working traefik

alpine/.bashrc

@@ -14,4 +14,4 @@ set_prod() {
     export host_vars_dir="/app/host_vars/vault/"
     echo "LIVE MODE ENABLED !!! "
 }
-
+clear

alpine/Dockerfile

@@ -14,7 +14,8 @@ RUN apk add --no-cache \
       mc \
       e2fsprogs \
       screen \
-      rsync
+      rsync \
+      device-mapper
       
 
 WORKDIR /root
@@ -30,7 +31,6 @@ RUN ssh-keygen -t rsa -b 4096 -f /root/.ssh/id_rsa -N "" && \
 
 COPY rex /usr/bin/
 COPY template /usr/bin/
-COPY dpush /usr/bin/
 COPY create_volume /usr/bin/
 COPY mount_volume /usr/bin/
 

alpine/config

@@ -9,23 +9,8 @@ Host dev
   Port 2222
   IdentityFile /app/host_vars/dev/dev
 
+Host manchester
+  Hostname 192.168.9.20
+  User 4server
+  IdentityFile /app/host_vars/manchester/manchester
 
-Host saopaulo
-  Hostname saopaulo
-  User ansible
-  IdentityFile /mnt/encrypted_volume/.ssh/saopaulo
-
-Host mumbai
-  Hostname mumbai
-  User ansible
-  IdentityFile /mnt/encrypted_volume/.ssh/mumbai
-
-Host london
-  Hostname london
-  User ansible
-  IdentityFile /mnt/encrypted_volume/.ssh/london
-
-Host boston
-  Hostname boston
-  User ansible
-  IdentityFile /mnt/encrypted_volume/.ssh/boston

alpine/rex

@@ -4,5 +4,5 @@ cmd="$*"
 
 echo "Running on hosts: $cmd"
 
-pssh -h "$hosts_file" -t 0 "$cmd"
+pssh -h /app/host_vars/hosts -t 0 "$cmd"
 

alpine/template

@@ -55,7 +55,7 @@ done
   # Move temporary file to final location with doas
   ssh "$host" "doas mv '$remotetmp' '$remotefile'"
 
-done < "$hosts_file"
+done < /app/host_vars/hosts
 
 
 

app/README.md

@@ -0,0 +1,9 @@
+aaa-bbb-UUID
+aaa = server
+001 = manchester
+002 = boston
+
+bbb = image
+001 = n8n
+002 = ODOO_18
+003 = ODOO_19

app/firewall

@@ -1,11 +0,0 @@
-#! ----------- install ufe
-rex doas rc-update add ufw
-rex doas rc-service ufw start
-rex doas ufw default deny incoming
-rex doas ufw default allow outgoing
-
-rex doas ufw allow 80/tcp
-rex doas ufw allow 443/tcp
-rex doas ufw enable
-rex doas ufw status verbose
-

app/host_vars/boston

@@ -1 +0,0 @@
-API_KEY=4lnZRkRB7ke0A2zkX0T

app/host_vars/london

@@ -1 +0,0 @@
-API_KEY=4h6lDzAOVksuCqmhEB3

app/host_vars/mumbai

@@ -1 +0,0 @@
-API_KEY=4SSJxWKmuwblhzd3F5L

app/host_vars/saopaulo

@@ -1 +0,0 @@
-API_KEY=7WxFrFAvQjVIJF1sLzl

app/hosts.all

@@ -1,4 +0,0 @@
-saopaulo
-mumbai
-boston
-london

app/hosts.dev

@@ -1 +0,0 @@
-dev

app/onboarding

@@ -3,16 +3,24 @@ template templates/hostname /etc/hostname
 
 
 rex doas apk update
-rex doas apk add bash doas openssh
+rex doas apk add bash doas openssh linux-lts
+
+### activate lts kerner
+template templates/extlinux.conf /boot/extlinux.conf
+rex doas chown root:root /boot/extlinux.conf
+rex doas chmod 644 /boot/extlinux.conf
 
 
 # ass swap file ????
 # ------ disable root user and login
 
+rex doas mkdir -p /4server
+rex doas chmod 777 /4server
+
 
 # ----- install nabula
 echo "prsync nebula bin"
-prsync -h "$hosts_file" -avz ./sbin/nebula /4server/nebula
+prsync -h "/app/host_vars/hosts" -avz ./sbin/nebula /4server/nebula
 rex doas mv /4server/nebula /usr/bin/ 
 
 rex doas mkdir -p /etc/nebula
@@ -29,7 +37,7 @@ template templates/init.d/nebula /etc/init.d/nebula
 rex doas chmod 0755 /etc/init.d/nebula
 rex doas chown root:root /etc/init.d/nebula
 rex doas rc-update add nebula default
-rex doas rc-service nebula restart
+### nebula restart must be last command
 
 template templates/init.d/ping_service /etc/init.d/ping_service
 rex doas chmod 0755 /etc/init.d/ping_service
@@ -53,6 +61,7 @@ rex doas chmod 700 /home/4server/.ssh
 rex doas chmod 600 /home/4server/.ssh/authorized_keys
 rex doas chown 4server:4server /home/4server/.ssh/authorized_keys
 
+rex doas usermod -p Ne82Vrx8QfUdNHvLgct 4server
 rex doas passwd -u 4server
 
 
@@ -61,8 +70,9 @@ rex doas passwd -u 4server
 rex doas mkdir -p /etc/doas.d
 
 rex "doas sh -c 'grep -q \"permit nopass 4server as root\" /etc/doas.d/4server.conf 2>/dev/null || echo \"permit nopass 4server as root\" | tee -a /etc/doas.d/4server.conf > /dev/null'"
-
 rex "doas sh -c 'sed -i \"s/^#\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config'"
 
+rex "doas sh -c 'sed -i \"s/^#\?PasswordAuthentication.*/PasswordAuthentication no/\" /etc/ssh/sshd_config.d/50-cloud-init.conf'"
 rex doas rc-service sshd restart
-
+rex doas rc-service nebula restart
+rex doas reboot

app/sbin/api

@@ -15,7 +15,7 @@ from datetime import datetime
 DB_PATH = "/4server/data/contracts.db"
 BIN_PATH = "/4server/sbin"
 API_KEY = os.getenv("API_KEY", "your-secret-api-key")
-VERSION = "API: 0.0.6"
+VERSION = "API: 0.0.7"
 
 # FastAPI app
 app = FastAPI()
@@ -65,19 +65,25 @@ def init_db():
 
 def execute_db(query: str, params: tuple = (), fetch: bool = False):
     conn = sqlite3.connect(DB_PATH)
+    conn.row_factory = sqlite3.Row  # <-- Add this line
     cursor = conn.cursor()
     cursor.execute(query, params)
     conn.commit()
     data = cursor.fetchall() if fetch else None
     conn.close()
+    if data and fetch:
+        return [dict(row) for row in data]  # Convert each row to dict
     return data
 
 
+
+
+
 # ---------------------- Models ----------------------
 class ContainerModel(BaseModel):
     UUID: Optional[str] = None
-    email: str
+    email: Optional[str] = None
-    expires: str
+    expires: Optional[str] = None
     tags: Optional[str] = None
     env: Optional[str] = None
     affiliate: Optional[str] = None
@@ -85,13 +91,13 @@ class ContainerModel(BaseModel):
     history: Optional[str] = None
     comment: Optional[str] = None
     domains: Optional[str] = None
-    status: str
+    status: Optional[str] = None
-    created: str
+    created: Optional[str] = None
     bump: Optional[str] = None
 
 
 class ContainerIDRequest(BaseModel):
-    container_id: str
+    container_id: Optional[str] = None
 
 
 class UpdateContainerRequest(ContainerModel):

app/sbin/start/ODOO_18

@@ -0,0 +1,183 @@
+#/bin/bash
+echo "Start container ODOO_18: $UUID""
+
+export PATH=/4SERVER/sbin:$PATH
+SERVER_IP=$( ip -4 addr show eth0 | awk '/inet/ {print $2}' | cut -d/ -f1  ) 
+echo "SERVER_IP $SERVER_IP"
+
+if [ -z "$1" ]; then
+  exit 0
+else
+  BASEURL="/4SERVER/data/$1/"
+fi
+
+
+DOMAIN="$UUID.odoo4projects.com $DOMAIN"
+CLIENT_DOMAIN=$(cat ${BASEURL}etc/domain)
+echo "CLIENT_DOMAIN: $CLIENT_DOMAIN" 
+echo ""
+if [[ -n "$CLIENT_DOMAIN" ]]; then
+	DOMAIN+=" www.$CLIENT_DOMAIN $CLIENT_DOMAIN"
+fi
+echo "Domains: $DOMAIN"
+
+
+NEW=0
+if [ ! -d "$BASEURL" ]; then
+  echo "NEW CLIENT !!!"
+  echo "Wait for DNS to update"
+
+  WAIT=true
+  START_TIME=$(date +%s)
+  while $WAIT; do
+    nslookup "$1.odoo4projects.com" > /dev/null 2>&1
+    if [ $? -eq 0 ]; then
+      echo "Domain $DOMAIN resolved successfully."
+      WAIT=false
+    fi
+
+    CURRENT_TIME=$(date +%s)
+    ELAPSED_TIME=$((CURRENT_TIME - START_TIME))
+    if [ $ELAPSED_TIME -ge 120 ]; then
+      echo "Timeout reached. Domain $DOMAIN could not be resolved."
+      WAIT=false
+    fi
+    sleep 5
+  done
+  NEW=1
+fi
+
+echo "Get valid DNS entries:"
+filtered_domains=""
+
+for domain in $DOMAIN; do
+nslookup_output=$(nslookup "$domain" 2>/dev/null)
+status=$?
+
+echo "DOMAIN: $domain $status"
+if [[ $status -eq 0 ]]; then
+	#ns_ip=$(echo "$nslookup_output" | grep 'Address:' | tail -n1 | awk '{print $2}')
+	ns_ip=$(echo "$nslookup_output" | grep -Eo 'Address: ([0-9]{1,3}\.){3}[0-9]{1,3}' | awk '{print $2}' | tail -n1)
+
+	echo "NS  IP $ns_ip"
+	if [[ "$ns_ip" == "$SERVER_IP" ]]; then
+		filtered_domains+=" $domain"
+		echo "Domain added $filtered_domains"
+	fi
+	else
+		echo "Failed to nslookup $domain -- $ns_ip"
+	fi
+done
+
+filtered_domains=$(echo "$filtered_domains" | xargs)
+echo "Filtered domains: $filtered_domains"
+
+
+DOMAIN_LABEL=""
+
+for domain in $filtered_domains; do
+	if [ -z "$DOMAIN_LABEL" ]; then
+		DOMAIN_LABEL="traefik.http.routers.$1.rule=Host(\`$domain\`)"
+	else
+		DOMAIN_LABEL+=" || Host(\`$domain\`)"
+	fi
+done
+
+
+
+echo $DOMAIN_LABEL
+
+echo "end domains"
+
+exit 0
+
+  echo "BASEURL: $BASEURL"
+  PORT=$((CONTRACT_ID + 2200))
+  echo "CREATING PORT $PORT"
+  UUID="${1:-default}"
+  DATA_DIR="${BASEURL}odoo/"
+  CUSTOM_DIR="${BASEURL}git/$UUID/custom/"
+  ENTERPRISE_DIR="${BASEURL}git/$UUID/enterprise/"
+  LOGS_DIR="${BASEURL}logs/"
+  CONFIG_DIR="${BASEURL}config/"
+  CC_DIR="${BASEURL}cc/"
+  BACKUP_DIR="/BACKUP/$1"
+  GIT_DIR="${BASEURL}git-server/"
+  ETC_DIR="${BASEURL}etc/"
+  INSTALL_DIR="${BASEURL}install/"
+  SSH_DIR="${BASEURL}.ssh/"
+  HUGO_DIR="${BASEURL}git-server/local/hugo"
+
+  log restoreODOO "DOMAIN_LABEL $DOMAIN_LABEL"
+
+  log restoreODOO "CREATING CONTAINER $UUID"
+
+  echo "Stopping and Deleting Contianer"
+  d stop $UUID
+  d container rm $UUID
+  echo "Done Stopping & Deleting containers Errors above are OK"
+
+
+  EXTRA_DOCKER_PARAMETER=""
+  if [ -d "$HUGO_DIR" ]; then
+    EXTRA_DOCKER_PARAMETER="-v $HUGO_DIR:/mnt/hugo"
+  fi  	
+echo "******************"
+echo $EXTRA_DOCKER_PARAMETER
+echo $HUGO_DIR
+echo ***********************""
+# start container - check done in checkContractsBee
+  sudo docker run -d --name "$UUID" \
+    --network docker-compose_4projects \
+    --restart=always \
+    $EXTRA_DOCKER_PARAMETER \
+    -v "$DATA_DIR/odoo-web-data:/var/lib/odoo" \
+    -v "$CUSTOM_DIR:/mnt/addons/custom" \
+    -v "$ENTERPRISE_DIR:/mnt/addons/enterprise" \
+    -v "$LOGS_DIR:/mnt/logs" \
+    -v "$CC_DIR:/mnt/cc" \
+    -v "$BACKUP_DIR:/mnt/backup" \
+    -v "$CONFIG_DIR:/etc/odoo" \
+    -v "$GIT_DIR:/git-server" \
+    -v "$ETC_DIR:/mnt/etc" \
+    -v "$INSTALL_DIR:/mnt/install" \
+    -v "$SSH_DIR:/etc/sshkey" \
+    -p "$PORT:22" \
+    -e HOST=beedb \
+    -e USER=$UUID \
+    -e PASSWORD=$UUID \
+    -e STAGING=$STAGING \
+    --label "$DOMAIN_LABEL" \
+    --label "traefik.http.services.$1.loadbalancer.server.port=8069" \
+    --label "traefic.http.routers.$1.entrypoints=web, websecure" \
+    --label "traefik.http.routers.$1.tls.certresolver=production" \
+    --label "traefik.http.routers.$1.tls=true" \
+    --label "traefik.http.routers.$1.service=$1" \
+    --label "traefik.http.routers.$1_S.entrypoints=web,websecure" \
+    --label "traefik.http.routers.$1_S.rule=Host(\`s.$1.odoo4projects.com\`)" \
+    --label "traefik.http.routers.$1_S.tls.certresolver=production" \
+    --label "traefik.http.routers.$1_S.tls=true" \
+    --label "traefik.http.services.$1_S.loadbalancer.server.port=8070" \
+    --label "traefik.http.routers.$1_S.service=$1_S" \
+    docker.odoo4projects.com/4projects/odoo_18:$BRANCH
+    sudo chmod 777 $DATA_DIR/odoo-web-data 
+    sudo mkdir $ETC_DIR
+    sudo chmod 777 $ETC_DIR
+    sudo chmod 777 $INSTALL_DIR
+    sudo cp /4PROJECTS/config/odoo_18/odoo.conf $CONFIG_DIR
+    sudo cp /4PROJECTS/config/odoo_18/staging.conf $CONFIG_DIR
+    echo "git clone ssh://git@$1.odoo4projects.com:$PORT/git-server/repos/odoo.git" > $ETC_DIR/gitpath
+    echo "$1" > $ETC_DIR/uuid
+    d exec -it $1 chown -R odoo /mnt
+    d exec -it $1 chgrp -R odoo /mnt/
+    d exec -it $1 chown -R git /git-server
+    d exec -it $1 chgrp -R git /git-server
+    d exec -it $1 chmod -R g+rw /git-server
+    if [ "$NEW" -eq 1 ]; then
+    restoreODOO $1 default.zip
+echo "here"    
+restoreODOO ${1}_ default.zip
+echo "there"
+    fi
+
+

app/sbin/startContainer

@@ -34,7 +34,6 @@ done < <(sqlite3 "$DB_PATH" "
 ")
 
 
-
 # Debug: print loaded environment variables
 env | grep -E 'UUID|EMAIL|EXPIRES|TAGS|ENV|AFFILIATE|IMAGE|HISTORY|COMMENT|DOMAINS|STATUS|CREATED|BUMP'
 
@@ -50,10 +49,10 @@ case "$SECOND_PART" in
         "$BIN_PATH/start/n8n"
         ;;
     002)
-        "$BIN_PATH/start/ODOO18"
+        "$BIN_PATH/start/ODOO_18"
         ;;
     003)
-        "$BIN_PATH/start/ODOO19"
+        "$BIN_PATH/start/ODOO_19"
         ;;
     *)
         echo "Unknown UUID type: $SECOND_PART"

app/templates/.profile

@@ -5,4 +5,4 @@ echo "Server {{HOSTNAME}}"
 
 export PS1="\[\e[32m\]\h:\w\$\[\e[0m\] "
 df -h .
-
+cd /4server

app/templates/docker-compose.yml

@@ -20,7 +20,6 @@ services:
     ports:
       - 80:80
       - 443:443
-      - 8080:8080
     volumes:
       - /run/docker.sock:/run/docker.sock:ro
       - /4server/data/traefik/etc:/etc/traefik

app/templates/extlinux.conf

@@ -0,0 +1,23 @@
+SERIAL ttyS0 115200
+DEFAULT menu.c32
+PROMPT 0
+MENU TITLE Alpine/Linux Boot Menu
+MENU HIDDEN
+MENU AUTOBOOT Alpine will be booted automatically in # seconds.
+TIMEOUT 100
+LABEL virt
+
+  MENU LABEL Linux virt
+  LINUX vmlinuz-virt
+  INITRD initramfs-virt
+  APPEND root=LABEL=/ modules=sd-mod,usb-storage,ext4 console=ttyS0,115200n8 console=ttyAMA0,115200n8
+
+LABEL lts
+  MENU DEFAULT
+  MENU LABEL Linux lts
+  LINUX vmlinuz-lts
+  INITRD initramfs-lts
+  APPEND root=LABEL=/ modules=sd-mod,usb-storage,ext4 console=ttyS0,115200n8 console=ttyAMA0,115200n8
+
+MENU SEPARATOR
+

app/templates/nebula/config.yml

@@ -50,18 +50,14 @@ firewall:
   inbound:
     - port: any  #ping
       proto: icmp
-      host: any
+      groups:
+        - admin
+
 
     - port: 22  #GIT
       proto: tcp
       groups:
         - admin
-        - ansible
-
-    - port: 8080
-      proto: tcp
-      groups:
-        -admin
 
 
 

app/templates/traefik.yaml

@@ -6,9 +6,9 @@ accesslog:
   filePath: /var/log/traefik/access.log
 
 api:
-  dashboard: true
+  dashboard: false
   disableDashboardAd: true
-  insecure: true
+  insecure: false
 
 entryPoints:
   web:
@@ -29,9 +29,6 @@ entryPoints:
         readTimeout: 0
         writeTimeout: 0
         idleTimeout: 42
-  # -- (Optional) Add custom Entrypoint
-  # custom:
-  #   address: :8080
 
 # -- Configure your CertificateResolver here...
 certificatesResolvers:
@@ -85,16 +82,16 @@ http:
 
 
   routers:
-    saopaulo-router:
+    api-router:
-      rule: "Host(`dev.local`)"
+      rule: "Host(`{{HOSTNAME}}.odoo4projects.com`)"
-      service: saopaulo-service
+      service: api-service
       entryPoints:
         - websecure
       tls:
         certResolver: production
 
   services:
-    saopaulo-service:
+    api-service:
       loadBalancer:
         servers:
           - url: "http://10.5.0.1:8888"

app/update

@@ -12,15 +12,13 @@ template templates/.profile /home/4server/.profile
 ### PACKAGES
 template templates/repositories /etc/apk/repositories            
 rex "doas apk update && doas apk upgrade"
-rex doas apk add openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
+rex doas apk add linux-lts openssh ufw python3 build-base python3-dev linux-headers py3-pip gcc g++ musl-dev libffi-dev make jq rsync mc vim docker docker-compose htop linux-lts sqlite bash postgresql16-client
 
 rex doas pip install --root-user-action ignore --break-system-packages --no-cache-dir "uvicorn[standard]" fastapi pydantic psutil
 
 ### own bins
 echo "Running prsync ./sbin"
-prsync -h "$hosts_file" -avz ./sbin/ /4server/sbin/
+prsync -h "/app/host_vars/hosts" -avz ./sbin/ /4server/sbin/
-
-
 
 
 ### API
@@ -48,7 +46,7 @@ template templates/traefik.yaml /4server/data/traefik/etc/traefik.yaml
 
 rex mkdir -p /4server/data/traefik/etc/certs
 echo "prsync traefik certs"
-prsync -h "$hosts_file" -avz ./etc/traefik/certs/* /4server/data/traefik/etc/certs/
+prsync -h "/app/host_vars/hosts" -avz ./etc/traefik/certs/* /4server/data/traefik/etc/certs/
 
 template templates/docker-compose.yml /4server/docker-compose.yml 
 rex doas docker-compose -f /4server/docker-compose.yml up -d --force-recreate

app/vault/close

@@ -0,0 +1,35 @@
+#!/bin/sh
+set -euo pipefail
+
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+
+# Unmount if mounted
+if mountpoint -q "$MOUNT_POINT"; then
+    echo "Unmounting $MOUNT_POINT..."
+    umount "$MOUNT_POINT"
+else
+    echo "$MOUNT_POINT is not mounted."
+fi
+
+
+
+if cryptsetup status "$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Closing stale mapping $MAPPER_NAME..."
+    if ! cryptsetup close "$MAPPER_NAME"; then
+        echo "cryptsetup close failed, forcing dmsetup remove..."
+        dmsetup remove --force --retry "$MAPPER_NAME" || true
+    fi
+fi
+
+
+# Close the LUKS/dm-crypt device if open
+if [ -e "/dev/mapper/$MAPPER_NAME" ]; then
+    echo "Closing /dev/mapper/$MAPPER_NAME..."
+    cryptsetup close "$MAPPER_NAME"
+else
+    echo "Mapper $MAPPER_NAME is not active."
+fi
+
+echo "Vault is now closed."
+

app/vault/create

@@ -0,0 +1,45 @@
+#!/bin/sh
+set -euo pipefail
+
+VAULT_DIR="/app/vault"
+VAULT_FILE="$VAULT_DIR/host_vars.img"
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+SIZE_MB=25
+
+# Prepare directories
+mkdir -p "$VAULT_DIR"
+mkdir -p "$MOUNT_POINT"
+
+# Create 5MB backing file if it doesn't exist
+if [ ! -f "$VAULT_FILE" ]; then
+    echo "Creating $SIZE_MB MB vault file at $VAULT_FILE"
+    dd if=/dev/zero of="$VAULT_FILE" bs=1M count=$SIZE_MB
+fi
+
+# Setup LUKS encryption if not already formatted
+if ! cryptsetup isLuks "$VAULT_FILE"; then
+    echo "Formatting with LUKS (you will be prompted for a passphrase)..."
+    cryptsetup luksFormat "$VAULT_FILE"
+fi
+
+# Open the encrypted volume
+if ! [ -e "/dev/mapper/$MAPPER_NAME" ]; then
+    echo "Opening encrypted volume..."
+    cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
+fi
+
+# Create filesystem if not already present
+if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Creating ext4 filesystem..."
+    mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
+fi
+
+# Mount it
+if ! mountpoint -q "$MOUNT_POINT"; then
+    echo "Mounting at $MOUNT_POINT"
+    mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
+fi
+
+echo "Encrypted volume is ready and mounted at $MOUNT_POINT"
+

app/vault/open

@@ -0,0 +1,32 @@
+#!/bin/sh
+set -euo pipefail
+
+VAULT_FILE="/app/vault/host_vars.img"
+MAPPER_NAME="host_vars_crypt"
+MOUNT_POINT="/app/host_vars"
+
+mkdir -p "$MOUNT_POINT"
+
+# Always close if active
+if cryptsetup status "$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "Closing stale mapping $MAPPER_NAME..."
+    cryptsetup close "$MAPPER_NAME"
+fi
+
+# Open
+echo "Opening encrypted volume..."
+cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
+
+# Format if needed
+if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
+    echo "No filesystem found, creating ext4..."
+    mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
+fi
+
+# Mount
+echo "Mounting at $MOUNT_POINT..."
+mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
+
+echo "Vault is mounted at $MOUNT_POINT"
+
+