05-mount-vault.sh

Unlocks and mounts the LUKS2 encrypted code vault. Opens ~/.vault.img via cryptsetup and mounts it at ~/Code.

Usage

bash

bash scripts/05-mount-vault.sh [--dry-run] [--help]

You will be prompted for your LUKS passphrase via sudo cryptsetup open.

Flag	Description
`--dry-run`	Preview all actions without modifying the system
`--help`	Show usage information and exit

What It Does

Check if already mounted — if ~/Code is already a mount point (detected via findmnt), exits cleanly with a success message
Verify vault image — confirms ~/.vault.img exists; errors if not found
Open LUKS container — runs cryptsetup open if /dev/mapper/code_vault does not already exist
Mount — mounts the decrypted device at ~/Code
Set ownership — runs chown on the mount point (not recursive)

Idempotent Behaviour

The script is safe to run multiple times. If the vault is already mounted, it exits immediately without error. If the LUKS container is already open but not mounted, it skips the cryptsetup open step and proceeds to mount.

Files Modified

Path	Purpose
`~/Code`	Mount point (created if missing)
`/dev/mapper/code_vault`	LUKS device mapper entry (opened)

Prerequisites

~/.vault.img must exist (created by 00-setup-vault.sh)
cryptsetup installed
sudo access for cryptsetup open, mount, and chown

Source

View the full source on GitHub.

05-mount-vault.sh ​

Usage ​

What It Does ​

Idempotent Behaviour ​

Files Modified ​

Prerequisites ​