#! /bin/sh -ex

: ${vgtag=@backup} ${vgprefix=vg-backup-}
: ${mntbkpdir=/mnt/bkp}
: ${STOREDIR=$mntbkpdir/store} ${METADIR=$mntbkpdir/meta}
: ${RANDOM=/dev/random}

case $# in
  2) tag=$1 pv=$2 ;;
  *) echo >&2 "usage: $0 TAG PV" ;;
esac
vg=$vgprefix$tag

vgcreate --addtag $vgtag $vg $pv

lvcreate -L64M -nmeta $vg
mkfs -text3 -Lmeta /dev/$vg/meta
mount /dev/$vg/meta $METADIR

echo $tag >$METADIR/volume
dd if=$RANDOM bs=1 count=512 |
	cryptop encrypt backup >$METADIR/crypt.blob

lvcreate -l100%FREE -ncrypt $vg
cryptop decrypt backup <$METADIR/crypt.blob |
	cryptsetup luksFormat \
	  --cipher=twofish-xts-benbi:sha256 \
	  --hash=sha256 --key-size=256 \
	  /dev/$vg/crypt -

cryptop decrypt backup <$METADIR/crypt.blob |
	cryptsetup luksOpen --key-file=- /dev/$vg/crypt cbackup

mkfs -text3 -Lbackup /dev/mapper/cbackup

mount /dev/mapper/cbackup $STOREDIR
touch $STOREDIR/.rsync-backup-store