90 lines
2.1 KiB
Bash
Executable File
90 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# luksit
|
|
#
|
|
# USAGE: luksit <device> <name> [filesystem]
|
|
# EXAMPLE: luksit sdf mydrive ext4
|
|
|
|
# Check for root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "This script must be run as root"
|
|
exit 1
|
|
fi
|
|
|
|
# Get args
|
|
if [[ $# -eq 3 ]]; then
|
|
device="$1"
|
|
name="$2"
|
|
fs="$3"
|
|
elif [[ $# -eq 2 ]]; then
|
|
device="$1"
|
|
name="$2"
|
|
fs="ext3"
|
|
else
|
|
echo "USAGE: $0 <device> <name> [filesystem]"
|
|
exit 2
|
|
fi
|
|
|
|
# Quit if given "no" at prompt
|
|
bail(){ [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1; }
|
|
|
|
|
|
## RUNTIME ##
|
|
|
|
# Where keys are stored
|
|
KEYDIR="/root/luks"
|
|
|
|
# Check if name is used
|
|
#if [ -h "/dev/mapper/$name" ]; then
|
|
# echo "/dev/mapper/$name already exists."
|
|
# exit 420
|
|
#fi
|
|
|
|
# Wipe disk
|
|
read -p "Wipe /dev/$device with zeroes first? [y/n]" -n 1 -r
|
|
echo; [[ $REPLY =~ ^[Yy]$ ]] && \
|
|
( echo "Wiping disk with zeros..." ; \
|
|
dd if=/dev/zero bs=1M | pv | dd of="/dev/$device" bs=1M )
|
|
|
|
# Set up partition
|
|
echo "Setting up partition..."
|
|
umount "/dev/$device" >/dev/null
|
|
parted "/dev/$device" mklabel gpt && \
|
|
parted --script -- "/dev/$device" mkpart primary 1 -1 && \
|
|
# Get first partition name
|
|
part="$(lsblk --list --noheadings --output name "/dev/$device" | sed -n '2 p')"
|
|
|
|
# Generate key file
|
|
mkdir "$KEYDIR/" >/dev/null
|
|
if [ -f "$KEYDIR/$name.key" ]; then
|
|
echo ""
|
|
else
|
|
echo -n "Generating key file... "
|
|
dd if=/dev/urandom of="$KEYDIR/$name.key" bs=1024 count=4 && \
|
|
chmod 0400 "$KEYDIR/$name.key" && echo "Done."
|
|
fi
|
|
|
|
# Encrypt
|
|
echo "Creating luks encrypted partition..."
|
|
cryptsetup luksFormat "/dev/$part" "$KEYDIR/$name.key" && \
|
|
cryptsetup luksAddKey "/dev/$part" "$KEYDIR/$name.key" --key-file="$KEYDIR/$name.key" && \
|
|
|
|
# Mount new luks partition
|
|
echo "Mounting luks partition..."
|
|
cryptsetup luksOpen "/dev/$part" "$name" --key-file="$KEYDIR/$name.key" && \
|
|
|
|
# Write filesystem on new luks partition
|
|
echo "Creating $fs filesystem in luks partition..."
|
|
cryptsetup resize "$name" --key-file="$KEYDIR/$name.key"&& \
|
|
"mkfs.$fs" "/dev/mapper/$name" -L "$name" && \
|
|
|
|
#
|
|
echo "Mounting $fs filesystem to /mnt/$name..."
|
|
mkdir "/mnt/$name" >/dev/null
|
|
chmod 755 "/mnt/$name"
|
|
mount "/dev/mapper/$name" "/mnt/$name" && \
|
|
df -h "/mnt/$name" && \
|
|
|
|
echo "DONE!"
|
|
|
|
# TODO: Show lines for fstab and crypttab
|