORD
+$CONFIRM_PASSWORD
+EOF
+
+EVENT "Opening cryptroot"
+
+cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
+$PASSWORD
+EOF
+
+EVENT "Mounting cryptroot"
+
+mount /dev/mapper/cryptroot /mnt
+
+EVENT "Setting up EFI vfat"
+
+mkfs.vfat "-F32" "$EFI_PARTITION"
+
+EVENT "Successfully setup efi vfat and luks"
+
+echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
+echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env