+root_dev=$(awk '$2 == "/" {print $1}' /etc/mtab)
+if [[ $root_dev == /dev/dm-* ]]; then
+ for d in /dev/mapper/*; do
+ if [[ $(readlink -f $d) == "$root_dev" ]]; then
+ root_dev=$d
+ break
+ fi
+ done
+fi
+
+if cryptsetup status $root_dev &>/dev/null; then
+ crypt_dev=$root_dev
+else # if we are in a recovery boot, find the next best crypt device
+ noauto=,noauto
+ for dev in $(dmsetup ls --target crypt | awk '{print $1}'); do
+ dev=/dev/mapper/$dev
+ if awk '{print $1}' /etc/mtab | grep -Fx $dev &>/dev/null; then
+ crypt_dev=$dev
+ break
+ fi
+ done
+fi
+
+
+fstab <<EOF
+$crypt_dev /a btrfs noatime,subvol=a$noauto 0 0
+EOF
+
+shopt -s nullglob
+
+# ssh and probably some other things care about parent directory
+# ownership, and ssh doesn\'t allow any group writable parent
+# directories, so we are forced to use a directory structure similar
+# to home directories
+f=(/mnt/root/btrbk/q.*); f=${f[0]}
+if [[ -e $f ]]; then
+ fstab <<EOF
+$crypt_dev /q btrfs noatime,subvol=q,gid=1000$noauto 0 0
+/q/p /p none bind$noauto 0 0
+EOF
+fi
+
+f=(/mnt/root/btrbk/o.*); f=${f[0]}
+if [[ -e $f ]]; then
+ fstab <<EOF
+$crypt_dev /o btrfs noatime,subvol=o$noauto 0 0
+/o/m /m none bind$noauto 0 0