2023-10-07 19:42:29 +00:00
|
|
|
#!/run/current-system/profile/bin/bash
|
2023-10-07 19:38:22 +00:00
|
|
|
|
|
|
|
source ./guix-log
|
|
|
|
source ./guix-env
|
|
|
|
|
|
|
|
CRYPT_PARTITION=""
|
|
|
|
EFI_PARTITION=""
|
|
|
|
PASSWORD=""
|
|
|
|
PASSWORD_CONFIRM=""
|
|
|
|
|
|
|
|
EVENT "Setting up disk encryption with luks"
|
|
|
|
|
|
|
|
if [[ $DISK == sd* ]]; then
|
|
|
|
CRYPT_PARTITION="$DISK""2"
|
|
|
|
EFI_PARTITION="$DISK""1"
|
|
|
|
elif [[ $DISK == nvme** ]]; then
|
|
|
|
CRYPT_PARTITION="$DISK""p2"
|
|
|
|
EFI_PARTITION="$DISK""p1"
|
|
|
|
else
|
|
|
|
ERROR "Unsupported drive type, must be sata or nvme!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
get_password() {
|
|
|
|
read -s -p "LUKS password: " PASSWORD
|
|
|
|
read -s -p "Confirm password: " PASSWORD_CONFIRM
|
|
|
|
if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
ERROR "Passwords do not match"
|
|
|
|
get_password
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
get_password
|
|
|
|
|
|
|
|
EVENT "Setting up luks"
|
|
|
|
|
|
|
|
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
|
|
|
|
YES
|
|
|
|
$PASSWORD
|
|
|
|
$CONFIRM_PASSWORD
|
|
|
|
EOF
|
|
|
|
|
|
|
|
EVENT "Opening cryptroot"
|
|
|
|
|
|
|
|
cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
|
|
|
|
$PASSWORD
|
|
|
|
EOF
|
|
|
|
|
|
|
|
EVENT "Mounting cryptroot"
|
|
|
|
|
|
|
|
mount /dev/mapper/cryptroot /mnt
|
|
|
|
|
|
|
|
EVENT "Setting up EFI vfat"
|
|
|
|
|
|
|
|
mkfs.vfat "-F32" "$EFI_PARTITION"
|
|
|
|
|
|
|
|
EVENT "Successfully setup efi vfat and luks"
|
|
|
|
|
|
|
|
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
|
|
|
|
echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env
|