The encfs
overlay filesystem could be used for this. Normally it is given an encrypted directory, and allows transparently accessing the decrypted files in it. With the --reverse
option, however, it works in the opposite direction – given a regular directory, it allows reading encrypted files through the mountpoint. So you could point rsync
at the reverse-ecryptfs, and let it copy the encrypted files.
# encfs --reverse /home /mnt/encrypted-home
# rsync --various-options /mnt/encrypted-home/ /mnt/nfs-backup-server/
However. By saying "over NFS", you seem to imply that rsync runs only locally, writing to the server using NFS only. On the one hand, this means that rsync isn't going to be at all efficient – it cannot do partial copies without first reading the old version from the server, and if it did that over NFS, it'd use more bandwidth than with whole-file copies.
On the other hand, it means you can use encfs
(or other alternatives such as eCryptFS
) without the 'reverse' mode, by directly mounting the destination directory using encfs (rather than the source). This way you get a wider choice of overlay filesystems, as not all of them have a 'reverse' mode.
# encfs /mnt/nfs-backup-server/ /mnt/encrypted-backup/
# rsync --etc-etc-etc /home/ /mnt/encrypted-backup/