Cryptsetup new drive

source/resources/apps/cryptsetup/ADD-DRIVE.md

@@ -0,0 +1,30 @@
+# HOWTO add encrypted drive to an existing system.
+
+exit 0
+
+# XXX Change device names as appropriate
+fdisk /dev/nvme1n1
+# Make gpt partition
+# Make linux parition full disk size
+
+# --hash, --cipher --key-size, --key-slot --label 
+cryptsetup luksFormat /dev/nvme1n1p1
+# or like:
+cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1
+
+# "devel: (arbitrary name) is named now:
+cryptsetup luksOpen /dev/nvme1n1p1 devel
+# Format drive:
+mkfs.ext4 /dev/mapper/devel
+
+# Add to /etc/crypttab:
+devel UUID=00000000-0000-0000-0000-000000000000 none luks
+
+# Add to /etc/fstab:
+# Note this UUID is not the same as the UUID in the crypttab
+UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4  defaults        0       2
+
+# To change password:
+cryptsetup -y luksAddKey /dev/nvme1n1p1
+cryptsetup luksRemoveKey /dev/nvme1n1p1
+

source/resources/apps/cryptsetup/README.md

@@ -1,3 +1,5 @@
+# This is how to set up decrypting a remote encrypted partition at boot.
+
 apt install dropbear-initramfs
 
 /etc/dropbear-initramfs/config