working traefik

2025-08-30 09:53:31 +02:00
parent 9726dc0060
commit 86acea94b9
29 changed files with 378 additions and 81 deletions
--- a/app/vault/create
+++ b/app/vault/create
@@ -0,0 +1,45 @@
+#!/bin/sh
+set -euo pipefail
+
+VAULT_DIR="/app/vault"
+VAULT_FILE="$VAULT_DIR/host_vars.img"
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+SIZE_MB=25
+
+# Prepare directories
+mkdir -p "$VAULT_DIR"
+mkdir -p "$MOUNT_POINT"
+
+# Create 5MB backing file if it doesn't exist
+if [ ! -f "$VAULT_FILE" ]; then
+    echo "Creating $SIZE_MB MB vault file at $VAULT_FILE"
+    dd if=/dev/zero of="$VAULT_FILE" bs=1M count=$SIZE_MB
+fi
+
+# Setup LUKS encryption if not already formatted
+if ! cryptsetup isLuks "$VAULT_FILE"; then
+    echo "Formatting with LUKS (you will be prompted for a passphrase)..."
+    cryptsetup luksFormat "$VAULT_FILE"
+fi
+
+# Open the encrypted volume
+if ! [ -e "/dev/mapper/$MAPPER_NAME" ]; then
+    echo "Opening encrypted volume..."
+    cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
+fi
+
+# Create filesystem if not already present
+if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Creating ext4 filesystem..."
+    mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
+fi
+
+# Mount it
+if ! mountpoint -q "$MOUNT_POINT"; then
+    echo "Mounting at $MOUNT_POINT"
+    mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
+fi
+
+echo "Encrypted volume is ready and mounted at $MOUNT_POINT"
+