#!/bin/sh

set -ue

. /lib/fripost-partman/base.sh

device=/dev/sda
fripost_wipe $device

/sbin/parted -s $device mklabel gpt
log "Created disklabel GPT for device $device"

[ -d /proc/efi -o -d /sys/firmware/efi ] && \
    part_uefi=$( fripost_mkpart $device uefi 256M +boot )

part_boot=$( fripost_mkpart $device boot 64M )
part_system=$( fripost_mkpart $device system 100% ) #+lvm
/sbin/parted -s $device align-check opt ${part_system#$device} \
    || fatal "$part_system is not aligned"

# Choose the key length and digest depending on the architecture
# we're on; we use AES128 and SHA-256 on 32-bits platforms, and
# AES256 and SHA-512 on 64-bits platforms.
arch=$(uname -m)
if [ x"$arch" = x"x86_64" ]; then
    keysize=256
    hash=sha512
elif [ x"$arch" = x"i386" -o x"$arch" = x"i686" ]; then
    keysize=128
    hash=sha256
fi
# Note: XTS requires the key size to be doubled.
fripost_encrypt $part_system system_crypt \
    --cipher aes-xts-plain64 --key-size $(( $keysize * 2 )) --hash $hash \
    --iter-time 5000 --use-random


vg=$(hostname)
pvcreate -ff -y /dev/mapper/system_crypt
vgcreate $vg    /dev/mapper/system_crypt

lvcreate -L 5G       -n root $vg
lvcreate -L 1G       -n swap $vg
lvcreate -l 100%FREE -n home $vg
vgchange -ay $vg


# Format the partitions
mkfs.ext2 -q -E resize=512M -m1 -b 4096 $part_boot
mkfs.ext4 -q                    -b 4096 /dev/$vg/root
mkfs.ext4 -q                    -b 4096 /dev/$vg/home
mkswap                                  /dev/$vg/swap


# Stuff the fstab and mount the devices in the target
fripost_fstab $part_boot    /boot ext2 noatime
fripost_fstab /dev/$vg/root /     ext4 noatime,errors=remount-ro
fripost_fstab /dev/$vg/swap none  swap sw
fripost_fstab /dev/$vg/home /home ext4 noatime
fripost_mount_partitions