diff --git a/bash/hetzner-rescue.sh b/bash/hetzner-rescue.sh index 58808aa..7e79b7f 100644 --- a/bash/hetzner-rescue.sh +++ b/bash/hetzner-rescue.sh @@ -130,6 +130,188 @@ else fi } +function hetzner-rescue-wipe-8-8-0 { + local device + local devices=( + '/dev/sdc' + '/dev/sda' + '/dev/sdb' + ) + local members + local number + local passphrase + local unit='mib' + # read passphrase + echo -n 'PassPhrase: ' + read -r -s passphrase + # + lsblk + echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' + read + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}" + # + parted "${device}" --script mktable gpt + # + parted "${device}" unit "${unit}" \ + mkpart "crypt-${number}" 22359 9537535 + # + parted "${device}" unit "${unit}" \ + mkpart "boot-${number}" 513 22359 + # + parted "${device}" unit "${unit}" \ + mkpart "esp-${number}" 2 513 + parted "${device}" set 3 esp on + # + parted "${device}" unit "${unit}" \ + mkpart "bios-${number}" 1 2 + parted "${device}" set 4 bios_grub on + done + # + parted "${device}" unit "${unit}" \ + mkpart 'extra' 9537535 11444223 + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}4" + # wipe bios + dd \ + if='/dev/zero' of="${device}4" + done + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}3" + # format esp + dd \ + if='/dev/zero' of="${device}3" bs='1M' + mkfs.vfat -F 32 -n "esp-${number}" "${device}3" + done + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}2" + # wipe boot + dd status='progress' \ + if='/dev/zero' of="${device}2" bs='1G' + done + # + members=() + for device in "${devices[@]}" ; do + members+=("${device}2") + done + mdadm \ + --create '/dev/md/boot' \ + --name 'boot' \ + --uuid '6234a0eb:29a3a847:1dbd5ec4:bada5579' \ + --metadata 1 \ + --level 0 \ + --raid-devices ${#devices[@]} \ + "${members[@]}" + # + number=0 + for device in "${devices[@]}" ; do + ((number++)) + echo ; echo "#${number}: ${device}1" + # wipe crypt head + dd status='progress' \ + if='/dev/zero' of="${device}1" bs='1G' count=1 + done + # + members=() + for device in "${devices[@]}" ; do + members+=("${device}1") + done + mdadm \ + --create '/dev/md/crypt' \ + --name 'crypt' \ + --uuid '006234a0:eb29a3a8:471dbd5e:c4bada55' \ + --metadata 1 \ + --level 0 \ + --raid-devices ${#devices[@]} \ + "${members[@]}" + # format boot + mkfs.ext4 \ + -F \ + -L 'boot' \ + -U '6234a0eb-29a3-a847-1dbd-5ec4bada5579' \ + '/dev/md/boot' + # encrypt + echo "${passphrase}" \ + | cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/md/crypt' + # open + echo "${passphrase}" \ + | cryptsetup luksOpen '/dev/md/crypt' 'crypt' + # wipe crypt + dd status='progress' \ + if='/dev/zero' of='/dev/mapper/crypt' bs='16G' +} + +function hetzner-rescue-wipe-8-8-1 { + local passphrase + # close + cryptsetup luksClose 'crypt' + # read passphrase + echo -n 'PassPhrase: ' + read -r -s passphrase + # encrypt + echo "${passphrase}" \ + | cryptsetup \ + --verbose \ + --batch-mode \ + --type 'luks2' \ + --pbkdf 'argon2id' \ + --cipher 'aes-xts-plain64' \ + --iter-time 8192 \ + --key-size 512 \ + --hash 'sha512' \ + --use-random \ + luksFormat \ + '/dev/md/crypt' + # open + echo "${passphrase}" \ + | cryptsetup luksOpen '/dev/md/crypt' 'crypt' + # pv + pvcreate '/dev/mapper/crypt' + # vg + vgcreate 'crypt' '/dev/mapper/crypt' + # lv swap + lvcreate --name 'swap' --size '137438953472b' 'crypt' + # lv data + lvcreate --name 'data' --extents '100%FREE' 'crypt' + # format swap + mkswap \ + --label 'swap' \ + -U '06234a0e-b29a-3a84-71db-d5ec4bada557' \ + '/dev/mapper/crypt-swap' + # format data + mkfs.ext4 \ + -L 'data' \ + -U '006234a0-eb29-a3a8-471d-bd5ec4bada55' \ + '/dev/mapper/crypt-data' + # vg off + vgchange --activate n 'crypt' + # close + cryptsetup luksClose 'crypt' +} + function hetzner-rescue-wipe-12-10-10-0 { local device local devices=(