blob: 1f170999e44a54d8876091a7084e45412d46fb3d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/run/current-system/profile/bin/bash
source ./guix-log
source ./guix-env
CRYPT_PARTITION=""
EFI_PARTITION=""
PASSWORD=""
PASSWORD_CONFIRM=""
EVENT "Setting up disk encryption with luks"
if [[ $DISK == sd* ]]; then
CRYPT_PARTITION="$DISK""2"
EFI_PARTITION="$DISK""1"
elif [[ $DISK == nvme** ]]; then
CRYPT_PARTITION="$DISK""p2"
EFI_PARTITION="$DISK""p1"
else
ERROR "Unsupported drive type, must be sata or nvme!"
exit 1
fi
get_password() {
read -s -p "LUKS password: " PASSWORD
read -s -p "Confirm password: " PASSWORD_CONFIRM
if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
exit 0
else
ERROR "Passwords do not match"
get_password
fi
}
get_password
EVENT "Setting up luks"
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
YES
$PASSWORD
$CONFIRM_PASSWORD
EOF
EVENT "Opening cryptroot"
cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
$PASSWORD
EOF
EVENT "Mounting cryptroot"
mount /dev/mapper/cryptroot /mnt
EVENT "Setting up EFI vfat"
mkfs.vfat "-F32" "$EFI_PARTITION"
EVENT "Successfully setup efi vfat and luks"
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env
|
