rwx/sh/cryptsetup.sh

_rwx_cmd_cs() { rwx_crypt "${@}"; }

RWX_CRYPT_ROOT="/data/home/user/crypt"
RWX_CRYPT_VAR="/var/lib/crypt"

rwx_crypt_device() {
	local device size
	local index=0
	while [ -z "${device}" ]; do
		device="/dev/nbd${index}"
		if [ -b "${device}" ]; then
			size="$(cat /sys/block/nbd"${index}/size")"
			[ "${size}" -eq 0 ] ||
				device=""
		else
			device=""
			break
		fi
		index=$((index + 1))
	done
	if [ -n "${device}" ]; then
		echo "${device}"
	else
		rwx_log_error 1 "No device available"
	fi
}

rwx_crypt() {
	local action="${1}"
	local action_close="close"
	local action_open="open"
	local mapper="/dev/mapper"
	local mount_root="/media"
	local crypt_arg crypt_file crypt_map crypt_mount pass_phrase
	case "${action}" in
	"${action_close}" | "${action_open}")
		shift
		local user_id
		user_id="$(id --user)"
		[ "${user_id}" -eq 0 ] ||
			rwx_log_error 1 "Not root"
		[ -n "${1}" ] ||
			rwx_log_error 2 "No files"
		[ "${action}" = "${action_open}" ] &&
			pass_phrase="$(rwx_read_passphrase)"
		for crypt_arg in "${@}"; do
			rwx_log_info
			crypt_file="${RWX_CRYPT_ROOT}/${crypt_arg}.qcow2"
			if [ -f "${crypt_file}" ]; then
				crypt_map="${mapper}/${crypt_arg}"
				crypt_mount="${mount_root}/${crypt_arg}"
				local device
				case "${action}" in
				"${action_open}")
					# find device
					if ! device="$(rwx_crypt_device)"; then
						rwx_log_error 4 "No device available"
					fi
					# make directory
					if ! mkdir --parents "${RWX_CRYPT_VAR}"; then
						rwx_log_error 5 "Making failure: ${RWX_CRYPT_VAR}"
					fi
					# record device
					if ! rwx_file_write \
						"${RWX_CRYPT_VAR}/${crypt_arg}" "${device}"; then
						rwx_log_error 6 "Writing failure: ${device}"
					fi
					# connect device
					if ! qemu-nbd --connect "${device}" "${crypt_file}"; then
						rwx_log_error 7 "Connection failure: ${device}"
					fi
					# open device
					if ! echo "${pass_phrase}" |
						cryptsetup luksOpen "${device}" "${crypt_arg}"; then
						rwx_log_error 8 "Opening failure: ${device}"
					fi
					# make mount directory
					if ! mkdir --parents "${crypt_mount}"; then
						rwx_log_error 9 "Making failure: ${crypt_mount}"
					fi
					# mount file system
					if ! mount \
						--options "autodefrag,compress-force=zstd" \
						"${crypt_map}" "${crypt_mount}"; then
						rwx_log_error 10 "Mounting failure: ${crypt_map}"
					fi
					;;
				"${action_close}")
					# unmount file system
					if ! umount "${crypt_mount}"; then
						rwx_log_error 4 "Unmounting failure: ${crypt_mount}"
					fi
					# remove mount directory
					if ! rmdir "${crypt_mount}"; then
						rwx_log_error 5 "Removal failure: ${crypt_mount}"
					fi
					# close device
					if ! cryptsetup luksClose "${crypt_arg}"; then
						rwx_log_error 6 "Closing failure: ${crypt_arg}"
					fi
					# load device
					if ! device="$(cat "${RWX_CRYPT_ROOT}/${crypt_arg}")"; then
						rwx_log_error 7 "Loading failure: ${crypt_arg}"
					fi
					# disconnect device
					if ! qemu-nbd --disconnect "${device}"; then
						rwx_log_error 8 "Disconnection failure: ${device}"
					fi
					# remove record
					if ! rm "${RWX_CRYPT_ROOT}/${crypt_arg}"; then
						rwx_log_error 9 "Removal failure: ${crypt_arg}"
					fi
					;;
				*) ;;
				esac
			else
				rwx_log_error 3 "Not a file: ${crypt_file}"
			fi
		done
		;;
	*)
		rwx_log_info "Usage:"
		rwx_log_info "${action_close}|${action_open}"
		# TODO list
		;;
	esac
}