Skip to content

waldner/keybase-kbfs-docker

BranchesTags

Repository files navigation

keybase-kbfs-docker

Docker image for keybase's KBFS

What's this?

This is a Docker image for Keybase client focused on getting access to KBFS. The KBFS mount can optionally be seen from the host.

Getting started

  • Create an account on Keybase
  • Generate a paper key using the keybase CLI (you should use another device to do this). The paper key is just a series of words, that counts as a device in Keybase, and can be used for the "oneshot" feature used by the docker container.
  • The recommended way to run the container is by using docker-compose. But before, you must create an .env file with the following contents:
# where the KBFS is mounted inside the container.
KEYBASE_KBFS_MOUNT=/kbfs

# the UID of the user who will run the container.
UID=1000

# to have container's time in sync with the host
TZ=your/timezone

KEYBASE_USER=your_keybase_user
KEYBASE_PAPERKEY=your keybase paper key

The UID variable is used by the entrypoint script to do some trickery to match the UID of the user unnig docker with the UID of the user inside the container. In most cases you don't need to change this, but it may happen that your user has an ID that is not 1000, so you'll have to change that value in the .env file.

After that, you can run docker-compose up -d. It uses the prebuilt image at the Docker hub. The KBFS is mounted at ${KEYBASE_KBFS_MOUNT} (/kbfs) inside the container.

How to get the KBFS mount on the host

Create a file docker-compose.override.yml with the follwing contents:

services:
  keybase:
    volumes:
      - "/home/you/kbfs:${KEYBASE_KBFS_MOUNT}:shared"

With this you'll have the KBFS exposed at /home/you/kbfs on the host.

Caveats

  • To use a FUSE mount inside the container, the device /dev/fuse is exposed to the container, which also needs to have the SYS_ADMIN capability (and needs the apparmor:unconfined security option under Ubuntu). If you're exporting the KBFS mount back to the host and the container crashes without cleaning up, you might have to manually umount (ie fusermount -u /home/you/kbfs) the host mount point.

  • If you try to do ls /kbfs/private you get the mostly unrelated error ls: reading directory '/kbfs/private/': Input/output error. This sort of makes sense, as the contents of that directory are, well, private, although the error message is highly misleading and might look like a genuine error (network or whatever). Turns out that inside private/, you can only access your own subdirectory, so you always have to specify at least that path (plus any further subpath you might want):

# this works, assuming your username is "fonzie":
$ ls /kbfs/private/fonzie     # or /kbfs/private/fonzie/whatever

Furthermore, remember that the kbfs mount must always be accessed with the user with UID 1000, both inside and outside the container (inside the container it's the user keybase, which you can su in to from root).

About

Docker image for keybase's KBFS

Topics

docker keybase kbfs keybase-filesystem

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages