commit 92817e8d979affd88545eadb46fc32905f214bf0 Author: Alexandre CATTEAU Date: Wed Mar 16 16:23:29 2022 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..07ca624 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +mounts.conf diff --git a/README.md b/README.md new file mode 100644 index 0000000..4a4eef8 --- /dev/null +++ b/README.md @@ -0,0 +1,21 @@ +# Mounting encrypted volumes helper + +crypt-mounts' purpose is to reduce to one the commands needed to mount punctually encrypted volumes. + +### Introduction +One defines their mounts in `mounts.conf`, giving for each: +* the mapper name (usually defined in `/etc/crypttab`); +* the mount target path; +* a friendly name for the mount (optional); +* a boolean for enabling auto-locking (i.e. closing encrypted volume when unmounted) or not. + +The install script then generates a Systemd mount file for each mount, with the required bindings. + +### Files +* `variables.conf.template` contains examples variables definitions, and should be copied locally to `variables.conf` + (with any required modifications). +* `systemd-templates/` contains Systemd units templates for running the script unattended. +#### Installation +* `install.sh` script copies Systemd templates to their destination, and enables conf-sync timer. + +### TODO diff --git a/close-vault.conf.template b/close-vault.conf.template new file mode 100644 index 0000000..0c47bef --- /dev/null +++ b/close-vault.conf.template @@ -0,0 +1,2 @@ +[Unit] +BindsTo=PH_MOUNTFILE diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..35afb5f --- /dev/null +++ b/install.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +source "$(dirname "$0")/mounts.conf" + +echo "Copying Systemd units to system directory..." +for mount in $mounts; do + mountfile=$(echo ${mount[target]} | sed -e "s:/:-:g") + mountfile=${mountfile:1}.mount + sudo cp $(dirname "$0")/template.mount /etc/systemd/system/$mountfile + sudo sed -i -e "s/PH_MAPPER/${mount[mapper]}/g" /etc/systemd/system/$mountfile + sudo sed -i -e "s:PH_TARGET:${mount[target]}:g" /etc/systemd/system/$mountfile + if [ "${mount[friendly]}" != '' ]; then + sudo sed -i -e "s/PH_FRIENDLY/${mount[friendly]}/g" /etc/systemd/system/$mountfile + else + sudo sed -i -e "s/PH_FRIENDLY/${mount[mapper]}/g" /etc/systemd/system/$mountfile + fi + if [ ${mount[autlock]} -eq 1 ]; then + sudo cp $(dirname "$0")/close-vault.conf.template \ + /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d/close-vault.conf + sudo sed -i -e "s/PH_MOUNTFILE/$mountfile/g" \ + /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d/close-vault.conf + fi +done + +echo "Reloading Systemd..." +sudo systemctl daemon-reload + +echo "Finished install. Exiting..." +exit 0 diff --git a/mounts.conf.template b/mounts.conf.template new file mode 100644 index 0000000..0b329dd --- /dev/null +++ b/mounts.conf.template @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +# Copy this file as mounts.conf, and add your volumes. + +declare -A mount1 +mount1[mapper]='' # As in /dev/mapper/ +mount1[target]='' # Mount point (absolute path) +mount1[friendly]='' # Optional friendly name for unit file Description +mount1[autolock]=0 # Set to 1 to enable autolock + +mounts=( + $mount1 + #$mount2... +) diff --git a/template.mount b/template.mount new file mode 100644 index 0000000..c0c9353 --- /dev/null +++ b/template.mount @@ -0,0 +1,10 @@ +[Unit] +Description=Mount PH_FRIENDLY Volume +# Below Requisite could be a Wants +Requisite=systemd-cryptsetup@PH_MAPPER.service +After=systemd-cryptsetup@PH_MAPPER.service + +[Mount] +What=/dev/mapper/PH_MAPPER +Where=PH_TARGET +Options=rw,relatime