#!/bin/sh
# Prompts for and creates a LUKS encrypted partition on a device

# Get disks connected to the system that are hotpluggable (USBs)
devices="$(lsblk -lp -o NAME,SIZE,HOTPLUG,TYPE | grep "1 disk" | awk '{print $1,"-",$2}')"
[ "$devices" = "" ] && echo "no devices available" && exit 0

# Prompt for device selection from the user
select=$(echo "$devices" | dmenu -i -p "Select a device")
[ "$select" = "" ] && echo "no device selected" && exit 0

# Get confirmation since this is a potentially dangerous operation
yn=$(echo "No\nYes" | dmenu -i -p "Create encrypted partition on $select")
[ "$yn" != "Yes" ] && exit 0

# Get device path from selection string
usb=$(echo $select | cut -d ' ' -f 1)
echo $usb

# Create LUKS partition on selected device (user will be promted for password to encrypt)
sudo cryptsetup --type luks2 luksFormat "$usb"

# Open device and create filesystem on partition
echo "creating filesystem"
map_name="crypt-create"
sudo cryptsetup open "$usb" "$map_name"
sudo mkfs.ext4 "/dev/mapper/$map_name"

# Close device after creating filesystem
sudo cryptsetup close "$map_name"

echo "done"