60 lines
1.6 KiB
Bash
60 lines
1.6 KiB
Bash
|
#! @bash@/bin/sh
|
||
|
|
||
|
set -e
|
||
|
|
||
|
# e.g /dev/nvme0n1
|
||
|
SSD_PATH=$1
|
||
|
KEY_FILE=$2
|
||
|
|
||
|
if echo "$SSD_PATH" | grep -q "[0-9]$"; then
|
||
|
PARTITION_SEPARATOR="p"
|
||
|
else
|
||
|
PARTITION_SEPARATOR=""
|
||
|
fi
|
||
|
|
||
|
if [ -z "$SSD_PATH" ]; then
|
||
|
echo "Please specify a path to device as first argument"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
if [ -z "$KEY_FILE" ]; then
|
||
|
echo "Please specify a key file to use"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
if [ "$EUID" -ne 0 ]; then
|
||
|
echo "Please run as root"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
# encrypted partition label
|
||
|
SSD_ENCRYPTED_PARTLABEL=@SSD_ENCRYPTED_PARTLABEL@
|
||
|
# unencrypted filesystem label
|
||
|
SSD_UNENCRYPTED_LABEL=@SSD_UNENCRYPTED_LABEL@
|
||
|
# ssd boot label
|
||
|
SSD_BOOT_LABEL=@SSD_BOOT_LABEL@
|
||
|
|
||
|
echo "Creating Lappy's SSD."
|
||
|
|
||
|
echo "Creating Partitions..."
|
||
|
@parted@/bin/parted ${SSD_PATH} -- mklabel gpt
|
||
|
@parted@/bin/parted ${SSD_PATH} -- mkpart ESP fat32 1MiB 512MiB
|
||
|
@parted@/bin/parted ${SSD_PATH} -- mkpart primary 620MiB -1MiB
|
||
|
@parted@/bin/parted ${SSD_PATH} -- set 1 esp on
|
||
|
@parted@/bin/parted ${SSD_PATH} -- name 1 "${SSD_BOOT_LABEL}"
|
||
|
@parted@/bin/parted ${SSD_PATH} -- name 2 "${SSD_ENCRYPTED_PARTLABEL}"
|
||
|
|
||
|
echo "Formatting boot partition"
|
||
|
@dosfstools@/bin/mkfs.fat -n "${SSD_BOOT_LABEL}" "${SSD_PATH}${PARTITION_SEPARATOR}1"
|
||
|
|
||
|
echo "Creating Encrypted Partition"
|
||
|
@cryptsetup@/bin/cryptsetup luksFormat "${SSD_PATH}${PARTITION_SEPARATOR}2" --key-file "${KEY_FILE}"
|
||
|
|
||
|
echo "Opening Encrypted Partition"
|
||
|
@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_enc_ssd" --key-file "${KEY_FILE}"
|
||
|
|
||
|
echo "Formatting Encrypted Root Filesystem"
|
||
|
@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_enc_ssd
|
||
|
|
||
|
echo "Closing Encrypted Partition"
|
||
|
@cryptsetup@/bin/cryptsetup close "mk_enc_ssd"
|