# Setup.
hydra_user_input device /dev/sdb "Destination device"
hydra_user_input swap_device /dev/sda1 "Final swap device"
+hydra_user_input encrypt y "Encrypt system and storage volumes? (y/n)"
hydra_user_input garbage y "Pre-fill volumes with garbage? (y/n)"
hydra_user_input hostname $HOSTNAME "Hostname"
hydra_user_input domain example.com "Domain"
fi
# Create root device.
-echo "Creating root device..."
-cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root
-cryptsetup luksOpen /dev/$vg/root debootstrap
-mkfs.ext3 /dev/mapper/debootstrap
+if [ "$encrypt" == "y" ]; then
+ echo "Creating encrypted root device..."
+ cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/$vg/root
+ cryptsetup luksOpen /dev/$vg/root debootstrap
+ mkfs.ext3 /dev/mapper/debootstrap
+else
+ echo "Creating root device..."
+ mkfs.ext3 /dev/vg/root
+fi
# Initial system install.
echo "Installing base system..."
# Crypttab.
echo "Configuring crypttab..."
-cat > /tmp/debootstrap/etc/crypttab <<-EOF
+if [ "$encrypt" == "y" ]; then
+ cat > /tmp/debootstrap/etc/crypttab <<-EOF
# <target name> <source device> <key file> <options>
root /dev/mapper/vg-root none luks,cipher=aes-cbc-essiv:sha256
cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256
EOF
+else
+if [ "$encrypt" == "y" ]; then
+ cat > /tmp/debootstrap/etc/crypttab <<-EOF
+# <target name> <source device> <key file> <options>
+cswap $swap_device /dev/random swap,cipher=aes-cbc-essiv:sha256
+EOF
+fi
# Fstab.
echo "Configuring fstab..."
-cat > /tmp/debootstrap/etc/fstab <<-EOF
+if [ "$encrypt" == "y" ]; then
+ cat > /tmp/debootstrap/etc/fstab <<-EOF
/dev/mapper/cswap none swap sw 0 0
/dev/mapper/root / ext3 defaults,errors=remount-ro 0 1
EOF
+else
+ cat > /tmp/debootstrap/etc/fstab <<-EOF
+/dev/mapper/cswap none swap sw 0 0
+/dev/vg/root / ext3 defaults,errors=remount-ro 0 1
+EOF
+fi
# Boot.
echo "Boot device setup..."
projects / hydra.git / commitdiff