Add encrypted cloud storage
Very useful if Nextcloud is running as snap or having limited FS access for other reasons. Taking OneDrive as example.
Created out of memory, so may be spotty.
Create encrypted mount¶
-
To encrypt the storage, follow the rclone documentation:
-
Create a secure SFTP user:
-
Prepare jail dir
-
Create user
-
Fix permissions and add symlinks
-
Add match block for that user to the end of the
/etc/ssh/sshd_config/
, (/etc/ssh/sshd_config.d/
didn’t work, didn’t bother to check why), may need to addMatch All
at the end of the block: -
Restart ssh
-
-
Create a systemd unit file for the
rclone mount
command (adapted from here), e.g./etc/systemd/system/nextcloud-mount-encrypted.service
[Unit] Description=Mount encrypted OneDrive (rclone) AssertPathIsDirectory=/srv/jail/nextcloud-mounts/home/onedrive-encrypted After=network.target [Service] Type=simple ExecStart=/usr/bin/rclone mount \ --allow-other \ --buffer-size=250M \ --cache-chunk-path=/tmp/rclone/chunks \ --cache-db-path=/tmp/rclone/db \ --cache-dir=/tmp/rclone/vfs \ --cache-info-age=30m \ --cache-tmp-upload-path=/tmp/rclone/onedrive-encrypted \ --cache-workers=8 \ --cache-writes \ --checkers=16 \ --dir-cache-time=30m \ --drive-use-trash \ --gid=1001 \ # GID of nextcloud-mounts user --no-modtime \ --stats=0 \ --uid=1001 \ # UID of nextcloud-mounts user --vfs-cache-mode=full \ --vfs-disk-space-total-size=1G \ --vfs-cache-max-size=1G \ onedrive-encrypted:/rclone /srv/jail/nextcloud-mounts/home/onedrive-encrypted ExecStop=/bin/fusermount -u /srv/jail/nextcloud-mounts/home/onedrive-encrypted Restart=always RestartSec=10 # rclone serve may exit with 143, see: https://forum.rclone.org/t/cant-gracefully-close-rclone-mount/31490/21 SuccessExitStatus=143 [Install] WantedBy=default.target
-
Start and enable the service
-
Create a SSH key for Nextcloud
-
Add to
authorized_keys
ofnextcloud-mounts
user (.ssh
dir may require creation andchmod
ing)
Add mount to Nextcloud¶
- Add “External Storage Support” Addon
-
Add SFTP backend
- Authentication: RSA private key
- Host:
localhost
- Root:
/srv/jail/nextcloud-mounts/home/onedrive-encrypted
- Username:
nextcloud-mounts
- Private Key: The key we created before
Created : March 23, 2023