2020-01-11 21:02:26 +01:00
|
|
|
{ pkgs, lib, vgname ? "vgname", luksmap ? "luksmap", ... }:
|
2017-01-17 18:44:08 +01:00
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
2020-09-27 15:42:33 +02:00
|
|
|
pkgs.writeScriptBin "init" ''
|
2020-01-11 21:02:26 +01:00
|
|
|
#!/usr/bin/env nix-shell
|
2020-09-27 15:42:33 +02:00
|
|
|
#! nix-shell -i bash -p cryptsetup gptfdisk jq libxfs
|
|
|
|
set -xefuo pipefail
|
2017-01-17 18:44:08 +01:00
|
|
|
|
2020-01-11 21:02:26 +01:00
|
|
|
disk=$1
|
2017-01-17 18:44:08 +01:00
|
|
|
|
2020-01-11 21:02:26 +01:00
|
|
|
if mount | grep -q "$disk"; then
|
|
|
|
echo "target device is already mounted, bailout"
|
|
|
|
exit 2
|
|
|
|
fi
|
2017-01-17 18:44:08 +01:00
|
|
|
|
2020-09-27 15:42:33 +02:00
|
|
|
bootdev="$disk"2
|
2020-01-11 21:02:26 +01:00
|
|
|
luksdev="$disk"3
|
2017-01-17 18:44:08 +01:00
|
|
|
luksmap=/dev/mapper/${luksmap}
|
|
|
|
|
|
|
|
vgname=${vgname}
|
|
|
|
|
2017-06-30 13:14:57 +02:00
|
|
|
|
2017-01-17 18:44:08 +01:00
|
|
|
rootdev=/dev/mapper/${vgname}-root
|
|
|
|
homedev=/dev/mapper/${vgname}-home
|
|
|
|
|
2020-01-11 21:02:26 +01:00
|
|
|
read -p "LUKS Password: " lukspw
|
2017-01-21 18:29:21 +01:00
|
|
|
|
2017-01-17 18:44:08 +01:00
|
|
|
#
|
|
|
|
# partitioning
|
|
|
|
#
|
|
|
|
|
|
|
|
# http://en.wikipedia.org/wiki/GUID_Partition_Table
|
|
|
|
# undo:
|
|
|
|
# dd if=/dev/zero bs=512 count=34 of=/dev/sda
|
|
|
|
# TODO zero last 34 blocks (lsblk -bno SIZE /dev/sda)
|
|
|
|
if ! test "$(blkid -o value -s PTTYPE "$disk")" = gpt; then
|
2020-09-27 15:42:33 +02:00
|
|
|
sgdisk -og "$disk"
|
|
|
|
sgdisk -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 "$disk"
|
|
|
|
sgdisk -n 2:4096:+1G -c 2:"EFI System Partition" -t 2:ef00 "$disk"
|
|
|
|
sgdisk -n 3:0:0 -c 3:"LUKS container" -t 3:8300 "$disk"
|
2017-01-17 18:44:08 +01:00
|
|
|
fi
|
|
|
|
|
2020-09-27 15:42:33 +02:00
|
|
|
if ! test "$(blkid -o value -s PARTLABEL "$luksdev")" = "LUKS container"; then
|
2017-01-17 18:44:08 +01:00
|
|
|
echo zonk2
|
|
|
|
exit 23
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! cryptsetup isLuks "$luksdev"; then
|
|
|
|
# aes xts-plain64
|
2020-01-11 21:02:26 +01:00
|
|
|
echo -n "$lukspw" | cryptsetup luksFormat "$luksdev" - \
|
2017-01-17 18:44:08 +01:00
|
|
|
-h sha512 \
|
|
|
|
--iter-time 5000
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! test -e "$luksmap"; then
|
2020-01-11 21:02:26 +01:00
|
|
|
echo "$lukspw" | cryptsetup luksOpen "$luksdev" "$(basename "$luksmap")" -
|
2017-01-17 18:44:08 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
if ! test "$(blkid -o value -s TYPE "$luksmap")" = LVM2_member; then
|
|
|
|
pvcreate "$luksmap"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if ! vgdisplay -s "$vgname"; then vgcreate "$vgname" "$luksmap"; fi
|
|
|
|
|
|
|
|
lvchange -a y /dev/mapper/"$vgname"
|
|
|
|
|
2020-09-27 15:42:33 +02:00
|
|
|
if ! test -e "$rootdev"; then lvcreate -L 3G -n root "$vgname"; fi
|
2017-01-17 18:44:08 +01:00
|
|
|
|
|
|
|
#
|
|
|
|
# formatting
|
|
|
|
#
|
|
|
|
|
2017-06-30 13:14:57 +02:00
|
|
|
if ! test "$(blkid -o value -s TYPE "$bootdev")" = vfat; then
|
|
|
|
mkfs.vfat "$bootdev"
|
|
|
|
fi
|
|
|
|
|
2020-09-27 15:42:33 +02:00
|
|
|
if ! test "$(blkid -o value -s TYPE "$rootdev")" = xfs; then
|
2020-01-11 21:02:26 +01:00
|
|
|
mkfs.xfs "$rootdev"
|
2017-01-17 18:44:08 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
if ! test "$(lsblk -n -o MOUNTPOINT "$rootdev")" = /mnt; then
|
2020-09-27 15:42:33 +02:00
|
|
|
mkdir -p /mnt
|
2017-01-17 18:44:08 +01:00
|
|
|
mount "$rootdev" /mnt
|
|
|
|
fi
|
2017-06-30 13:14:57 +02:00
|
|
|
if ! test "$(lsblk -n -o MOUNTPOINT "$bootdev")" = /mnt/boot; then
|
|
|
|
mkdir -m 0000 -p /mnt/boot
|
|
|
|
mount "$bootdev" /mnt/boot
|
|
|
|
fi
|
2017-01-17 18:44:08 +01:00
|
|
|
|
2017-01-21 18:29:21 +01:00
|
|
|
#
|
|
|
|
# dependencies for stockholm
|
|
|
|
#
|
|
|
|
|
2017-06-30 13:14:57 +02:00
|
|
|
# TODO: get sentinal file from target_path
|
2017-01-21 18:29:21 +01:00
|
|
|
mkdir -p /mnt/var/src
|
|
|
|
touch /mnt/var/src/.populate
|
|
|
|
|
|
|
|
#
|
|
|
|
# print all the infos
|
|
|
|
#
|
2017-01-17 18:44:08 +01:00
|
|
|
|
2020-09-27 15:42:33 +02:00
|
|
|
gdisk -l "$disk"
|
2017-01-17 18:44:08 +01:00
|
|
|
lsblk "$disk"
|
|
|
|
|
|
|
|
echo READY.
|
|
|
|
''
|