original_device=/dev/sdb
copy_device=/dev/nvme0n1

function get_partition_prefix
{
  local device="$1"
  ls ${device}*  | grep -v '^'${device}'$' | sort | head -n1 | sed 's#[0-9]$##g'
}

function get_password
{
  local dev="$1"
  local password
  local confirm

  echo -n "Please provide a password for the encrypted device {$dev}: " 1>&2
  read -s password
  echo 1>&2

  echo -n ${password}
  
  
  printf "${password}" | cryptsetup luksOpen --test-passphrase ${dev}
}

function get_deviceid
{
  local dev="$1"
  local UUID

  eval $(blkid "${dev}" | tr ' ' '\n' | grep '^UUID')
  echo $UUID
}

encryption_password=$(get_password ${original_device}3)

original_partition=$(get_partition_prefix ${original_device})
copy_partition=$(get_partition_prefix ${copy_device})

original_deviceid=$(get_deviceid ${original_partition}3)
copy_deviceid=$(get_deviceid ${copy_partition}3)

crypt_name=$(basename ${original_partition})3_crypt


# from https://askubuntu.com/questions/719409/how-to-reinstall-grub-from-a-liveusb-if-the-partition-is-encrypted-and-there-i
# and https://wiki.debian.org/GrubEFIReinstall
# This is not a cli-script, it's an interactive detail of steps to be executed in your commandline
# assuming that originl device is ${original_device} and target device is ${copy_device} and they are of different size.
# if they are the same size then you can just use dd to clone.

# Target is to create: fdisk -l
# Device       Start       End   Sectors   Size Type
# ${copy_device}1     2048   1050623   1048576   512M EFI System
# ${copy_device}2  1050624   4550655   3500032   1,7G Linux filesystem
# ${copy_device}3  4550656 976773119 972222464 463,6G Linux filesystem
# 
# more detailed information of the configuration can be obtained with
# sfdisk -d  ${original_device}
# label: gpt
# label-id: 497F7EBE-6252-4EA3-B6ED-DB5C73EFA55A
# device: ${original_device}
# unit: sectors
# first-lba: 34
# last-lba: 1000215182
# sector-size: 512
# 
# ${original_device}p1 : start=        2048, size=     1048576, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=F3C23FAA-966B-42E7-8FAF-DACA3D30F3AF, name="EFI System Partition"
# ${original_device}p2 : start=     1050624, size=     3500032, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=B02AE055-0CD0-44AF-B187-1617C4C12DFD
# ${original_device}p3 : start=     4550656, size=   995663872, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4, uuid=36E282E0-D31D-46A4-AFCF-40E5BD422B6C
# 
# where ${copy_device}3 is encrypted and contains an LVM system.

# get configuration for nvme0n1
sfdisk -d  ${original_device} | \
    grep -v last-lba `# ignore size of disk` | \
    head -n -1 `# ignore last partition because we dont know its size ` |\
    grep -v 'device:' |\
    grep -v 'label-id:' |\
    sed 's#/dev/.*:# :#g' `# rename disk` \
    > /tmp/sda.sfdisk

# create the two first partitions (efi + boot)
sfdisk ${copy_device} < /tmp/sda.sfdisk

# get the last partition end, in sectors, because that way  there is no roundig loss
set -- $(parted ${copy_device} unit s print | grep '^ [0-9]' | sed 's#[^0-9 ]##g' | tail -n1)
#                             ^ unit accepts MB, MiB, etc
#                               docs https://www.gnu.org/software/parted/manual/parted.html
start=$(($3 + 1))

parted ${copy_device} mkpart primary ext4 ${start}s 100%
#                                           ^ unit, accepts MB, MiB

# shound't be necessary, but just in case
parted ${copy_device} set 1 boot on
parted ${copy_device} set 1 esp

# New info: Information: You may need to update /etc/fstab.!!!!!!!!!!!!!!!!!!!


# format partitions, a bit useless if will be later overwritten, but well
yes | mkfs.fat -F32 ${copy_partition}1
yes | mkfs.ext4 ${copy_partition}2

# copy efi and boot partitions into target
dd if=${original_partition}1 bs=10M of=${copy_partition}1
dd if=${original_partition}2 bs=10M of=${copy_partition}2
sync

# get the size of the disk in bytes
#disk_size=$(blockdev --getsize64 ${copy_device})


# create encrypted disk, provide password, this will erase everything in sda3
cryptsetup luksFormat ${copy_partition}3
# echo -n "${password}" | cryptsetup luksFormat ${copy_partition}3



# create the mapper device /dev/mapper/${crypt_name}
cryptsetup open ${copy_partition}3 ${crypt_name}

# see LVM INFO
# lvscan
# pvdisplay
# vgdisplay
# lvdisplay

# create phisical volume
pvcreate /dev/mapper/${crypt_name}

# create volume group
vgcreate vgkubuntunew /dev/mapper/${crypt_name}

# select group to work
vgchange -ay vgkubuntunew

# create the swap disk of the size of ram (free -h)
lvcreate -L8G -n swap_1 vgkubuntunew /dev/mapper/${crypt_name}

# create the main partition with the remaining content
lvcreate -l 100%FREE -n root vgkubuntunew /dev/mapper/${crypt_name}

# format ext4
yes | mkfs.ext4 /dev/vgkubuntunew/root

# mount the new system
mkdir /media/new-kubuntu-root
mount /dev/vgkubuntunew/root /media/new-kubuntu-root

# rsync -avxHAX --progress /media/original-kubuntu-root --exclude={"/media/original-kubuntu-root/dev/*","/media/original-kubuntu-root/proc/*","/media/original-kubuntu-root/sys/*","/media/original-kubuntu-root/tmp/*","/media/original-kubuntu-root/run/*","/media/original-kubuntu-root/mnt/*","/media/original-kubuntu-root/media/*","/media/original-kubuntu-root/lost+found"} /media/new-kubuntu-root
# mv /media/new-kubuntu-root/original-kubuntu-root/* /media/new-kubuntu-root/
# rmdir /media/new-kubuntu-root/original-kubuntu-root

rsync -avxHAWX --progress / --exclude={"/dev/*","/proc/*","/sys/*","/tmp/*","/run/*","/mnt/*","/media/*","/lost+found"} /media/new-kubuntu-root

sed -i 's#UUID=[0-9a-zA-Z-]\+#UUID='${copy_deviceid}'#g' /media/new-kubuntu-root/etc/crypttab

# must restart and open only the copied device and do
vgrename vgkubuntunew vgkubuntu


# select group to work
vgchange -ay vgkubuntunew
modprobe efivars


# mount boot from device's partition
mkdir /media/new-kubuntu-root/boot/
mount ${copy_partition}2 /media/new-kubuntu-root/boot/
# mount efi from device's partition
mount ${copy_partition}1 /media/new-kubuntu-root/boot/efi

# mount linux special systems
mount --bind /dev /media/new-kubuntu-root/dev 
mount --bind /dev/pts /media/new-kubuntu-root/dev/pts
mount --bind /proc /media/new-kubuntu-root/proc
mount --bind /sys /media/new-kubuntu-root/sys
mount --bind /sys/firmware/efi/efivars /media/new-kubuntu-root/sys/firmware/efi/efivars

# run chroot son new system
#chroot /media/new-kubuntu-root

# reinstall grub
chroot /media/new-kubuntu-root apt-get -y purge grub\*
chroot /media/new-kubuntu-root apt-get -y install grub-efi
chroot /media/new-kubuntu-root apt-get -y autoremove
chroot /media/new-kubuntu-root apt-get install --reinstall -y grub-efi-amd64
chroot /media/new-kubuntu-root grub-install ${original_device}
chroot /media/new-kubuntu-root update-grub

chroot /media/new-kubuntu-root update-initramfs -u -k all

# new info
#dpkg: error processing package shim-signed (--configure):
# dependency problems - leaving triggers unprocessed
#Errors were encountered while processing:
# grub-efi-amd64-signed
# shim-signed
#E: Sub-process /usr/bin/dpkg returned an error code (1)


# exit chroot
#exit

# unmount all
umount /media/new-kubuntu-root/dev/pts
umount /media/new-kubuntu-root/dev 
umount /media/new-kubuntu-root/proc
umount /media/new-kubuntu-root/sys/firmware/efi/efivars
umount /media/new-kubuntu-root/sys
umount /media/new-kubuntu-root/boot/efi/
umount /media/new-kubuntu-root/boot/
umount /media/new-kubuntu-root/

# https://linux-blog.anracom.com/2018/11/08/cryptsetup-close-not-working-for-lvm-on-luks-device-busy/
dmsetup info -C
vgchange -a n vgkubuntu
dmsetup info -C

# close encrypted partition
cryptsetup luksClose ${crypt_name}