├── .DS_Store
├── Dockerfile
├── README.md
├── TailVault.png
└── entrypoint.sh


/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SpaceinvaderOne/TailVault/147064bd1005b46fcbeff7a56c525e83a928d3f8/.DS_Store


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM alpine:latest
2 | 
3 | 
4 | RUN apk add --no-cache openssh
5 | COPY entrypoint.sh /entrypoint.sh
6 | RUN chmod +x /entrypoint.sh
7 | EXPOSE 22
8 | ENTRYPOINT ["/entrypoint.sh"]


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # TailVault
 2 | 
 3 | TailVault is a secure and lightweight container designed for Unraid 7 and above, enabling friends to share a dedicated backup location over Tailscale. TailVault provides an SFTP destination, allowing a friend to back up their data directly to your server both securely and privately.
 4 | 
 5 | ## Features
 6 | - **Friend-Specific Backup Access**  
 7 |   TailVault restricts access so your friend can only back up to the designated directory on your server. They cannot access any other part of your system.
 8 | 
 9 | - **Tailscale Integration**  
10 |   Backups are conducted over Tailscale, so Tailscale must be installed in this container using Unraid’s built-in Tailscale Docker integration. This ensures end-to-end encryption and secure networking without the need for additional VPNs or firewall changes.
11 | 
12 | ## Use Cases
13 | 1. **Backups Using Backup Software**  
14 |    Configure backup software (e.g., Duplicati) on your friend’s server to send backups over Tailscale to TailVault. These backups are encrypted before being sent, ensuring complete privacy.
15 | 
16 | 2. **Rsync Jobs**  
17 |    Use TailVault as a destination for rsync jobs or other backup tools from another Unraid server or device in the same Tailnet.
18 | 
19 | ## How to Configure the Template
20 | 1. **Enable Tailscale**  
21 |    Enable Tailscale in the container and connect it to your Tailnet.  
22 |    In the Tailscale admin console, share the container with your friend to whom you want to allow to back up to your server.
23 | 
24 | 2. **Set TailVault Backups Directory**  
25 |    Configure this to the location where your friend will store their backups. This directory should be empty and not contain any existing data.
26 | 
27 | 3. **Set User Credentials**  
28 |    - **`SFTP_USER`**: Choose a username to share with your friend.  
29 |    - **`SFTP_PASS`**: Set a password to share with your friend.
30 | 
31 | ## Notes
32 | If using backup software on the sending server (e.g., Duplicati), it is recommended to set the networking type of the sending container to `host`. This helps ensure a direct connection over Tailscale and reduces the likelihood of relying on a relay (DERP) server. TailVault itself can remain in bridge mode.
33 | 


--------------------------------------------------------------------------------
/TailVault.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SpaceinvaderOne/TailVault/147064bd1005b46fcbeff7a56c525e83a928d3f8/TailVault.png


--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | 
 3 | if [ -z "$SFTP_USER" ] || [ -z "$SFTP_PASS" ]; then
 4 |   echo "Error: SFTP_USER and SFTP_PASS must be set as environment variables."
 5 |   exit 1
 6 | fi
 7 | 
 8 | if [ ! -f /config/ssh_host_rsa_key ]; then
 9 |   echo "Generating SSH host keys..."
10 |   ssh-keygen -A
11 |   cp /etc/ssh/ssh_host_* /config/
12 | else
13 |   echo "Using existing SSH host keys..."
14 |   cp /config/ssh_host_* /etc/ssh/
15 | fi
16 | 
17 | adduser -D -h /conf "$SFTP_USER"
18 | 
19 | echo "$SFTP_USER:$SFTP_PASS" | chpasswd
20 | 
21 | /usr/sbin/sshd -D


--------------------------------------------------------------------------------