From 9a863ddf8f2ddbb075a531bd84ff9476ffcc4a98 Mon Sep 17 00:00:00 2001
From: Penelope Gwen <support@pogmom.me>
Date: Fri, 11 Jul 2025 09:30:06 -0700
Subject: [PATCH] New backup 2025-07-11 09:30:06

---
 default/home/Scripts/fix-swap-part.sh | 64 +++++++++++++++++++++++++++
 default/include                       |  1 +
 2 files changed, 65 insertions(+)
 create mode 100755 default/home/Scripts/fix-swap-part.sh

diff --git a/default/home/Scripts/fix-swap-part.sh b/default/home/Scripts/fix-swap-part.sh
new file mode 100755
index 0000000..cad3536
--- /dev/null
+++ b/default/home/Scripts/fix-swap-part.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+echo "this is not yet done!"
+echo "Currently it does not add swap to /etc/fstab or /etc/crypttab"
+exit 1
+
+read -p '[?] keyfile path [/etc/crypttab.d/swap_key]: ' keyfile_dest
+keyfile_dest=${keyfile_dest:-/etc/crypttab.d/swap_key}
+read -p '[?] swap partition name [swap_crypt]: ' part_name
+part_name=${part_name:-swap_crypt}
+read -p '[?] partition password: ' part_pass
+while [[ -z "${part_pass}" ]]; do
+  printf '[!] empty password\n'
+  read -p '[?] partition password: ' part_pass
+done
+
+#printf '\n'
+#lsblk -o NAME,SIZE,FSTYPE
+lsblk -o PATH,SIZE,FSTYPE
+read -p '[?] encrypted swap device:' swap_blk_dev
+while [[ ! "$(file ${swap_blk_dev})" == *'block'* ]]; do
+  printf '[!] bad encrypted swap device\n'
+  read -p '[?] encrypted swap device: ' swap_blk_dev
+done
+
+printf '[!] ALL DATA AT THE SELECTED KEYFILE PATH WILL BE OVERWRITTEN\n'
+printf '[!] ALL DATA ON THE SELECTED DEVICE WILL BE DELETED\n'
+printf '[!] keyfile path: %s\n' "${keyfile_dest}"
+printf '[!] encrypted swap device: %s\n' "${swap_blk_dev}"
+printf '[!] decrypted partition name: %s\n' "${part_name}"
+read -p '[?] Proceed? [y/N] ' proceed_confirm
+proceed_confirm=${proceed_confirm:-n}
+case "${proceed_confirm}" in
+    [Nn][Oo]|[Nn])
+        printf '[!] Exiting without making changes\n'
+        ;;
+    *)
+        printf '[!] Here we go!\n'
+        ;;
+esac
+
+exit
+
+printf '[-] Writing keyfile...\n'
+mkdir -p "$(dirname ${keyfile_dest})"
+openssl genrsa -out "${keyfile_dest}" 4096
+
+printf '[-] Setting keyfile permissions...\n'
+chmod -v 0400 "${keyfile_dest}"
+chown root:root "${keyfile_dest}"
+
+printf '[-] Formatting encrypted swap block device...\n'
+#printf '[!] When prompted, set the device\'s password\n'
+printf '%s' "${part_pass}" | cryptsetup luksFormat "${swap_blk_dev}" -
+
+printf '[-] Adding keyfile to encrypted device header\n'
+#printf '[!] When prompted, set the device\'s password\n'
+printf '%s' "${part_pass}" | cryptsetup luksAddKey "${swap_blk_dev}" "${keyfile_dest}" -
+
+printf '[-] Opening encrypted partition using keyfile\n'
+cryptsetup luksOpen "${swap_blk_dev}" "${part_name}" --key-file "${keyfile_dest}"
+
+printf '[-] Creating swap inside encrypted partition\n'
+mkswap "/dev/mapper/${part_name}"
diff --git a/default/include b/default/include
index 27b73ed..00fe11c 100644
--- a/default/include
+++ b/default/include
@@ -11,3 +11,4 @@ Scripts/create-podman-container-arm.sh
 Scripts/iso_updater.sh
 .local/bin/rdict
 .config/fastfetch/config.jsonc
+Scripts/fix-swap-part.sh