Improve encfs cookbook

Fix some things, and prepare for path-based activation. Also, comment
the buggy initial dir creation and explain manual provisioning in README
for now.

site-cookbooks/kosmos_encfs/recipes/default.rb

@@ -35,11 +35,17 @@ mount_directory = "/mnt/data"
 
 template "/usr/local/bin/mount_encfs" do
   source "mount_encfs.erb"
-  mode "0700"
+  mode "0755"
   variables encrypted_directory: encrypted_directory,
             mount_directory: mount_directory
 end
 
+template "/usr/local/bin/unmount_encfs" do
+  source "unmount_encfs.erb"
+  mode "0700"
+  variables mount_directory: mount_directory
+end
+
 execute "systemctl daemon-reload" do
   command "systemctl daemon-reload"
   action :nothing
@@ -50,19 +56,22 @@ directory mount_directory do
   mode "0775"
 end
 
-execute "create encrypted file system" do
-  command <<-EOF
-echo "y\\\n
-y\\\n
-p\\\n
-#{encfs_password}\\\n
-#{encfs_password}\\\n
-" | encfs #{encrypted_directory} #{mount_directory} --public --stdinpass
-  EOF
-  sensitive true
-  not_if { ::File.exist?(encrypted_directory) }
-end
+# FIXME the password that is stored using this script does not match the actual password
+# execute "create encrypted file system" do
+#   command <<-EOF
+# echo "y\\\n
+# y\\\n
+# FIXME paranoia mode breaks hard links, which postgres relies on
+# p\\\n
+# #{encfs_password}\\\n
+# #{encfs_password}\\\n
+# " | encfs #{encrypted_directory} #{mount_directory} --public --stdinpass
+#   EOF
+#   sensitive true
+#   not_if { ::File.exist?(encrypted_directory) }
+# end
 
+# FIXME there seems to be half a comment missing here
 # The service will automatically 
 cookbook_file "/lib/systemd/system/encfs.service" do
   source "encfs.service"