#!/bin/bash
#
# #RCDDIR#/cryptfs: mount/umount encrypted partitions
#

set -o pipefail

cryptTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/crypttab | sed "s/^\s*//")"
fsTab="$(grep -v "^\s*\(#\|\$\)" #ETCDIR#/fstab | sed "s/^\s*//")"

cryptedFss="$(echo "${cryptTab}" | awk '{print "#MAPDIR#/"$1}')"
neededKeyFss="$(
    for fs in $(echo "${fsTab}" | awk '{print $2}' | grep "^/")
    do
        if echo "${cryptTab}" | grep -q "^\S\+\s\+\S\+\s\+${fs}\(/\|\s\)"
        then
            echo "${fs}"
        fi
    done
)"
innermostFss="$(
    for fs in ${cryptedFss}
    do
        echo "${fsTab}" | \
          awk '{print $2}' | \
          grep "^$(
            echo "${fsTab}" | \
            grep "^${fs}\s" | \
            awk '{print $2}'
          )/"
    done
)"

case $1 in

start)

    for neededKeyFs in ${neededKeyFss}
    do
        if ! mountpoint -q "${neededKeyFs}"
        then
            if echo "${fsTab}" | grep -q "^\(ssh\|ftp\)fs#\S*\s\+${neededKeyFs}\s"
            then
                maxWait=120
                while ! /sbin/ip -o addr show scope global | grep -q '\S'
                do
                    >&2 echo -ne "."
                    sleep 1
                    maxWait=$[${maxWait}-1]
                done
            fi
            mount ${neededKeyFs} || exit $?
        fi
    done

    for ((cryptDeviceNum=0; cryptDeviceNum<$(echo "${cryptTab}" | wc -l); cryptDeviceNum++))
    do
        zeile="$(echo "${cryptTab}" | head -n$[${cryptDeviceNum}+1] | tail -n1)"
        name="$(echo "${zeile}" | awk '{print $1}')"
        device="$(echo "${zeile}" | awk '{print $2}')"
        if [[ "${device}" == "UUID="* ]]
        then
            device="#UUIDDIR#/${device#UUID=}"
        fi
        keyfile="$(echo "${zeile}" | awk '{print $3}')"
        if [ ! -b "#MAPDIR#/${name}" ]
        then
            cryptsetup luksOpen "${device}" "${name}" --key-file="${keyfile}" || exit $?
        fi
    done

    for cryptedFs in ${cryptedFss}
    do
        if ! findmnt --source "${cryptedFs}" > /dev/null
        then
            e2fsck "${cryptedFs}"
            mount "${cryptedFs}" || exit $?
        fi
    done

    for innermostFs in ${innermostFss}
    do
        if ! mountpoint -q "${innermostFs}"
        then
            mount "${innermostFs}" || exit $?
        fi
    done

    ;;

stop)

    for innermostFs in ${innermostFss}
    do
        if mountpoint -q "${innermostFs}"
        then
            umount "${innermostFs}" || exit $?
        fi
    done

    for cryptedFs in ${cryptedFss}
    do
        if findmnt --source "${cryptedFs}" > /dev/null
        then
            umount "${cryptedFs}" || exit $?
        fi
    done

    for name in $(echo "${cryptTab}" | awk '{print $1}')
    do
        if [ -b "#MAPDIR#/${name}" ]
        then
            cryptsetup luksClose "${name}" || exit $?
        fi
    done

    for neededKeyFs in ${neededKeyFss}
    do
        if [ ! "${neededKeyFs}" == "/" ] && mountpoint -q "${neededKeyFs}"
        then
            umount ${neededKeyFs} || exit $?
        fi
    done

    ;;

    restart)
    $0 stop
    sleep 2
    $0 start
    ;;

*)
    echo "usage: $0 [start|stop|restart]"
    ;;

esac

# End of file