pub async fn destroy_encrypted_volume(id: u32) -> Result<()>Expand description
Tear down everything create_encrypted_volume set up. Idempotent
— never errors on “already gone”. Order matters:
- umount the ext4 (releases the kernel block device handle)
- luksClose (releases the mapper entry + the LUKS key from keyring memory)
- luksErase (overwrites all keyslots → the underlying file’s ciphertext is unrecoverable, even if the operator copied the file before this step ran)
- rm the sparse file (free disk space; defense-in-depth even after luksErase)
- rmdir the mountpoint (cosmetic; keeps /var/lib/paygress/mounts tidy)