From 4da2a3fa69aa34147a9c4f41b4e971aa5de61e58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20unbrot=20P=C3=A4tzold?= <unbrot@dtext.online>
Date: Thu, 7 May 2026 17:02:19 +0200
Subject: [PATCH] mount_ecrypt_home: unmount gocryptfs cleanly on session
 logout

Switch from --scope to a transient service so systemd can run
fusermount -u via ExecStop before terminating the process.
With KillMode=none, gocryptfs exits on its own once the FUSE
filesystem is detached.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 system_setup/mount_ecrypt_home.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/system_setup/mount_ecrypt_home.sh b/system_setup/mount_ecrypt_home.sh
index a0820c1..0367822 100755
--- a/system_setup/mount_ecrypt_home.sh
+++ b/system_setup/mount_ecrypt_home.sh
@@ -93,7 +93,10 @@ if [ ! -d "${DECRYPTEDDATADIR}" ] || [ ! -f "${HOME}/.config/gocryptfs/gocryptfs
     mkdir -p ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} ${HOME}/.config/gocryptfs
     gocryptfs -init -allow_other -passfile ${XDG_RUNTIME_DIR}/IPAVAULTKEY -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} >/dev/null
 fi
-systemd-run --user --scope --unit=gocryptfs-home \
+systemd-run --user --unit=gocryptfs-home \
+    --property="ExecStop=/usr/bin/fusermount -u ${DECRYPTEDDATADIR}" \
+    --property=KillMode=none \
+    --property=TimeoutStopSec=30 \
     gocryptfs -noprealloc -allow_other -passfile ${XDG_RUNTIME_DIR}/IPAVAULTKEY -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} >/dev/null
 RETVAL=$?
 rm ${XDG_RUNTIME_DIR}/IPAVAULTKEY