blob: b25bc99fcb37be3ee2f16cc553d6818fa2c2a6c9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
#!/run/current-system/profile/bin/bash
source ./guix-log
source ./guix-env
CRYPT_PARTITION=""
EFI_PARTITION=""
PASSWORD=""
PASSWORD_CONFIRM=""
EVENT "Setting up disk encryption with luks"
if [[ $DISK == "/dev/sd"* ]]; then
CRYPT_PARTITION="$DISK""2"
EFI_PARTITION="$DISK""1"
elif [[ $DISK == "/dev/vd"* ]]; then
CRYPT_PARTITION="$DISK""2"
EFI_PARTITION="$DISK""1"
elif [[ $DISK == "/dev/nvme"* ]]; then
CRYPT_PARTITION="$DISK""p2"
EFI_PARTITION="$DISK""p1"
else
ERROR "Unsupported drive type, must be sata or nvme!"
exit 1
fi
get_password() {
read -s -p "LUKS password: " PASSWORD
printf "\n"
read -s -p "Confirm password: " PASSWORD_CONFIRM
printf "\n"
if [ "$PASSWORD" == "$PASSWORD_CONFIRM" ]; then
return
else
ERROR "Passwords do not match"
get_password
fi
}
get_password
EVENT "Setting up luks"
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
$PASSWORD
$PASSWORD_CONFIRM
EOF
EVENT "Opening root"
cryptsetup open "$CRYPT_PARTITION" root <<EOF
$PASSWORD
EOF
EVENT "Setting up root btrfs"
mkfs.btrfs "/dev/mapper/root"
EVENT "Mounting root"
mount /dev/mapper/root /mnt
EVENT "Setting up EFI vfat"
mkfs.vfat "-F32" "$EFI_PARTITION"
EVENT "Successfully setup efi vfat and luks"
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" >> ./guix-env
echo "EFI_PARTITION=\"$EFI_PARTITION\"" >> ./guix-env
|
