# HOWTO add encrypted drive to an existing system.

exit 0

# XXX Change device names as appropriate
fdisk /dev/nvme1n1
# Make gpt partition
# Make linux parition full disk size

# --hash, --cipher --key-size, --key-slot --label 
cryptsetup luksFormat /dev/nvme1n1p1
# or like:
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/nvme1n1p1

# "devel: (arbitrary name) is named now:
cryptsetup luksOpen /dev/nvme1n1p1 devel
# Format drive:
mkfs.ext4 /dev/mapper/devel

# Add to /etc/crypttab:
devel UUID=00000000-0000-0000-0000-000000000000 none luks

# Add to /etc/fstab:
# Note this UUID is not the same as the UUID in the crypttab
UUID=00000000-0000-0000-0000-000000000000 /srv/devel ext4  defaults        0       2

# To change password:
cryptsetup -y luksAddKey /dev/nvme1n1p1
cryptsetup luksRemoveKey /dev/nvme1n1p1