Because VPS with storage are quite expensive I was looking for a cheap way to store my backups and media in the cloud without the fear of Google or Amazon having my whole data.
Google Drive Business
With google drive it’s pretty cheap to have “unlimited” online storage, their business plan includes unlimited storage (1TB per user if fewer than 5 users). But the limit of 1TB per user is not enforcing. Here’s a link to their pricing page.
But how should I mount it? rclone!
This is where an open source project comes in handy, rclone. It lets you FUSE mount google drive and some other cloud providers (Amazon Drive, Amazon S3, Backblaze B2, Dropbox, …) to use them as block sotrage.
But the best part: it enables you to encrypt every file you store on this mount and even the file names.
Install rclone
To install rclone on Linux just run following command:
curl https://rclone.org/install.sh | sudo bash
If you don’t trust the Script you can also manually download and install rclone, you can find help over here you can also find versions for other Platforms in their download section.
Now you can test your install with rclone version and you will get something like that:
rclone v1.48.0-099-gc2635e39-beta
- os/arch: linux/amd64
- go version: go1.12.7
Configure rclone
To configure rclone you can use a config file or the config command.
We will use the config command as follows:
rclone config
It will now ask you to create a new remote, press n to do so. First of all you need to choose a name for your remote,
I’ll be using GD for my googledrive.
Next you’ll be choosing the backend, in this case we’ll be using drive which stands for Google Drive.
For the next step we’ll need an API Key from Google, you can obtain one at your API Console. You need to create a project here, and enable the Google Drive API under “ENABLE APIS AND SERVICES”. After that you’ll need to click on “Credentials” (not “Create credentials”), then Create credentials, then “OAuth client ID”. You will be prompted to set the OAuth screen product name, if you haven’t set one yet. Now choose application type “other” and “Create”. Now you will be shown a client ID and client secret use this two values in your rclone config.
You won’t need the advanced config, so skip this for now.
If you are configuring rclone on a remote/headless machine you’ll need to use manual config so say now to auto config and follow the steps described by rclone.
We won’t configure this as a Team Drive so no to the next question.
After that you’ll be shown the configfile and it will be OK, so just say yes.
Encrypting your data
To encrypt the data which is uploaded to your remote we need to make some changes to your rclone config.
To do so we need to run rclone config again and press n to add a new remote, I’ll call it gcrypt. Next we’ll need to choose 9 (crypt) after that you need to enter the remote you created in the last step, in my case it’s GD.
The next step is filename encryption, I’d suggest to use 2 (standard) after that it’s all about directoryname encryption choose 1 to encrypt directory names.
Here’s the important step either choose your own password to encrypt files or let rclone generate a random one. This password will be stored encrypted in your rclone.conf but store this password in a safe place, if you loose it you’ll lose access to your data. Same rules apply to the next step: Password for salt.
Congratulations you made it!
Mount on startup
To auto mount your drive on boot you can use a service file for systemd.
Just create a .service file under /etc/systemd/system.
If you encrypted your data use the name of your encrypted remote.
/etc/systemd/system/rclone-gmedia.service:
[Unit]
Description=RClone Service
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
Environment=RCLONE_CONFIG=/etc/rclone/rclone.conf
ExecStart=/usr/bin/rclone mount <your remote name goes here>: <your mountpath goes here> \
--allow-other \
--log-level INFO \
--log-file /var/log/rclone.log \
--umask 002
Restart=on-failure
User=<your user goes here>
Group=<your group goes here>
[Install]
WantedBy=multi-user.target
After that you are able to start and stop your mount with systemctl as follows:
| action | command |
|---|---|
| start | systemctl start rclone-gmedia |
| stop | systemctl stop rclone-gmedia |
| check status | systemctl status rclone-gmedia |
| add to autostart | systemctl enable rclone-gmedia |
If you want to know how to make your setup even better check out my new post.