46 lines
1.2 KiB
Bash
Executable File
46 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
set -euo pipefail
|
|
|
|
VAULT_DIR="/app/vault"
|
|
VAULT_FILE="$VAULT_DIR/host_vars.img"
|
|
MAPPER_NAME="host_vars_crypt"
|
|
MOUNT_POINT="/app/host_vars"
|
|
SIZE_MB=25
|
|
|
|
# Prepare directories
|
|
mkdir -p "$VAULT_DIR"
|
|
mkdir -p "$MOUNT_POINT"
|
|
|
|
# Create 5MB backing file if it doesn't exist
|
|
if [ ! -f "$VAULT_FILE" ]; then
|
|
echo "Creating $SIZE_MB MB vault file at $VAULT_FILE"
|
|
dd if=/dev/zero of="$VAULT_FILE" bs=1M count=$SIZE_MB
|
|
fi
|
|
|
|
# Setup LUKS encryption if not already formatted
|
|
if ! cryptsetup isLuks "$VAULT_FILE"; then
|
|
echo "Formatting with LUKS (you will be prompted for a passphrase)..."
|
|
cryptsetup luksFormat "$VAULT_FILE"
|
|
fi
|
|
|
|
# Open the encrypted volume
|
|
if ! [ -e "/dev/mapper/$MAPPER_NAME" ]; then
|
|
echo "Opening encrypted volume..."
|
|
cryptsetup open "$VAULT_FILE" "$MAPPER_NAME"
|
|
fi
|
|
|
|
# Create filesystem if not already present
|
|
if ! blkid /dev/mapper/"$MAPPER_NAME" >/dev/null 2>&1; then
|
|
echo "Creating ext4 filesystem..."
|
|
mkfs.ext4 /dev/mapper/"$MAPPER_NAME"
|
|
fi
|
|
|
|
# Mount it
|
|
if ! mountpoint -q "$MOUNT_POINT"; then
|
|
echo "Mounting at $MOUNT_POINT"
|
|
mount /dev/mapper/"$MAPPER_NAME" "$MOUNT_POINT"
|
|
fi
|
|
|
|
echo "Encrypted volume is ready and mounted at $MOUNT_POINT"
|
|
|