From 80df8ba1b36bcac4905919d0ff012b7ae099769d Mon Sep 17 00:00:00 2001
From: Tyler Murphy <tylerm@tylerm.dev>
Date: Sat, 7 Oct 2023 15:38:22 -0400
Subject: guix-strap

---
 guix-strap/guix-crypt | 62 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100755 guix-strap/guix-crypt

(limited to 'guix-strap/guix-crypt')

diff --git a/guix-strap/guix-crypt b/guix-strap/guix-crypt
new file mode 100755
index 0000000..dd7c496
--- /dev/null
+++ b/guix-strap/guix-crypt
@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+source ./guix-log
+source ./guix-env
+
+CRYPT_PARTITION=""
+EFI_PARTITION=""
+PASSWORD=""
+PASSWORD_CONFIRM=""
+
+EVENT "Setting up disk encryption with luks"
+
+if [[ $DISK == sd* ]]; then
+    CRYPT_PARTITION="$DISK""2"
+    EFI_PARTITION="$DISK""1"
+elif [[ $DISK == nvme** ]]; then
+    CRYPT_PARTITION="$DISK""p2"
+    EFI_PARTITION="$DISK""p1"
+else
+    ERROR "Unsupported drive type, must be sata or nvme!"
+    exit 1
+fi
+
+get_password() {
+    read -s -p "LUKS password: " PASSWORD
+    read -s -p "Confirm password: " PASSWORD_CONFIRM
+    if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
+        exit 0
+    else
+        ERROR "Passwords do not match"
+        get_password
+    fi
+}
+
+get_password
+
+EVENT "Setting up luks"
+
+cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
+YES
+$PASSWORD
+$CONFIRM_PASSWORD
+EOF
+
+EVENT "Opening cryptroot"
+
+cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
+$PASSWORD
+EOF
+
+EVENT "Mounting cryptroot"
+
+mount /dev/mapper/cryptroot /mnt
+
+EVENT "Setting up EFI vfat"
+
+mkfs.vfat "-F32" "$EFI_PARTITION"
+
+EVENT "Successfully setup efi vfat and luks"
+
+echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
+echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env
-- 
cgit v1.2.3-freya