Add Syncthing support

This commit is contained in:
Slavi Pantaleev 2023-03-23 11:32:59 +02:00
parent cd7ef92fb4
commit a2f27d7725
5 changed files with 131 additions and 2 deletions

View file

@ -0,0 +1,87 @@
# Syncthing
[Syncthing](https://syncthing.net/) is a **continuous file synchronization** program which synchronizes files between two or more computers in real time, safely protected from prying eyes.
## Dependencies
This service requires the following other services:
- a [Traefik](traefik.md) reverse-proxy server
## Configuration
To enable this service, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
```yaml
########################################################################
# #
# syncthing #
# #
########################################################################
syncthing_enabled: true
syncthing_hostname: mash.example.com
syncthing_path_prefix: /syncthing
# By default, the data directory is created at (`/mash/syncthing/data`), as defined below.
# If you'd like to put it elsewhere on the host, uncomment and edit the line below.
#
# Regardless of the location of the data directory on the host,
# it will be mounted into the Syncthing container at `/data`.
# syncthing_data_path: "{{ syncthing_base_path }}/data"
# To mount additional data directories, use `syncthing_container_additional_volumes`.
# Secure with HTTP Basic Auth (at the Traefik level)
syncthing_basicauth_enabled: true
# Syncthing is NOT a multi-user system.
# Whichever user you authenticate with later, you would get to the same shared system.
syncthing_basicauth_credentials:
- username: someone
password: secret-password
- username: another
password: more-secret-password
########################################################################
# #
# /syncthing #
# #
########################################################################
```
### URL
In the example configuration above, we configure the service to be hosted at `https://mash.example.com/syncthing`.
You can remove the `syncthing_path_prefix` variable definition, to make it default to `/`, so that the service is served at `https://mash.example.com/`.
### Authenticaiton
You can log in with **any** of the Basic Auth credentials defined in `syncthing_basicauth_credentials`. Syncthing is **not a multi-user system**, so whichever user you authenticate with, you'd ultimately end up looking at the same shared system.
Authentication is **done at the reverse-proxy level** (Traefik), so upon logging in, Syncthing will show you scary warnings about **no GUI password being set**. You should ignore these warnings.
You can hide the warning permanently by going to **Actions** -> **Advanced** -> **GUI** section -> checking the **Insecure Admin Access** checkbox.
### Configuration & Data
The Syncthing configuration (stored in `syncthing_config_path` on the host) is mounted to the `/var/syncthing` directory in the container.
By default, Syncthing will create a default `Sync` directory underneath. We advise that you **don't use this** `Sync` directory and use the data directory (discussed below).
As mentioned above, the **data directory** (stored in `syncthing_data_path` on the host) is mounted to the `/data` directory in the container. We advise that you put data files underneath `/data` when you start using Syncthing.
If you'd like to **mount additional directories** into the container, look into the `syncthing_container_additional_volumes` variable part of the [`ansible-role-syncthing` role](https://github.com/mother-of-all-self-hosting/ansible-role-syncthing)'s [`defaults/main.yml` file](https://github.com/mother-of-all-self-hosting/ansible-role-syncthing/blob/main/defaults/main.yml).
## Usage
After installation, you can go to the Syncthing URL, as defined in `syncthing_hostname` and `syncthing_path_prefix`.
As mentioned in [Configuration & Data](#configuration--data) above, you should:
- get rid of the `Default Folder` directory that was automatically created in `/var/syncthing/Sync`
- change the default data directory, by going to **Actions** -> **Settings** -> **General** tab -> **Edit Folder Defaults** and changing **Folder Path** to `/data`

View file

@ -23,6 +23,7 @@
| [Radicale](https://radicale.org/) | A Free and Open-Source CalDAV and CardDAV Server (solution for hosting contacts and calendars) | [Link](services/radicale.md) |
| [Redmine](https://redmine.org/) | A flexible project management web application. | [Link](services/redmine.md) |
| [Redis](https://redis.io/) | An in-memory data store used by millions of developers as a database, cache, streaming engine, and message broker. | [Link](services/redis.md) |
| [Syncthing](https://syncthing.net/) | A continuous file synchronization program which synchronizes files between two or more computers in real time | [Link](services/syncthing.md) |
| [Traefik](https://doc.traefik.io/traefik/) | A container-aware reverse-proxy server | [Link](services/traefik.md) |
| [Vaultwarden](https://github.com/dani-garcia/vaultwarden) | A lightweight unofficial and compatible implementation of the [Bitwarden](https://bitwarden.com/) password manager | [Link](services/vaultwarden.md) |
| [Uptime-kuma](https://uptime.kuma.pet/) | A fancy self-hosted monitoring tool | [Link](services/uptime-kuma.md) |

View file

@ -111,6 +111,8 @@ devture_systemd_service_manager_services_list_auto: |
+
([{'name': (redis_identifier + '.service'), 'priority': 750, 'groups': ['mash', 'redis']}] if redis_enabled else [])
+
([{'name': (syncthing_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'syncthing']}] if syncthing_enabled else [])
+
([{'name': (vaultwarden_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'vaultwarden', 'vaultwarden-server']}] if vaultwarden_enabled else [])
+
([{'name': (uptime_kuma_identifier + '.service'), 'priority': 2000, 'groups': ['mash', 'uptime-kuma']}] if uptime_kuma_enabled else [])
@ -986,6 +988,39 @@ redis_gid: "{{ mash_playbook_gid }}"
########################################################################
# #
# syncthing #
# #
########################################################################
syncthing_enabled: false
syncthing_identifier: "{{ mash_playbook_service_identifier_prefix }}syncthing"
syncthing_uid: "{{ mash_playbook_uid }}"
syncthing_gid: "{{ mash_playbook_gid }}"
syncthing_base_path: "{{ mash_playbook_base_path }}/syncthing"
syncthing_container_additional_networks: |
{{
([mash_playbook_reverse_proxyable_services_additional_network] if mash_playbook_reverse_proxyable_services_additional_network else [])
}}
syncthing_container_labels_traefik_enabled: "{{ mash_playbook_traefik_labels_enabled }}"
syncthing_container_labels_traefik_docker_network: "{{ mash_playbook_reverse_proxyable_services_additional_network }}"
syncthing_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
syncthing_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
########################################################################
# #
# /syncthing #
# #
########################################################################
########################################################################
# #
# vaultwarden #

View file

@ -115,6 +115,10 @@
name: prometheus
version: v2.43.0-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-syncthing.git
name: syncthing
version: v1.23.2-0
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-vaultwarden.git
name: vaultwarden
version: v1.27.0-2

View file

@ -84,6 +84,8 @@
- role: galaxy/redis
- role: galaxy/syncthing
- role: galaxy/vaultwarden
- role: galaxy/uptime_kuma