From 3e8a4a57b022bca69dc68a9ef568cf9abd30d81d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= <unbrot@dtext.online>
Date: Thu, 7 May 2026 17:55:28 +0200
Subject: [PATCH] mount_ecrypt_home: run gocryptfs in foreground to fix
 premature ExecStop

Without -fg, gocryptfs forks to background and the parent exits,
causing systemd to consider the service done and immediately call
ExecStop (fusermount -u). With -fg, gocryptfs stays as the tracked
service process so ExecStop only fires on explicit service stop at
logout.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 system_setup/mount_ecrypt_home.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_setup/mount_ecrypt_home.sh b/system_setup/mount_ecrypt_home.sh
index 537023a..2f1d35a 100755
--- a/system_setup/mount_ecrypt_home.sh
+++ b/system_setup/mount_ecrypt_home.sh
@@ -97,7 +97,7 @@ systemd-run --user --unit=gocryptfs-home \
     --property="ExecStop=/usr/bin/fusermount -u ${DECRYPTEDDATADIR}" \
     --property=KillMode=none \
     --property=TimeoutStopSec=30 \
-    gocryptfs -noprealloc -allow_other -passfile ${XDG_RUNTIME_DIR}/IPAVAULTKEY -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} >/dev/null
+    gocryptfs -fg -noprealloc -allow_other -passfile ${XDG_RUNTIME_DIR}/IPAVAULTKEY -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} >/dev/null
 RETVAL=$?
 # Service starts asynchronously - wait for the FUSE mount to appear before removing
 # the passfile, otherwise gocryptfs may not have read it yet