dotfiles-guix/guix-strap/guix-crypt

77 lines
1.5 KiB
Text
Raw Normal View History

2023-10-07 19:42:29 +00:00
#!/run/current-system/profile/bin/bash
2023-10-07 19:38:22 +00:00
source ./guix-log
source ./guix-env
CRYPT_PARTITION=""
EFI_PARTITION=""
PASSWORD=""
PASSWORD_CONFIRM=""
EVENT "Setting up disk encryption with luks"
if [[ $DISK == "/dev/sd"* ]]; then
2023-10-07 19:38:22 +00:00
CRYPT_PARTITION="$DISK""2"
EFI_PARTITION="$DISK""1"
2024-03-06 23:56:31 +00:00
elif [[ $DISK == "/dev/vd"* ]]; then
CRYPT_PARTITION="$DISK""2"
EFI_PARTITION="$DISK""1"
elif [[ $DISK == "/dev/nvme"* ]]; then
2023-10-07 19:38:22 +00:00
CRYPT_PARTITION="$DISK""p2"
EFI_PARTITION="$DISK""p1"
else
ERROR "Unsupported drive type, must be sata or nvme!"
exit 1
fi
get_password() {
read -s -p "LUKS password: " PASSWORD
printf "\n"
2023-10-07 19:38:22 +00:00
read -s -p "Confirm password: " PASSWORD_CONFIRM
printf "\n"
if [ "$PASSWORD" == "$PASSWORD_CONFIRM" ]; then
return
2023-10-07 19:38:22 +00:00
else
ERROR "Passwords do not match"
get_password
fi
}
get_password
2023-10-07 19:38:22 +00:00
EVENT "Setting up luks"
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
$PASSWORD
$PASSWORD_CONFIRM
2023-10-07 19:38:22 +00:00
EOF
2024-03-06 23:56:31 +00:00
EVENT "Opening root"
2023-10-07 19:38:22 +00:00
2024-03-06 23:56:31 +00:00
cryptsetup open "$CRYPT_PARTITION" root <<EOF
2023-10-07 19:38:22 +00:00
$PASSWORD
EOF
2024-03-06 23:56:31 +00:00
EVENT "Setting up root btrfs"
2024-03-06 23:56:31 +00:00
mkfs.btrfs "/dev/mapper/root"
2024-03-06 23:56:31 +00:00
EVENT "Mounting root"
2023-10-07 19:38:22 +00:00
2023-11-03 16:33:32 +00:00
mkdir -p /mnt
2024-03-06 23:56:31 +00:00
mount /dev/mapper/root /mnt
2023-10-07 19:38:22 +00:00
EVENT "Setting up EFI vfat"
mkfs.vfat "-F32" "$EFI_PARTITION"
2023-10-10 00:25:57 +00:00
EVENT "Mounting EFI"
2023-11-03 16:34:33 +00:00
mkdir -p /mnt/boot/efi
2023-10-10 00:25:57 +00:00
mount $EFI_PARTITION /mnt/boot/efi
2023-10-07 19:38:22 +00:00
EVENT "Successfully setup efi vfat and luks"
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" >> ./guix-env
echo "EFI_PARTITION=\"$EFI_PARTITION\"" >> ./guix-env