diff --git a/bash/ovh-rescue.sh b/bash/ovh-rescue.sh index cabce07..0b12f67 100644 --- a/bash/ovh-rescue.sh +++ b/bash/ovh-rescue.sh @@ -147,29 +147,51 @@ ovh_rescue_wipe_vle2_0_init() { # read passphrase printf "PassPhrase: " read -r -s passphrase - # + # warn lsblk printf "%s" "WIPE ${device} /?\\ OR CANCEL /!\\" read -r # parted "${device}" --script mktable gpt # - parted "${device}" unit "${unit}" mkpart "crypt" 65795 1907729 + parted "${device}" unit "${unit}" mkpart "crypt" 4610 40960 # - parted "${device}" unit "${unit}" mkpart "boot" 514 65795 + parted "${device}" unit "${unit}" mkpart "boot" 514 4610 # parted "${device}" unit "${unit}" mkpart "esp" 2 514 parted "${device}" set 3 esp on # parted "${device}" unit "${unit}" mkpart bios 1 2 parted "${device}" set 4 bios_grub on - # wipe bios + # bios / wipe dd if="/dev/zero" of="${device}4" - # format esp - mkfs.vfat -F 32 -n "esp" "${device}3" - # format boot - mkfs.ext4 -F -L "boot" "${device}2" - # encrypt + # esp / wipe + dd if="/dev/zero" of="${device}3" bs="1M" + # esp / format + mkfs.vfat \ + -F 32 \ + -S 4096 \ + -i "00000001" \ + -n "esp" \ + "${device}3" + # esp / mount + mkdir --parents "/media/esp" + mount "${device}3" "/media/esp" + # boot / wipe + dd status="progress" if="/dev/zero" of="${device}2" bs="1G" count=1 + # boot / format + mkfs.btrfs --force \ + --checksum "sha256" \ + --label "boot" \ + --uuid "00000000-0000-0000-0000-00000000000b" \ + "${device}2" + # boot / mount + mkdir --parents "/media/boot" + mount --options "autodefrag,compress-force=zstd" \ + "${device}2" "/media/boot" + # crypt / wipe + dd status="progress" if="/dev/zero" of="${device}1" bs="1G" count=1 + # crypt / encrypt echo "${passphrase}" | cryptsetup \ --verbose \ @@ -177,29 +199,65 @@ ovh_rescue_wipe_vle2_0_init() { --type "luks2" \ --pbkdf "argon2id" \ --cipher "aes-xts-plain64" \ - --iter-time 8192 \ + --iter-time 4096 \ --key-size 512 \ --hash "sha512" \ --use-random \ luksFormat \ "${device}1" - # open + # crypt / open echo "${passphrase}" | cryptsetup luksOpen "${device}1" "crypt" - # pv - pvcreate "/dev/mapper/crypt" - # vg - vgcreate "crypt" "/dev/mapper/crypt" - # lv swap - lvcreate --name "swap" --size "68719476736b" "crypt" - # lv data - lvcreate --name "data" --extents "100%FREE" "crypt" - # format swap - mkswap --label "swap" "/dev/mapper/crypt-swap" - # format data - mkfs.ext4 -L "data" "/dev/mapper/crypt-data" - # vg off - vgchange --activate "n" "crypt" - # close - cryptsetup luksClose "crypt" +} + +ovh_rescue_wipe_vle2_1_zero() { + # crypt / zero + dd status="progress" if="/dev/zero" of="/dev/mapper/crypt" bs="1G" +} + +ovh_rescue_wipe_vle2_2_make() { + local passphrase + # crypt / close + cryptsetup luksClose "crypt" + # read passphrase + printf "PassPhrase: " + read -r -s passphrase + # crypt / encrypt + echo "${passphrase}" | + cryptsetup \ + --verbose \ + --batch-mode \ + --type "luks2" \ + --pbkdf "argon2id" \ + --cipher "aes-xts-plain64" \ + --iter-time 4096 \ + --key-size 512 \ + --hash "sha512" \ + --use-random \ + luksFormat \ + "${device}1" + # crypt / open + echo "${passphrase}" | + cryptsetup luksOpen "${device}1" "crypt" + # crypt / format + mkfs.btrfs --force \ + --checksum "sha256" \ + --label "crypt" \ + --uuid "00000000-0000-0000-0000-00000000000c" \ + "${device}1" + # crypt / mount + mkdir --parents "/media/crypt" + mount --options "autodefrag,compress-force=zstd" \ + "${device}1" "/media/crypt" + # crypt / swap + btrfs filesystem mkswapfile \ + --size "4g" \ + --uuid "00000000-0000-0000-0000-000000000005" \ + "/media/crypt/swap" +} + +ovh_rescue_wipe_vle2_3_close() { + umount "/media/boot" + umount "/media/crypt" && + cryptsetup luksClose "crypt" }