hosting/mash-playbook
1
0
Fork 0
Code Pull requests Activity
mash-playbook/docs/services/syncthing.md
Slavi Pantaleev bcebaafb29 Add Networking section to Syncthing docs
2023-03-24 08:59:32 +02:00

5.3 KiB
Raw Blame History

Syncthing

Syncthing is a continuous file synchronization program which synchronizes files between two or more computers in real time, safely protected from prying eyes.

Dependencies

This service requires the following other services:

Configuration

To enable this service, add the following configuration to your vars.yml file and re-run the installation process:

########################################################################
#                                                                      #
# syncthing                                                            #
#                                                                      #
########################################################################

syncthing_enabled: true

syncthing_hostname: mash.example.com
syncthing_path_prefix: /syncthing

# By default, the data directory is created at (`/mash/syncthing/data`), as defined below.
# If you'd like to put it elsewhere on the host, uncomment and edit the line below.
#
# Regardless of the location of the data directory on the host,
# it will be mounted into the Syncthing container at `/data`.
# syncthing_data_path: "{{ syncthing_base_path }}/data"

# To mount additional data directories, use `syncthing_container_additional_volumes`.

# Secure with HTTP Basic Auth (at the Traefik level)
syncthing_basicauth_enabled: true

# Syncthing is NOT a multi-user system.
# Whichever user you authenticate with later, you would get to the same shared system.
syncthing_basicauth_credentials:
  - username: someone
    password: secret-password
  - username: another
    password: more-secret-password

########################################################################
#                                                                      #
# /syncthing                                                           #
#                                                                      #
########################################################################

URL

In the example configuration above, we configure the service to be hosted at https://mash.example.com/syncthing.

You can remove the syncthing_path_prefix variable definition, to make it default to /, so that the service is served at https://mash.example.com/.

Authentication

You can log in with any of the Basic Auth credentials defined in syncthing_basicauth_credentials. Syncthing is not a multi-user system, so whichever user you authenticate with, you'd ultimately end up looking at the same shared system.

Authentication is done at the reverse-proxy level (Traefik), so upon logging in, Syncthing will show you scary warnings about no GUI password being set. You should ignore these warnings.

You can hide the warning permanently by going to Actions -> Advanced -> GUI section -> checking the Insecure Admin Access checkbox.

Networking

By default, the following ports will be exposed by the container on all network interfaces:

  • 22000 over TCP, controlled by syncthing_container_sync_tcp_bind_port - used for TCP based sync protocol traffic
  • 22000 over UDP, controlled by syncthing_container_sync_udp_bind_port - used for QUIC based sync protocol traffic
  • 21027 over UDP, controlled by syncthing_container_local_discovery_udp_bind_port - used for discovery broadcasts on IPv4 and multicasts on IPv6

Docker automatically opens these ports in the server's firewall, so you likely don't need to do anything. If you use another firewall in front of the server, you may need to adjust it.

To learn more, see the upstream Firewall documentation.

Configuration & Data

The Syncthing configuration (stored in syncthing_config_path on the host) is mounted to the /var/syncthing directory in the container. By default, Syncthing will create a default Sync directory underneath. We advise that you don't use this Sync directory and use the data directory (discussed below).

As mentioned above, the data directory (stored in syncthing_data_path on the host) is mounted to the /data directory in the container. We advise that you put data files underneath /data when you start using Syncthing.

If you'd like to mount additional directories into the container, look into the syncthing_container_additional_volumes variable part of the ansible-role-syncthing role's defaults/main.yml file.

Usage

After installation, you can go to the Syncthing URL, as defined in syncthing_hostname and syncthing_path_prefix.

As mentioned in Configuration & Data above, you should:

  • get rid of the Default Folder directory that was automatically created in /var/syncthing/Sync
  • change the default data directory, by going to Actions -> Settings -> General tab -> Edit Folder Defaults and changing Folder Path to /data

As mentioned in Authentication above, you'd probably wish to permanently disable the "no GUI password set" security warnings as described there.