unlocking encfs during boot (Re: systemd now appears to be only possible init system in testing)

Michael Biebl biebl at debian.org
Mon Jul 28 16:21:29 BST 2014 

Am 28.07.2014 16:53, schrieb Michael Biebl:
> ------8<-----------
> [Unit]
> Description=Unlock EncFS
> DefaultDependencies=no
> After=local-fs.target
> Before=display-manager.service getty at tty1.service
> 
> [Service]
> Type=oneshot
> RemainAfterExit=true
> Environment=RootDir=/home/.encfs/crypt
> Environment=MountPoint=/home/crypt
> ExecStart=/bin/sh -c "systemd-ask-password --no-tty --timeout=30 'Unlock
> EncFS' | encfs --stdinpass $RootDir $MountPoint"
> ExecStop=/bin/umount $MountPoint
> 
> [Install]
> WantedBy=sysinit.target
> ------>8-----------


To show you some additional cool systemd features, I'm going a step
further and make this unit file a completely generic template unit, so
it can easily be re-used, say if you have multiple encfs file systems to
unlock and you don't want to copy that file over and over again.

Only 3 small modifications are necessary:
- Rename the file unlock at .service
- Update Description: Description=Unlock %I EncFS
- Use EnvironmentFile=/etc/encfs/%I

The %I is the instance name specfier and denotes the part between
unlock@<instance name>.service. See man systemd.unit(5)

The resulting template unit looks like this and is completely generic:

------8<-----------
[Unit]
Description=Unlock %I EncFS
DefaultDependencies=no
After=local-fs.target
Before=display-manager.service getty at tty1.service

[Service]
Type=oneshot
RemainAfterExit=true
EnvironmentFile=/etc/encfs/%I
ExecStart=/bin/sh -c "systemd-ask-password --no-tty --timeout=30 'Unlock
EncFS' | encfs --stdinpass $RootDir $MountPoint"
ExecStop=/bin/umount $MountPoint

[Install]
WantedBy=sysinit.target
------>8-----------

So how do we create a new encfs unit now?

- mkdir /etc/encfs/
- echo -e "RootDir=/home/.encfs/crypt/\nMountPoint=/home/crypt" >
/etc/encfs/home
- systemctl enable unlock at home.service
Note how the file name and the instance name match.


Hope you enjoy my little explorations in systemd land :-)

Michael



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20140728/dbe595ea/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list