chore: added a way to encrypt data on usb devices

.vscode/settings.json

@@ -14,6 +14,7 @@
         "cereda",
         "chezmoi",
         "cpulimit",
+        "cryptsetup",
         "csma",
         "datagram",
         "dhclient",

knowledge base/synology dsm.md

@@ -1,13 +1,28 @@
 # Synology DiskStation Manager
 
+## Table of contents <!-- omit in toc -->
+
+1. [System's shared folders](#systems-shared-folders)
+1. [Rsync](#rsync)
+1. [Snapshots](#snapshots)
+1. [Encrypt data on a USB disk](#encrypt-data-on-a-usb-disk)
+1. [Data deduplication](#data-deduplication)
+   1. [Remove duplicated files with jdupes](#remove-duplicated-files-with-jdupes)
+   1. [Deduplicate blocks in a volume with duperemove](#deduplicate-blocks-in-a-volume-with-duperemove)
+1. [Use keybase](#use-keybase)
+   1. [Manage git repositories with a containerized keybase instance](#manage-git-repositories-with-a-containerized-keybase-instance)
+1. [Ask for a feature to be implemented](#ask-for-a-feature-to-be-implemented)
+1. [Further readings](#further-readings)
+1. [Sources](#sources)
+
 ## System's shared folders
 
 Automatically created by services or packages.
 
-Cannot be changed/removed manually if their creator is still active or installed.
+Cannot be changed/removed manually if the package creating them is still active or installed.
 
-```text
-/volumeX
+```txt
+/volume1
 ├── docker      # data container for the Docker service, created by it upon installation
 ├── homes       # all users' home directories, created by the SSH service upon activation
 ├── music       # created by the Media Server package upon installation
@@ -16,6 +31,13 @@ Cannot be changed/removed manually if their creator is still active or installed
 └── video       # created by the Media Server package upon installation
 ```
 
+USB disks are recognized as shared folders automatically and mounted under `/volumeUSBX`:
+
+```txt
+/volumeUSB1
+└── whatever
+```
+
 ## Rsync
 
 Requirements:
@@ -66,10 +88,31 @@ Gotchas:
    - the `#snapshot` folder is created in the shared folder's root directory
    - the default snapshots directory for that shared folder is mounted on it in **read only** mode:
 
-     > ```plaintext
+     > ```txt
      > /dev/mapper/cachedev_0 on /volume1/Data/#snapshot type btrfs (ro,nodev,relatime,ssd,synoacl,space_cache=v2,auto_reclaim_space,metadata_ratio=50,block_group_cache_tree,subvolid=266,subvol=/@syno/@sharesnap/Data)
      > ```
 
+## Encrypt data on a USB disk
+
+Synology DNS does not equip utilities like `cryptsetup` or TrueCrypt or such. Also, creating a docker container for it is at this time a little bit too much for me. But, it does include `ecryptfs`.
+
+I found [this solution on Reddit][encrypting an attached external usb drive?] to use the included `ecryptfs`. It has downsides (`ecryptfs`' vulnerabilities, the fact that terminal commands are logged in `/var/log/bash_history.log` and a password would be visible, etc), but hey, that is what is used internally, so...
+
+> Implementation:
+>
+> 1. Create a shared folder called "crypt" [on your normal Synology Diskstation volume]
+> 1. Plug in the USB drive if you haven't already
+> 1. Log into DSM manager
+> 1. Go to network services, and select terminal
+> 1. Enable Telnet service. (If you have been manually changing the firewall, make sure you've unblocked port 23)
+> 1. Telnet into the Synology box - logging in as root
+> 1. Type this command to create the directory on your USB drive: "mkdir /volumeUSB1/usbshare/@crypt@"
+> 1. Update the _blahblahblah_ password below and type into your telnet session (note - it should all be on one line): "mount.ecryptfs /volumeUSB1/usbshare/@crypt@ /volume1/crypt -o \key=passphrase:passphrase_passwd=blahblahblah,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,\ecryptfs_passthrough=n,no_sig_cache,ecryptfs_enable_filename_crypto=y"
+> 1. Any data you copy into "crypt" above, will now be encrypted and saved in "usbshare1/@crypt@". To check - create a new folder in the folder "crypt" and have a look at how it appears encrypted when you look into "usbshare1/@crypt@" from DSM manager.
+> 1. From here - set up any backup jobs you wish to copy into the "crypt" shared folder you created.
+> 1. When you are ready to eject the drive make sure you unmount it first by typing into your telnet session "umount /volumeUSB1/usbshare/@crypt@" and then eject it in the normal way from DSM.
+> 1. Disable the telnet service if you are no longer using it
+
 ## Data deduplication
 
 Requirements:
@@ -159,15 +202,24 @@ Use the [online feature request form]. Posting a request on the community site w
 
 ## Sources
 
+All the references in the [further readings] section, plus the following:
+
 - [Configuring deduplication block on the Synology]
+- [Encrypting an attached external USB drive?]
 
 <!-- project's references -->
+
 [cli administrator guide for synology nas]: https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_Administration_CLI_Guide.pdf
 [online feature request form]: https://www.synology.com/en-us/form/inquiry/feature
 
 <!-- internal references -->
+
+[further readings]: #further-readings
+
 [michelecereda/keybaseio-client]: ../docker/keybaseio-client/README.md
 
 <!-- external references -->
+
 [configuring deduplication block on the synology]: https://onedrive.live.com/?authkey=%21ACYMJq62iJaU7HY&cid=1E8D74207941B8DD&id=1E8D74207941B8DD%21243&parId=1E8D74207941B8DD%21121&o=OneUp
+[encrypting an attached external usb drive?]: https://www.reddit.com/r/synology/comments/jq4aw6/encrypting_an_attached_external_usb_drive/
 [making disk hibernation work on synology dsm 7]: https://www.reddit.com/r/synology/comments/10cpbqd/making_disk_hibernation_work_on_synology_dsm_7/