Master Volume Pool Decrypt and Mount
Decrypt encrypted btrfs disks by dm-crypt plain with key file.
This is better for a refference of writing first your systemd unit.
This script setups encrypt/decrypt devices with dm-crypt plain, and mount encrypted filesystem via systemd.
For example, you can mount encrypted four whole disks for btrfs with one operation
- dm-crypt (cryptsetup)
# mkdir /etc/opencryptdisk
Copy settings and change.
# cp config-sample /etc/opencryptdisk/
Write your setting to
LISTFILE is device list for encrypting/decrpyting.
You should write one device par line.
KEYFILE is a path of key file to use encryption.
MOUNT is mount point(s).
PREFIX is a name prefix of crypt device.
opendir_after() function is called after mounting by systemd
For example, you can write
btrfs subvolume snapshot.
The name is used on systemd unit.
You make target devices list.
diskid-list-sample is a sample.
Write absolute path a device per line, and put path that you indicated
LISTFILE in config file.
You make key file and put it.
THIS STEP WILL BE DESTROY ALL DATA IN THE DISK
# initial-crypt.zsh <listfile> <keyfile>
/dev/mapper/initialcrypt_<n> devices will be created.
You will make filesystem to it.
And close initial crypt devices like
# cryptsetup close /dev/mapper/initialcrypt_1
# cp opencryptdisk.zsh /usr/local/sbin/
Put systemd unit
# cp opencrypt@.service /etc/systemd/system/
# systemctl start opencrpytdisk@<name>
If you put
/etc/opencryptdisk/foo.conf, then type
# systemctl start opencryptdisk@foo
THIS SCRIPT MAY DESTROY ALL OF YOUR DATA!!!
You must use with extreame care.