diff options
Diffstat (limited to 'share')
-rwxr-xr-x | share/hydractl/provision | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/share/hydractl/provision b/share/hydractl/provision index 83a19a0..12e27da 100755 --- a/share/hydractl/provision +++ b/share/hydractl/provision @@ -10,6 +10,7 @@ hydra_config_load # Setup. hydra_user_input device /dev/sdb "Destination device" hydra_user_input swap_device /dev/sda1 "Final swap device" +hydra_user_input encrypt y "Encrypt system and storage volumes? (y/n)" hydra_user_input garbage y "Pre-fill volumes with garbage? (y/n)" hydra_user_input hostname $HOSTNAME "Hostname" hydra_user_input domain example.com "Domain" @@ -60,10 +61,15 @@ if [ "$garbage" == "y" ]; then fi # Create root device. -echo "Creating root device..." -cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root -cryptsetup luksOpen /dev/$vg/root debootstrap -mkfs.ext3 /dev/mapper/debootstrap +if [ "$encrypt" == "y" ]; then + echo "Creating encrypted root device..." + cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root + cryptsetup luksOpen /dev/$vg/root debootstrap + mkfs.ext3 /dev/mapper/debootstrap +else + echo "Creating root device..." + mkfs.ext3 /dev/vg/root +fi # Initial system install. echo "Installing base system..." @@ -98,18 +104,33 @@ chroot /tmp/debootstrap/ apt-get install locales cryptsetup lvm2 initramfs-tools # Crypttab. echo "Configuring crypttab..." -cat > /tmp/debootstrap/etc/crypttab <<-EOF +if [ "$encrypt" == "y" ]; then + cat > /tmp/debootstrap/etc/crypttab <<-EOF # <target name> <source device> <key file> <options> root /dev/mapper/vg-root none luks,cipher=aes-cbc-essiv:sha256 cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256 EOF +else +if [ "$encrypt" == "y" ]; then + cat > /tmp/debootstrap/etc/crypttab <<-EOF +# <target name> <source device> <key file> <options> +cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256 +EOF +fi # Fstab. echo "Configuring fstab..." -cat > /tmp/debootstrap/etc/fstab <<-EOF +if [ "$encrypt" == "y" ]; then + cat > /tmp/debootstrap/etc/fstab <<-EOF /dev/mapper/cswap none swap sw 0 0 /dev/mapper/root / ext3 defaults,errors=remount-ro 0 1 EOF +else + cat > /tmp/debootstrap/etc/fstab <<-EOF +/dev/mapper/cswap none swap sw 0 0 +/dev/vg/root / ext3 defaults,errors=remount-ro 0 1 +EOF +fi # Boot. echo "Boot device setup..." |