aboutsummaryrefslogtreecommitdiff
path: root/share/hydractl/provision
diff options
context:
space:
mode:
Diffstat (limited to 'share/hydractl/provision')
-rwxr-xr-xshare/hydractl/provision33
1 files changed, 27 insertions, 6 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision
index 83a19a0..12e27da 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -10,6 +10,7 @@ hydra_config_load
# Setup.
hydra_user_input device /dev/sdb "Destination device"
hydra_user_input swap_device /dev/sda1 "Final swap device"
+hydra_user_input encrypt y "Encrypt system and storage volumes? (y/n)"
hydra_user_input garbage y "Pre-fill volumes with garbage? (y/n)"
hydra_user_input hostname $HOSTNAME "Hostname"
hydra_user_input domain example.com "Domain"
@@ -60,10 +61,15 @@ if [ "$garbage" == "y" ]; then
fi
# Create root device.
-echo "Creating root device..."
-cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root
-cryptsetup luksOpen /dev/$vg/root debootstrap
-mkfs.ext3 /dev/mapper/debootstrap
+if [ "$encrypt" == "y" ]; then
+ echo "Creating encrypted root device..."
+ cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root
+ cryptsetup luksOpen /dev/$vg/root debootstrap
+ mkfs.ext3 /dev/mapper/debootstrap
+else
+ echo "Creating root device..."
+ mkfs.ext3 /dev/vg/root
+fi
# Initial system install.
echo "Installing base system..."
@@ -98,18 +104,33 @@ chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools
# Crypttab.
echo "Configuring crypttab..."
-cat > /tmp/debootstrap/etc/crypttab <<-EOF
+if [ "$encrypt" == "y" ]; then
+ cat > /tmp/debootstrap/etc/crypttab <<-EOF
# <target name> <source device> <key file> <options>
root /dev/mapper/vg-root none luks,cipher=aes-cbc-essiv:sha256
cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256
EOF
+else
+if [ "$encrypt" == "y" ]; then
+ cat > /tmp/debootstrap/etc/crypttab <<-EOF
+# <target name> <source device> <key file> <options>
+cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256
+EOF
+fi
# Fstab.
echo "Configuring fstab..."
-cat > /tmp/debootstrap/etc/fstab <<-EOF
+if [ "$encrypt" == "y" ]; then
+ cat > /tmp/debootstrap/etc/fstab <<-EOF
/dev/mapper/cswap none swap sw 0 0
/dev/mapper/root / ext3 defaults,errors=remount-ro 0 1
EOF
+else
+ cat > /tmp/debootstrap/etc/fstab <<-EOF
+/dev/mapper/cswap none swap sw 0 0
+/dev/vg/root / ext3 defaults,errors=remount-ro 0 1
+EOF
+fi
# Boot.
echo "Boot device setup..."