diff options
-rwxr-xr-x | share/hydractl/provision | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index 5a06c20..95e67b9 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -48,6 +48,13 @@ function hydra_provision_lvcreate { fi } +# Cryptsetup wrapper. +function hydra_cryptsetup { + if [ ! -z "$1" ] && [ -b "$1" ]; then + hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1 + fi +} + # Create a physical volume. function hydra_provision_create_volume { local volume="$1" @@ -58,7 +65,7 @@ function hydra_provision_create_volume { if [ "$encrypt" == "y" ]; then echo "Creating encrypted $volume device..." - hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume + hydra_cryptsetup /dev/mapper/$vg-$volume hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume @@ -93,6 +100,7 @@ function hydra_provision_config { hydra_user_config var_size 20G "Size of var partition (0 to not create it, -1 for all free space)" hydra_user_config encrypt y "Encrypt volumes? (y/n)" hydra_user_config garbage y "Pre-fill volumes with garbage? (y/n)" + hydra_user_config random_swap y "Random swap? (y/n)" hydra_user_config disable_zeroing n "Disable zeroing of lvm volumes? (y/n)" hydra_user_config hostname machine "Hostname" hydra_user_config domain example.org "Domain" @@ -132,19 +140,18 @@ fi # Disk partitioning. if [ "$swap" != "0" ]; then - boot_end=$(($swap_size + 200)) hydra_safe_run parted -s -- $device mklabel gpt hydra_safe_run parted -s -- $device unit MB mkpart non-fs 2 3 - hydra_safe_run parted -s -- $device unit MB mkpart linux-swap 3 $swap_size - hydra_safe_run parted -s -- $device unit MB mkpart ext2 $swap_size $boot_end - hydra_safe_run parted -s -- $device unit MB mkpart ext2 $boot_end -1 + hydra_safe_run parted -s -- $device unit MB mkpart ext2 3 200 + hydra_safe_run parted -s -- $device unit MB mkpart linux-swap 200 $swap_size + hydra_safe_run parted -s -- $device unit MB mkpart ext2 $swap_size -1 hydra_safe_run parted -s -- $device set 1 bios_grub on hydra_safe_run parted -s -- $device set 3 boot on hydra_safe_run parted -s -- $device set 4 lvm on # Change devices to absolute path names. - swap_device="$device"2 - boot_device="$device"3 + boot_device="$device"2 + swap_device="$device"3 syst_device="$device"4 else hydra_safe_run parted -s -- $device mklabel gpt @@ -213,6 +220,12 @@ for folder in proc dev home var boot sys; do umount /tmp/debootstrap/$folder &> /dev/null done +# Create swap fs. +if [ "$swap" != "0" ] && [ "$random_swap" != "y" ]; then + hydra_cryptsetup $swap_device + hydra_safe_run mkswap $swap_device +fi + # Create root fs hydra_provision_create_volume root @@ -303,9 +316,15 @@ var /dev/mapper/$vg-var none luks EOF fi -if [ "$swap" != "0" ]; then +if [ "$swap" != "0" ] && [ "$random_swap" == "y" ]; then + cat >> /tmp/debootstrap/etc/crypttab <<-EOF +cswap $swap_device none luks,swap +EOF +fi + +if [ "$swap" != "0" ] && [ "$random_swap" != "y" ]; then cat >> /tmp/debootstrap/etc/crypttab <<-EOF -cswap $swap_device /dev/random luks,swap +cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256 EOF fi |