diff --git a/tasks/syncthing.yml b/tasks/syncthing.yml
index 615d823..8223bf3 100644
--- a/tasks/syncthing.yml
+++ b/tasks/syncthing.yml
@@ -1,13 +1,66 @@
-# TODO: use docker setup
-- name: create syncthing directory
- file:
- path: '{{ ansible_env.HOME }}/.config/syncthing'
- mode: '755'
- state: directory
+- name: Disable system process
+ become: true
+ ansible.builtin.systemd:
+ name: syncthing@sonny
+ state: stopped
+ enabled: false
-- name: copy syncthing template
- template:
- src: 'templates/syncthing.j2'
- dest: '{{ ansible_env.HOME }}/.config/syncthing/config.xml'
- mode: '0600'
- notify: restart syncthing service
+- name: Create Syncthing directories
+ become: true
+ ansible.builtin.file:
+ path: '{{ item.path }}'
+ owner: '{{ item.owner }}'
+ group: '{{ item.group }}'
+ mode: '0755'
+ state: directory
+ loop:
+ - path: '{{ syncthing_app_dir }}'
+ owner: root
+ group: root
+ - path: '{{ syncthing_app_dir }}/state'
+ owner: sonny
+ group: sonny
+ - path: '{{ syncthing_app_dir }}/nginx.conf.d'
+ owner: sonny
+ group: sonny
+
+- name: Remove previous Syncthing configurations
+ become: true
+ ansible.builtin.file:
+ path: '{{ ansible_env.HOME }}/.config/syncthing'
+ state: absent
+
+- name: Copy docker compose configuration
+ become: true
+ ansible.builtin.template:
+ src: 'templates/syncthing/docker-compose.j2'
+ dest: '{{ syncthing_app_dir }}/docker-compose.yml'
+ owner: sonny
+ group: sonny
+ mode: '0755'
+
+- name: Copy Syncthing configuration
+ become: true
+ ansible.builtin.template:
+ src: 'templates/syncthing/config.j2'
+ dest: '{{ syncthing_app_dir }}/state/config.xml'
+ owner: sonny
+ group: sonny
+ mode: '0755'
+
+- name: Copy NGINX configuration
+ become: true
+ ansible.builtin.template:
+ src: 'templates/syncthing/nginx.j2'
+ dest: '{{ syncthing_app_dir }}/nginx.conf.d/default.conf'
+ owner: sonny
+ group: sonny
+ mode: '0755'
+
+- name: Start container
+ community.docker.docker_compose_v2:
+ project_src: '{{ syncthing_app_dir }}'
+ remove_orphans: true
+ state: restarted
+ pull: always
+ wait: true
diff --git a/templates/network/hosts.j2 b/templates/network/hosts.j2
index 1027169..85e64c0 100644
--- a/templates/network/hosts.j2
+++ b/templates/network/hosts.j2
@@ -1,13 +1,9 @@
# {{ ansible_managed }}
-127.0.0.1 localhost
-127.0.1.1 {{ hostname }}
-{{ lan_ip }} {{ domain_name }} {{ hostname }}
-{{ vpn_listen_address }} {{ vpn_domain }}
+127.0.0.1 localhost
+127.0.1.1 {{ hostname }}
+{{ lan_ip }} {{ domain_name }} {{ hostname }}
+{{ vpn_listen_address }} {{ vpn_domain }}
{{ vpn_media_listen_address }} {{ vpn_media_domain }}
-{{ transmission_nginx_ip }} {{ transmission_domain }}
-
-# The following lines are desirable for IPv6 capable hosts
-#::1 localhost ip6-localhost ip6-loopback
-#ff02::1 ip6-allnodes
-#ff02::2 ip6-allrouters
+{{ transmission_nginx_ip }} {{ transmission_domain }}
+{{ syncthing_nginx_ip }} {{ syncthing_domain }}
diff --git a/templates/nftables.j2 b/templates/nftables.j2
index b660a5c..74f3d4b 100644
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@@ -4,6 +4,11 @@
flush ruleset
table ip filter {
+ chain prerouting {
+ type nat hook prerouting priority -100;
+
+ iifname {{ vpn_interface }} tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} dnat to {{ syncthing_app_ip }}
+ }
chain input {
type filter hook input priority 0; policy drop;
@@ -21,15 +26,15 @@ table ip filter {
ip protocol icmp accept
iifname vmap {
- {{ network_interface }} : goto wlan-chain,
- {{ vpn_interface }} : goto vpn-chain,
- {{ vpn_media_interface }} : goto media-vpn-chain
+ {{ network_interface }} : goto wlan_chain,
+ {{ vpn_interface }} : goto vpn_chain,
+ {{ vpn_media_interface }} : goto media_vpn_chain
}
log
}
- chain wlan-chain {
+ chain wlan_chain {
tcp dport {{ ssh_port }} accept comment "SSH"
tcp dport {{ forgejo_ssh_port }} accept comment "Forgejo SSH"
tcp dport { {{ http_port }}, {{ https_port }} } accept comment "HTTP/HTTPS"
@@ -44,14 +49,15 @@ table ip filter {
elements = { {{ vpn_subnet }} . {{ vpn_listen_address }}/{{ vpn_prefix }} }
}
- chain vpn-chain {
+ chain vpn_chain {
meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS"
tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS"
tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
- tcp dport { {{ syncthing_gui_port }}, {{ syncthing_protocol_port }} } ip saddr . ip daddr @vpn_set accept comment "Syncthing"
+ tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
+ tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"
tcp dport {{ mpd_port }} ip saddr . ip daddr @vpn_set accept comment "MPD"
tcp dport {{ mpd_http_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP stream"
@@ -64,7 +70,7 @@ table ip filter {
elements = { {{ vpn_media_subnet }} . {{ vpn_media_listen_address }}/{{ vpn_media_prefix }} }
}
- chain media-vpn-chain {
+ chain media_vpn_chain {
meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS"
tcp dport {{ jellyfin_http_port }} ip saddr . ip daddr @vpn_media_set accept comment "Jellyfin HTTP"
diff --git a/templates/syncthing.j2 b/templates/syncthing.j2
deleted file mode 100644
index b656556..0000000
--- a/templates/syncthing.j2
+++ /dev/null
@@ -1,164 +0,0 @@
-
-
-
-
- basic
-
-
-
-
-
-
-
-
-
- 1
-
- 3600
-
- 0
- 0
- 0
- random
- false
- 0
- 0
- 10
- false
- false
- false
- 25
- .stfolder
- false
- 0
- 2
- false
- standard
- standard
- false
- true
-
-
- basic
-
-
-
-
-
-
-
-
-
- 1
-
- 3600
-
- 0
- 0
- 0
- random
- false
- 0
- 0
- 10
- false
- false
- false
- 25
- .stfolder
- false
- 0
- 2
- false
- standard
- standard
- false
- true
-
-
- tcp://10.0.0.3:22000
- false
- false
- 0
- 0
- 0
- false
- 0
-
-
- dynamic
- false
- false
- 0
- 0
- 0
- false
- 0
-
-
- tcp://10.0.0.2:22000
- false
- false
- 0
- 0
- 0
- false
- 0
-
-
- {{ vpn_listen_address }}:{{ syncthing_gui_port }}
- platvoeten
- $2a$10$1WqvnXwMfqTU6072LZmxTOkpbqE2osM4G8TrdXfEfkUM1ZEC8I.CK
- 6T6cWRLpeXC44ZRoe7QcaKZpHJu2Wug3
- dark
-
-
-
- tcp://{{ vpn_listen_address }}:{{ syncthing_protocol_port }}
- default
- true
- true
- 21027
- [ff12::8384]:21027
- 0
- 0
- 60
- true
- 10
- true
- true
- 60
- 30
- 10
- -1
- 2
- MfeHGcQ6
- https://data.syncthing.net/newdata
- false
- 1800
- true
- 12
- false
- 24
- false
- 5
- false
- 1
- https://upgrades.syncthing.net/meta.json
- false
- 10
- 0
- ~
- true
- 0
- https://crash.syncthing.net/newcrash
- true
- 180
- 20
- default
- auto
- 0
- true
- false
-
-
diff --git a/templates/syncthing/config.j2 b/templates/syncthing/config.j2
new file mode 100644
index 0000000..b3d1eed
--- /dev/null
+++ b/templates/syncthing/config.j2
@@ -0,0 +1,153 @@
+
+
+
+ {% for folder in syncthing_folders %}
+
+
+ {% for id in folder.devices %}
+
+
+
+ {% endfor %}
+
+ basic
+ 20
+
+ 3600
+
+ basic
+
+
+ 0
+ 0
+ 0
+ random
+ false
+ 0
+ 0
+ -1
+ false
+ false
+ false
+ 25
+ .stfolder
+ false
+ 0
+ 2
+ false
+ standard
+ standard
+ false
+ false
+ false
+ false
+ false
+ false
+
+ {% endfor %}
+
+ {% for device in syncthing_devices %}
+
+ {{ device.address }}
+ false
+ false
+ 0
+ 0
+ 0
+ false
+ 0
+ 0
+
+ {% endfor %}
+
+
+ {{ syncthing_listen_address }}:{{ syncthing_gui_port }}
+ {{ syncthing_api_key }}
+ default
+ {{ syncthing_gui_user }}
+ {{ syncthing_gui_pass }}
+
+
+
+ tcp://{{ syncthing_listen_address }}:{{ syncthing_protocol_port }}
+
+
+
+
+
+ basic
+
+
+
+
+
+ 1
+
+
+ 3600
+
+ basic
+
+
+ 0
+ 0
+ 0
+ random
+ false
+ 0
+ 0
+ 10
+ false
+ false
+ false
+ 25
+ .stfolder
+ false
+ 0
+ 2
+ false
+ standard
+ standard
+ false
+ false
+
+
+
+ dynamic
+ false
+ false
+ 0
+ 0
+ 0
+ false
+ 0
+ 0
+
+
+
+ (?d).DS_Store
+
+
+
diff --git a/templates/syncthing/docker-compose.j2 b/templates/syncthing/docker-compose.j2
new file mode 100644
index 0000000..628e132
--- /dev/null
+++ b/templates/syncthing/docker-compose.j2
@@ -0,0 +1,44 @@
+# {{ ansible_managed }}
+
+networks:
+ syncthing-net:
+ ipam:
+ config:
+ - subnet: '{{ syncthing_subnet }}'
+
+services:
+ syncthing:
+ image: syncthing/syncthing
+ container_name: syncthing
+ environment:
+ - PUID=1000
+ - PGID=1000
+ volumes:
+ {% for folder in syncthing_folders -%}
+ - {{ folder.source_path }}:{{ folder.path }}
+ {% endfor -%}
+ - {{ syncthing_app_dir }}/state:/var/syncthing/config
+ restart: always
+ networks:
+ syncthing-net:
+ ipv4_address: '{{ syncthing_app_ip }}'
+ healthcheck:
+ test: curl \
+ --fail \
+ --insecure \
+ --max-time 2 \
+ http://syncthing:8384/rest/noauth/health
+ interval: 1m
+ timeout: 10s
+ retries: 3
+
+ nginx:
+ image: nginx:mainline-alpine
+ depends_on:
+ - syncthing
+ restart: always
+ networks:
+ syncthing-net:
+ ipv4_address: '{{ syncthing_nginx_ip }}'
+ volumes:
+ - '{{ syncthing_app_dir }}/nginx.conf.d:/etc/nginx/conf.d'
diff --git a/templates/syncthing/nginx.j2 b/templates/syncthing/nginx.j2
new file mode 100644
index 0000000..c41eb1b
--- /dev/null
+++ b/templates/syncthing/nginx.j2
@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+upstream syncthing-upstream {
+ server syncthing:8384;
+}
+
+server {
+ listen 80;
+ server_name {{ syncthing_domain }};
+
+ location / {
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass http://syncthing-upstream;
+ proxy_read_timeout 600;
+ proxy_send_timeout 600;
+ }
+}
diff --git a/vars/network.yml b/vars/network.yml
index 1185b32..8d3eb1f 100644
--- a/vars/network.yml
+++ b/vars/network.yml
@@ -46,8 +46,14 @@ glitchtip_ip: '127.0.0.1'
glitchtip_port: 7200
glitchtip_domain: 'glitchtip.fudiggity.nl'
+syncthing_domain: 'syncthing.{{ domain_name }}'
+syncthing_listen_address: '0.0.0.0'
+syncthing_prefix: 24
+syncthing_subnet: '172.32.238.0/{{ syncthing_prefix }}'
syncthing_gui_port: 8384
syncthing_protocol_port: 22000
+syncthing_nginx_ip: '172.32.238.10'
+syncthing_app_ip: '172.32.238.11'
radicale_listen_addres: '127.0.0.1'
radicale_port: 5232
diff --git a/vars/syncthing.yml b/vars/syncthing.yml
index 93e6e24..74447c4 100644
--- a/vars/syncthing.yml
+++ b/vars/syncthing.yml
@@ -1,2 +1,55 @@
-syncthing_file_folder: '{{ ansible_env.HOME }}/files/Sync/'
-syncthing_picture_folder: '{{ ansible_env.HOME }}/files/Pictures/'
+syncthing_app_dir: '/srv/docker/syncthing'
+syncthing_config_version: 37
+syncthing_api_key: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 31663863326431623139663861316432656264646533323934393033386263613162303266613265
+ 3239613930623264383161363664636232663764616138360a643239393735393862376133313062
+ 63643434636462306663303434393837353230623830323065626432346336363332363063313533
+ 6334633838636664610a323762373839393331653130393136356136303535393662643736643735
+ 30316565373866326337383137633639636566623263333061633830366634666537633765343533
+ 3736383135393238663963353131663733363962343163363539
+
+syncthing_gui_user: sonny
+syncthing_gui_pass: !vault |
+ $ANSIBLE_VAULT;1.1;AES256
+ 32393632636263333466313465396334306462303030373439643933626464643231636466393230
+ 3463306237616265333666313135373636646561386235300a303938326234663237336639613561
+ 62616132306266363166396333643730386233343261653338373937363137356333383932323332
+ 6539663665653732370a363565383239646264363931356361366466326161393730396433346635
+ 62636666356632663230646238343033623430363063393962396632393730343164656438343231
+ 62623966623964656164363233653230373366346235303239326665623637396563633939313565
+ 313230626464383238313931663265373233
+
+syncthing_devices:
+ - name: Desktop
+ id: &desktop_id CSDXP5E-4UBNC36-32EHTPK-L6Y6JVZ-HQHM42R-FJXN2LI-2MTYRFX-3ZZPUQN
+ address: tcp://10.0.0.3:22000
+
+ - name: Fudiggity
+ id: &host_id PGSOVGQ-VOHWV77-F7DFFQO-JZKTWWG-Z2XU2DE-N4ATK5U-F7MXKKM-TFSROQJ
+ address: dynamic
+
+ - name: XPS15
+ id: &xps_id 2AC4LRC-YIJDWWK-YCOEZLT-4OWWC2E-7VEZQQB-F3AAPZR-HU75FE4-PGWWXQH
+ address: tcp://10.0.0.2:22000
+
+syncthing_folders:
+ - id: default
+ label: Default
+ path: '/var/syncthing/default'
+ source_path: '{{ ansible_env.HOME }}/files/sync/'
+ type: sendreceive
+ devices:
+ - *desktop_id
+ - *host_id
+ - *xps_id
+
+ - id: pictures
+ label: Pictures
+ path: '/var/syncthing/pictures'
+ source_path: '{{ ansible_env.HOME }}/files/pictures/'
+ type: sendreceive
+ devices:
+ - *desktop_id
+ - *host_id
+ - *xps_id