From cf5d8d92f1904511006a89970349dbf723ae1732 Mon Sep 17 00:00:00 2001
From: Freya Murphy <freya@freyacat.org>
Date: Fri, 21 Jun 2024 22:52:21 -0400
Subject: update things

---
 installer/guix-crypt | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100755 installer/guix-crypt

(limited to 'installer/guix-crypt')

diff --git a/installer/guix-crypt b/installer/guix-crypt
new file mode 100755
index 0000000..b25bc99
--- /dev/null
+++ b/installer/guix-crypt
@@ -0,0 +1,70 @@
+#!/run/current-system/profile/bin/bash
+
+source ./guix-log
+source ./guix-env
+
+CRYPT_PARTITION=""
+EFI_PARTITION=""
+PASSWORD=""
+PASSWORD_CONFIRM=""
+
+EVENT "Setting up disk encryption with luks"
+
+if [[ $DISK == "/dev/sd"* ]]; then
+    CRYPT_PARTITION="$DISK""2"
+    EFI_PARTITION="$DISK""1"
+elif [[ $DISK == "/dev/vd"* ]]; then
+    CRYPT_PARTITION="$DISK""2"
+    EFI_PARTITION="$DISK""1"
+elif [[ $DISK == "/dev/nvme"* ]]; then
+    CRYPT_PARTITION="$DISK""p2"
+    EFI_PARTITION="$DISK""p1"
+else
+    ERROR "Unsupported drive type, must be sata or nvme!"
+    exit 1
+fi
+
+get_password() {
+    read -s -p "LUKS password: " PASSWORD
+    printf "\n"
+    read -s -p "Confirm password: " PASSWORD_CONFIRM
+    printf "\n"
+    if [ "$PASSWORD" == "$PASSWORD_CONFIRM" ]; then
+        return
+    else
+        ERROR "Passwords do not match"
+        get_password
+    fi
+}
+
+get_password
+
+EVENT "Setting up luks"
+
+cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
+$PASSWORD
+$PASSWORD_CONFIRM
+EOF
+
+EVENT "Opening root"
+
+cryptsetup open "$CRYPT_PARTITION" root <<EOF
+$PASSWORD
+EOF
+
+EVENT "Setting up root btrfs"
+
+mkfs.btrfs "/dev/mapper/root"
+
+EVENT "Mounting root"
+
+mount /dev/mapper/root /mnt
+
+EVENT "Setting up EFI vfat"
+
+mkfs.vfat "-F32" "$EFI_PARTITION"
+
+EVENT "Successfully setup efi vfat and luks"
+
+echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" >> ./guix-env
+echo "EFI_PARTITION=\"$EFI_PARTITION\"" >> ./guix-env
-- 
cgit v1.2.3-freya