dotfiles-guix/guix-strap/guix-crypt

63 lines
1.2 KiB
Text
Raw Normal View History

2023-10-07 19:38:22 +00:00
#!/usr/bin/env bash
source ./guix-log
source ./guix-env
CRYPT_PARTITION=""
EFI_PARTITION=""
PASSWORD=""
PASSWORD_CONFIRM=""
EVENT "Setting up disk encryption with luks"
if [[ $DISK == sd* ]]; then
CRYPT_PARTITION="$DISK""2"
EFI_PARTITION="$DISK""1"
elif [[ $DISK == nvme** ]]; then
CRYPT_PARTITION="$DISK""p2"
EFI_PARTITION="$DISK""p1"
else
ERROR "Unsupported drive type, must be sata or nvme!"
exit 1
fi
get_password() {
read -s -p "LUKS password: " PASSWORD
read -s -p "Confirm password: " PASSWORD_CONFIRM
if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
exit 0
else
ERROR "Passwords do not match"
get_password
fi
}
get_password
EVENT "Setting up luks"
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
YES
$PASSWORD
$CONFIRM_PASSWORD
EOF
EVENT "Opening cryptroot"
cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
$PASSWORD
EOF
EVENT "Mounting cryptroot"
mount /dev/mapper/cryptroot /mnt
EVENT "Setting up EFI vfat"
mkfs.vfat "-F32" "$EFI_PARTITION"
EVENT "Successfully setup efi vfat and luks"
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env