NiceRath · January 12, 2026 08:03
diff --git a/luks_encrypted_extend_lvm_volume.sh b/luks_encrypted_extend_lvm_volume.sh
 #!/bin/bash

 # For disk-encryption & key-creation see: https://gist.github.com/NiceRath/7fc47f0b6f9e73af01f686eb34e0d4fb
 # This is meant to be used for a LVM volume

 if [ $# -lt 3 ]
 then
  cat << EOF
 You must provide:
 1. -> the vg-name
 2. -> the lv-name and
 3. -> size to increase by (p.e. '100GB')

 Available volumes:"
 EOF
  lvscan
  exit 1
 fi

 set -euo pipefail

 VG_NAME=$1
 LV_NAME=$2
 RESIZE_AMOUNT=$3

 # CONFIGURE YOUR REMOTE KEY-STORE-SERVER
 KEY_HOST='<SERVER-IP-DNS>'
 GPG_FILE='<PATH-TO-GPG-PASSPHRASE-FILE>'  # gpg_passphrase as created on creation: https://gist.github.com/NiceRath/7fc47f0b6f9e73af01f686eb34e0d4fb
 KEY_SSH_USER='<SSH-USER>'
 KEY_SSH_PORT='<SSH-PORT>'
 KEY_SSH_KEY='<SSH-KEY>'
 KEY_HOST_KEY_DIR='<REMOTE-KEY-DIR>'

 MAPPER_DIR='/dev/mapper'
 LV_DEV="${MAPPER_DIR}/${VG_NAME}-${LV_NAME}"
 ENC_LV_NAME="crypt-${VG_NAME}-${LV_NAME}"
 LV_DEV_ENC="${MAPPER_DIR}/${ENC_LV_NAME}"

 # resize lvm lv
 lvresize "/dev/${VG_NAME}/${LV_NAME}" --size "+${RESIZE_AMOUNT}"

 # resize crypto container
 UUID=$(cryptsetup luksUUID "$LV_DEV")

 KEY_FILE="${KEY_HOST_KEY_DIR}/${UUID}.key.asc"
 KEY=$(ssh -p "$KEY_SSH_PORT" "${KEY_SSH_USER}@${KEY_HOST}" -i "${KEY_SSH_KEY}"  "cat ${KEY_FILE}" | gpg --batch --yes --ignore-mdc-error --no-mdc-warning --no-tty --passphrase-file "$GPG_FILE" --quiet --decrypt)
 echo "$KEY" | tr -d '\n' | cryptsetup resize "$LV_DEV_ENC" --key-file=-

 # resize file system
 resize2fs "$LV_DEV_ENC"

 # output current lv's
 echo "Resizing of volume ${LV_DEV_ENC} finished; Current size:"
 lvscan
	#!/bin/bash

	# For disk-encryption & key-creation see: https://gist.github.com/NiceRath/7fc47f0b6f9e73af01f686eb34e0d4fb
	# This is meant to be used for a LVM volume

	if [ $# -lt 3 ]
	then
	cat << EOF
	You must provide:
	1. -> the vg-name
	2. -> the lv-name and
	3. -> size to increase by (p.e. '100GB')

	Available volumes:"
	EOF
	lvscan
	exit 1
	fi

	set -euo pipefail

	VG_NAME=$1
	LV_NAME=$2
	RESIZE_AMOUNT=$3

	# CONFIGURE YOUR REMOTE KEY-STORE-SERVER
	KEY_HOST='<SERVER-IP-DNS>'
	GPG_FILE='<PATH-TO-GPG-PASSPHRASE-FILE>' # gpg_passphrase as created on creation: https://gist.github.com/NiceRath/7fc47f0b6f9e73af01f686eb34e0d4fb
	KEY_SSH_USER='<SSH-USER>'
	KEY_SSH_PORT='<SSH-PORT>'
	KEY_SSH_KEY='<SSH-KEY>'
	KEY_HOST_KEY_DIR='<REMOTE-KEY-DIR>'

	MAPPER_DIR='/dev/mapper'
	LV_DEV="${MAPPER_DIR}/${VG_NAME}-${LV_NAME}"
	ENC_LV_NAME="crypt-${VG_NAME}-${LV_NAME}"
	LV_DEV_ENC="${MAPPER_DIR}/${ENC_LV_NAME}"

	# resize lvm lv
	lvresize "/dev/${VG_NAME}/${LV_NAME}" --size "+${RESIZE_AMOUNT}"

	# resize crypto container
	UUID=$(cryptsetup luksUUID "$LV_DEV")

	KEY_FILE="${KEY_HOST_KEY_DIR}/${UUID}.key.asc"
	KEY=$(ssh -p "$KEY_SSH_PORT" "${KEY_SSH_USER}@${KEY_HOST}" -i "${KEY_SSH_KEY}" "cat ${KEY_FILE}" \| gpg --batch --yes --ignore-mdc-error --no-mdc-warning --no-tty --passphrase-file "$GPG_FILE" --quiet --decrypt)
	echo "$KEY" \| tr -d '\n' \| cryptsetup resize "$LV_DEV_ENC" --key-file=-

	# resize file system
	resize2fs "$LV_DEV_ENC"

	# output current lv's
	echo "Resizing of volume ${LV_DEV_ENC} finished; Current size:"
	lvscan
No results found