install.fairie/.config/taskfiles/security/Taskfile-disk.yml

---
version: '3'

vars:
  CRYPT_LABEL: '{{if .CRYPT_LABEL}}{{.CRYPT_LABEL}}{{else}}secret{{end}}'
  DISK_PATH: '{{if .DISK_PATH}}{{.DISK_PATH}}{{else}}{{.CLI_ARGS}}{{end}}'
  PARTITION_SIZE: '{{if .PARTITION_SIZE}}{{.PARTITION_SIZE}}{{else}}+25M{{end}}'

env:
  GNUPGHOME:
    sh: echo "$HOME/.gnupghome"

tasks:
  encrypt:create:
    summary: |
      # Encrypt a Disk (USB, etc.)

      This task will encrypt a disk (like a USB drive) as a single partition using
      the full disk space.

      **Usage example:**

      ```shell
      task security:disk:encrypt -- /dev/mmcblk0
      ```

      You can find the path of the USB / storage medium to pass to the CLI command
      by running `fdisk -l`.
    vars:
      DISK_LABEL: '{{if .DISK_LABEL}}{{.DISK_LABEL}}{{else}}gpg{{end}}'
      PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}1{{end}}'
    cmds:
      - sudo dd if=/dev/urandom of={{.DISK_PATH}} bs=4M status=progress
      - echo -e "o\nn\np\n{{.PARTITION_NUMBER}}\n{{.PARTITION_SIZE}}\nw" | sudo fdisk {{.DISK_PATH}}
      - echo -e "${MASTER_KEY}\n${MASTER_KEY}" | sudo cryptsetup -q luksFormat {{.DISK_PATH}}{{.PARTITION_NUMBER}}
      - echo -e "${MASTER_KEY}" | sudo cryptsetup -q luksOpen {{.DISK_PATH}}{{.PARTITION_NUMBER}} {{.CRYPT_LABEL}}
      - sudo mkfs.ext2 /dev/mapper/{{.CRYPT_LABEL}} -L {{.DISK_LABEL}}
      - sudo cryptsetup luksClose {{.CRYPT_LABEL}}

  encrypt:mount:
    vars:
      PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}1{{end}}'
    cmds:
      - echo -e "${MASTER_KEY}" | sudo cryptsetup -q luksOpen {{.DISK_PATH}}{{.PARTITION_NUMBER}} {{.CRYPT_LABEL}}
      - sudo mkdir /mnt/gpg-encrypted-storage
      - sudo mount /dev/mapper/{{.CRYPT_LABEL}} /mnt/gpg-encrypted-storage

  encrypt:unmount:
    cmds:
      - sudo umount /mnt/gpg-encrypted-storage
      - sudo cryptsetup luksClose {{.CRYPT_LABEL}}

  unencrypted:create:
    vars:
      PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}2{{end}}'
    cmds:
      - echo -e "o\nn\np\n{{.PARTITION_NUMBER}}\n{{.PARTITION_SIZE}}\nw" | sudo fdisk {{.DISK_PATH}}
      - sudo mkfs.ext2 {{.DISK_PATH}}{{.PARTITION_NUMBER}}

  unencrypted:mount:
    vars:
      PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}2{{end}}'
    cmds:
      - sudo mkdir /mnt/gpg-public
      - sudo mount {{.DISK_PATH}}{{.PARTITION_NUMBER}} /mnt/gpg-public

  unencrypted:unmount:
    cmds:
      - sudo umount /mnt/gpg-public
Latest 2022-12-24 12:04:59 -08:00			`---`
			`version: '3'`

			`vars:`
			`CRYPT_LABEL: '{{if .CRYPT_LABEL}}{{.CRYPT_LABEL}}{{else}}secret{{end}}'`
			`DISK_PATH: '{{if .DISK_PATH}}{{.DISK_PATH}}{{else}}{{.CLI_ARGS}}{{end}}'`
			`PARTITION_SIZE: '{{if .PARTITION_SIZE}}{{.PARTITION_SIZE}}{{else}}+25M{{end}}'`

			`env:`
			`GNUPGHOME:`
			`sh: echo "$HOME/.gnupghome"`

			`tasks:`
			`encrypt:create:`
			`summary: \|`
			`# Encrypt a Disk (USB, etc.)`

			`This task will encrypt a disk (like a USB drive) as a single partition using`
			`the full disk space.`

			`Usage example:`

			```shell
			`task security:disk:encrypt -- /dev/mmcblk0`
			```

			`You can find the path of the USB / storage medium to pass to the CLI command`
			by running `fdisk -l`.
			`vars:`
			`DISK_LABEL: '{{if .DISK_LABEL}}{{.DISK_LABEL}}{{else}}gpg{{end}}'`
			`PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}1{{end}}'`
			`cmds:`
			`- sudo dd if=/dev/urandom of={{.DISK_PATH}} bs=4M status=progress`
			`- echo -e "o\nn\np\n{{.PARTITION_NUMBER}}\n{{.PARTITION_SIZE}}\nw" \| sudo fdisk {{.DISK_PATH}}`
			`- echo -e "${MASTER_KEY}\n${MASTER_KEY}" \| sudo cryptsetup -q luksFormat {{.DISK_PATH}}{{.PARTITION_NUMBER}}`
			`- echo -e "${MASTER_KEY}" \| sudo cryptsetup -q luksOpen {{.DISK_PATH}}{{.PARTITION_NUMBER}} {{.CRYPT_LABEL}}`
			`- sudo mkfs.ext2 /dev/mapper/{{.CRYPT_LABEL}} -L {{.DISK_LABEL}}`
			`- sudo cryptsetup luksClose {{.CRYPT_LABEL}}`

			`encrypt:mount:`
			`vars:`
			`PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}1{{end}}'`
			`cmds:`
			`- echo -e "${MASTER_KEY}" \| sudo cryptsetup -q luksOpen {{.DISK_PATH}}{{.PARTITION_NUMBER}} {{.CRYPT_LABEL}}`
			`- sudo mkdir /mnt/gpg-encrypted-storage`
			`- sudo mount /dev/mapper/{{.CRYPT_LABEL}} /mnt/gpg-encrypted-storage`

			`encrypt:unmount:`
			`cmds:`
			`- sudo umount /mnt/gpg-encrypted-storage`
			`- sudo cryptsetup luksClose {{.CRYPT_LABEL}}`

			`unencrypted:create:`
			`vars:`
			`PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}2{{end}}'`
			`cmds:`
			`- echo -e "o\nn\np\n{{.PARTITION_NUMBER}}\n{{.PARTITION_SIZE}}\nw" \| sudo fdisk {{.DISK_PATH}}`
			`- sudo mkfs.ext2 {{.DISK_PATH}}{{.PARTITION_NUMBER}}`

			`unencrypted:mount:`
			`vars:`
			`PARTITION_NUMBER: '{{if .PARTITION_NUMBER}}{{.PARTITION_NUMBER}}{{else}}2{{end}}'`
			`cmds:`
			`- sudo mkdir /mnt/gpg-public`
			`- sudo mount {{.DISK_PATH}}{{.PARTITION_NUMBER}} /mnt/gpg-public`

			`unencrypted:unmount:`
			`cmds:`
			`- sudo umount /mnt/gpg-public`