use other encryption scheme

1 files changed, 17 insertions, 23 deletions

diff --git a/nais b/nais
index 7f3fe64..5052b21 100755
--- a/nais
+++ b/nais
@@ -15,18 +15,19 @@ set_system_disk() {
 
 set_username_and_password() {
 	name="$(printf "" | bemenu -p "Username")"
-	password="$(printf "" | bemenu -x -p "Password")"
 	export USERNAME="$name"
-	export PASSWORD="$password"
 }
 
 set_root_keyfile() {
 	usb=$(lsblk --raw -o NAME,SIZE,MODEL,TYPE | grep part | sed 's/part//g' | column -s ' ' -t | sed 's/\\x20/ /g' | bemenu -p "Select Key USB" | awk '{ print $1 }')
+	password="$(printf "" | bemenu -x -p "Password")"
+	export PASSWORD="$password"
 
 	[ -z "$usb" ] && return
 
 	keyuuid=$(lsblk --raw -o NAME,UUID | grep "$usb" | awk '{ print $2 }')
-	mount --mkdir "/dev/$usb" /key
+	printf "%s" "$PASSWORD" | cryptsetup open "/dev/$usb" authkeys
+	mount --mkdir "/dev/mapper/authkeys" /key
 
 	[ ! -d "/key/.keys/" ] && mkdir /key/.keys
 
@@ -87,10 +88,8 @@ install_arch() {
 	uuid=$(lsblk --raw -o PATH,UUID | grep "$root" | awk '{ print $2 }')
 	export ROOTUUID="$uuid"
 
-	printf "%s" "$PASSWORD" | cryptsetup luksFormat --type luks1 "$boot" || exit
-	printf "%s" "$PASSWORD" | cryptsetup open "$boot" boot || exit
-	mkfs.vfat /dev/mapper/boot || exit
-	mount --mkdir /dev/mapper/boot /mnt/boot || exit
+	mkfs.vfat -F 32 "$boot" || exit
+	mount --mkdir "$boot" /mnt/boot || exit
 
 	[ "$BOOT_MODE" = "uefi" ] && mount --mkdir "$efi" /mnt/boot/EFI
 
@@ -98,24 +97,20 @@ install_arch() {
 	            wayland wayland-protocols wlroots xorg-xwayland \
 	            git base-devel make networkmanager btrfs-progs sudo \
 	            grub efibootmgr bat man-db ttf-sourcecodepro-nerd \
-	            libx11 libxft libxrender freetype2 dunst
-
-	dd if=/dev/random of=/mnt/etc/.bootkey bs=1024 count=4
-	printf "%s" "$PASSWORD" | cryptsetup luksAddKey "$boot" /mnt/etc/.bootkey || exit
+	            libx11 libxft libxrender freetype2 dunst fzf
 
 	genfstab -U /mnt >> /mnt/etc/fstab || exit
 
-	echo "boot  $boot  /etc/.bootkey" >> /mnt/etc/crypttab
-
 	arch-chroot /mnt ln -sf "/usr/share/zoneinfo/$TIMEZONE" /etc/localtime
 	echo "$LOCALE" >> /mnt/etc/locale.gen
 	arch-chroot /mnt locale-gen || exit
 	echo "LANG=$(echo "$LOCALE" | awk '{ print $1 }')" > /mnt/etc/locale.conf
 	echo "$HOSTNAME" > /mnt/etc/hostname
 
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/elk && cd elk && ./install $KEYUUID"
 	sed -i 's/MODULES=(\(.*\))/MODULES=(\1 btrfs)/g' /mnt/etc/mkinitcpio.conf
 	sed -i 's/BINARIES=(\(.*\))/BINARIES=(\1 btrfs)/g' /mnt/etc/mkinitcpio.conf
-	sed -i 's/\(HOOKS=(.*\)base/\1base udev/g' /mnt/etc/mkinitcpio.conf
+	sed -i 's/\(HOOKS=(.*\)udev/\udev elk/g' /mnt/etc/mkinitcpio.conf
 	sed -i 's/\(HOOKS=(.*\)keyboard/\1keyboard keymap consolefont/g' /mnt/etc/mkinitcpio.conf
 	sed -i 's/\(HOOKS=(.*\)block/\1block encrypt/g' /mnt/etc/mkinitcpio.conf
 	arch-chroot /mnt mkinitcpio -P || exit
@@ -124,8 +119,7 @@ install_arch() {
 	arch-chroot /mnt useradd -m -G wheel "$USERNAME" || exit
 	echo "$USERNAME:$PASSWORD" | arch-chroot /mnt chpasswd
 
-	echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/etc/default/grub
-	sed -i "s/\(GRUB_CMDLINE_LINUX=\".*\)\"/\1 cryptdevice=UUID=$ROOTUUID:root cryptkey=UUID=$KEYUUID:btrfs:\/.keys\/$KEYFILE\"/g" /mnt/etc/default/grub
+	sed -i "s/\(GRUB_CMDLINE_LINUX=\".*\)\"/\1 cryptdevice=UUID=$ROOTUUID:root cryptkey=/dev/mapper/elkdev:btrfs:\/.keys\/$KEYFILE elkuuid=$KEYUUID\"/g" /mnt/etc/default/grub
 
 	if [ "$BOOT_MODE" = "bios" ]; then
 		arch-chroot /mnt grub-install --target=i386-pc --recheck "/dev/$DISK"
@@ -136,13 +130,13 @@ install_arch() {
 	arch-chroot /mnt grub-mkconfig -o /boot/grub/grub.cfg
 
 	arch-chroot /mnt sh -c "mkdir /home/$USERNAME/system"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.suckless.org/libgrapheme && cd libgrapheme && ./configure && sudo make install"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/dwl && cd dwl && sudo make install"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/wlock && cd wlock && sudo make install"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/dmenu-wl && cd dmenu-wl && sudo make install"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/dbar && cd dbar && sudo make install"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/st && cd st && sudo make install"
-	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/status && cd status && sudo make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.suckless.org/libgrapheme && cd libgrapheme && ./configure && make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/dwl && cd dwl && make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/wlock && cd wlock && make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/dmenu-wl && cd dmenu-wl && make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/wayland/dbar && cd dbar && make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/st && cd st && make install"
+	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/suckless/status && cd status && make install"
 	arch-chroot /mnt sh -c "cd /home/$USERNAME/system && git clone https://git.nathanreiner.xyz/dotfiles && cd dotfiles && ./dotter"
 	arch-chroot /mnt sh -c "cd /home/$USERNAME/ && git clone https://aur.archlinux.org/yay && cd yay && makepkg -si --noconfirm && cd / && rm -rf /home/$USERNAME/yay"
 	arch-chroot /mnt chown -R "$USERNAME":"$USERNAME" "/home/$USERNAME/system"