Optional, Highly Recommended
SSHFS can be used as a Docker volume driver to provide shared, persistent storage over the swarm. In this configuration, a single container maps a local drive and shares it over SSHFS. Any client with a valid SSH key can connect and mount this share, based on permissions set by the SSHFS server container.
We leverage the swarm to run our SSHFS server in a container.
(Optional, Highly Recommended)The local volume mount serving the SSHFS share should be backed by some type of redundant media: some options include a RAID setup or a mirrored ZFS pool.(Optional, Recommended)The local volume mount serving the SSHFS share should include some form of perdiodic offsite backup. Some options include an rsync cronjob, a cached, optionally-encrypted rclone mount to a cloud provider.FILE_SSH_PRIVATE_KEY="sshfs_key"
FILE_SSH_PUBLIC_KEY="sshfs_key.pub"
# Generate a ed25519 keypair, with no passphrase
ssh-keygen -a 100 -t ed25519 -f $FILE_SSH_PRIVATE_KEY -q -N ""
# Create secrets
cat $FILE_SSH_PUBLIC_KEY | docker secret create SSHFS_SSH_KEY_PUBLIC -
cat $FILE_SSH_PRIVATE_KEY | docker secret create SSHFS_SSH_KEY_PRIVATE -
# Remove the generated keys
rm $FILE_SSH_PRIVATE_KEY $FILE_SSH_PUBLIC_KEY