rescue_hetzner_wipe_8_8_0_init() { local device local devices=( '/dev/sda' '/dev/sdb' ) local members local number local passphrase local unit='mib' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # lsblk echo -n 'WIPE' "${devices[@]}" '/?\ OR CANCEL /!\' read # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}" # parted "${device}" \ --script \ mktable gpt # parted "${device}" \ unit "${unit}" \ mkpart "crypt-${number}" 33282 7630885 # parted "${device}" \ unit "${unit}" \ mkpart "boot-${number}" 514 33282 # parted "${device}" \ unit "${unit}" \ mkpart "esp-${number}" 2 514 parted "${device}" \ set 3 esp on # parted "${device}" \ unit "${unit}" \ mkpart "bios-${number}" 1 2 parted "${device}" \ set 4 bios_grub on done # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}4" # wipe bios dd \ if='/dev/zero' of="${device}4" done # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}3" # format esp dd \ if='/dev/zero' of="${device}3" bs='1M' mkfs.vfat \ -F 32 \ -S 4096 \ -i "0000000${number}" \ -n "esp-${number}" \ "${device}3" # mount esp mkdir --parents "/media/esp/${number}" mount "${device}3" "/media/esp/${number}" done # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}2" # wipe boot dd status='progress' \ if='/dev/zero' of="${device}2" bs='1G' count=1 done # members=() for device in "${devices[@]}"; do members+=("${device}2") done mdadm \ --create '/dev/md/boot' \ --level 0 \ --metadata 1 \ --name 'md:boot' \ --raid-devices ${#devices[@]} \ --uuid '00000000:00000000:00000000:00000002' \ "${members[@]}" # mkfs.btrfs --force \ --checksum 'sha256' \ --label 'boot' \ --uuid '00000000-0000-0000-0000-00000000000b' \ '/dev/md/boot' # mount boot mkdir --parents '/media/boot' mount \ --options 'autodefrag,compress-force=zstd' \ '/dev/md/boot' '/media/boot' # number=0 for device in "${devices[@]}"; do ((number++)) echo echo "#${number}: ${device}1" # wipe crypt head dd status='progress' \ if='/dev/zero' of="${device}1" bs='1G' count=1 done # members=() for device in "${devices[@]}"; do members+=("${device}1") done mdadm \ --create '/dev/md/crypt' \ --level 0 \ --metadata 1 \ --name 'md:crypt' \ --raid-devices ${#devices[@]} \ --uuid '00000000:00000000:00000000:00000001' \ "${members[@]}" # encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" | cryptsetup luksOpen '/dev/md/crypt' 'crypt' } rescue_hetzner_wipe_8_8_1_zero() { # wipe crypt dd status='progress' \ if='/dev/zero' of='/dev/mapper/crypt' bs='8G' } rescue_hetzner_wipe_8_8_2_make() { local passphrase # close cryptsetup luksClose 'crypt' # read passphrase echo -n 'PassPhrase: ' read -r -s passphrase # encrypt echo "${passphrase}" | cryptsetup \ --verbose \ --batch-mode \ --type 'luks2' \ --pbkdf 'argon2id' \ --cipher 'aes-xts-plain64' \ --iter-time 8192 \ --key-size 512 \ --hash 'sha512' \ --use-random \ luksFormat \ '/dev/md/crypt' # open echo "${passphrase}" | cryptsetup luksOpen '/dev/md/crypt' 'crypt' # format crypt mkfs.btrfs --force \ --checksum 'sha256' \ --label 'crypt' \ --uuid '00000000-0000-0000-0000-00000000000c' \ '/dev/mapper/crypt' # mount crypt mkdir --parents '/media/crypt' mount \ --options 'autodefrag,compress-force=zstd' \ '/dev/mapper/crypt' '/media/crypt' # make swap file btrfs filesystem mkswapfile \ --size '64g' \ --uuid '00000000-0000-0000-0000-000000000005' \ '/media/crypt/swap' } rescue_hetzner_wipe_8_8_3_close() { umount '/media/boot' # umount '/media/crypt' && cryptsetup luksClose 'crypt' }