rclone SystemD service

[email protected]

# Install:
# cp [email protected] ~/.config/systemd/user/ && systemctl --user enable --now rclone-mount@$CLOUD_NAME
# Where $CLOUD_NAME is a section name from rclone.conf

[Unit]
Description=RClone mount: %i
Documentation=man:rclone(1)
After=network.target
Wants=network-online.target
StartLimitIntervalSec=300
StartLimitBurst=3

[Service]
Type=notify
#Restart=on-failure
#User=%u

ExecStartPre=-/bin/fusermount -uz %h/mnt/rclone/%i
ExecStartPre=/usr/bin/mkdir -p %h/logs/
ExecStartPre=/usr/bin/touch %h/logs/rclone-%i.log
ExecStartPre=/usr/bin/mkdir -p %h/mnt/rclone/%i

ExecStart=/usr/bin/rclone mount \
	            --config %h/.config/rclone/rclone.conf \
	    --vfs-cache-mode full \
	--vfs-cache-max-size 30G \
	 --vfs-cache-max-age 8760h \
	    --dir-cache-time 1s \
	     --poll-interval 30s \
	         --log-level DEBUG \
	          --log-file %h/logs/rclone-%i.log \
	             --umask 022 \
	--allow-other \
	%i: %h/mnt/rclone/%i

ExecStop=/bin/fusermount -uz %h/mnt/rclone/%i

[Install]
WantedBy=default.target

[email protected]

# Install:
# cp [email protected] ~/.config/systemd/user/ && systemctl --user enable --now rclone-sync@$CLOUD_NAME
# Where $CLOUD_NAME is a section name from rclone.conf

[Unit]
Description=RClone Sync: %i
Documentation=man:rclone(1)
After=network.target
Wants=network-online.target
Conflicts=rclone-sync@%i.service

[Service]
Type=oneshot
RuntimeDirectory=rclone-sync/%i
LogsDirectory=logs

ExecStartPre=-/usr/bin/mkdir -p "%h/logs"
ExecStartPre=-/usr/bin/mkdir -p "%h/mnt/rclone-sync/%i"
ExecStartPre=-/usr/bin/touch "%h/logs/rclone-sync-%i.log"
ExecStartPre=-/usr/bin/rclone mkdir "%i:/" --config "%h/.config/rclone/rclone.conf"
ExecStartPre=-/usr/bin/rclone bisync "%h/mnt/rclone-sync/%i" "%i:" \
	--resync \
	--config %h/.config/rclone/rclone.conf \
	--log-file "%h/logs/rclone-sync-%i.log"

ExecStart=/usr/bin/rclone bisync "%h/mnt/rclone-sync/%i" "%i:" \
	--config "%h/.config/rclone/rclone.conf" \
	--log-level DEBUG \
	--log-file "%h/logs/rclone-sync-%i.log" \
	--compare modtime \
	--resilient \
	--retries 3

ExecStartPost=/bin/rm -f "%h/mnt/rclone-sync/%i/.sync.placeholder"

[Install]
WantedBy=default.target

[email protected]

# Install:
# cp [email protected] ~/.config/systemd/user/ && systemctl --user enable --now rclone-sync@$CLOUD_NAME.timer
# Where $CLOUD_NAME is a section name from rclone.conf

[Unit]
Description=RClone Sync Timer for %i (Every 5 Minutes)
Documentation=man:rclone(1)

[Timer]
OnCalendar=*:0/5
Persistent=true
RandomizedDelaySec=30
Unit=rclone-sync@%i.service

Requires=network-online.target
After=network-online.target

AccuracySec=15s

[Install]
WantedBy=timers.target

rclone.conf.gen.sh

#!/usr/bin/env bash

CONFIG_FILE="${HOME}/.config/rclone/rclone.conf"

# Create config directory if not exists
mkdir -p "${HOME}/.config/rclone"

# Function to securely read passwords
read_password() {
	unset password
	prompt="$1"
	while IFS= read -p "$prompt" -r -s -n 1 char; do
		if [[ $char == $'\0' ]]; then
			break
		fi
		prompt='*'
		password+="$char"
	done
	echo
	echo "$password"
}

# Collect WebDAV configuration
echo "Enter WebDAV configuration details:"
read -p "  Remote name (e.g., "MyCloud"): " webdav_name
read -p "  Server URL (e.g., https://server.tld/remote.php/dav/files/[email protected]): " webdav_url
read -p "  User email: " webdav_user
webdav_pass=$(read_password "  WebDAV password: ")

# Collect Crypt configuration
echo -e "\nEnter Crypt configuration details:"
crypt_pass=$(read_password "  Encryption password: ")
crypt_salt=$(read_password "  Encryption salt (password2): ")

# Generate configuration
cat <<EOF | tee -a "$CONFIG_FILE" >/dev/null

[${webdav_name}]
type = webdav
url = ${webdav_url}
vendor = nextcloud
user = ${webdav_user}
pass = $(rclone obscure "${webdav_pass}")

[${webdav_name}Crypt]
type = crypt
remote = ${webdav_name}:_Crypt
password = $(rclone obscure "${crypt_pass}")
password2 = $(rclone obscure "${crypt_salt}")
description = Encrypted MyCloud

[${webdav_name}Plain]
type = alias
remote = ${webdav_name}:_Plain
EOF

echo -e "\nConfiguration saved to ${CONFIG_FILE}"
echo "Set permissions: chmod 600 ${CONFIG_FILE}"

rclone.crypt.md

Steps

1. do rclone config, set up remote of plain type (e.g. "google drive", call it gclone)
2. do rclone config, set up remote of type crypt (call it gcrypt), pointing to the previous remote (gclone)
3. mount crypt remote in the OS
4. put encrypted files in a plain remote subfolder (type it like gcrypt:subfolder/subfolder2), folders will be created automatically

Setup

example

# New remote
n/s/q> n
name> secret
Storage> crypt
remote> "gclone:path/to/dir"

# Encrypt filenames
# encrypt (1 / "standard")
# simple (2 / "obfuscate")
# no (Adds ".bin") (3 / "off")
filename_encryption>1

# encrypt dir names (If filename_encryption is "off" then this will do nothing)
# Encrypt (1 / "true")
# Don't (2 / "false")
directory_name_encryption>1

# Password or pass phrase for encryption.
# y) Yes type in my own password
# g) Generate random password
y/g> y

# Enter the password:
password:

# Confirm the password:
password:

# Password salt (Optional, different to password)
# y) own
# g) random
# n) blank (default)
y/g/n> g

# Password strength bits (64 -> 1024)
Bits> 128

# Use password? obscured password will be stored in .conf
# keep this generated password in a safe place
# y) Yes (default)
# n) No
y/n>y

# Edit advanced config? (y/n)
# y) Yes
# n) No (default)
y/n>y

# Remote config
# --------------------
# [gcrypt]
# type = crypt
# remote = gclone:path
# password = *** ENCRYPTED ***
# password2 = *** ENCRYPTED ***
# --------------------
# y) OK (default)
# e) Edit
# d) Delete
y/e/d>y

rclone.example.conf

[MyCloud]
type = webdav
url = https://server.tld/remote.php/dav/files/[email protected]
vendor = nextcloud
user = [email protected]
pass = <rclone obscured pass>

[MyCloudCrypt]
type = crypt
remote = MyCloud:_Crypt
password = <rclone obscured password>
password2 = <rclone obscured password2>
description = Encrypted MyCloud

[MyCloudPlain]
type = alias
remote = MyCloud:_Plain