El lun, 28 de jul 2014 a las 8:21 , Michael Biebl <biebl@debian.org> escribió:<br>
<blockquote type="cite"><div class="plaintext" style="white-space: pre-wrap;">Am 28.07.2014 16:53, schrieb Michael Biebl:
<blockquote> ------8<-----------
[Unit]
Description=Unlock EncFS
DefaultDependencies=no
After=local-fs.target
Before=display-manager.service getty@tty1.service
[Service]
Type=oneshot
RemainAfterExit=true
Environment=RootDir=/home/.encfs/crypt
Environment=MountPoint=/home/crypt
ExecStart=/bin/sh -c "systemd-ask-password --no-tty --timeout=30 'Unlock
EncFS' | encfs --stdinpass $RootDir $MountPoint"
ExecStop=/bin/umount $MountPoint
[Install]
WantedBy=sysinit.target
------>8-----------
</blockquote>
To show you some additional cool systemd features, I'm going a step
further and make this unit file a completely generic template unit, so
it can easily be re-used, say if you have multiple encfs file systems to
unlock and you don't want to copy that file over and over again.
Only 3 small modifications are necessary:
- Rename the file unlock@.service
- Update Description: Description=Unlock %I EncFS
- Use EnvironmentFile=/etc/encfs/%I
The %I is the instance name specfier and denotes the part between
unlock@<instance name>.service. See man systemd.unit(5)
The resulting template unit looks like this and is completely generic:
------8<-----------
[Unit]
Description=Unlock %I EncFS
DefaultDependencies=no
After=local-fs.target
Before=display-manager.service getty@tty1.service
[Service]
Type=oneshot
RemainAfterExit=true
EnvironmentFile=/etc/encfs/%I
ExecStart=/bin/sh -c "systemd-ask-password --no-tty --timeout=30 'Unlock
EncFS' | encfs --stdinpass $RootDir $MountPoint"
ExecStop=/bin/umount $MountPoint
[Install]
WantedBy=sysinit.target
------>8-----------
So how do we create a new encfs unit now?
- mkdir /etc/encfs/
- echo -e "RootDir=/home/.encfs/crypt/\nMountPoint=/home/crypt" >
/etc/encfs/home
- systemctl enable unlock@home.service
Note how the file name and the instance name match.</div></blockquote><div><br></div><div>Maybe you could use BindsTo=/etc/encfs/%I.path (I think that would work, right?) so that you do not have to explicitly enable it. Although that would cause the MTPT to be unmounted if the file is deleted (unless the ExecStop= is removed)... Anyway, pretty cool.</div><div><br></div><div>Thanks for sharing,</div><div>--</div><div>Cameron Norman</div>