Finish initial encfs cookbook and postgres adaptations

site-cookbooks/kosmos_encfs/attributes/default.rb

@@ -0,0 +1 @@
+node.default["kosmos_encfs"]["data_directory"] = "/mnt/data"

site-cookbooks/kosmos_encfs/recipes/default.rb

@@ -31,7 +31,7 @@ encfs_password = encfs_data_bag_item["password"]
 package "encfs"
 
 encrypted_directory = "/usr/local/lib/encrypted_data"
-mount_directory = "/mnt/data"
+mount_directory = node["kosmos_encfs"]["data_directory"]
 
 template "/usr/local/bin/mount_encfs" do
   source "mount_encfs.erb"
@@ -53,7 +53,7 @@ end
 
 directory mount_directory do
   action :create
-  mode "0775"
+  mode "0755"
 end
 
 # FIXME the password that is stored using this script does not match the actual password

site-cookbooks/kosmos_encfs/resources/encfs_path_activation_unit.rb

@@ -0,0 +1,21 @@
+resource_name :encfs_path_activation_unit
+
+property :service_name, String, required: true, name_property: true
+
+action :create do
+  systemd_unit "#{new_resource.service_name}.path" do
+    content <<-EOF
+[Unit]
+Description=Start #{new_resource.service_name} when encrypted data directory is mounted
+
+[Path]
+PathExists=/tmp/data-dir-mounted.txt
+Unit=#{new_resource.service_name}
+
+[Install]
+WantedBy=multi-user.target
+    EOF
+    triggers_reload true
+    action [:create, :enable, :start]
+  end
+end

site-cookbooks/kosmos_encfs/templates/mount_encfs.erb

@@ -1,4 +1,5 @@
 #!/bin/sh
 
 systemd-ask-password --echo "encfs password:" | encfs <%= @encrypted_directory %> <%= @mount_directory %> --public --stdinpass
+/bin/chmod go+rx <%= @mount_directory %>
 echo "Encrypted data directory mounted as <%= @mount_directory %>" > /tmp/data-dir-mounted.txt

site-cookbooks/kosmos_encfs/templates/systemd_unit.path.erb

@@ -1,9 +0,0 @@
-[Unit]
-Description=Start <%= @service_unit %> when encrypted data directory is mounted
-
-[Path]
-PathExists=/tmp/data-dir-mounted.txt
-Unit=<%= @service_unit %>
-
-[Install]
-WantedBy=multi-user.target