Skip to content

Instantly share code, notes, and snippets.

@DominikStyp

DominikStyp/99-usb-mount.rules

Last active February 10, 2025 00:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save DominikStyp/b522759b6db51a200b0b958aa5b7534d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save DominikStyp/b522759b6db51a200b0b958aa5b7534d to your computer and use it in GitHub Desktop.
Download ZIP
Veracrypt and Samba installation on RaspberryPI and share encrypted drives in Windows 11 via local WiFi
Raw
99-usb-mount.rules
# /etc/udev/rules.d/99-usb-mount.rules
# --property=KillMode=none important to NOT kill the veracrypt service when action finishes
ACTION=="add", KERNEL=="sd[a-z]*", SUBSYSTEM=="block", ENV{UDISKS_IGNORE}="1", \
RUN+="/usr/bin/systemd-run --property=KillMode=none /home/dominik/mountDisks.sh"
Raw
99-usb-unmount.rules
# /etc/udev/rules.d/99-usb-unmount.rules
ACTION=="remove", KERNEL=="sd[a-z]*", SUBSYSTEM=="block", \
RUN+="/usr/bin/systemd-run --no-block /home/dominik/unmountDisks.sh"
Raw
addDiskToMountQueue.sh
#!/bin/bash
LOGFILE="/home/dominik/mount-udev-logs.txt"
DEVICE_NAME="$1"
echo "---- Adding /dev/$DEVICE_NAME to mount queue at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
echo "$DEVICE_NAME" >> /tmp/mount-queue.txt
chmod 777 /tmp/mount-queue.txt
Raw
crontab
# run every 10 seconds
* * * * * /home/dominik/mountQueueWorker.sh >> /home/dominik/mount-udev-logs.txt 2>&1
* * * * * sleep 10; /home/dominik/mountQueueWorker.sh >> /home/dominik/mount-udev-logs.txt 2>&1
* * * * * sleep 20; /home/dominik/mountQueueWorker.sh >> /home/dominik/mount-udev-logs.txt 2>&1
* * * * * sleep 30; /home/dominik/mountQueueWorker.sh >> /home/dominik/mount-udev-logs.txt 2>&1
* * * * * sleep 40; /home/dominik/mountQueueWorker.sh >> /home/dominik/mount-udev-logs.txt 2>&1
* * * * * sleep 50; /home/dominik/mountQueueWorker.sh >> /home/dominik/mount-udev-logs.txt 2>&1
Raw
installVeracryptAndSamba.sh
#!/bin/bash
echo "📌 Updating system..."
sudo apt update && sudo apt upgrade -y
echo "📌 Installing VeraCrypt and Samba..."
sudo apt-get install -y git build-essential pkg-config libwxgtk3.2-dev libfuse-dev \
libssl-dev libcurl4-openssl-dev libxml2-dev intltool
sudo apt-get install -y libpcsclite-dev
# for queueing tasks
sudo apt install -y at
echo "dominik" | sudo tee -a /etc/at.allow
# for Debian 12 its necessary to install all the dependencies in case of older veracrypt-1.25.9
# otherwise problems with .deb package installation occurs
# yet NEWER VERSION CAN'T BE INSTALLED NOW SINCE IT DOESN'T SUPPORT TRUECRYPT DRIVES !!!!
wget http://snapshot.debian.org/archive/debian/20210902T091118Z/pool/main/t/tiff/libtiff5_4.2.0-1_arm64.deb && \
wget http://snapshot.debian.org/archive/debian/20210902T091118Z/pool/main/libw/libwebp/libwebp6_0.6.1-2.1_arm64.deb && \
wget http://snapshot.debian.org/archive/debian/20210902T091118Z/pool/main/w/wxwidgets3.0/libwxbase3.0-0v5_3.0.5.1+dfsg-2+b1_arm64.deb && \
wget http://snapshot.debian.org/archive/debian/20210902T091118Z/pool/main/w/wxwidgets3.0/libwxgtk3.0-gtk3-0v5_3.0.5.1+dfsg-2+b1_arm64.deb && \
wget https://launchpad.net/veracrypt/trunk/1.25.9/+download/veracrypt-1.25.9-Debian-11-arm64.deb && \
sudo dpkg -i libwebp6_0.6.1-2.1_arm64.deb && \
sudo dpkg -i libtiff5_4.2.0-1_arm64.deb && \
sudo dpkg -i libwxbase3.0-0v5_3.0.5.1+dfsg-2+b1_arm64.deb && \
sudo dpkg -i libwxgtk3.0-gtk3-0v5_3.0.5.1+dfsg-2+b1_arm64.deb && \
sudo dpkg -i veracrypt-1.25.9-Debian-11-arm64.deb && \
sudo apt-get install -f
veracrypt --test
#clenup
cd ../.. && sudo rm -rf ./VeraCrypt
sudo apt install -y samba ntfs-3g
echo "📌 Creating mount directories..."
sudo mkdir -p /mnt/usb1
sudo mkdir -p /mnt/usb2
echo "📌 Creating password file for VeraCrypt..."
sudo bash -c 'echo "YourPassword" > /home/dominik/veracrypt-pass.txt'
sudo chmod 600 /home/dominik/veracrypt-pass.txt
echo "📌 Setting correct permissions for mount directories..."
sudo chmod -R 777 /mnt/usb1 /mnt/usb2
sudo chown -R dominik:dominik /mnt/usb1 /mnt/usb2
echo "📌 Configuring Samba..."
sudo bash -c 'cat >> /etc/samba/smb.conf <<EOF
[USB_DRIVES]
path = /mnt/usb_drives
browseable = yes
read only = no
create mask = 0777
directory mask = 0777
public = no
valid users = dominik
follow symlinks = yes
EOF'
echo "📌 Restarting Samba..."
sudo systemctl restart smbd
echo "📌 Creating Samba user..."
sudo smbpasswd -a dominik # here you will provide a password for the samba user
echo "✅ Setup complete! Check access to \\$(hostname) in Windows!"
Raw
mountDiskFromQueue.sh
#!/bin/bash
LOGFILE="/home/dominik/mount-udev-logs.txt"
DEVICE_NAME="$1"
# changes sda1 and sdb1 to usb1 etc.
USB_DEVICE_NAME=$(echo "$DEVICE_NAME" | sed -E 's/sd[a-z]([0-9]+)/usb\1/')
echo "---- mount udev /dev/$DEVICE_NAME to /usb/$USB_DEVICE_NAME begin: $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
LOCKFILE="/tmp/veracrypt-mount-udev-$DEVICE_NAME.lock"
# Prevent multiple simultaneous runs.
if [ -e "$LOCKFILE" ]; then
echo "Already running, exiting..." >> "$LOGFILE"
exit 1
fi
touch "$LOCKFILE"
trap 'rm -f "$LOCKFILE"' EXIT
# Wait for the partition nodes to be ready
sleep 5
PASS=$(cat /home/dominik/disk-pass.txt)
# Mount /dev/sda1 if not already mounted.
if ! /usr/bin/veracrypt -t -l | grep -q "/mnt/$USB_DEVICE_NAME"; then
echo "Mounting /dev/$DEVICE_NAME to /mnt/$USB_DEVICE_NAME" >> "$LOGFILE"
/usr/bin/veracrypt --truecrypt --text -m nokernelcrypto \
--keyfiles="" --protect-hidden=no \
--password="$PASS" \
--fs-options="uid=1000,gid=1000,umask=000,dmask=000,fmask=111" \
/dev/$DEVICE_NAME /mnt/$USB_DEVICE_NAME >> "$LOGFILE" 2>&1
fi
Raw
mountDisks.sh
#!/bin/bash
LOGFILE="/home/dominik/mount-logs.txt"
echo "---- mount $1 begin: $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
LOCKFILE="/tmp/veracrypt-mount.lock"
# Prevent multiple simultaneous runs.
if [ -e "$LOCKFILE" ]; then
echo "Already running, exiting..." >> "$LOGFILE"
exit 1
fi
touch "$LOCKFILE"
trap 'rm -f "$LOCKFILE"' EXIT
# resets the failed services
sudo systemctl reset-failed
# Wait for the partition nodes to be ready
sleep 10
PASS=$(cat /home/dominik/disk-pass.txt)
# Mount /dev/sda1 if not already mounted.
if ! /usr/bin/veracrypt -t -l | grep -q "/mnt/usb1"; then
echo "Mounting /dev/sda1 to /mnt/usb1" >> "$LOGFILE"
/usr/bin/veracrypt --truecrypt --text -m nokernelcrypto \
--keyfiles="" --protect-hidden=no \
--password="$PASS" \
--fs-options="uid=1000,gid=1000,umask=000,dmask=000,fmask=111" \
/dev/sda1 /mnt/usb1 >> "$LOGFILE" 2>&1
fi
# Mount /dev/sda2 if not already mounted.
if ! /usr/bin/veracrypt -t -l | grep -q "/mnt/usb2"; then
echo "Mounting /dev/sda2 to /mnt/usb2" >> "$LOGFILE"
/usr/bin/veracrypt --truecrypt --text -m nokernelcrypto \
--keyfiles="" --protect-hidden=no \
--password="$PASS" \
--fs-options="uid=1000,gid=1000,umask=000,dmask=000,fmask=111" \
/dev/sda2 /mnt/usb2 >> "$LOGFILE" 2>&1
fi
# Restart Samba to pick up the new mounts.
echo "Restarting smbd..." >> "$LOGFILE"
systemctl restart smbd >> "$LOGFILE" 2>&1
echo "---- mount $1 finished: $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
Raw
mountQueueWorker.sh
#!/bin/bash
LOGFILE="/home/dominik/mount-udev-logs.txt"
QUEUE_FILE="/tmp/mount-queue.txt"
# Prevent multiple instances of the worker
LOCKFILE="/tmp/mount-queue-worker.lock"
if [ -e "$LOCKFILE" ]; then
echo "---- Worker already running, exiting at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
exit 0
fi
touch "$LOCKFILE"
trap 'rm -f "$LOCKFILE"' EXIT
# Check if the queue file exists
if [ ! -f "$QUEUE_FILE" ]; then
# echo "---- Queue file $QUEUE_FILE does not exist, exiting at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
exit 0
fi
# Check if the queue file is empty
if [ ! -s "$QUEUE_FILE" ]; then
# echo "---- Queue file $QUEUE_FILE is empty, exiting at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
exit 0
fi
echo "---- Worker started at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
# Process the queue
while IFS= read -r DEVICE_NAME || [ -n "$DEVICE_NAME" ]; do
# Skip empty lines
if [ -z "$DEVICE_NAME" ]; then
# echo "---- Skipping empty line in queue at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
continue
fi
# Execute the user-space mount script
/home/dominik/mountDiskFromQueue.sh "$DEVICE_NAME"
# Safely remove the first line from the queue
sed '1d' "$QUEUE_FILE"
# tail -n +2 "$QUEUE_FILE" > "$QUEUE_FILE.tmp" && mv "$QUEUE_FILE.tmp" "$QUEUE_FILE"
done < "$QUEUE_FILE"
echo "---- Worker finished at $(date '+%Y-%m-%d %H:%M:%S') ---" >> "$LOGFILE"
sudo rm "$QUEUE_FILE"
Raw
smb.conf
#======================= Global Settings =======================
[global]
unix extensions = no
wide links = yes
# ....
# ....
[USB_DRIVES]
path = /mnt/usb_drives
browseable = yes
read only = no
create mask = 0777
directory mask = 0777
public = no
valid users = dominik
follow symlinks = yes
Raw
unmountDisks.sh
#!/bin/bash
LOGS="/home/dominik/mount-logs.txt"
echo "--- $(date '+%Y-%m-%d %H:%M:%S') begin unmount $1 ---" >> "$LOGS"
/usr/bin/systemctl stop smbd >> "$LOGS" 2>&1
/usr/bin/veracrypt --dismount --force
/usr/bin/systemctl start smbd >> "$LOGS" 2>&1
echo "--- $(date '+%Y-%m-%d %H:%M:%S') end unmount $1 ---" >> "$LOGS"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment