rwx.work / rwx
Read Write eXecute framework rwx.rwx.work
fork atom
rwx / sh / crypt.sh
at dev 154 lines 4.0 kB view raw
tilde.link chore: add existing codebase
0a619ab6
1# ╭───────╮ 2# │ crypt │ 3# ╰───────╯ 4 5# ╭───────┬───────────╮ 6# │ crypt │ constants │ 7# ╰───────┴───────────╯ 8 9# TODO variablize 10RWX_CRYPT_ROOT="/data/home/user/crypt" 11# TODO common var/lib root 12RWX_CRYPT_VAR="/var/lib/rwx/crypt" 13 14# ╭───────┬───────────╮ 15# │ crypt │ functions │ 16# ╰───────┴───────────╯ 17 18#| cat 19rwx_crypt_device() { 20 local device size 21 local index=0 22 while [ -z "${device}" ]; do 23 device="/dev/nbd${index}" 24 if [ -b "${device}" ]; then 25 size="$(cat /sys/block/nbd"${index}/size")" 26 [ "${size}" -eq 0 ] || 27 device="" 28 else 29 device="" 30 break 31 fi 32 index=$((index + 1)) 33 done 34 if [ -n "${device}" ]; then 35 echo "${device}" 36 else 37 rwx_log_error 1 "No device available" 38 fi 39} 40 41#| id 42#| mkdir 43#| qemu-nbd 44#| cryptsetup 45#| mount 46#| umount 47#| rmdir 48#| cat 49#| rm 50#/ cs 51rwx_crypt_setup() { 52 local action="${1}" 53 local action_close="close" 54 local action_open="open" 55 local mapper="/dev/mapper" 56 local mount_root="/media" 57 local crypt_arg crypt_file crypt_map crypt_mount pass_phrase 58 case "${action}" in 59 "${action_close}" | "${action_open}") 60 shift 61 local user_id 62 user_id="$(id --user)" 63 [ "${user_id}" -eq 0 ] || 64 rwx_log_error 1 "Not root" 65 [ -n "${1}" ] || 66 rwx_log_error 2 "No files" 67 [ "${action}" = "${action_open}" ] && 68 pass_phrase="$(rwx_read_passphrase)" 69 for crypt_arg; do 70 rwx_log_info 71 crypt_file="${RWX_CRYPT_ROOT}/${crypt_arg}.qcow2" 72 if [ -f "${crypt_file}" ]; then 73 crypt_map="${mapper}/${crypt_arg}" 74 crypt_mount="${mount_root}/${crypt_arg}" 75 local device 76 case "${action}" in 77 "${action_open}") 78 # find device 79 if ! device="$(rwx_crypt_device)"; then 80 rwx_log_error 4 "No device available" 81 fi 82 # make directory 83 if ! mkdir --parents "${RWX_CRYPT_VAR}"; then 84 rwx_log_error 5 "Making failure: ${RWX_CRYPT_VAR}" 85 fi 86 # record device 87 if ! rwx_file_write \ 88 "${RWX_CRYPT_VAR}/${crypt_arg}" "${device}"; then 89 rwx_log_error 6 "Writing failure: ${device}" 90 fi 91 # connect device 92 if ! qemu-nbd --connect "${device}" "${crypt_file}"; then 93 rwx_log_error 7 "Connection failure: ${device}" 94 fi 95 # wait device 96 udevadm settle 97 # delay 98 sleep "1" 99 # open device 100 if ! echo "${pass_phrase}" | 101 cryptsetup luksOpen "${device}" "${crypt_arg}"; then 102 rwx_log_error 8 "Opening failure: ${device}" 103 fi 104 # make mount directory 105 if ! mkdir --parents "${crypt_mount}"; then 106 rwx_log_error 9 "Making failure: ${crypt_mount}" 107 fi 108 # mount file system 109 if ! mount \ 110 --options "autodefrag,compress-force=zstd" \ 111 "${crypt_map}" "${crypt_mount}"; then 112 rwx_log_error 10 "Mounting failure: ${crypt_map}" 113 fi 114 ;; 115 "${action_close}") 116 # unmount file system 117 if ! umount "${crypt_mount}"; then 118 rwx_log_error 4 "Unmounting failure: ${crypt_mount}" 119 fi 120 # remove mount directory 121 if ! rmdir "${crypt_mount}"; then 122 rwx_log_error 5 "Removal failure: ${crypt_mount}" 123 fi 124 # close device 125 if ! cryptsetup luksClose "${crypt_arg}"; then 126 rwx_log_error 6 "Closing failure: ${crypt_arg}" 127 fi 128 # load device 129 if ! device="$(cat "${RWX_CRYPT_VAR}/${crypt_arg}")"; then 130 rwx_log_error 7 "Loading failure: ${crypt_arg}" 131 fi 132 # disconnect device 133 if ! qemu-nbd --disconnect "${device}"; then 134 rwx_log_error 8 "Disconnection failure: ${device}" 135 fi 136 # remove record 137 if ! rm "${RWX_CRYPT_VAR}/${crypt_arg}"; then 138 rwx_log_error 9 "Removal failure: ${crypt_arg}" 139 fi 140 ;; 141 *) ;; 142 esac 143 else 144 rwx_log_error 3 "Not a file: ${crypt_file}" 145 fi 146 done 147 ;; 148 *) 149 rwx_log_info "Usage:" 150 rwx_log_info "${action_close}|${action_open}" 151 # TODO list 152 ;; 153 esac 154}