#!/usr/bin/env bash
#
# /dev/sda2 -> /home
# installed packages: cryptsetup keyutils
# loaded modules: dm_crypt
#
# prep/test:
#  cryptsetup -h sha256 -c aes-xts-plain64 -s 512 luksFormat /dev/sda2
#  cryptsetup luksOpen /dev/sda2 chome
#  mkfs.ext4 -E lazy_itable_init=0,lazy_journal_init=0 /dev/mapper/chome
#  touch /home/.undermnt
#  mount /dev/mapper/chome /home
#  umount /home
#  cryptsetup luksClose chome

_DEV=/dev/sda2
_LUKS=chome
_MOUNT=/home

# LUKS
if [[ ! -e /dev/mapper/${_LUKS} ]]; then
  sudo cryptsetup luksOpen ${_DEV} ${_LUKS}
fi
# mount
if [[ ! -e /dev/mapper/${_LUKS} ]]; then
  echo "luksOpen failed"
  exit 1
else
  if ! mountpoint -q ${_MOUNT}; then
    sudo mount /dev/mapper/${_LUKS} ${_MOUNT}
  fi
fi
# verify
if mountpoint -q ${_MOUNT}; then
  df -h ${_MOUNT}
else
  echo "mount failed"
fi