Add LUKS management

debian/chroot.install

@@ -21,6 +21,12 @@ manage_part=0
 manage_btrfs=1
 ## If the script should create extra volume (eg. backup, virt, Proxmox,…)
 manage_extra_lv=0
+## If the script should cipher data with LUKS
+manage_luks=0
+## You need to set a new passphrase after the installation or at least change this one
+luks_passphrase="generic key"
+luks_key_file="/tmp/luks.keyfile.temp"
+luks_pv_name=$(basename "${hdd}"2_crypt)
 ## Colors definition {{{
 BLACK='\033[49;30m'
 BLACKB='\033[49;90m'
@@ -39,7 +45,7 @@ RESET='\033[0m'
 ## Package to exclude from debootstrap install
 dbs_pkg_exclude="vim-tiny"
 ## Package to include to debootstrap install
-dbs_pkg_include="aptitude,btrfs-progs,bzip2,debconf-i18n,dialog,dmsetup,htop,isc-dhcp-client,isc-dhcp-common,locales,lvm2,openssh-server,pciutils,tmux,vim-nox,wget,zsh"
+dbs_pkg_include="aptitude,btrfs-progs,bzip2,cryptsetup,debconf-i18n,dialog,dmsetup,htop,isc-dhcp-client,isc-dhcp-common,locales,lvm2,openssh-server,pciutils,tmux,vim-nox,wget,zsh"
 
 # Prepare host system {{{
 apt update
@@ -61,8 +67,16 @@ if [ "${manage_part}" -eq 0 ]; then
 	### LV
 	parted "${hdd}" mkpart primary 512MB 100% || exit 1
 	parted "${hdd}" set 2 lvm on
-	sudo pvcreate "${hdd}"2
+	if [ "${manage_luks}" -eq 0 ]; then
-	sudo vgcreate "${vgname}" "${hdd}"2
+		rm -f -- "${luks_key_file}" && printf '%b\n' "${luks_passphrase}" > "${luks_key_file}"
+		cryptsetup -c aes-xts-plain -s 512 --use-random -y luksFormat "${hdd}"2 "${luks_passphrase}" --key-file "${luks_key_file}" || exit 2
+		cryptsetup luksOpen "${hdd}"2 "${luks_pv_name}" --key-file "${luks_key_file}" || exit 2
+		pvcreate /dev/mapper/"${luks_pv_name}"
+		vgcreate "${vgname}" /dev/mapper/"${luks_pv_name}"
+	else
+		pvcreate "${hdd}"2
+		vgcreate "${vgname}" "${hdd}"2
+	fi
 fi
 
 mkfs.ext3 -F -L boot -- "${hdd}"1