diff options
| author | Georg Pfuetzenreuter | 2022-06-12 22:13:29 +0200 |
|---|---|---|
| committer | Georg Pfuetzenreuter | 2022-06-12 22:15:03 +0200 |
| commit | df586b4892c57ba7b14dc9400cc684d0ed0faff8 (patch) | |
| tree | eaec9c60647e3b01242e0dddf187d6ac15628964 | |
| parent | f655c72534d1700010c6448e6719ae9491680b5d (diff) | |
| download | system-df586b4892c57ba7b14dc9400cc684d0ed0faff8.tar.gz system-df586b4892c57ba7b14dc9400cc684d0ed0faff8.tar.bz2 system-df586b4892c57ba7b14dc9400cc684d0ed0faff8.zip | |
Init S3/CryFS startup script
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
| -rwxr-xr-x | scripts/sh/init-s3-cryfs.sh | 96 | ||||
| -rw-r--r-- | systemd/init-s3.service | 13 |
2 files changed, 109 insertions, 0 deletions
diff --git a/scripts/sh/init-s3-cryfs.sh b/scripts/sh/init-s3-cryfs.sh new file mode 100755 index 0000000..63bdc30 --- /dev/null +++ b/scripts/sh/init-s3-cryfs.sh @@ -0,0 +1,96 @@ +#!/bin/sh +#Georg Pfuetzenreuter <georg@lysergic.dev> +#Not intended for general purpose use - designed to initialize a construct of bind -> CryFS -> S3 mounts + +basemount="/s3" +cryptmount="$basemount/container" +sysmount="/mnt/s3cry" +datamount="/data" +ingestmount="$datamount/ingest/s3" +clearingestmount="${ingestmount}_clear" + +mounts="/proc/mounts" + +check () { + grep -qs "$1" "$mounts" +} + +check_ingestmount () { + if check "$ingestmount" + then + echo "Already mounted." + exit 0 + fi +} + +stop_mounts () { + if check "$ingestmount " + then + echo "Unmounting $ingestmount ..." + umount "$ingestmount" + fi + if check "$clearingestmount " + then + echo "Unmounting $clearingestmount ..." + umount "$clearingestmount" + fi + if check "$sysmount" + then + echo "Unmounting $sysmount ..." + fusermount -u "$sysmount" + fi + if check "$basemount" + then + echo "Unmounting $basemount ..." + umount "$basemount" + fi +} + +start_mounts () { + check_ingestmount + if ! check "$basemount" + then + echo "Mounting $basemount ..." + s3fs lysergic "$basemount" -o url=https://s3.eu-central-2.wasabisys.com -o allow_other + if [ ! "$?" = "0" ] + then + echo "FATAL - s3fs failed" + exit 1 + fi + + #we don't want this, it's an unencrypted s3 mount, but helpful for testing + if ! check "$clearingestmount " + then + echo "Mounting $clearingestmount ..." + mount -o bind "$basemount/clear" "$clearingestmount" + fi + + if ! check "$sysmount" + then + echo "Mounting $sysmount ..." + cryfs "$cryptmount" "$sysmount" -- -o allow_other < /etc/.cry >/dev/null 2>&1 + if [ ! "$?" = "0" ] + then + echo "FATAL - cryfs failed" + exit 1 + fi + if ! check "$ingestmount " + then + echo "Mounting $ingestmount ..." + mount -o bind "$sysmount" "$ingestmount" + if [ ! "$?" = "0" ] + then + echo "FATAL - bind mount failed" + exit 1 + fi + fi + fi + fi +} + +case "$1" in + "start" ) start_mounts ;; + "stop" ) stop_mounts ;; + "status" ) check_ingestmount ;; + * ) echo "$0 [start|stop|status]" ;; +esac diff --git a/systemd/init-s3.service b/systemd/init-s3.service new file mode 100644 index 0000000..95df4db --- /dev/null +++ b/systemd/init-s3.service @@ -0,0 +1,13 @@ +[Unit] +Description=LYSERGIC S3 Initiator +After=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/local/bin/init-s3.sh start +ExecStop=/usr/local/bin/init-s3.sh stop +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target + |