penal-colony/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/scripts/migrate-game-header.sh
ashisgreat22 2be8de47fa init
2026-01-14 21:24:19 +01:00

65 lines
2 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
set -e
# CONSTANTS
DISK_ID="/dev/disk/by-id/nvme-KINGSTON_SNVS1000G_50026B7784BF8876"
HEADER_FILE="/persist/etc/cryptdata.header"
MAPPER_NAME="cryptdata"
echo "========================================================"
echo "LUKS DETACHED HEADER MIGRATION"
echo "Target Disk: $DISK_ID"
echo "Header File: $HEADER_FILE"
echo "========================================================"
echo ""
echo "WARNING: This process isolates the encryption header from the disk."
echo "1. If you lose $HEADER_FILE, your data is GONE FOREVER."
echo "2. The disk will appear as random noise to anyone inspecting it."
echo ""
if [ -f "$HEADER_FILE" ]; then
echo "ERROR: Header file $HEADER_FILE already exists. Aborting to prevent overwrite."
exit 1
fi
if [ ! -e "$DISK_ID" ]; then
echo "ERROR: Target disk $DISK_ID not found."
exit 1
fi
read -p "Type 'DETACH' to proceed with backing up and WIPING the header from the disk: " confirm
if [ "$confirm" != "DETACH" ]; then
echo "Aborting."
exit 1
fi
echo ""
echo "[1/3] Backing up LUKS header..."
doas cryptsetup luksHeaderBackup "$DISK_ID" --header-backup-file "$HEADER_FILE"
if [ ! -s "$HEADER_FILE" ]; then
echo "ERROR: Header file creation failed or is empty."
exit 1
fi
echo "Header saved to $HEADER_FILE"
doas chmod 600 "$HEADER_FILE"
echo ""
echo "[2/3] Verifying header backup (dry-run open)..."
# We try to dump parameters from the file to ensure it's valid
if ! doas cryptsetup luksDump "$HEADER_FILE" > /dev/null; then
echo "ERROR: The backup header appears invalid. Aborting wipe."
rm "$HEADER_FILE"
exit 1
fi
echo "Header backup looks valid."
echo ""
echo "[3/3] WIPING header from physical disk..."
# This is the point of no return for the disk's standalone validity
doas cryptsetup luksErase "$DISK_ID"
echo ""
echo "SUCCESS! The header is now detached."
echo "You must now update your NixOS configuration to use 'header=$HEADER_FILE'."
echo "UUIDs on the raw device are now gone. Use the /dev/disk/by-id/ path."
Reference in a new issue View git blame Copy permalink