syncthing

Continuous file synchronization.

Prerequisites

This is an awesome tool that lets you synchronize files across devices, without pushing your data elsewhere than your own devices.

Manjaro

Installed on manjaro just by pamac install syncthing.

Raspberry Pi

Following this: https://apt.syncthing.net/.

First, provide the key such that the system can verify the authenticity of the package.

# Add the release PGP keys:
sudo curl -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg

Then add the stable channel:

# Add the "stable" channel to your APT sources:
echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

And finally install:

# Update and install syncthing:
sudo apt-get update
sudo apt-get install syncthing

As I wanted to use the raspberry pi as a server, I figured it was best to have syncthing run under a service account, myserviceaccount:

useradd -r -m -s /usr/sbin/nologin myserviceaccount

Where -r is for a system account, -m is for a home folder, as this is required for syncthing to run, and finally -s /usr/sbin/nologin as this user should not have any shell tied to it.

Configuration

I used systemd to make syncthing run automatically. On the raspberry pi, it was done as a system service, as this is intended to work as a server, and on the remaining devices, just as a user service.

Raspberry Pi

Following their documentation, I took the file from the following path at their GitHub repository Syncthing/etc/linux-systemd/system/[email protected], and pasted it into /etc/systemd/system/[email protected]:

/etc/systemd/system/[email protected]

[Unit]
Description=Syncthing - Open Source Continuous File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target
StartLimitIntervalSec=60
StartLimitBurst=4

[Service]
User=%i
ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0
Restart=on-failure
RestartSec=1
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

# Elevated permissions to sync ownership (disabled by default),
# see https://docs.syncthing.net/advanced/folder-sync-ownership
#AmbientCapabilities=CAP_CHOWN CAP_FOWNER

[Install]
WantedBy=multi-user.target

Then just enable and start the service:

systemctl enable [email protected]
systemctl start [email protected]

For good measure, one can do systemctl daemon-reload and check the status:

systemctl status [email protected]

The GUI can per default be accessed on localhost:8384, and if one has SSH access to the pi, one way to access it is by:

ssh -L localport:localhost:8384 username@ip

Where localport should be set to some non-reserved port, and username is the username for the raspberry pi belonging at ip. Then just access localhost:localport in your browser and the GUI should show.

Another approach is to add --gui-address=ip:8384 at line 10 in /etc/systemd/system/[email protected], and then access it in the browser at ip:8384.

Client

Following their documentation, I took the file from the following path at their GitHub repository Syncthing/etc/linux-systemd/user/syncthing.service, and pasted it into ~/.config/systemd/user/syncthing.service:

~/.config/systemd/user/syncthing.service

[Unit]
Description=Syncthing - Open Source Continuous File Synchronization
Documentation=man:syncthing(1)
StartLimitIntervalSec=60
StartLimitBurst=4

[Service]
ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0
Restart=on-failure
RestartSec=1
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

# Elevated permissions to sync ownership (disabled by default),
# see https://docs.syncthing.net/advanced/folder-sync-ownership
#AmbientCapabilities=CAP_CHOWN CAP_FOWNER

[Install]
WantedBy=default.target

Then enable and start the service, under the current user:

systemctl --user enable syncthing.service
systemctl --user start syncthing.service

Again, for good measure one can do systemctl daemon-reload and check the status:

systemctl --user status syncthing.service

The web interface should now be accessible at localhost:8384.

Uncomplicated Firewall (ufw)

If using ufw, holes must be poked in the firewall for synchronization to work properly, which can be done easily by:

sudo ufw allow syncthing

Confirm with:

sudo ufw status verbose

Reference

Full documentation can be found at https://docs.syncthing.net/.

Previousscp Nextvirtualbox

Last updated 2 years ago