From 95f888449f4a34dcc05109c869b0df41b479cb93 Mon Sep 17 00:00:00 2001
From: Paul-Mathias Logue <git@pmlogue.me>
Date: Mon, 15 Dec 2025 10:56:23 +0100
Subject: [PATCH] Create format and mount script

---
 bin/format.sh | 103 ++++++++++++++++++++++++++++++++++++++++++++++++++
 bin/mount.sh  |  74 ++++++++++++++++++++++++++++++++++++
 2 files changed, 177 insertions(+)
 create mode 100644 bin/format.sh
 create mode 100644 bin/mount.sh

diff --git a/bin/format.sh b/bin/format.sh
new file mode 100644
index 0000000..1b006e6
--- /dev/null
+++ b/bin/format.sh
@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+DISK=""
+ROOT_NAME="cryptroot"
+MOUNT_TARGET=""
+
+if [[ $# -eq 0 ]]; then
+  	echo "Error: No options provided"
+  	echo "Usage: $0 --disk <disk>"
+  	exit 1
+fi
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --disk)
+      DISK="$2"
+      shift 2
+      ;;
+    --mount)
+      MOUNT_TARGET="$2"
+      shift 2
+      ;;
+    *)
+      echo "Unknown option: $1"
+      exit 1
+      ;;
+  esac
+done
+
+if [[ -z "$DISK" ]]; then
+  	echo "Error: --disk is required"
+  	exit 1
+fi
+
+if [[ -z "$MOUNT_TARGET" ]]; then
+    echo "Error: --mount is required"
+    exit 1
+fi
+
+echo "Target disk: $DISK"
+echo ""
+echo "This will ERASE ALL DATA on $DISK"
+echo ""
+read -r -p "Continue? (y/n): " confirm
+[[ "$confirm" != "y" ]] && { echo "Aborted."; exit 1; }
+
+echo ""
+sgdisk --zap-all ${DISK}
+
+# PARTITIONING
+
+# 1. XBOOTLDR partition – 1 GiB
+sgdisk -n 1:0:+1GiB \
+       -t 1:bc13c2ff-59e6-4262-a352-b275fd6f7172 \
+       -c 1:"XBOOTLDR" \
+       ${DISK}
+
+# 2. EFI System Partition – 4 GiB
+sgdisk -n 2:0:+4GiB \
+       -t 2:c12a7328-f81f-11d2-ba4b-00a0c93ec93b \
+       -c 2:"EFI" \
+       ${DISK}
+
+# 3. LUKS2 root partition – remaining space
+sgdisk -n 3:0:0 \
+       -t 3:ca7d7ccb-63ed-4c53-861c-1742536059cc \
+       -c 3:"ROOT" \
+       ${DISK}
+
+sgdisk -p ${DISK}
+
+if [[ $DISK == /dev/nvme* ]]; then
+  	DISK="${DISK}p"
+fi
+
+# FORMATTING
+
+mkfs.ext4 -L XBOOTLDR "${DISK}1"
+mkfs.fat -F32 -n EFI "${DISK}2"
+cryptsetup luksFormat --type luks2 "${DISK}3"
+cryptsetup open "${DISK}3" "$ROOT_NAME"
+mkfs.btrfs -f -L ROOT "/dev/mapper/$ROOT_NAME"
+
+# BTRFS SUBVOLUMES CREATION
+
+mount /dev/mapper/$ROOT_NAME ${MOUNT_TARGET}
+
+btrfs subvolume create ${MOUNT_TARGET}/@root
+btrfs subvolume create ${MOUNT_TARGET}/@snapshots
+btrfs subvolume create ${MOUNT_TARGET}/@home
+btrfs subvolume create ${MOUNT_TARGET}/@nix
+btrfs subvolume create ${MOUNT_TARGET}/@var_cache
+btrfs subvolume create ${MOUNT_TARGET}/@var_log
+btrfs subvolume create ${MOUNT_TARGET}/@var_spool
+btrfs subvolume create ${MOUNT_TARGET}/@var_tmp
+btrfs subvolume create ${MOUNT_TARGET}/@var_lib_machines
+btrfs subvolume create ${MOUNT_TARGET}/@var_lib_portables
+
+btrfs subvolume list ${MOUNT_TARGET}
+
+umount -R ${MOUNT_TARGET}
diff --git a/bin/mount.sh b/bin/mount.sh
new file mode 100644
index 0000000..b4df4e7
--- /dev/null
+++ b/bin/mount.sh
@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+DISK=""
+MOUNT_TARGET=""
+ROOT_NAME="cryptroot"
+
+if [[ $# -eq 0 ]]; then
+  	echo "Error: No options provided"
+  	echo "Usage: $0 --disk <disk> --mount <path>"
+  	exit 1
+fi
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --disk)
+      DISK="$2"
+      shift 2
+      ;;
+    --mount)
+      MOUNT_TARGET="$2"
+      shift 2
+      ;;
+    *)
+      echo "Unknown option: $1"
+      exit 1
+      ;;
+  esac
+done
+
+if [[ -z "$DISK" ]]; then
+  	echo "Error: --disk is required"
+  	exit 1
+fi
+
+if [[ -z "$MOUNT_TARGET" ]]; then
+    echo "Error: --mount is required"
+    exit 1
+fi
+
+if [[ $DISK == /dev/nvme* ]]; then
+    DISK="${DISK}p"
+fi
+
+# MOUNTING WITH SUBVOLUMES
+
+if [[ ! -e /dev/mapper/$ROOT_NAME ]]; then
+    echo "Opening encrypted partition..."
+    cryptsetup open "${DISK}3" cryptroot
+fi
+
+BTRFS_OPTS="compress=zstd,noatime"
+
+mount -o subvol=@root,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}
+
+# Mount boot partitions
+mount --mkdir "${DISK}1" ${MOUNT_TARGET}/boot
+mount --mkdir -o fmask=0137,dmask=0027 "${DISK}2" ${MOUNT_TARGET}/efi
+
+# Mount other subvolumes
+mount --mkdir -o subvol=@snapshots,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/.snapshots
+mount --mkdir -o subvol=@home,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/home
+mount --mkdir -o subvol=@nix,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/nix
+mount --mkdir -o subvol=@var_cache,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/var/cache
+mount --mkdir -o subvol=@var_log,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/var/log
+mount --mkdir -o subvol=@var_spool,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/var/spool
+mount --mkdir -o subvol=@var_tmp,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/var/tmp
+mount --mkdir -o subvol=@var_lib_machines,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/var/lib/machines
+mount --mkdir -o subvol=@var_lib_portables,$BTRFS_OPTS /dev/mapper/cryptroot ${MOUNT_TARGET}/var/lib/portables
+
+chattr +C ${MOUNT_TARGET}/nix
+
+findmnt ${MOUNT_TARGET}