#! @bash@/bin/sh

set -e

# e.g /dev/nvme0n1
SSD_PATH=$1
KEY_FILE=$2

if echo "$SSD_PATH" | grep -q "[0-9]$"; then
    PARTITION_SEPARATOR="p"
else
    PARTITION_SEPARATOR=""
fi

if [ -z "$SSD_PATH" ]; then
  echo "Please specify a path to device as first argument"
  exit 1
fi

if [ -z "$KEY_FILE" ]; then
  echo "Please specify a key file to use"
  exit 1
fi

if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit
fi

# encrypted partition label
SSD_ENCRYPTED_PARTLABEL=@SSD_ENCRYPTED_PARTLABEL@
# unencrypted filesystem label
SSD_UNENCRYPTED_LABEL=@SSD_UNENCRYPTED_LABEL@
# ssd boot label
SSD_BOOT_LABEL=@SSD_BOOT_LABEL@

echo "Creating Partitions..."
@parted@/bin/parted ${SSD_PATH} -- mklabel gpt
@parted@/bin/parted ${SSD_PATH} -- mkpart ESP fat32 1MiB 512MiB
@parted@/bin/parted ${SSD_PATH} -- mkpart primary 620MiB -1MiB
@parted@/bin/parted ${SSD_PATH} -- set 1 esp on
@parted@/bin/parted ${SSD_PATH} -- name 1 "${SSD_BOOT_LABEL}"
@parted@/bin/parted ${SSD_PATH} -- name 2 "${SSD_ENCRYPTED_PARTLABEL}"

echo "Formatting boot partition"
@dosfstools@/bin/mkfs.fat -n "${SSD_BOOT_LABEL}" "${SSD_PATH}${PARTITION_SEPARATOR}1"

echo "Creating Encrypted Partition"
@cryptsetup@/bin/cryptsetup luksFormat "${SSD_PATH}${PARTITION_SEPARATOR}2" --key-file "${KEY_FILE}"

echo "Opening Encrypted Partition"
@cryptsetup@/bin/cryptsetup open "${SSD_PATH}${PARTITION_SEPARATOR}2" "mk_normal_enc_ssd" --key-file "${KEY_FILE}"

echo "Formatting Encrypted Root Filesystem"
@e2fsprogs@/bin/mkfs.ext4 -L "${SSD_UNENCRYPTED_LABEL}" /dev/mapper/mk_normal_enc_ssd

echo "mount /dev/mapper/mk_normal_enc_ssd to install"