#!/bin/sh

mount_encrypted() {
  ! mount | grep -q " $1 " && echo "$passphrase" | sudo mount -t ecryptfs "$1" "$2" \
    -o ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,ecryptfs_sig=$ecryptfs_sig,ecryptfs_fnek_sig=$fnek_sig,key=passphrase:passphrase_passwd=$(printf '%s' "$passphrase")
}

attempt_mount() {
  if mount | grep -q " $2 "; then
    if sudo umount "$2"; then
      notify-send "🔒 Locked: $3"
    else
      notify-send "❗ Unable to lock" "Mounted: $3"
    fi
  else
    ecryptfs_sig=$(pass show encryption/ecryptfs-sig-"$4")
    fnek_sig=$ecryptfs_sig
    passphrase=$(pass show encryption/ecryptfs)
    [ -z "$passphrase" ] && {
      notify-send "❌ Failed to retrieve passphrase."
      exit 1
    }
    mount_encrypted "$1" "$2" && notify-send "🔑 Unlocked: $3"
  fi
}

targets="$HOME/.secret"
mounts="$HOME/Private"
pw="default"
set -- $mounts # Set positional parameters to mounts
i=1
for target in $targets; do
  mp=$(eval echo "\$$i")            # Get the mount point using indirect expansion
  path=$(basename "$mp")            # Extract last directory component
  pw=$(echo "$pw" | cut -d' ' -f$i) # Get the corresponding passthrough option

  attempt_mount "$target" "$mp" "$path" "$pw"
  i=$((i + 1))
done