| 1 | #! /bin/sh -ex |
| 2 | |
| 3 | : ${vgtag=@backup} ${vgprefix=vg-backup-} |
| 4 | : ${mntbkpdir=/mnt/bkp} |
| 5 | : ${STOREDIR=$mntbkpdir/store} ${METADIR=$mntbkpdir/meta} |
| 6 | : ${RANDOM=/dev/random} |
| 7 | |
| 8 | case $# in |
| 9 | 2) tag=$1 pv=$2 ;; |
| 10 | *) echo >&2 "usage: $0 TAG PV" ;; |
| 11 | esac |
| 12 | vg=$vgprefix$tag |
| 13 | |
| 14 | vgcreate --addtag $vgtag $vg $pv |
| 15 | |
| 16 | lvcreate -L64M -nmeta $vg |
| 17 | mkfs -text3 -Lmeta /dev/$vg/meta |
| 18 | mount /dev/$vg/meta $METADIR |
| 19 | |
| 20 | echo $tag >$METADIR/volume |
| 21 | dd if=$RANDOM bs=1 count=512 | |
| 22 | cryptop encrypt backup >$METADIR/crypt.blob |
| 23 | |
| 24 | lvcreate -l100%FREE -ncrypt $vg |
| 25 | cryptop decrypt backup <$METADIR/crypt.blob | |
| 26 | cryptsetup luksFormat \ |
| 27 | --cipher=twofish-xts-benbi:sha256 \ |
| 28 | --hash=sha256 --key-size=256 \ |
| 29 | /dev/$vg/crypt - |
| 30 | |
| 31 | cryptop decrypt backup <$METADIR/crypt.blob | |
| 32 | cryptsetup luksOpen --key-file=- /dev/$vg/crypt cbackup |
| 33 | |
| 34 | mkfs -text3 -Lbackup /dev/mapper/cbackup |
| 35 | |
| 36 | mount /dev/mapper/cbackup $STOREDIR |
| 37 | touch $STOREDIR/.rsync-backup-store |