NFS + MergerFS Docker Container for StrongSwan/IPsec VPN Mounts
A lightweight Alpine-based Docker container that mounts NFS shares (via StrongSwan/IPsec VPN) and combines them with local storage using MergerFS.
- 🖧 NFS v4.2 with optimized VPN performance settings
- 🔄 MergerFS union filesystem (combines NFS + local storage)
- 📁 Up to 4 NFS shares + 4 extra mount paths
- 🔔 Discord & Telegram notifications with embeds
- 🔧 Auto-recovery with health monitoring
- ⚡ Kernel optimizations (sunrpc slots, network buffers, read-ahead)
- 🐳 Lightweight Alpine-based image
- Docker with privileged mode support
- StrongSwan/IPsec VPN running on the host (not in container)
- NFS server(s) accessible via VPN tunnel
mkdir -p /mnt/unionfs /mnt/nfs1 /mnt/nfs2 /mnt/downloads
mkdir -p /opt/appdata/system/mountversion: "3.9"
services:
mount:
image: ghcr.io/cyb3rgh05t/docker-mount:dev
container_name: mount
hostname: mount
privileged: true
cap_add:
- SYS_ADMIN
devices:
- /dev/fuse:/dev/fuse
security_opt:
- apparmor:unconfined
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Berlin
volumes:
- /etc/localtime:/etc/localtime:ro
- /opt/appdata/system:/system:rshared
- /mnt:/mnt:rshared
restart: unless-stoppedCopy the sample configuration and edit it:
cp /opt/appdata/system/mount/.sample.mount.env /opt/appdata/system/mount/mount.env
nano /opt/appdata/system/mount/mount.envdocker compose up -d
docker logs -f mount| Variable | Default | Description |
|---|---|---|
NFS_VERSION |
4.2 |
NFS protocol version |
NFS_RSIZE |
1048576 |
Read buffer size (1MB) |
NFS_WSIZE |
1048576 |
Write buffer size (1MB) |
NFS_NCONNECT |
8 |
Number of TCP connections |
NFS_TIMEO |
150 |
Timeout in deciseconds |
NFS_RETRANS |
5 |
Number of retries |
NFS_ACTIMEO |
60 |
Attribute cache timeout |
NFS_READAHEAD_KB |
16384 |
Read-ahead buffer (16MB) |
NFS_CHECK_INTERVAL |
60 |
Health check interval (seconds) |
# NFS Share 1
NFS_SERVER1=192.168.1.100
NFS_REMOTE1=/mnt/data
NFS_MOUNT1=/mnt/nfs1
NFS_PERMISSION1=NC
# NFS Share 2
NFS_SERVER2=192.168.1.101
NFS_REMOTE2=/mnt/data
NFS_MOUNT2=/mnt/nfs2
NFS_PERMISSION2=NCPermissions:
RW- Read-Write (files can be created here)RO- Read-OnlyNC- No Create (read-write but MergerFS won't create new files here)
Add additional paths to MergerFS (must be mounted before container starts):
EXTRA_MOUNT1=/mnt/external-drive
EXTRA_MOUNT1_PERMISSION=RWNOTIFICATION_HOSTNAME=MyServer
DISCORD_WEBHOOK=https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKENNOTIFICATION_HOSTNAME=MyServer
TELEGRAM_TOKEN=123456789:ABCdefGHIjklMNOpqrsTUVwxyz
TELEGRAM_CHAT_ID=-1001234567890
TELEGRAM_TOPIC_ID=123 # Optional: for forum topics/mnt/
├── unionfs/ # MergerFS union (use this in other containers!)
├── downloads/ # Local downloads (RW)
├── nfs1/ # NFS mount 1
├── nfs2/ # NFS mount 2
├── nfs3/ # NFS mount 3
└── nfs4/ # NFS mount 4
/system/
└── mount/
├── mount.env # Configuration file
└── logs/
└── nfs.log # Log file
Point your media containers to /mnt/unionfs:
# Example: Plex
services:
plex:
volumes:
- /mnt/unionfs:/data:ro┌─────────────────────────────────────────────────────────┐
│ HOST │
│ ┌──────────────┐ │
│ │ StrongSwan │◄── IPsec VPN Tunnel ──► NFS Servers │
│ └──────────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Docker Container │ │
│ │ │ │
│ │ NFS Mount ──► /mnt/nfs1, /mnt/nfs2 │ │
│ │ │ │ │
│ │ ▼ │ │
│ │ MergerFS ──► /mnt/unionfs │ │
│ │ ▲ │ │
│ │ │ │ │
│ │ Local ──────► /mnt/downloads │ │
│ └──────────────────────────────────────────────────┘ │
│ │ │
│ ▼ (rshared propagation) │
│ ┌──────────────────────────────────────────────────┐ │
│ │ Other Containers (Plex, Jellyfin, etc.) │ │
│ │ Mount: /mnt/unionfs │ │
│ └──────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────┘
- ✅ Green - Mount successful
⚠️ Yellow - Warning (recovery triggered)- ❌ Red - Error (mount failed)
- ℹ️ Blue - Info/Test message
# Enter container
docker exec -it mount bash
# Test notification
source /app/mount/function.sh
send_alert "TEST" "This is a test notification!"# Live logs
docker logs -f mount
# Log file inside container
docker exec mount cat /system/mount/logs/nfs.log- Check if VPN is connected on host:
ipsec status - Test NFS server reachability:
ping 192.168.x.x - Check NFS exports on server:
showmount -e 192.168.x.x
- Verify NFS mounts:
docker exec mount mount | grep nfs - Check MergerFS:
docker exec mount mount | grep mergerfs - Check logs:
docker exec mount cat /system/mount/logs/nfs.log
Ensure PUID/PGID match your user on the host:
id $USER
# uid=1000(user) gid=1000(user)This project is licensed under the MIT License - see the LICENSE file for details.
- LinuxServer.io - Base image
- MergerFS - Union filesystem