#!/usr/bin/env bash

source ./guix-log
source ./guix-env

CRYPT_PARTITION=""
EFI_PARTITION=""
PASSWORD=""
PASSWORD_CONFIRM=""

EVENT "Setting up disk encryption with luks"

if [[ $DISK == sd* ]]; then
    CRYPT_PARTITION="$DISK""2"
    EFI_PARTITION="$DISK""1"
elif [[ $DISK == nvme** ]]; then
    CRYPT_PARTITION="$DISK""p2"
    EFI_PARTITION="$DISK""p1"
else
    ERROR "Unsupported drive type, must be sata or nvme!"
    exit 1
fi

get_password() {
    read -s -p "LUKS password: " PASSWORD
    read -s -p "Confirm password: " PASSWORD_CONFIRM
    if [ "$PASSWORD" == "$CONFIRM_PASSWORD" ]; then
        exit 0
    else
        ERROR "Passwords do not match"
        get_password
    fi
}

get_password

EVENT "Setting up luks"

cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
YES
$PASSWORD
$CONFIRM_PASSWORD
EOF

EVENT "Opening cryptroot"

cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
$PASSWORD
EOF

EVENT "Mounting cryptroot"

mount /dev/mapper/cryptroot /mnt

EVENT "Setting up EFI vfat"

mkfs.vfat "-F32" "$EFI_PARTITION"

EVENT "Successfully setup efi vfat and luks"

echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" > ./guix-env
echo "EFI_PARTITION=\"$EFI_PARTITION\"" > ./guix-env