#!/bin/bash echo "this is not yet done!" echo "Currently it does not add swap to /etc/fstab or /etc/crypttab" exit 1 read -p '[?] keyfile path [/etc/crypttab.d/swap_key]: ' keyfile_dest keyfile_dest=${keyfile_dest:-/etc/crypttab.d/swap_key} read -p '[?] swap partition name [swap_crypt]: ' part_name part_name=${part_name:-swap_crypt} read -p '[?] partition password: ' part_pass while [[ -z "${part_pass}" ]]; do printf '[!] empty password\n' read -p '[?] partition password: ' part_pass done #printf '\n' #lsblk -o NAME,SIZE,FSTYPE lsblk -o PATH,SIZE,FSTYPE read -p '[?] encrypted swap device:' swap_blk_dev while [[ ! "$(file ${swap_blk_dev})" == *'block'* ]]; do printf '[!] bad encrypted swap device\n' read -p '[?] encrypted swap device: ' swap_blk_dev done printf '[!] ALL DATA AT THE SELECTED KEYFILE PATH WILL BE OVERWRITTEN\n' printf '[!] ALL DATA ON THE SELECTED DEVICE WILL BE DELETED\n' printf '[!] keyfile path: %s\n' "${keyfile_dest}" printf '[!] encrypted swap device: %s\n' "${swap_blk_dev}" printf '[!] decrypted partition name: %s\n' "${part_name}" read -p '[?] Proceed? [y/N] ' proceed_confirm proceed_confirm=${proceed_confirm:-n} case "${proceed_confirm}" in [Nn][Oo]|[Nn]) printf '[!] Exiting without making changes\n' ;; *) printf '[!] Here we go!\n' ;; esac exit printf '[-] Writing keyfile...\n' mkdir -p "$(dirname ${keyfile_dest})" openssl genrsa -out "${keyfile_dest}" 4096 printf '[-] Setting keyfile permissions...\n' chmod -v 0400 "${keyfile_dest}" chown root:root "${keyfile_dest}" printf '[-] Formatting encrypted swap block device...\n' #printf '[!] When prompted, set the device\'s password\n' printf '%s' "${part_pass}" | cryptsetup luksFormat "${swap_blk_dev}" - printf '[-] Adding keyfile to encrypted device header\n' #printf '[!] When prompted, set the device\'s password\n' printf '%s' "${part_pass}" | cryptsetup luksAddKey "${swap_blk_dev}" "${keyfile_dest}" - printf '[-] Opening encrypted partition using keyfile\n' cryptsetup luksOpen "${swap_blk_dev}" "${part_name}" --key-file "${keyfile_dest}" printf '[-] Creating swap inside encrypted partition\n' mkswap "/dev/mapper/${part_name}"