summaryrefslogtreecommitdiff
path: root/installer/guix-crypt
diff options
context:
space:
mode:
Diffstat (limited to 'installer/guix-crypt')
-rwxr-xr-xinstaller/guix-crypt70
1 files changed, 70 insertions, 0 deletions
diff --git a/installer/guix-crypt b/installer/guix-crypt
new file mode 100755
index 0000000..b25bc99
--- /dev/null
+++ b/installer/guix-crypt
@@ -0,0 +1,70 @@
+#!/run/current-system/profile/bin/bash
+
+source ./guix-log
+source ./guix-env
+
+CRYPT_PARTITION=""
+EFI_PARTITION=""
+PASSWORD=""
+PASSWORD_CONFIRM=""
+
+EVENT "Setting up disk encryption with luks"
+
+if [[ $DISK == "/dev/sd"* ]]; then
+ CRYPT_PARTITION="$DISK""2"
+ EFI_PARTITION="$DISK""1"
+elif [[ $DISK == "/dev/vd"* ]]; then
+ CRYPT_PARTITION="$DISK""2"
+ EFI_PARTITION="$DISK""1"
+elif [[ $DISK == "/dev/nvme"* ]]; then
+ CRYPT_PARTITION="$DISK""p2"
+ EFI_PARTITION="$DISK""p1"
+else
+ ERROR "Unsupported drive type, must be sata or nvme!"
+ exit 1
+fi
+
+get_password() {
+ read -s -p "LUKS password: " PASSWORD
+ printf "\n"
+ read -s -p "Confirm password: " PASSWORD_CONFIRM
+ printf "\n"
+ if [ "$PASSWORD" == "$PASSWORD_CONFIRM" ]; then
+ return
+ else
+ ERROR "Passwords do not match"
+ get_password
+ fi
+}
+
+get_password
+
+EVENT "Setting up luks"
+
+cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
+$PASSWORD
+$PASSWORD_CONFIRM
+EOF
+
+EVENT "Opening root"
+
+cryptsetup open "$CRYPT_PARTITION" root <<EOF
+$PASSWORD
+EOF
+
+EVENT "Setting up root btrfs"
+
+mkfs.btrfs "/dev/mapper/root"
+
+EVENT "Mounting root"
+
+mount /dev/mapper/root /mnt
+
+EVENT "Setting up EFI vfat"
+
+mkfs.vfat "-F32" "$EFI_PARTITION"
+
+EVENT "Successfully setup efi vfat and luks"
+
+echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" >> ./guix-env
+echo "EFI_PARTITION=\"$EFI_PARTITION\"" >> ./guix-env
generated by cgit v1.2.3-freya (git 2.51.0) at 2025-09-22 18:41:57 +0000