refactor into modules; add bitlocker support

Author: scienmind

.github/workflows/test.yml

@@ -0,0 +1,165 @@
+name: CI Tests
+
+on:
+  push:
+    branches: [ main, master, develop ]
+  pull_request:
+    branches: [ main, master, develop ]
+  workflow_dispatch:
+
+jobs:
+  syntax-and-lint:
+    name: Syntax and Lint Checks
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Install ShellCheck
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+      
+      - name: Check bash syntax
+        run: |
+          echo "Checking srv-ctl.sh..."
+          bash -n srv-ctl.sh
+          echo "Checking lib/os-utils.sh..."
+          bash -n lib/os-utils.sh
+          echo "Checking lib/storage.sh..."
+          bash -n lib/storage.sh
+      
+      - name: Run ShellCheck
+        run: |
+          echo "ShellCheck srv-ctl.sh..."
+          shellcheck -x srv-ctl.sh
+          echo "ShellCheck lib/os-utils.sh..."
+          shellcheck -x lib/os-utils.sh
+          echo "ShellCheck lib/storage.sh..."
+          shellcheck -x lib/storage.sh
+
+  unit-tests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    needs: syntax-and-lint
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+      
+      - name: Install bats
+        run: npm install -g bats
+      
+      - name: Run unit tests
+        run: |
+          echo "Running unit tests..."
+          bats tests/unit/test-os-utils.bats
+          bats tests/unit/test-storage.bats
+
+  integration-tests:
+    name: Integration Tests (${{ matrix.os }})
+    runs-on: ubuntu-latest
+    needs: unit-tests
+    
+    strategy:
+      fail-fast: false
+      matrix:
+        os:
+          - debian:10
+          - debian:11
+          - debian:12
+          - debian:13
+          - ubuntu:18.04
+          - ubuntu:20.04
+          - ubuntu:22.04
+          - ubuntu:24.04
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Run integration tests in Docker
+        run: |
+          docker run --rm \
+            --privileged \
+            -v ${{ github.workspace }}:/workspace \
+            -w /workspace \
+            ${{ matrix.os }} \
+            bash -c '
+              set -euo pipefail
+              
+              # Update package lists
+              if command -v apt-get &>/dev/null; then
+                apt-get update -qq
+              fi
+              
+              # Install dependencies
+              echo "Installing dependencies..."
+              if command -v apt-get &>/dev/null; then
+                apt-get install -y -qq \
+                  bash \
+                  cryptsetup \
+                  lvm2 \
+                  dosfstools \
+                  ntfs-3g \
+                  util-linux \
+                  sudo
+              fi
+              
+              # Setup test environment
+              echo "Setting up test environment..."
+              bash tests/fixtures/setup-test-env.sh
+              
+              # Run integration tests
+              echo "Running LUKS tests..."
+              bash tests/integration/test-luks.sh
+              
+              echo "Running LVM tests..."
+              bash tests/integration/test-lvm.sh
+              
+              echo "Running mount tests..."
+              bash tests/integration/test-mount.sh
+              
+              # Cleanup
+              echo "Cleaning up..."
+              bash tests/fixtures/cleanup-test-env.sh
+              
+              echo "All integration tests passed on ${{ matrix.os }}!"
+            '
+      
+      - name: Upload test logs on failure
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-logs-${{ matrix.os }}
+          path: |
+            /tmp/test_env.conf
+            /var/log/syslog
+          if-no-files-found: ignore
+
+  test-summary:
+    name: Test Summary
+    runs-on: ubuntu-latest
+    needs: [syntax-and-lint, unit-tests, integration-tests]
+    if: always()
+    
+    steps:
+      - name: Check test results
+        run: |
+          echo "Test Results:"
+          echo "  Syntax and Lint: ${{ needs.syntax-and-lint.result }}"
+          echo "  Unit Tests: ${{ needs.unit-tests.result }}"
+          echo "  Integration Tests: ${{ needs.integration-tests.result }}"
+          
+          if [[ "${{ needs.syntax-and-lint.result }}" != "success" ]] || \
+             [[ "${{ needs.unit-tests.result }}" != "success" ]] || \
+             [[ "${{ needs.integration-tests.result }}" != "success" ]]; then
+            echo "Some tests failed!"
+            exit 1
+          else
+            echo "All tests passed!"
+          fi

README.md

@@ -15,7 +15,9 @@ Small utility to manage home server services dependent on encrypted storage.
 
 - **cryptsetup**: Version 2.4.0+ (supports both LUKS and BitLocker encryption)
 - **lvm2**: Required only if using LVM volumes
-- **Root privileges**: Script must be run as root
+- **GNU coreutils**: Required for version comparison (`sort -V`)
+- **systemd**: Required for service management
+- **Root privileges**: Script must be run as root for start/stop/unlock operations
 
 ## Configuration
 
@@ -65,10 +67,12 @@ sudo ./srv-ctl.sh start               # Start all services and mount devices
 sudo ./srv-ctl.sh stop                # Stop all services and unmount devices
 sudo ./srv-ctl.sh unlock-only         # Only unlock and mount devices
 sudo ./srv-ctl.sh stop-services-only  # Only stop services
-./srv-ctl.sh validate-config          # Validate configuration without making changes
+./srv-ctl.sh validate-config          # Validate configuration (no root required)
 ./srv-ctl.sh help                     # Show help message
 ```
 
+**Note**: The `validate-config` command does not require root privileges unless key files have restricted permissions.
+
 ## Migration from Old Format
 
 If you have an existing `config.local` from an earlier version, you'll need to update it to the new format. The main changes:

config.local.template

@@ -9,9 +9,9 @@ readonly CRYPTSETUP_MIN_VERSION="2.4.0"
 readonly ST_USER_1="none"  # Set to username to enable (e.g., "alice")
 readonly ST_USER_2="none"  # Set to username to enable (e.g., "bob")
 
-# Service names (automatically constructed)
-readonly ST_SERVICE_1="${ST_USER_1:+syncthing@${ST_USER_1}.service}"
-readonly ST_SERVICE_2="${ST_USER_2:+syncthing@${ST_USER_2}.service}"
+# Service names (automatically constructed from user names)
+readonly ST_SERVICE_1=$([ "$ST_USER_1" != "none" ] && echo "syncthing@${ST_USER_1}.service" || echo "none")
+readonly ST_SERVICE_2=$([ "$ST_USER_2" != "none" ] && echo "syncthing@${ST_USER_2}.service" || echo "none")
 readonly DOCKER_SERVICE="none"  # Set to "docker.service" to enable
 
 # -----------------------------------------------------------------------------
@@ -25,6 +25,9 @@ readonly PRIMARY_DATA_LVM_GROUP="vg-srv"  # LVM group name (used if LVM volume i
 readonly PRIMARY_DATA_UUID="none"  # Set to device UUID to enable (find with: sudo blkid)
 readonly PRIMARY_DATA_KEY_FILE="none"  # Set to key file path for automated unlock
 readonly PRIMARY_DATA_ENCRYPTION_TYPE="luks"  # Options: "luks" or "bitlocker"
+readonly PRIMARY_DATA_OWNER_USER="none"  # Set to username for mount ownership (e.g., "sync_srv")
+readonly PRIMARY_DATA_OWNER_GROUP="none"  # Set to group name for mount ownership (e.g., "sync_srv")
+readonly PRIMARY_DATA_MOUNT_OPTIONS="defaults"  # Additional mount options (umask, etc.)
 
 # -----------------------------------------------------------------------------
 # Storage devices for Syncthing service 1
@@ -37,6 +40,9 @@ readonly STORAGE_1A_LVM_GROUP="vg-srv"  # LVM group name (used if LVM volume is
 readonly STORAGE_1A_UUID="none"  # Set to device UUID to enable (find with: sudo blkid)
 readonly STORAGE_1A_KEY_FILE="none"  # Set to key file path for automated unlock
 readonly STORAGE_1A_ENCRYPTION_TYPE="luks"  # Options: "luks" or "bitlocker"
+readonly STORAGE_1A_OWNER_USER="none"  # Set to username for mount ownership (e.g., "sync_srv")
+readonly STORAGE_1A_OWNER_GROUP="none"  # Set to group name for mount ownership (e.g., "sync_srv")
+readonly STORAGE_1A_MOUNT_OPTIONS="defaults"  # Additional mount options (umask, etc.)
 
 readonly STORAGE_1B_MOUNT="storage1b"  # Mount point under /mnt/
 readonly STORAGE_1B_MAPPER="storage1b-data"  # Device mapper name
@@ -45,6 +51,9 @@ readonly STORAGE_1B_LVM_GROUP="vg-srv"  # LVM group name (used if LVM volume is
 readonly STORAGE_1B_UUID="none"  # Set to device UUID to enable (find with: sudo blkid)
 readonly STORAGE_1B_KEY_FILE="none"  # Set to key file path for automated unlock
 readonly STORAGE_1B_ENCRYPTION_TYPE="luks"  # Options: "luks" or "bitlocker"
+readonly STORAGE_1B_OWNER_USER="none"  # Set to username for mount ownership (e.g., "sync_srv")
+readonly STORAGE_1B_OWNER_GROUP="none"  # Set to group name for mount ownership (e.g., "sync_srv")
+readonly STORAGE_1B_MOUNT_OPTIONS="defaults"  # Additional mount options (umask, etc.)
 
 # -----------------------------------------------------------------------------
 # Storage devices for Syncthing service 2
@@ -57,6 +66,9 @@ readonly STORAGE_2A_LVM_GROUP="vg-srv"  # LVM group name (used if LVM volume is
 readonly STORAGE_2A_UUID="none"  # Set to device UUID to enable (find with: sudo blkid)
 readonly STORAGE_2A_KEY_FILE="none"  # Set to key file path for automated unlock
 readonly STORAGE_2A_ENCRYPTION_TYPE="luks"  # Options: "luks" or "bitlocker"
+readonly STORAGE_2A_OWNER_USER="none"  # Set to username for mount ownership (e.g., "sync_srv")
+readonly STORAGE_2A_OWNER_GROUP="none"  # Set to group name for mount ownership (e.g., "sync_srv")
+readonly STORAGE_2A_MOUNT_OPTIONS="defaults"  # Additional mount options (umask, etc.)
 
 readonly STORAGE_2B_MOUNT="storage2b"  # Mount point under /mnt/
 readonly STORAGE_2B_MAPPER="storage2b-data"  # Device mapper name
@@ -65,6 +77,9 @@ readonly STORAGE_2B_LVM_GROUP="vg-srv"  # LVM group name (used if LVM volume is
 readonly STORAGE_2B_UUID="none"  # Set to device UUID to enable (find with: sudo blkid)
 readonly STORAGE_2B_KEY_FILE="none"  # Set to key file path for automated unlock
 readonly STORAGE_2B_ENCRYPTION_TYPE="luks"  # Options: "luks" or "bitlocker"
+readonly STORAGE_2B_OWNER_USER="none"  # Set to username for mount ownership (e.g., "sync_srv")
+readonly STORAGE_2B_OWNER_GROUP="none"  # Set to group name for mount ownership (e.g., "sync_srv")
+readonly STORAGE_2B_MOUNT_OPTIONS="defaults"  # Additional mount options (umask, etc.)
 
 # -----------------------------------------------------------------------------
 # Network share configuration
@@ -74,4 +89,6 @@ readonly NETWORK_SHARE_ADDRESS="none"  # Set to share path to enable (e.g., "//s
 readonly NETWORK_SHARE_MOUNT="none"  # Set to mount name (e.g., "network")
 readonly NETWORK_SHARE_PROTOCOL="none"  # Set to protocol: "cifs", "nfs", etc.
 readonly NETWORK_SHARE_CREDENTIALS="none"  # Set to credentials file path
-readonly NETWORK_SHARE_OPTIONS="uid=1000,gid=1000,iocharset=utf8"  # Mount options
+readonly NETWORK_SHARE_OWNER_USER="none"  # Set to username for mount ownership (e.g., "sync_srv")
+readonly NETWORK_SHARE_OWNER_GROUP="none"  # Set to group name for mount ownership (e.g., "sync_srv")
+readonly NETWORK_SHARE_OPTIONS="iocharset=utf8"  # Additional mount options (vers=3.0, etc.)