#!/bin/sh

set -ue

. /lib/fripost-partman/base.sh

dev=/dev/sda
fripost_wipe $dev

grain=$(( 256*32 ))
offset=`cat /sys/block/${dev#/dev/}/alignment_offset`
bs=`cat /sys/block/${dev#/dev/}/queue/physical_block_size`

if [ $offset -eq 0 ]; then
    offset=64
else
    offset=$(( $offset / $bs ))
fi

parted            -sm $dev mklabel gpt
# All offset2's must be multiple of 256*32 = 8192
if [ -d /proc/efi ] || [ -d /sys/firmware/efi ]; then
    offset2=$(( 256 * 1024**2 / $bs ))
    offset2=$(( $offset2 - $offset2 % $grain ))
    parted -a minimal -sm $dev mkpart uefi ${offset}s $(( $offset2 - 1 ))s
    offset=$offset2
    offset2=$(( $offset + 64 * 1024**2 / $bs ))
    offset2=$(( $offset2 - $offset2 % $grain ))
    parted -a minimal -sm $dev mkpart boot ${offset}s $(( $offset2 - 1))s
    parted -sm $dev set 1 boot on
else
    offset2=$(( 64 * 1024**2 / $bs ))
    parted -a minimal -sm $dev mkpart boot ${offset}s $(( $offset2 - 1))s
fi
offset=$offset2
offset2=$(( `cat /sys/block/${dev#/dev/}/size` - 1 ))
offset2=$(( $offset2 - $offset2 % $grain ))
parted -a optimal -sm $dev mkpart system ${offset}s $(( $offset2 - 1))s
system=${dev}$(parted -sm $dev p | grep -m 1 '^[1-9][0-9]*:.*:system:[^:]*;$' | sed 's/:.*//')
parted -sm $dev align-check opt ${system#$dev}
#parted -sm $dev set ${system#$dev} lvm on

# Choose the key length and digest depending on the architecture
# we're on; we use AES128 and SHA-256 on 32-bits platforms, and
# AES256 and SHA-512 on 64-bits platforms.
arch=$(uname -m)
if [ x"$arch" = x"x86_64" ]; then
    keysize=256
    hash=sha512
elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
    keysize=128
    hash=sha256
fi
# Note: XTS requires the key size to be doubled.
fripost_encrypt $system system_crypt \
    --align-payload $grain \
    --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
    --iter-time 5000 --use-random


pvcreate -ff -y /dev/mapper/system_crypt
vgcreate eilift /dev/mapper/system_crypt

lvcreate -L 5G       -n root eilift
lvcreate -L 1G       -n swap eilift
lvcreate -l 100%FREE -n home eilift
vgchange -ay eilift

mkfs.ext2 /dev/sda1
mkfs.ext4 /dev/eilift/root
mkfs.ext4 /dev/eilift/home

mkdir -p /target/proc
mkdir -p /target/cdrom

cat > /tmp/fstab <<EOF
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>      <options>       <dump>  <pass>
proc            /proc           proc        defaults        0       0
# TODO: ^ is that needed?
/dev/cdrom      /cdrom          iso9660,udf ro,user,noauto  0       0
# TODO: ^ remove
EOF
mkdir -p /target/
mount -t ext4 /dev/eilift/root /target/
echo /dev/eilift/root / ext4 noatime,errors=remount-ro 0 1 >> /tmp/fstab
mkdir -p /target/home
mount -t ext4 /dev/eilift/home /target/home/
echo /dev/eilift/home /home/ ext4 noatime 0 2 >> /tmp/fstab
mkdir -p /target/boot
mount -t ext2 /dev/sda1 /target/boot/
echo /dev/sda1 /boot/ ext2 noatime 0 2 >> /tmp/fstab

mkswap /dev/eilift/swap
swapon /dev/eilift/swap
echo "/dev/eilift/swap none swap sw 0 0" >> /tmp/fstab

mkdir -p /target/etc
cp /tmp/fstab /target/etc/fstab

# functions:
#   parted
#     - aligned ([+]256MB)
#   cryptsetup ...
#     - set up SSH daemon
#     - /sbin/cryptsetup -q ... --key-file="$keyfile" luksFormat $system
#     - /sbin/cryptsetup -q     --key-file="$keyfile" luksOpen   $system system_crypt
#   pvcreate
#   vgcreate
#   vgchange
#   mkfs -t type [fs-options] device
#   mount -t vfstype [-o options] device dir
#     - create mountpoint
#     - add entry to fstab
#     - mount

#+ logs!