wipe

2023-10-03 04:18:00 +02:00 · 2023-10-03 04:18:00 +02:00 · 63b62a6f09
commit 63b62a6f09
parent 34ead4eb5d
1 changed files with 64 additions and 0 deletions
--- a/bash/hetzner-rescue.sh
+++ b/bash/hetzner-rescue.sh
@ -128,3 +128,67 @@ else
    return 1
 fi
 }
 function hetzner-rescue-wipe-12-10-10 {
    local device='/dev/sda'
    local unit='mib'
    #
    lsblk
    echo -n 'WIPE' "${device}" '/?\ OR CANCEL /!\'
    read
    #
    parted "${device}" --script mktable gpt
    #
    parted "${device}" unit "${unit}" mkpart 'crypt' 65795 1907729
    #
    parted "${device}" unit "${unit}" mkpart 'boot' 259 65795
    #
    parted "${device}" unit "${unit}" mkpart 'esp' 2 259
    parted "${device}" set 3 esp on
    #
    parted "${device}" unit "${unit}" mkpart bios 1 2
    parted "${device}" set 4 bios_grub on
    # wipe bios
    dd if='/dev/zero' of='/dev/sda4'
    # format esp
    mkfs.vfat -F 32 -n 'esp' '/dev/sda3'
    # format boot
    mkfs.ext4 -F -L 'boot' '/dev/sda2'
    # read passphrase
    local passphrase
    echo -n 'PassPhrase: '
    read -r -s passphrase
    # encrypt
    echo "${passphrase}" \
    | cryptsetup \
    --verbose \
    --batch-mode \
    --type 'luks2' \
    --pbkdf 'argon2id' \
    --cipher 'aes-xts-plain64' \
    --iter-time 8192 \
    --key-size 512 \
    --hash 'sha512' \
    --use-random \
    luksFormat \
    '/dev/sda1'
    # open
    echo "${passphrase}" \
    | cryptsetup luksOpen '/dev/sda1' 'crypt'
    # pv
    pvcreate '/dev/mapper/crypt'
    # vg
    vgcreate 'crypt' '/dev/mapper/crypt'
    # lv swap
    lvcreate --name 'swap' --size '68719476736b' 'crypt'
    # lv data
    lvcreate --name 'data' --extents '100%FREE' 'crypt'
    # format swap
    mkswap --label 'swap' '/dev/mapper/crypt-swap'
    # format data
    mkfs.ext4 -L 'data' '/dev/mapper/crypt-data'
    # vg off
    vgchange --activate n 'crypt'
    # close
    cryptsetup luksClose 'crypt'
 }