From 2d50ca2dac4633be39f67b6131f7aea6cb0eec4a Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Thu, 23 Feb 2023 16:26:31 +0100
Subject: [PATCH] Use crypt swap

---
 templates/scriptreceiver/makeswap.erb.sh | 27 +++++++++++++++++-------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/templates/scriptreceiver/makeswap.erb.sh b/templates/scriptreceiver/makeswap.erb.sh
index 000d857..8546451 100644
--- a/templates/scriptreceiver/makeswap.erb.sh
+++ b/templates/scriptreceiver/makeswap.erb.sh
@@ -1,12 +1,23 @@
 #!/bin/bash
-
-if ! [[ -f /swapfile ]]; then
+# Clean up old swap version
+if [[ -f /swapfile ]]; then
+  swapoff -a
+  sed -i 's_^/swapfile none swap sw 0 0_#/swapfile none swap sw 0 0_' /etc/fstab
+  rm /swapfile
+fi
+# Create crypt swap that should play nice with puppet
+if ! [[ -f /cryptswap1 ]]; then
   gb=$(free --gibi| grep Mem: | awk '{print $2}')
-  fallocate -l "${gb}G" /swapfile
-  chmod 600 /swapfile
-  mkswap /swapfile
-  swapon /swapfile
-  if ! grep -E '^(#)?/swapfile' /etc/fstab; then
-    echo '/swapfile none swap sw 0 0' >> /etc/fstab
+  fallocate -l "${gb}G" /cryptswap1
+  chmod 600 /cryptswap1
+
+  loop=$(losetup -f)
+  losetup "${loop}" /cryptswap1
+  cryptsetup open --type plain --key-file /dev/urandom "${loop}" cryptswap1
+  mkswap /dev/mapper/cryptswap1
+  swapon /dev/mapper/cryptswap1
+
+  if ! grep -E '^/dev/mapper/cryptswap1' /etc/fstab; then
+    echo '/dev/mapper/cryptswap1 none swap sw 0 0' >> /etc/fstab
   fi
 fi