42 lines
1.3 KiB
Nix
42 lines
1.3 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
cb-mount = pkgs.writeScriptBin "cb-mount" ''
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
DEVICE=/dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
|
|
|
|
${pkgs.cryptsetup}/bin/cryptsetup luksOpen ''${DEVICE} external-drive
|
|
mkdir -p /mnt/external-drive
|
|
mount /dev/mapper/external-drive /mnt/external-drive
|
|
'';
|
|
|
|
cb-unmount = pkgs.writeScriptBin "cb-unmount" ''
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
umount /mnt/external-drive
|
|
${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
|
|
'';
|
|
|
|
cb-prepare = pkgs.writeScriptBin "cb-prepare" ''
|
|
echo "Formatting disk"
|
|
sgdisk -Z /dev/disk/by-path/pci-0000:00:12.0-ata-2
|
|
sgdisk -N 1 /dev/disk/by-path/pci-0000:00:12.0-ata-2
|
|
partprobe /dev/disk/by-path/pci-0000:00:12.0-ata-2
|
|
|
|
echo "Creating encrypted partition"
|
|
${pkgs.cryptsetup}/bin/cryptsetup luksFormat -c aes-xts-plain64 --hash=sha256 -s 256 /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1
|
|
|
|
echo "Opening encrypted partition"
|
|
${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1 external-drive
|
|
|
|
echo "Creating file system"
|
|
mkfs.ext4 /dev/mapper/external-drive
|
|
|
|
echo "Closing encrypted partition"
|
|
${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
|
|
'';
|
|
in {
|
|
environment.systemPackages = [ cb-mount cb-unmount cb-prepare ];
|
|
}
|