Skip to content
Decrypt encrypted btrfs disks by dm-crypt plain with key file.
Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE
README.md
config-sample
diskid-list-sample
initial-crypt.zsh
opencryptdisk.zsh
opencryptdisk@.service

README.md

Master Volume Pool Decrypt and Mount

Decrypt encrypted btrfs disks by dm-crypt plain with key file.

This is better for a refference of writing first your systemd unit.

Description

This script setups encrypt/decrypt devices with dm-crypt plain, and mount encrypted filesystem via systemd.

For example, you can mount encrypted four whole disks for btrfs with one operation systemctl start.

Requirement

  • Zsh
  • Systemd
  • dm-crypt (cryptsetup)

Install

Prepare Directory

You should

# mkdir /etc/opencryptdisk

Copy settings and change.

# cp config-sample /etc/opencryptdisk/

Write your setting to config-sample.

LISTFILE is device list for encrypting/decrpyting. You should write one device par line.

KEYFILE is a path of key file to use encryption.

MOUNT is mount point(s).

PREFIX is a name prefix of crypt device.

opendir_after() function is called after mounting by systemd ExecStartPost function. For example, you can write btrfs subvolume snapshot.

And rename config-sample to <name>.conf. The name is used on systemd unit.

Device list

You make target devices list.

diskid-list-sample is a sample.

Write absolute path a device per line, and put path that you indicated LISTFILE in config file.

Key file.

You make key file and put it.

Initialize disk(s)

THIS STEP WILL BE DESTROY ALL DATA IN THE DISK

Run

# initial-crypt.zsh <listfile> <keyfile>

/dev/mapper/initialcrypt_<n> devices will be created.

You will make filesystem to it.

And close initial crypt devices like

# cryptsetup close /dev/mapper/initialcrypt_1

Copy script

# cp opencryptdisk.zsh /usr/local/sbin/

Put systemd unit

# cp opencrypt@.service /etc/systemd/system/

Usage

# systemctl start opencrpytdisk@<name>

If you put /etc/opencryptdisk/foo.conf, then type

# systemctl start opencryptdisk@foo

WARNING

THIS SCRIPT MAY DESTROY ALL OF YOUR DATA!!!

You must use with extreame care.

You can’t perform that action at this time.