luksit/luksit

#!/bin/bash
# luksit
# 
# USAGE: luksit <device> <name> [filesystem]
# EXAMPLE: luksit sdf mydrive ext4
#
#	Copyright © 2021 Keith Irwin (www.ki9.us)
#	
#	This program is free software: you can redistribute it and/or modify
#	it under the terms of the GNU General Public License as published by
#	the Free Software Foundation, either version 3 of the License, or
#	(at your option) any later version.
#	
#	This program is distributed in the hope that it will be useful,
#	but WITHOUT ANY WARRANTY; without even the implied warranty of
#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#	GNU General Public License for more details.
#	
#	You should have received a copy of the GNU General Public License
#	along with this program.  If not, see <http://www.gnu.org/licenses/>.


# Check for root
if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root" 
	exit 1
fi

# Get args
if [[ $# -eq 3 ]]; then
	device="$1"
	name="$2"
	fs="$3"
elif [[ $# -eq 2 ]]; then
	device="$1"
	name="$2"
	fs="ext3"
else
	echo "USAGE: $0 <device> <name> [filesystem]"
	exit 2
fi

# Quit if given "no" at prompt
bail(){ [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1; }


## RUNTIME ##

# Where keys are stored
KEYDIR="/root/luks"

# Initial output
echo "  luksit  Copyright © 2021 Keith Irwin (www.ki9.us)"
echo "  This program comes with ABSOLUTELY NO WARRANTY; for details"
echo "  see the LICENSE.md that came with it"
echo "  This is free software, and you are welcome to redistribute it"
echo "  under certain conditions"
echo

# Check if name is used
#if [ -h "/dev/mapper/$name" ]; then
#	echo "/dev/mapper/$name already exists."
#	exit 420
#fi

# Wipe disk
read -p "Wipe /dev/$device with zeroes first? [y/n]" -n 1 -r
echo; [[ $REPLY =~ ^[Yy]$ ]] && \
( echo "Wiping disk with zeros..." ; \
dd if=/dev/zero bs=1M | pv | dd of="/dev/$device" bs=1M )

# Set up partition
echo "Setting up partition..."
umount "/dev/$device" >/dev/null
parted "/dev/$device" mklabel gpt && \
parted --script -- "/dev/$device" mkpart primary 1 -1 && \
# Get first partition name
part="$(lsblk --list --noheadings --output name "/dev/$device" | sed -n '2 p')"

# Generate key file
mkdir "$KEYDIR/" >/dev/null
if [ -f "$KEYDIR/$name.key" ]; then
	echo ""
else
	echo -n "Generating key file... "
	dd if=/dev/urandom of="$KEYDIR/$name.key" bs=1024 count=4 && \
	chmod 0400 "$KEYDIR/$name.key" && echo "Done."
fi

# Encrypt
echo "Creating luks encrypted partition..."
cryptsetup luksFormat "/dev/$part" "$KEYDIR/$name.key" && \
cryptsetup luksAddKey "/dev/$part" "$KEYDIR/$name.key" --key-file="$KEYDIR/$name.key" && \

# Mount new luks partition
echo "Mounting luks partition..."
cryptsetup luksOpen "/dev/$part" "$name" --key-file="$KEYDIR/$name.key" && \

# Write filesystem on new luks partition
echo "Creating $fs filesystem in luks partition..."
cryptsetup resize "$name" --key-file="$KEYDIR/$name.key"&& \
"mkfs.$fs" "/dev/mapper/$name" -L "$name" && \

# 
echo "Mounting $fs filesystem to /mnt/$name..."
mkdir "/mnt/$name" >/dev/null
chmod 755 "/mnt/$name"
mount "/dev/mapper/$name" "/mnt/$name" && \
df -h "/mnt/$name" && \

echo "DONE!"

# TODO: Show lines for fstab and crypttab
Initial commit 2021-07-05 19:17:27 -06:00			`#!/bin/bash`
			`# luksit`
			`#`
			`# USAGE: luksit <device> <name> [filesystem]`
			`# EXAMPLE: luksit sdf mydrive ext4`
Fixed LICENSE 2021-07-05 20:08:34 -06:00			`#`
Replace (C) with © 2021-07-05 20:17:57 -06:00			`# Copyright © 2021 Keith Irwin (www.ki9.us)`
Fixed LICENSE 2021-07-05 20:08:34 -06:00			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

Initial commit 2021-07-05 19:17:27 -06:00
			`# Check for root`
			`if [[ $EUID -ne 0 ]]; then`
			`echo "This script must be run as root"`
			`exit 1`
			`fi`

			`# Get args`
			`if [[ $# -eq 3 ]]; then`
			`device="$1"`
			`name="$2"`
			`fs="$3"`
			`elif [[ $# -eq 2 ]]; then`
			`device="$1"`
			`name="$2"`
			`fs="ext3"`
			`else`
			`echo "USAGE: $0 <device> <name> [filesystem]"`
			`exit 2`
			`fi`

			`# Quit if given "no" at prompt`
			`bail(){ [[ "$0" = "$BASH_SOURCE" ]] && exit 1 \|\| return 1; }`


			`## RUNTIME ##`

			`# Where keys are stored`
			`KEYDIR="/root/luks"`

Added license to CLI 2021-07-05 19:57:10 -06:00			`# Initial output`
Replace (C) with © 2021-07-05 20:17:57 -06:00			`echo " luksit Copyright © 2021 Keith Irwin (www.ki9.us)"`
Added license to CLI 2021-07-05 19:57:10 -06:00			`echo " This program comes with ABSOLUTELY NO WARRANTY; for details"`
			`echo " see the LICENSE.md that came with it"`
			`echo " This is free software, and you are welcome to redistribute it"`
			`echo " under certain conditions"`
			`echo`

Initial commit 2021-07-05 19:17:27 -06:00			`# Check if name is used`
			`#if [ -h "/dev/mapper/$name" ]; then`
			`# echo "/dev/mapper/$name already exists."`
			`# exit 420`
			`#fi`

			`# Wipe disk`
			`read -p "Wipe /dev/$device with zeroes first? [y/n]" -n 1 -r`
			`echo; [[ $REPLY =~ ^[Yy]$ ]] && \`
			`( echo "Wiping disk with zeros..." ; \`
			`dd if=/dev/zero bs=1M \| pv \| dd of="/dev/$device" bs=1M )`

			`# Set up partition`
			`echo "Setting up partition..."`
			`umount "/dev/$device" >/dev/null`
			`parted "/dev/$device" mklabel gpt && \`
			`parted --script -- "/dev/$device" mkpart primary 1 -1 && \`
			`# Get first partition name`
			`part="$(lsblk --list --noheadings --output name "/dev/$device" \| sed -n '2 p')"`

			`# Generate key file`
			`mkdir "$KEYDIR/" >/dev/null`
			`if [ -f "$KEYDIR/$name.key" ]; then`
			`echo ""`
			`else`
			`echo -n "Generating key file... "`
			`dd if=/dev/urandom of="$KEYDIR/$name.key" bs=1024 count=4 && \`
			`chmod 0400 "$KEYDIR/$name.key" && echo "Done."`
			`fi`

			`# Encrypt`
			`echo "Creating luks encrypted partition..."`
			`cryptsetup luksFormat "/dev/$part" "$KEYDIR/$name.key" && \`
			`cryptsetup luksAddKey "/dev/$part" "$KEYDIR/$name.key" --key-file="$KEYDIR/$name.key" && \`

			`# Mount new luks partition`
			`echo "Mounting luks partition..."`
			`cryptsetup luksOpen "/dev/$part" "$name" --key-file="$KEYDIR/$name.key" && \`

			`# Write filesystem on new luks partition`
			`echo "Creating $fs filesystem in luks partition..."`
			`cryptsetup resize "$name" --key-file="$KEYDIR/$name.key"&& \`
			`"mkfs.$fs" "/dev/mapper/$name" -L "$name" && \`

			`#`
			`echo "Mounting $fs filesystem to /mnt/$name..."`
			`mkdir "/mnt/$name" >/dev/null`
			`chmod 755 "/mnt/$name"`
			`mount "/dev/mapper/$name" "/mnt/$name" && \`
			`df -h "/mnt/$name" && \`

			`echo "DONE!"`

			`# TODO: Show lines for fstab and crypttab`