diff --git a/bash/hetzner-rescue.sh b/bash/hetzner-rescue.sh index 5b30618..7c378df 100644 --- a/bash/hetzner-rescue.sh +++ b/bash/hetzner-rescue.sh @@ -128,3 +128,67 @@ else return 1 fi } + +function hetzner-rescue-wipe-12-10-10 { + local device='/dev/sda' + local unit='mib' + # + lsblk + echo -n 'WIPE' "${device}" '/?\ OR CANCEL /!\' + read + # + parted "${device}" --script mktable gpt + # + parted "${device}" unit "${unit}" mkpart 'crypt' 65795 1907729 + # + parted "${device}" unit "${unit}" mkpart 'boot' 259 65795 + # + parted "${device}" unit "${unit}" mkpart 'esp' 2 259 + parted "${device}" set 3 esp on + # + parted "${device}" unit "${unit}" mkpart bios 1 2 + parted "${device}" set 4 bios_grub on + # wipe bios + dd if='/dev/zero' of='/dev/sda4' + # format esp + mkfs.vfat -F 32 -n 'esp' '/dev/sda3' + # format boot + mkfs.ext4 -F -L 'boot' '/dev/sda2' + # read passphrase + local passphrase + echo -n 'PassPhrase: ' + read -r -s passphrase + # encrypt + echo "${passphrase}" \ + | cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/sda1' + # open + echo "${passphrase}" \ + | cryptsetup luksOpen '/dev/sda1' 'crypt' + # pv + pvcreate '/dev/mapper/crypt' + # vg + vgcreate 'crypt' '/dev/mapper/crypt' + # lv swap + lvcreate --name 'swap' --size '68719476736b' 'crypt' + # lv data + lvcreate --name 'data' --extents '100%FREE' 'crypt' + # format swap + mkswap --label 'swap' '/dev/mapper/crypt-swap' + # format data + mkfs.ext4 -L 'data' '/dev/mapper/crypt-data' + # vg off + vgchange --activate n 'crypt' + # close + cryptsetup luksClose 'crypt' +}