#/bin/sh

# FILE SETTINGS
FILEPATH="$HOME"
FILENAME="secret_folder.enc"
SIZE="100M"
MOUNTPOINT="$HOME/secret_folder"

# ACCESS RIGHTS
_USER=sdk
_GROUP=sdk
_CHMOD=700

usage() {
        echo "usage: $0 [create, open, close]"
        echo "  create          - creates new encrypted storage"
        echo "  mount           - decrypts and mounts storage"
        echo "  umount          - unmounts and encrypts storage"
}

_create() {
        set -xe
        # create image
        fallocate -l $SIZE $FILEPATH/$FILENAME
        # encrypte image
        sudo cryptsetup -y luksFormat $FILEPATH/$FILENAME
        # create loopback device (allow access to decrypted content)
        sudo cryptsetup open $FILEPATH/$FILENAME $FILENAME
        # create file system on loopback device
        sudo mkfs -t ext4 /dev/mapper/$FILENAME
        # mount, so we can set permissions
        sudo mount -t ext4 /dev/mapper/$FILENAME $MOUNTPOINT
        # set permissions
        sudo chown -R $_USER:$_GROUP $MOUNTPOINT
        sudo chmod -R $_CHMOD $MOUNTPOINT
        # unmount
        sudo umount $MOUNTPOINT
        # close lookback device (no more access without password)
        sudo cryptsetup close $FILENAME
}

_mount() {
        set -xe
        # create loopback device (allow access to decrypted content)
        sudo cryptsetup open $FILEPATH/$FILENAME $FILENAME
        mkdir -p $MOUNTPOINT
        sudo mount -t ext4 /dev/mapper/$FILENAME $MOUNTPOINT
}

_umount() {
        set -x
        sudo umount $MOUNTPOINT
        sudo cryptsetup close $FILENAME
}

case $1 in
        "create") _create; ;;
        "mount") _mount; ;;
        "umount") _umount; ;;
        *) usage; ;;
esac