now with encryption

2 files changed, 51 insertions, 17 deletions

diff --git a/airootfs/root/.loader b/airootfs/root/.loader
index 3f4bed6..2b50ba4 100755
--- a/airootfs/root/.loader
+++ b/airootfs/root/.loader
@@ -1,6 +1,12 @@
 #!/bin/bash
 set -e
 
+dd if=/dev/zero of=/swapfile bs=1M count=512 status=progress
+chmod 0600 /swapfile
+mkswap /swapfile
+swapon /swapfile
+genfstab -U / | grep -v resolv > /etc/fstab
+
 ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
 
 hwclock --systohc
@@ -14,5 +20,22 @@ echo "127.0.0.1		localhost" >  /etc/hosts
 echo "::1		localhost" >> /etc/hosts
 echo "127.0.1.1		$2.lan $2" >> /etc/hosts
 
-grub-install $1
-grub-mkconfig -o /boot/grub/grub.cfg
+OLD="HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)"
+NEW="HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)"
+sed -i "s|$OLD|$NEW|g" /etc/mkinitcpio.conf
+mkinitcpio -P
+
+UUID=$(lsblk --output UUID,PATH | grep "$3" | cut -f 1 -d ' ')
+OLD="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet\""
+NEW="GRUB_CMDLINE_LINUX_DEFAULT=\"loglevel=3 quiet cryptdevice=UUID=$UUID:cryptroot root=/dev/mapper/cryptroot\""
+sed -i "s|$OLD|$NEW|g" /etc/default/grub
+
+grub-install "$1"
+if ! test -e "/sys/firmware/efi/efivars"; then
+	grub-mkconfig -o /boot/grub/grub.cfg
+else
+	grub-mkconfig -o /boot/grub/grub.cfg --efi-directory=/boot/
+fi
+passwd
+rm /root/loader
+echo "good to go !"
diff --git a/airootfs/root/bootstrap b/airootfs/root/bootstrap
index f059cc0..8876c5e 100755
--- a/airootfs/root/bootstrap
+++ b/airootfs/root/bootstrap
@@ -19,29 +19,40 @@ fi
 parted -s "$1" mklabel gpt 
 
 if ! test -e "/sys/firmware/efi/efivars"; then
-    parted "$1" mkpart bios ext4 0% 513MiB
-    mkfs.ext4 "$1"1
-    parted "$1" set 1 bios_grub on
-    parted "$1" mkpart home ext4 513MiB 100%
+    BOOT_DIR="$1"2
+    ROOT_DIR="$1"3
+
+    parted -s "$1" mkpart grub 0% 1MiB
+    parted -s "$1" set 1 bios_grub on
+
+    parted -s "$1" mkpart grubcfg 1MiB 513MiB
+    mkfs.ext4 "$BOOT_DIR"
+
+    parted -s "$1" mkpart root 513MiB 100%
 else
-    parted "$1" mkpart efi fat32 0% 513MiB
-    mkfs.fat -F 32 "$1"1
-    parted "$1" set 1 boot on
-    parted "$1" mkpart home ext4 513MiB 100%
+    BOOT_DIR="$1"1
+    ROOT_DIR="$1"2
+
+    parted -s "$1" mkpart efi fat32 0% 513MiB
+    mkfs.fat -F 32 "$BOOT_DIR"
+    parted -s "$1" set 1 boot on
+
+    parted -s "$1" mkpart home ext4 513MiB 100%
 fi
 
-mkfs.ext4 "$1"2
+cryptsetup luksFormat "$ROOT_DIR"
+cryptsetup open "$ROOT_DIR" root
+mkfs.ext4 /dev/mapper/root
 
-mount "$1"2 /mnt
-mkdir -p /mnt/boot/efi
-mount "$1"1 /mnt/boot/efi
+mount /dev/mapper/root /mnt
+mkdir -p /mnt/boot/
+mount "$BOOT_DIR" /mnt/boot
 
 timedatectl set-ntp true
 
 pacman-key --init
 pacman-key --populate
-pacstrap /mnt base linux linux-firmware git vim grub efibootmgr
+pacstrap /mnt base linux linux-firmware git vim grub efibootmgr arch-install-scripts
 
-genfstab -U /mnt > /mnt/etc/fstab
 cp /root/.loader /mnt/root/loader
-arch-chroot /mnt /root/loader $1 $2
+arch-chroot /mnt /root/loader "$1" "$2" "$ROOT_DIR"