Compare commits
5 Commits
3fcffac8fb
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| 43492c524e | |||
| 8fab47ec65 | |||
| cc21a48a05 | |||
| ee7849be8f | |||
| 14a205d6a2 |
@ -6,14 +6,17 @@ crypt-mounts' purpose is to reduce to one the commands needed to mount punctuall
|
||||
One defines their mounts in `mounts.conf`, giving for each:
|
||||
* the mapper name (usually defined in `/etc/crypttab`);
|
||||
* the mount target path;
|
||||
* the file system type;
|
||||
* a friendly name for the mount (optional);
|
||||
* a boolean for enabling auto-locking (i.e. closing encrypted volume when unmounted) or not.
|
||||
* a boolean for enabling auto-locking (i.e. closing encrypted volume when unmounted) or not;
|
||||
* a boolean for enabling mount timeout (useful to prevent hanging at boot).
|
||||
|
||||
The install script then generates a Systemd mount file for each mount, with the required bindings.
|
||||
|
||||
### Files
|
||||
* `template.mount` is a template for Systemd mount units.
|
||||
* `close-vault.conf.template` is a Systemd drop-in template, for auto-locking.
|
||||
* `timeout.conf` is a Systemd drop-in for mount timeout.
|
||||
#### Installation
|
||||
* `mounts.conf.template` contains a mount definition example, and should be copied locally in `mounts.conf.d`
|
||||
as `<something>.conf`, for each of your mounts.
|
||||
|
||||
34
install.sh
34
install.sh
@ -1,12 +1,19 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
run_directory=$(dirname $(readlink -f "$0"))
|
||||
user=$(whoami)
|
||||
|
||||
if [ -f $run_directory/.disabled ]; then
|
||||
echo "Installation is disabled. Exiting..."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [[ $user != 'root' ]]; then
|
||||
sudo="sudo"
|
||||
else
|
||||
sudo=""
|
||||
fi
|
||||
|
||||
echo "Copying Systemd units to system directory..."
|
||||
for f in $run_directory/mounts.conf.d/*.conf; do
|
||||
if [ ! -e "$f" ]; then
|
||||
@ -15,25 +22,34 @@ for f in $run_directory/mounts.conf.d/*.conf; do
|
||||
source $f
|
||||
mountfile=$(echo ${mount[target]} | sed -e "s:/:-:g")
|
||||
mountfile=${mountfile:1}.mount
|
||||
sudo cp $run_directory/template.mount /etc/systemd/system/$mountfile
|
||||
sudo sed -i -e "s/PH_MAPPER/${mount[mapper]}/g" /etc/systemd/system/$mountfile
|
||||
sudo sed -i -e "s:PH_TARGET:${mount[target]}:g" /etc/systemd/system/$mountfile
|
||||
$sudo cp $run_directory/template.mount /etc/systemd/system/$mountfile
|
||||
$sudo sed -i -e "s/PH_MAPPER/${mount[mapper]}/g" /etc/systemd/system/$mountfile
|
||||
$sudo sed -i -e "s:PH_TARGET:${mount[target]}:g" /etc/systemd/system/$mountfile
|
||||
$sudo sed -i -e "s:PH_FSTYPE:${mount[type]}:g" /etc/systemd/system/$mountfile
|
||||
if [ "${mount[friendly]}" != '' ]; then
|
||||
sudo sed -i -e "s/PH_FRIENDLY/${mount[friendly]}/g" /etc/systemd/system/$mountfile
|
||||
$sudo sed -i -e "s/PH_FRIENDLY/${mount[friendly]}/g" /etc/systemd/system/$mountfile
|
||||
else
|
||||
sudo sed -i -e "s/PH_FRIENDLY/${mount[mapper]}/g" /etc/systemd/system/$mountfile
|
||||
$sudo sed -i -e "s/PH_FRIENDLY/${mount[mapper]}/g" /etc/systemd/system/$mountfile
|
||||
fi
|
||||
if [ ${mount[autolock]} -eq 1 ]; then
|
||||
sudo mkdir /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d
|
||||
sudo cp $run_directory/close-vault.conf.template \
|
||||
if [ ! -d /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d ]; then
|
||||
$sudo mkdir /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d
|
||||
fi
|
||||
$sudo cp $run_directory/close-vault.conf.template \
|
||||
/etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d/close-vault.conf
|
||||
sudo sed -i -e "s/PH_MOUNTFILE/$mountfile/g" \
|
||||
$sudo sed -i -e "s/PH_MOUNTFILE/$mountfile/g" \
|
||||
/etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d/close-vault.conf
|
||||
fi
|
||||
if [ ${mount[timeout]} -eq 1 ]; then
|
||||
if [ ! -d /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d ]; then
|
||||
$sudo mkdir /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d
|
||||
fi
|
||||
$sudo cp $run_directory/timeout.conf /etc/systemd/system/systemd-cryptsetup@${mount[mapper]}.service.d/timeout.conf
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Reloading Systemd..."
|
||||
sudo systemctl daemon-reload
|
||||
$sudo systemctl daemon-reload
|
||||
|
||||
echo "Finished install. Exiting..."
|
||||
exit 0
|
||||
|
||||
@ -5,5 +5,7 @@
|
||||
declare -A mount
|
||||
mount[mapper]='' # As in /dev/mapper/<?>
|
||||
mount[target]='' # Mount point (absolute path)
|
||||
mount[type]='ext4' # Filesystem type
|
||||
mount[friendly]='' # Optional friendly name for unit file Description
|
||||
mount[autolock]=0 # Set to 1 to enable autolock
|
||||
mount[timeout]=0 # Set to 1 to enable mount timeout (30 seconds)
|
||||
|
||||
@ -1,10 +1,13 @@
|
||||
[Unit]
|
||||
Description=Mount PH_FRIENDLY Volume
|
||||
# Below Requisite could be a Wants
|
||||
Requisite=systemd-cryptsetup@PH_MAPPER.service
|
||||
Wants=systemd-cryptsetup@PH_MAPPER.service
|
||||
After=systemd-cryptsetup@PH_MAPPER.service
|
||||
|
||||
[Mount]
|
||||
What=/dev/mapper/PH_MAPPER
|
||||
Where=PH_TARGET
|
||||
Type=PH_FSTYPE
|
||||
Options=rw,relatime
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
|
||||
2
timeout.conf
Normal file
2
timeout.conf
Normal file
@ -0,0 +1,2 @@
|
||||
[Unit]
|
||||
JobTimeoutSec=30
|
||||
Reference in New Issue
Block a user