aboutsummaryrefslogtreecommitdiff
path: root/share/hydractl/provision
diff options
context:
space:
mode:
Diffstat (limited to 'share/hydractl/provision')
-rwxr-xr-xshare/hydractl/provision37
1 files changed, 28 insertions, 9 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision
index 5a06c20..95e67b9 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -48,6 +48,13 @@ function hydra_provision_lvcreate {
fi
}
+# Cryptsetup wrapper.
+function hydra_cryptsetup {
+ if [ ! -z "$1" ] && [ -b "$1" ]; then
+ hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat $1
+ fi
+}
+
# Create a physical volume.
function hydra_provision_create_volume {
local volume="$1"
@@ -58,7 +65,7 @@ function hydra_provision_create_volume {
if [ "$encrypt" == "y" ]; then
echo "Creating encrypted $volume device..."
- hydra_safe_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/mapper/$vg-$volume
+ hydra_cryptsetup /dev/mapper/$vg-$volume
hydra_safe_run cryptsetup luksOpen /dev/mapper/$vg-$volume provision-$volume
hydra_safe_run mkfs.ext4 /dev/mapper/provision-$volume
@@ -93,6 +100,7 @@ function hydra_provision_config {
hydra_user_config var_size 20G "Size of var partition (0 to not create it, -1 for all free space)"
hydra_user_config encrypt y "Encrypt volumes? (y/n)"
hydra_user_config garbage y "Pre-fill volumes with garbage? (y/n)"
+ hydra_user_config random_swap y "Random swap? (y/n)"
hydra_user_config disable_zeroing n "Disable zeroing of lvm volumes? (y/n)"
hydra_user_config hostname machine "Hostname"
hydra_user_config domain example.org "Domain"
@@ -132,19 +140,18 @@ fi
# Disk partitioning.
if [ "$swap" != "0" ]; then
- boot_end=$(($swap_size + 200))
hydra_safe_run parted -s -- $device mklabel gpt
hydra_safe_run parted -s -- $device unit MB mkpart non-fs 2 3
- hydra_safe_run parted -s -- $device unit MB mkpart linux-swap 3 $swap_size
- hydra_safe_run parted -s -- $device unit MB mkpart ext2 $swap_size $boot_end
- hydra_safe_run parted -s -- $device unit MB mkpart ext2 $boot_end -1
+ hydra_safe_run parted -s -- $device unit MB mkpart ext2 3 200
+ hydra_safe_run parted -s -- $device unit MB mkpart linux-swap 200 $swap_size
+ hydra_safe_run parted -s -- $device unit MB mkpart ext2 $swap_size -1
hydra_safe_run parted -s -- $device set 1 bios_grub on
hydra_safe_run parted -s -- $device set 3 boot on
hydra_safe_run parted -s -- $device set 4 lvm on
# Change devices to absolute path names.
- swap_device="$device"2
- boot_device="$device"3
+ boot_device="$device"2
+ swap_device="$device"3
syst_device="$device"4
else
hydra_safe_run parted -s -- $device mklabel gpt
@@ -213,6 +220,12 @@ for folder in proc dev home var boot sys; do
umount /tmp/debootstrap/$folder &> /dev/null
done
+# Create swap fs.
+if [ "$swap" != "0" ] && [ "$random_swap" != "y" ]; then
+ hydra_cryptsetup $swap_device
+ hydra_safe_run mkswap $swap_device
+fi
+
# Create root fs
hydra_provision_create_volume root
@@ -303,9 +316,15 @@ var /dev/mapper/$vg-var none luks
EOF
fi
-if [ "$swap" != "0" ]; then
+if [ "$swap" != "0" ] && [ "$random_swap" == "y" ]; then
+ cat >> /tmp/debootstrap/etc/crypttab <<-EOF
+cswap $swap_device none luks,swap
+EOF
+fi
+
+if [ "$swap" != "0" ] && [ "$random_swap" != "y" ]; then
cat >> /tmp/debootstrap/etc/crypttab <<-EOF
-cswap $swap_device /dev/random luks,swap
+cswap $swap_device /dev/random swap,cipher=aes-xts-plain64:sha256
EOF
fi