63 lines
1.2 KiB
Text
63 lines
1.2 KiB
Text
|
#!/usr/bin/env bash
|
||
|
|
||
|
source ./guix-log
|
||
|
source ./guix-env
|
||
|
|
||
|
CRYPT_PARTITION=""
|
||
|
EFI_PARTITION=""
|
||
|
PASSWORD=""
|
||
|
PASSWORD_CONFIRM=""
|
||
|
|
||
|
EVENT "Setting up disk encryption with luks"
|
||
|
|
||
|
if [[ $DISK == sd* ]]; then
|
||
|
CRYPT_PARTITION="$DISK""2"
|
||
|
EFI_PARTITION="$DISK""1"
|
||
|
elif [[ $DISK == nvme** ]]; then
|
||
|
CRYPT_PARTITION="$DISK""p2"
|
||
|
EFI_PARTITION="$DISK""p1"
|
||
|
else
|
||
|
ERROR "Unsupported drive type, must be sata or nvme!"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
get_password() {
|
||
|
read -s -p "LUKS password: " PASSWORD
|
||
|
read -s -p "Confirm password: " PASSWORD_CONFIRM
|
||
|
if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
|
||
|
exit 0
|
||
|
else
|
||
|
ERROR "Passwords do not match"
|
||
|
get_password
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
get_password
|
||
|
|
||
|
EVENT "Setting up luks"
|
||
|
|
||
|
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
|
||
|
YES
|
||
|
$PASSWORD
|
||
|
$CONFIRM_PASSWORD
|
||
|
EOF
|
||
|
|
||
|
EVENT "Opening cryptroot"
|
||
|
|
||
|
cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
|
||
|
$PASSWORD
|
||
|
EOF
|
||
|
|
||
|
EVENT "Mounting cryptroot"
|
||
|
|
||
|
mount /dev/mapper/cryptroot /mnt
|
||
|
|
||
|
EVENT "Setting up EFI vfat"
|
||
|
|
||
|
mkfs.vfat "-F32" "$EFI_PARTITION"
|
||
|
|
||
|
EVENT "Successfully setup efi vfat and luks"
|
||
|
|
||
|
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
|
||
|
echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env
|