thekelvinliu/lsio-mod-gocryptfs
add gocryptfs to a linuxserver docker container to mount encrypted directories and files
lsio-mod-gocryptfs
add gocryptfs to a linuxserver docker container to mount encrypted directories and files
usage
this docker mod requires fuse, meaning docker containers must be privileged and have access to /dev/fuse on the host.
for example with docker compose:
---
services:
code:
image: lscr.io/linuxserver/code-server:latest
environment:
DOCKER_MODS: "thekelvinliu/lsio-mod-gocryptfs:latest"
PGID: 1000
PUID: 1000
privileged: true
devices:
- /dev/fuse:/dev/fuse
volumes:
- /path/to/cipher/directories:/encrypted
- ./config/gocryptfs:/gocryptfsconfiguration
the main config file for this docker mod is a csv file, which is expected at /gocryptfs/mounts.csv by default.
this location can be changed using the GOCRYPTFS_MOUNTS_FILE environment variable.
the csv enables multiple gocryptfs cipher directories to be mounted at once.
each line in the file corresponds to a single gocryptfs mount and contains:
name: used in the service name that manages the mountcipherdir: path to gocryptfs-encrypted cipher directorymountpoint: path to gocryptfs mountpointpassfile: path to a plaintext file containing the gocryptfs password
here's an example csv file that defines two mounts:
name,cipherdir,mountpoint,passfile
company-secrets,/encrypted/company-secrets,/decrypted/secrets,/gocryptfs/company-secrets-pass
personal-documents,/encrypted/personal-documents,/decrypted/docs,/gocryptfs/personal-documents-passonce the gocryptfs services start,
/decrypted/secrets will contain the unencrypted directories and files of the encrypted /encrypted/company-secrets.
and similarly,
/decrypted/docs will contain the unencrypted directories and files from /encrypted/personal-documents.