Browse Source

secrets: Use /dev/shm if available, then fallback to tmpfs

pjones/monitoring
Peter J. Jones 4 months ago
parent
commit
2218deea5e
Signed by: Peter Jones <pjones@devalot.com> GPG Key ID: 9DAFAA8D01941E49
1 changed files with 54 additions and 9 deletions
  1. 54
    9
      bin/secrets.sh

+ 54
- 9
bin/secrets.sh View File

@@ -140,6 +140,51 @@ decrypt_file() {
140 140
   esac
141 141
 }
142 142
 
143
+################################################################################
144
+mount_via_dev_shm() {
145
+  local mount_point=$1
146
+  local temp_dir
147
+
148
+  temp_dir=$(mktemp --directory --tmpdir=/dev/shm secrets.XXXXXXXXXX)
149
+  (cd "$(dirname "$mount_point")" && ln -nfs "$temp_dir" "$(basename "$mount_point")")
150
+}
151
+
152
+################################################################################
153
+umount_via_dev_shm() {
154
+  local mount_point=$1
155
+  local temp_dir
156
+
157
+  temp_dir=$(realpath "$mount_point")
158
+
159
+  if [ -d "$temp_dir" ] && [ "$(dirname "$temp_dir")" = "/dev/shm" ]; then
160
+    rm "$mount_point"
161
+    rm -rf "$temp_dir"
162
+  fi
163
+}
164
+
165
+################################################################################
166
+mount_via_tmpfs() {
167
+  local mount_point=$1
168
+  local secrets=$2
169
+
170
+  if ! findmnt "$mount_point" > /dev/null 2>&1; then
171
+    mkdir -p "$mount_point"
172
+    echo "==> Enter sudo password to mount tmpfs"
173
+    sudo mount -t tmpfs \
174
+         -o size="$(calculate_fs_size "$secrets")" \
175
+         tmpfs "$mount_point"
176
+  fi
177
+}
178
+
179
+################################################################################
180
+umount_via_tmpfs() {
181
+  local mount_point=$1
182
+
183
+  echo "==> Enter sudo password for unmounting"
184
+  sudo umount "$mount_point"
185
+  rmdir "$mount_point"
186
+}
187
+
143 188
 ################################################################################
144 189
 mount_secrets() {
145 190
   local option_secrets=""
@@ -182,12 +227,10 @@ mount_secrets() {
182 227
     symmetric_key=$(read_symmetric_key_file "$option_symmetric_key_file")
183 228
   fi
184 229
 
185
-  if ! findmnt "$option_mount_point" > /dev/null 2>&1; then
186
-    mkdir -p "$option_mount_point"
187
-    echo "==> Enter sudo password to mount tmpfs"
188
-    sudo mount -t tmpfs \
189
-         -o size="$(calculate_fs_size "$option_secrets")" \
190
-         tmpfs "$option_mount_point"
230
+  if [ ! -L "$option_mount_point" ] && [ -d /dev/shm ]; then
231
+    mount_via_dev_shm "$option_mount_point"
232
+  else
233
+    mount_via_tmpfs "$option_mount_point" "$option_secrets"
191 234
   fi
192 235
 
193 236
   while IFS= read -r -d '' file; do
@@ -226,9 +269,11 @@ unmount_secrets() {
226 269
     exit 1
227 270
   fi
228 271
 
229
-  echo "==> Enter sudo password for unmounting"
230
-  sudo umount "$option_mount_point"
231
-  rmdir "$option_mount_point"
272
+  if [ -L "$option_mount_point" ]; then
273
+    umount_via_dev_shm "$option_mount_point"
274
+  else
275
+    umount_via_tmpfs "$option_mount_point"
276
+  fi
232 277
 }
233 278
 
234 279
 ################################################################################

Loading…
Cancel
Save