working traefik

app/vault/close

@@ -0,0 +1,35 @@
+#!/bin/sh
+set -euo pipefail
+
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+
+# Unmount if mounted
+if mountpoint -q "$MOUNT_POINT"; then
+    echo "Unmounting $MOUNT_POINT..."
+    umount "$MOUNT_POINT"
+else
+    echo "$MOUNT_POINT is not mounted."
+fi
+
+
+
+if cryptsetup status "$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Closing stale mapping $MAPPER_NAME..."
+    if ! cryptsetup close "$MAPPER_NAME"; then
+        echo "cryptsetup close failed, forcing dmsetup remove..."
+        dmsetup remove --force --retry "$MAPPER_NAME" || true
+    fi
+fi
+
+
+# Close the LUKS/dm-crypt device if open
+if [ -e "/dev/mapper/$MAPPER_NAME" ]; then
+    echo "Closing /dev/mapper/$MAPPER_NAME..."
+    cryptsetup close "$MAPPER_NAME"
+else
+    echo "Mapper $MAPPER_NAME is not active."
+fi
+
+echo "Vault is now closed."
+

app/vault/create

@@ -0,0 +1,45 @@
+#!/bin/sh
+set -euo pipefail
+
+VAULT_DIR="/app/vault"
+VAULT_FILE="$VAULT_DIR/host_vars.img"
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+SIZE_MB=25
+
+# Prepare directories
+mkdir -p "$VAULT_DIR"
+mkdir -p "$MOUNT_POINT"
+
+# Create 5MB backing file if it doesn't exist
+if [ ! -f "$VAULT_FILE" ]; then
+    echo "Creating $SIZE_MB MB vault file at $VAULT_FILE"
+    dd if=/dev/zero of="$VAULT_FILE" bs=1M count=$SIZE_MB
+fi
+
+# Setup LUKS encryption if not already formatted
+if ! cryptsetup isLuks "$VAULT_FILE"; then
+    echo "Formatting with LUKS (you will be prompted for a passphrase)..."
+    cryptsetup luksFormat "$VAULT_FILE"
+fi
+
+# Open the encrypted volume
+if ! [ -e "/dev/mapper/$MAPPER_NAME" ]; then
+    echo "Opening encrypted volume..."
+    cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
+fi
+
+# Create filesystem if not already present
+if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Creating ext4 filesystem..."
+    mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
+fi
+
+# Mount it
+if ! mountpoint -q "$MOUNT_POINT"; then
+    echo "Mounting at $MOUNT_POINT"
+    mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
+fi
+
+echo "Encrypted volume is ready and mounted at $MOUNT_POINT"
+

app/vault/open

@@ -0,0 +1,32 @@
+#!/bin/sh
+set -euo pipefail
+
+VAULT_FILE="/app/vault/host_vars.img"
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+
+mkdir -p "$MOUNT_POINT"
+
+# Always close if active
+if cryptsetup status "$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Closing stale mapping $MAPPER_NAME..."
+    cryptsetup close "$MAPPER_NAME"
+fi
+
+# Open
+echo "Opening encrypted volume..."
+cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
+
+# Format if needed
+if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "No filesystem found, creating ext4..."
+    mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
+fi
+
+# Mount
+echo "Mounting at $MOUNT_POINT..."
+mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
+
+echo "Vault is mounted at $MOUNT_POINT"
+
+