#!/bin/sh
set -eu
set -o pipefail

if [ -e /dev/mapper/cryptdir ]; then
    echo "only one instance can run at a time" 1>&2
    exit 1
fi

sudo -v || exit 1

if [ -z "${1:-}" ]; then
    size='16M'
else
    size=$1
fi

cryptfile=$(mktemp)
cryptdir=$(mktemp -d)
pass=$(dd if=/dev/urandom bs=1 count=80 | base64)

cleanup() {
    set +e
    cd
    sudo umount "$cryptdir"
    sudo cryptsetup close cryptdir
    rm -f "$cryptfile"
    rmdir "$cryptdir"
}

trap cleanup EXIT

dd if=/dev/urandom of="$cryptfile" bs="$size" count=1
echo "$pass" | sudo cryptsetup luksFormat "$cryptfile" -
echo "$pass" | sudo cryptsetup open "$cryptfile" cryptdir --key-file -
sudo mkfs.ext2 /dev/mapper/cryptdir
sudo mount /dev/mapper/cryptdir "$cryptdir"
sudo chown "$USER" "$cryptdir"
cd "$cryptdir"
$SHELL