Using your storage¶
Junk Net speaks the S3 API, so it works with tools you may already use. This page takes you from access keys to encrypted backups.
Pilot phase
The public endpoint s3.junknet.au is not live yet. During the
Brisbane pilot, contributors receive
their endpoint address together with their access keys — substitute
it wherever this page says <endpoint>.
What you receive¶
When your contribution is set up, you get three things:
| Item | Looks like | Treat it as |
|---|---|---|
| Endpoint | https://<endpoint> |
Public knowledge |
| Key ID | GK31c2f218a2e44f485b94239e |
Semi-secret |
| Secret key | b892c0665f0ada8a4755dae98baa3b133590e11dae3bcc1f9d769d67f16c3835 |
A password. Store it in a password manager. |
The S3 region for all Junk Net clusters is garage.
Quickstart¶
rclone is the Swiss Army knife of cloud
storage, and its crypt layer makes client-side encryption easy —
which is why it's the recommended client.
Add to ~/.config/rclone/rclone.conf:
[junknet]
type = s3
provider = Other
endpoint = https://<endpoint>
region = garage
access_key_id = <your-key-id>
secret_access_key = <your-secret-key>
Then:
aws configure --profile junknet
# AWS Access Key ID: <your-key-id>
# AWS Secret Access Key: <your-secret-key>
# Default region name: garage
Garage needs the endpoint passed explicitly:
For a point-and-click experience on macOS/Windows:
- Open Connection → choose Amazon S3.
- Server:
<endpoint>(port 443). - Access Key ID / Secret: your keys.
- Connect — buckets appear as folders; drag and drop away.
Any S3 SDK works. With boto3:
Encrypt before you upload (please)¶
Your data will physically live on laptops in other people's homes. It's chunked and scattered — no host holds your complete files — but it is not encrypted at rest unless you encrypt it. The trust model explains why the house rule is:
If you wouldn't pin it to a community noticeboard, encrypt it client-side.
With rclone, add a crypt remote on top of your bucket:
rclone config
# n) New remote → name: junknet-crypt → type: crypt
# remote: junknet:my-bucket
# filename_encryption: standard
# password: generate one, and BACK IT UP outside Junk Net
Then use junknet-crypt: exactly like before — contents and
filenames are encrypted on your machine before upload:
Your password is unrecoverable — by design
Nobody in Junk Net can reset or recover your encryption password. Lose it and the data is ciphertext forever. Store it in a password manager, and keep a copy somewhere that isn't Junk Net.
Backups: the killer app¶
Junk Net's sweet spot is durable, boring, free backup — and restic does encrypted, deduplicated, versioned backups over S3 natively:
export AWS_ACCESS_KEY_ID=<your-key-id>
export AWS_SECRET_ACCESS_KEY=<your-secret-key>
restic -r s3:https://<endpoint>/my-backups init
restic -r s3:https://<endpoint>/my-backups backup ~/Documents
restic -r s3:https://<endpoint>/my-backups snapshots
Restic encrypts everything client-side by default, so the house rule is satisfied automatically.
Fair use & expectations¶
- Store within your allocation. Every byte you store occupies three disks across the community — allocations exist so the maths keeps working.
- It's honest-speed. Nodes live on residential connections. Bulk uploads and restores work fine; latency-sensitive workloads and public high-traffic hosting are the wrong tool for this network.
- No SLA during the pilot. Keep another copy of anything you truly can't lose — Junk Net makes a great second copy and a bad only copy.
- The rules: nothing illegal to possess, no serving piracy, no attacking the infrastructure. Keys are issued to known community members and can be revoked. Boring rules, firmly held.