Add Syncthing serviceHEADmaster

5 files changed, 52 insertions, 3 deletions

diff --git a/compose.yaml b/compose.yaml
index 3149e8c..64827b3 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -13,6 +13,7 @@ services:
     networks:
       - cgit
       - radicale
+      - syncthing
     ports:
       - ${HOST__HTTP_PORT:?}:80
       - ${HOST__HTTPS_PORT:?}:443
@@ -23,6 +24,7 @@ services:
     depends_on:
       - cgit
       - radicale
+      - syncthing
 
   cgit:
     build:
@@ -70,9 +72,22 @@ services:
       - ${HOST__RADICALE_USERS_DIR:?}:/etc/radicale/users:ro
       - radicale_data:/data
 
+  syncthing:
+    build:
+      dockerfile_inline: |
+        FROM syncthing/syncthing:2.0.14
+    networks:
+      - syncthing
+    volumes:
+      - ${HOST__SYNC_DIR:?}:/var/syncthing
+    healthcheck:
+      test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1
+      start_period: 5s
+
 networks:
   cgit:
   radicale:
+  syncthing:
 
 volumes:
   radicale_data:
diff --git a/example.env b/example.env
index 0ce131f..df92ee9 100644
--- a/example.env
+++ b/example.env
@@ -6,8 +6,7 @@ HOST__HTTP_PORT=80
 HOST__HTTPS_PORT=443
 
 # Directory containing the TLS certificate/key pair named
-# `server.crt`/`server.key` as well as a `.htpasswd` file with the encrypted
-# credentials to access logseq
+# `server.crt`/`server.key`
 HOST__SECRET_DIR=/home/USER/.local/net_services/certs
 
 # Directory containing Git repositories
@@ -21,3 +20,6 @@ HOST__CGIT_ABOUT_DIR=/home/USER/.local/net_services/cgit/about
 # Directory containing the `.htpasswd` file with the encrypted credentials of the
 # Radicale users.
 HOST__RADICALE_USERS_DIR=/home/USER/.local/net_services/radicale
+
+# Directory for Syncthing shared folders
+HOST__SYNC_DIR=/home/USER/.local/net_services/syncthing
diff --git a/readme.md b/readme.md
index 345e719..39db06b 100644
--- a/readme.md
+++ b/readme.md
@@ -24,3 +24,14 @@ Sensitive data is not stored on the disk when containers start. It is copied int
     ```
     htpasswd ${HOST__RADICALE_USERS_DIR}/.htpasswd username
     ```
+
+1. Access the services
+
+    You may have to adapt the URLs to the configured published ports.
+
+    - https://git.localhost
+    - https://dav.localhost
+    - https://sync.localhost
+
+    It is highly recommended to configure authentication for the Syncthing GUI
+    if it exposed to the network.
diff --git a/services/nginx/etc/nginx/templates/default.conf.template b/services/nginx/etc/nginx/templates/default.conf.template
index 306a074..f90b61a 100644
--- a/services/nginx/etc/nginx/templates/default.conf.template
+++ b/services/nginx/etc/nginx/templates/default.conf.template
@@ -5,7 +5,8 @@ server {
     server_name ${NGINX__HOST}
                 www.${NGINX__HOST}
                 dav.${NGINX__HOST}
-                git.${NGINX__HOST};
+                git.${NGINX__HOST}
+                sync.${NGINX__HOST};
 
     # Prevent nginx HTTP Server Detection
     server_tokens off;
diff --git a/services/nginx/etc/nginx/templates/services/syncthing.conf.template b/services/nginx/etc/nginx/templates/services/syncthing.conf.template
new file mode 100644
index 0000000..31c90bb
--- /dev/null
+++ b/services/nginx/etc/nginx/templates/services/syncthing.conf.template
@@ -0,0 +1,20 @@
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    server_name sync.${NGINX__HOST};
+
+    ssl_certificate     /run/secrets/server.crt;
+    ssl_certificate_key /run/secrets/server.key;
+
+    location / {
+        proxy_pass http://syncthing:8384;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_read_timeout      600s;
+        proxy_send_timeout      600s;
+    }
+}