#!/run/current-system/profile/bin/bash

source ./guix-log
source ./guix-env

CRYPT_PARTITION=""
EFI_PARTITION=""
PASSWORD=""
PASSWORD_CONFIRM=""

EVENT "Setting up disk encryption with luks"

if [[ $DISK == "/dev/sd"* ]]; then
    CRYPT_PARTITION="$DISK""2"
    EFI_PARTITION="$DISK""1"
elif [[ $DISK == "/dev/nvme"* ]]; then
    CRYPT_PARTITION="$DISK""p2"
    EFI_PARTITION="$DISK""p1"
else
    ERROR "Unsupported drive type, must be sata or nvme!"
    exit 1
fi

get_password() {
    read -s -p "LUKS password: " PASSWORD
    printf "\n"
    read -s -p "Confirm password: " PASSWORD_CONFIRM
    printf "\n"
    if [ "$PASSWORD" == "$PASSWORD_CONFIRM" ]; then
        return
    else
        ERROR "Passwords do not match"
        get_password
    fi
}

get_password

EVENT "Setting up luks"

cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
$PASSWORD
$PASSWORD_CONFIRM
EOF

EVENT "Opening cryptroot"

cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
$PASSWORD
EOF

EVENT "Setting up cryptroot btrfs"

mkfs.btrfs "/dev/mapper/cryptroot"

EVENT "Mounting cryptroot"

mkdir -p /mnt
mount /dev/mapper/cryptroot /mnt

EVENT "Setting up EFI vfat"

mkfs.vfat "-F32" "$EFI_PARTITION"

EVENT "Mounting EFI"

mkddir -p /mnt/boot/efi
mount $EFI_PARTITION /mnt/boot/efi

EVENT "Successfully setup efi vfat and luks"

echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" >> ./guix-env
echo "EFI_PARTITION=\"$EFI_PARTITION\"" >> ./guix-env