+rule_part_root_format () {
+ if ! mount | grep -q "^$vm_dev_disk_root "
+ then
+ sudo cryptsetup luksFormat --hash=sha512 --key-size=512 \
+ --cipher=aes-xts-essiv:sha256 --key-file=- --align-payload=8 $vm_dev_disk_root
+ sudo cryptsetup luksOpen --key-file=- $vm_dev_disk_root ${vm}_root_deciphered
+ sudo mkfs.ext4 -m 5 -T ext4 -L ${vm}_root -E stripe_width=32,resize=15G \
+ /dev/mapper/${vm}_root_deciphered
+ ! mountpoint /mnt/$vm_fqdn
+ sudo mount -v /dev/mapper/${vm}_root_deciphered /mnt/$vm_fqdn
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/boot
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/dev
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/home
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/proc
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/sys
+ mk_dir mod=0770 own=root:root /mnt/$vm_fqdn/var
+ sudo umount -v /mnt/$vm_fqdn
+ fi
+ }
+rule_part_root_mount () {
+ test -e /dev/mapper/${vm}_root_deciphered ||
+ sudo cryptsetup luksOpen $vm_dev_disk_root ${vm}_root_deciphered
+ ! mountpoint /mnt/$vm_fqdn ||
+ sudo mount -v /dev/mapper/${vm}_root_deciphered /mnt/$vm_fqdn
+ }
+rule_part_root_umount () {
+ ! mountpoint /mnt/$vm_fqdn ||
+ sudo umount -v /mnt/$vm_fqdn
+ ! test -e /dev/mapper/${vm}_root_deciphered ||
+ sudo cryptsetup luksClose ${vm}_root_deciphered
+ }
+rule_part_swap_format () {
+ rule__part_encrypted_format swap
+ rule__part_encrypted_mount swap
+ sudo mkswap -f -L ${vm}_swap /dev/mapper/${vm}_swap_deciphered
+ rule__part_encrypted_umount swap
+ }
+rule_part_boot_format () {
+ mount | grep -q "^$vm_dev_disk_boot " ||
+ sudo mkfs.ext2 -m 0 -T small -L ${vm}_boot $vm_dev_disk_boot
+ }
+rule_part_boot_mount () {
+ mountpoint /mnt/$vm_fqdn
+ test -d /mnt/$vm_fqdn/boot
+ mountpoint /mnt/$vm_fqdn/boot ||
+ sudo mount -v $vm_dev_disk_boot /mnt/$vm_fqdn/boot
+ }
+rule_part_boot_umount () {
+ ! mountpoint /mnt/$vm_fqdn/boot ||
+ sudo umount -v /mnt/$vm_fqdn/boot
+ }
+rule_part_var_format () {
+ rule__part_encrypted_format var
+ rule__part_encrypted_mount var
+ sudo mkfs.ext4 -m 5 -T ext4 -L ${vm}_var -E stripe_width=32,resize=5G \
+ /dev/mapper/${vm}_${part}_deciphered
+ rule__part_encrypted_umount var
+ }
+rule_part_var_mount () {
+ rule__part_encrypted_mount var
+ mountpoint /mnt/$vm_fqdn/var ||
+ sudo mount -v /dev/mapper/${vm}_var_deciphered /mnt/$vm_fqdn/var
+ }
+rule_part_var_umount () {
+ ! mountpoint /mnt/$vm_fqdn/var ||
+ sudo umount -v /mnt/$vm_fqdn/var
+ rule__part_encrypted_umount var
+ }
+rule_part_home_format () {
+ rule__part_encrypted_format home
+ rule__part_encrypted_mount home
+ sudo mkfs.ext4 -m 0 -T ext4 -L ${vm}_home -E stripe_width=32,resize=200G \
+ /dev/mapper/${vm}_home_deciphered
+ rule__part_encrypted_umount home
+ }
+rule_part_home_mount () {
+ rule__part_encrypted_mount home
+ mountpoint /mnt/$vm_fqdn/home ||
+ sudo mount -v /dev/mapper/${vm}_home_deciphered /mnt/$vm_fqdn/home
+ }
+rule_part_home_umount () {
+ ! mountpoint /mnt/$vm_fqdn/home ||
+ sudo umount -v /mnt/$vm_fqdn/home
+ rule__part_encrypted_umount home