#!/bin/bash

# 1. Open LUKS devices and sets up a mapping under /dev/mapper/
cryptsetup luksOpen /dev/sda guests
cryptsetup luksOpen /dev/sdb magnetic
echo "Device mappings:" `find /dev/mapper/ -type l`

# 2. Mount LUKS volumes
mount --verbose /dev/mapper/guests    /srv/guests
mount --verbose /dev/mapper/magnetic  /srv/magnetic

# 3. Create a bind-mounts so we are not on the unecryped root volume
mount --verbose --bind /srv/guests/lib/docker   /var/lib/docker
mount --verbose --bind /srv/guests/docker       /opt/docker
mount --verbose --bind /srv/guests/lib/libvirt  /var/lib/libvirt
mount --verbose --bind /srv/guests/etc/libvirt  /etc/libvirt

# 4. Start docker and libvird 
# Those services should have been disabled
# systemctl disable docker libvirtd libvirt-guests
systemctl start docker &
sleep 2 && systemctl status --no-pager docker
systemctl start libvirtd &
sleep 2 && systemctl status --no-pager libvirtd
systemctl start libvirt-guests &
sleep 2 && systemctl status --no-pager libvirt-guests 

# 4. Fix forward chain which was set to default deny by docker
# so our KVM containers on br0 have access to the network
iptables -v -A FORWARD -i br0 -o br0 -j ACCEPT

# Start docker containers
# docker-compose --file /opt/docker/proxy/docker-compose.yml up --detach reverse-proxy