#!/bin/bash # luksit # # USAGE: luksit [filesystem] # EXAMPLE: luksit sdf mydrive ext4 # # Copyright © 2021 Keith Irwin (www.ki9.us) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # Check for root if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" exit 1 fi # Get args if [[ $# -eq 3 ]]; then device="$1" name="$2" fs="$3" elif [[ $# -eq 2 ]]; then device="$1" name="$2" fs="ext3" else echo "USAGE: $0 [filesystem]" exit 2 fi # Quit if given "no" at prompt bail(){ [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1; } ## RUNTIME ## # Where keys are stored KEYDIR="/root/luks" # Initial output echo " luksit Copyright © 2021 Keith Irwin (www.ki9.us)" echo " This program comes with ABSOLUTELY NO WARRANTY; for details" echo " see the LICENSE.md that came with it" echo " This is free software, and you are welcome to redistribute it" echo " under certain conditions" echo # Check if name is used #if [ -h "/dev/mapper/$name" ]; then # echo "/dev/mapper/$name already exists." # exit 420 #fi # Wipe disk read -p "Wipe /dev/$device with zeroes first? [y/n]" -n 1 -r echo; [[ $REPLY =~ ^[Yy]$ ]] && \ ( echo "Wiping disk with zeros..." ; \ dd if=/dev/zero bs=1M | pv | dd of="/dev/$device" bs=1M ) # Set up partition echo "Setting up partition..." umount "/dev/$device" >/dev/null parted "/dev/$device" mklabel gpt && \ parted --script -- "/dev/$device" mkpart primary 1 -1 && \ # Get first partition name part="$(lsblk --list --noheadings --output name "/dev/$device" | sed -n '2 p')" # Generate key file mkdir "$KEYDIR/" >/dev/null if [ -f "$KEYDIR/$name.key" ]; then echo "" else echo -n "Generating key file... " dd if=/dev/urandom of="$KEYDIR/$name.key" bs=1024 count=4 && \ chmod 0400 "$KEYDIR/$name.key" && echo "Done." fi # Encrypt echo "Creating luks encrypted partition..." cryptsetup luksFormat "/dev/$part" "$KEYDIR/$name.key" && \ cryptsetup luksAddKey "/dev/$part" "$KEYDIR/$name.key" --key-file="$KEYDIR/$name.key" && \ # Mount new luks partition echo "Mounting luks partition..." cryptsetup luksOpen "/dev/$part" "$name" --key-file="$KEYDIR/$name.key" && \ # Write filesystem on new luks partition echo "Creating $fs filesystem in luks partition..." cryptsetup resize "$name" --key-file="$KEYDIR/$name.key"&& \ "mkfs.$fs" "/dev/mapper/$name" -L "$name" && \ # echo "Mounting $fs filesystem to /mnt/$name..." mkdir "/mnt/$name" >/dev/null chmod 755 "/mnt/$name" mount "/dev/mapper/$name" "/mnt/$name" && \ df -h "/mnt/$name" && \ echo "DONE!" # TODO: Show lines for fstab and crypttab