73 lines
1.4 KiB
Bash
Executable file
73 lines
1.4 KiB
Bash
Executable file
#!/run/current-system/profile/bin/bash
|
|
|
|
source ./guix-log
|
|
source ./guix-env
|
|
|
|
CRYPT_PARTITION=""
|
|
EFI_PARTITION=""
|
|
PASSWORD=""
|
|
PASSWORD_CONFIRM=""
|
|
|
|
EVENT "Setting up disk encryption with luks"
|
|
|
|
if [[ $DISK == "/dev/sd"* ]]; then
|
|
CRYPT_PARTITION="$DISK""2"
|
|
EFI_PARTITION="$DISK""1"
|
|
elif [[ $DISK == "/dev/nvme"* ]]; then
|
|
CRYPT_PARTITION="$DISK""p2"
|
|
EFI_PARTITION="$DISK""p1"
|
|
else
|
|
ERROR "Unsupported drive type, must be sata or nvme!"
|
|
exit 1
|
|
fi
|
|
|
|
get_password() {
|
|
read -s -p "LUKS password: " PASSWORD
|
|
printf "\n"
|
|
read -s -p "Confirm password: " PASSWORD_CONFIRM
|
|
printf "\n"
|
|
if [ "$PASSWORD" == "$PASSWORD_CONFIRM" ]; then
|
|
return
|
|
else
|
|
ERROR "Passwords do not match"
|
|
get_password
|
|
fi
|
|
}
|
|
|
|
get_password
|
|
|
|
EVENT "Setting up luks"
|
|
|
|
cryptsetup luksFormat --type luks1 "$CRYPT_PARTITION" <<EOF
|
|
$PASSWORD
|
|
$PASSWORD_CONFIRM
|
|
EOF
|
|
|
|
EVENT "Opening cryptroot"
|
|
|
|
cryptsetup open "$CRYPT_PARTITION" cryptroot <<EOF
|
|
$PASSWORD
|
|
EOF
|
|
|
|
EVENT "Setting up cryptroot btrfs"
|
|
|
|
mkfs.btrfs "/dev/mapper/cryptroot"
|
|
|
|
EVENT "Mounting cryptroot"
|
|
|
|
mkdir -p /mnt
|
|
mount /dev/mapper/cryptroot /mnt
|
|
|
|
EVENT "Setting up EFI vfat"
|
|
|
|
mkfs.vfat "-F32" "$EFI_PARTITION"
|
|
|
|
EVENT "Mounting EFI"
|
|
|
|
mkdir -p /mnt/boot/efi
|
|
mount $EFI_PARTITION /mnt/boot/efi
|
|
|
|
EVENT "Successfully setup efi vfat and luks"
|
|
|
|
echo "CRYPT_PARTITION=\"$CRYPT_PARTITION\"" >> ./guix-env
|
|
echo "EFI_PARTITION=\"$EFI_PARTITION\"" >> ./guix-env
|