r0xsh
8/31/2017 - 12:52 PM

lazyarch.sh

DEVICE="/dev/sda"
KEYMAP="fr-pc"

# Clean du disk et convert to GPT format
sgdisk -og $DEVICE > /dev/null

# Define les sizeblocks
ST_EFI=2048
EN_EFI=$(((512 * 2 * 1024) + $ST_EFI))

ST_ROOT=$(($EN_EFI + 1))
EN_ROOT=$(((40960 * 2 * 1024) + $ST_ROOT))

ST_VAR=$(($EN_ROOT + 1))
EN_VAR=$(((12288 * 2 * 1024) + $ST_VAR))

ST_SWAP=$(($EN_VAR + 1))
EN_SWAP=$(((8192 * 2 * 1024) + $ST_SWAP))

echo "Disk setup..."

# Partition du disk
sgdisk -n 1:$ST_EFI:$EN_EFI -c 1:"EFI BOOT" -t 1:ef00 $DEVICE > /dev/null
sgdisk -n 2:$ST_ROOT:$EN_ROOT -c 2:"Linux /" -t 2:8304 $DEVICE > /dev/null
sgdisk -n 3:$ST_VAR:$EN_VAR -c 3:"Linux /var" -t 3:8300 $DEVICE > /dev/null
sgdisk -n 4:$ST_SWAP:$EN_SWAP -c 4:"SWAP" -t 4:8200 $DEVICE > /dev/null
sgdisk --largest-new=5 -c 5:"Linux /home" -t 5:8302 $DEVICE > /dev/null
sgdisk -p $DEVICE

echo "Filesystem setup..."

# Create le fichier de crypt
dd if=/dev/urandom of=${HOME}/cryptfile bs=1024 count=7 > /dev/null

# Crypt et demande le mot de passe de boot
loadkeys -d

askpwsd:
read -s -p "Enter Password: " pwsd
read -s -p "Enter Password: " pwsd2
if [ $pwsd != $pwsd ]; then
	echo "Password not matching !"
	goto askpwsd:;
fi

echo "Encrypt..."

# /
echo -n $pwsd | cryptsetup --batch-mode --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat ${DEVICE}2

# /var
cryptsetup --batch-mode --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat ${DEVICE}3 ${HOME}/cryptfile

# /home
cryptsetup --batch-mode --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat ${DEVICE}5 ${HOME}/cryptfile

echo -n $pwsd | cryptsetup luksOpen ${DEVICE}2 cryptroot
cryptsetup --key-file ${HOME}/cryptfile luksOpen ${DEVICE}3 cryptvar
cryptsetup --key-file ${HOME}/cryptfile luksOpen ${DEVICE}5 crypthome

loadkeys $KEYMAP


# Format des partitions
mkfs.fat -F32 ${DEVICE}1 > /dev/null
mkfs.xfs -f /dev/mapper/cryptroot > /dev/null
mkfs.xfs -f /dev/mapper/cryptvar > /dev/null
mkswap ${DEVICE}4 > /dev/null
mkfs.xfs -f /dev/mapper/crypthome > /dev/null

# Montage des partitions
mount /dev/mapper/cryptroot /mnt
mkdir -p /mnt/{boot,var,home}
mount /dev/mapper/cryptvar /mnt/var
mount /dev/mapper/crypthome /mnt/home
mount ${DEVICE}1 /mnt/boot
swapon ${DEVICE}4


# Installation du system
pacstrap /mnt base base-devel

# Copie du fichier de cryptage
cp ${HOME}/cryptfile /mnt/etc/cryptfile

echo -e "swap\t`blkid ${DEVICE}4 -o export | grep UUID`\t/dev/urandom\tswap,cipher=aes-cbc-essiv:sha256,size=256" >> /mnt/etc/crypttab
echo -e "var\t`blkid ${DEVICE}3 -o export | grep UUID`\t/etc/cryptfile" >> /mnt/etc/crypttab
echo -e "home\t`blkid ${DEVICE}5 -o export | grep UUID`\t/etc/cryptfile" >> /mnt/etc/crypttab