diff options
| author | Craig Jennings <c@cjennings.net> | 2026-01-24 17:29:24 -0600 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-01-24 17:29:24 -0600 |
| commit | 5d35df670a6780a12634e6f0ccbb918f53f355eb (patch) | |
| tree | d95ae425a1eb5c0a18d38fd70f6fa2f488bebdd7 | |
| parent | 33ab3dba2cdba0c94f8dde7b421a2a2b0ec8dae3 (diff) | |
| download | archangel-5d35df670a6780a12634e6f0ccbb918f53f355eb.tar.gz archangel-5d35df670a6780a12634e6f0ccbb918f53f355eb.zip | |
Fix LUKS encryption for btrfs (single and multi-disk)
- Use -d - flag for cryptsetup stdin key input (matches easy-arch)
- Change ((i++)) to ((++i)) to avoid set -e exit on 0 increment
- Add btrfs-mirror-luks test config
- Update status protocol with sound notifications
| -rw-r--r-- | custom/lib/btrfs.sh | 26 | ||||
| -rw-r--r-- | docs/protocols.org | 44 | ||||
| -rw-r--r-- | scripts/test-configs/btrfs-mirror-luks.conf | 15 |
3 files changed, 61 insertions, 24 deletions
diff --git a/custom/lib/btrfs.sh b/custom/lib/btrfs.sh index 279897e..afd9e4e 100644 --- a/custom/lib/btrfs.sh +++ b/custom/lib/btrfs.sh @@ -39,11 +39,11 @@ create_luks_container() { info "Setting up LUKS encryption on $partition..." - # Create LUKS container - echo -n "$passphrase" | cryptsetup luksFormat --type luks2 \ + # Create LUKS container (-q for batch mode, -d - to read key from stdin) + echo -n "$passphrase" | cryptsetup -q luksFormat --type luks2 \ --cipher aes-xts-plain64 --key-size 512 --hash sha512 \ --iter-time 2000 --pbkdf argon2id \ - "$partition" - \ + -d - "$partition" \ || error "Failed to create LUKS container" info "LUKS container created." @@ -56,7 +56,7 @@ open_luks_container() { info "Opening LUKS container..." - echo -n "$passphrase" | cryptsetup open "$partition" "$name" - \ + echo -n "$passphrase" | cryptsetup open "$partition" "$name" -d - \ || error "Failed to open LUKS container" info "LUKS container opened as /dev/mapper/$name" @@ -79,12 +79,12 @@ create_luks_containers() { local i=0 for partition in "${partitions[@]}"; do info "Setting up LUKS encryption on $partition..." - echo -n "$passphrase" | cryptsetup luksFormat --type luks2 \ + echo -n "$passphrase" | cryptsetup -q luksFormat --type luks2 \ --cipher aes-xts-plain64 --key-size 512 --hash sha512 \ --iter-time 2000 --pbkdf argon2id \ - "$partition" - \ + -d - "$partition" \ || error "Failed to create LUKS container on $partition" - ((i++)) + ((++i)) done info "Created $i LUKS containers." @@ -102,9 +102,9 @@ open_luks_containers() { local name="${LUKS_MAPPER_NAME}${i}" [[ $i -eq 0 ]] && name="$LUKS_MAPPER_NAME" # First one has no suffix info "Opening LUKS container: $partition -> /dev/mapper/$name" - echo -n "$passphrase" | cryptsetup open "$partition" "$name" - \ + echo -n "$passphrase" | cryptsetup open "$partition" "$name" -d - \ || error "Failed to open LUKS container: $partition" - ((i++)) + ((++i)) done info "Opened ${#partitions[@]} LUKS containers." @@ -150,7 +150,7 @@ configure_crypttab() { echo "$name UUID=$uuid none luks,discard" >> /mnt/etc/crypttab info "crypttab: $name -> UUID=$uuid" - ((i++)) + ((++i)) done info "crypttab configured for $i partition(s)" @@ -592,7 +592,7 @@ install_grub_all_efi() { # Mount secondary EFI partitions if ! mountpoint -q "$mount_point" 2>/dev/null; then mkdir -p "$mount_point" - mount "$efi_part" "$mount_point" || { warn "Failed to mount $efi_part"; ((i++)); continue; } + mount "$efi_part" "$mount_point" || { warn "Failed to mount $efi_part"; ((++i)); continue; } # Also create the directory in chroot for grub-install mkdir -p "/mnt${chroot_efi_dir}" mount --bind "$mount_point" "/mnt${chroot_efi_dir}" @@ -606,7 +606,7 @@ install_grub_all_efi() { --boot-directory=/boot \ || warn "GRUB install to $efi_part may have failed (continuing)" - ((i++)) + ((++i)) done info "GRUB installed to ${#efi_partitions[@]} EFI partition(s)." @@ -656,7 +656,7 @@ sync_grub() { umount "$mount_point" 2>/dev/null || true rmdir "$mount_point" 2>/dev/null || true fi - ((i++)) + ((++i)) done } diff --git a/docs/protocols.org b/docs/protocols.org index 9c8a9b2..4ddfdef 100644 --- a/docs/protocols.org +++ b/docs/protocols.org @@ -254,27 +254,49 @@ When Craig says this phrase: ** Long-Running Process Status Updates -When monitoring a long-running process (rsync, large downloads, builds, etc.), provide status updates every 5 minutes. +When monitoring a long-running process (rsync, large downloads, builds, VM tests, etc.), follow this protocol: + +***At Start:*** +1. Run =date= to get accurate time +2. Announce the task/job beginning +3. Provide best-guess ETA for completion + +#+begin_example +**14:30** - Starting ISO build. ETA: ~10 minutes. +#+end_example + +***Every 5 Minutes:*** +- Check progress and display status in format: =HH:MM= - terse description - ETA + +#+begin_example +**14:35** - ISO build: packages installed, creating squashfs. ETA: ~5 min. +**14:40** - ISO build: squashfs 95% complete. ETA: ~1 min. +#+end_example + +***At Completion:*** +1. Play notification sound three times: + #+begin_src bash + paplay /usr/share/sounds/freedesktop/stereo/complete.oga + paplay /usr/share/sounds/freedesktop/stereo/complete.oga + paplay /usr/share/sounds/freedesktop/stereo/complete.oga + #+end_src +2. Provide summary of success or failure -***Format:*** #+begin_example -**14:32** - Rsync in progress: 312GB of 640GB transferred (~49%), ETA ~25 min -**14:37** - Rsync continuing: 389GB of 640GB (~61%), ETA ~18 min +**14:42** - ISO build complete. Size: 2.0G. Ready for testing. #+end_example ***Guidelines:*** -- Check in approximately every 5 minutes -- Include current time (run =date= to get accurate time) -- Brief description of what's happening -- Progress indication (percentage, files transferred, etc.) -- ETA when possible (even a ballpark estimate is helpful) -- Format doesn't need to be strict - just be descriptive -- If ETA cannot be determined, omit it rather than guessing wildly +- Always run =date= for accurate timestamps +- Keep progress descriptions terse but informative +- Update ETA as job progresses +- If ETA cannot be determined, say "ETA unknown" rather than guessing wildly ***Why This Matters:*** - Craig may be working on other things while waiting - Status updates provide confidence the process is still running - ETAs help with planning (e.g., "I have time for coffee" vs "stay close") +- Sound notification alerts Craig when he's away from the screen - If something stalls, the updates make it obvious ** "Wrap it up" / "That's a wrap" / "Let's call it a wrap" diff --git a/scripts/test-configs/btrfs-mirror-luks.conf b/scripts/test-configs/btrfs-mirror-luks.conf new file mode 100644 index 0000000..823dfbb --- /dev/null +++ b/scripts/test-configs/btrfs-mirror-luks.conf @@ -0,0 +1,15 @@ +# Test config: Btrfs 2-disk mirror (RAID1) with LUKS encryption + +HOSTNAME=test-btrfs-mirror-luks +TIMEZONE=UTC +LOCALE=en_US.UTF-8 +KEYMAP=us + +FILESYSTEM=btrfs +DISKS=/dev/vda,/dev/vdb +RAID_LEVEL=mirror + +LUKS_PASSPHRASE=testpass +ROOT_PASSWORD=testpass + +ENABLE_SSH=yes |