From e0a100cae20fca18519829952d659d94a9855b80 Mon Sep 17 00:00:00 2001 From: Thomas Vanbesien Date: Fri, 13 Feb 2026 06:27:59 +0100 Subject: Add Syncthing service --- compose.yaml | 15 +++++++++++++++ example.env | 6 ++++-- readme.md | 11 +++++++++++ .../nginx/etc/nginx/templates/default.conf.template | 3 ++- .../nginx/templates/services/syncthing.conf.template | 20 ++++++++++++++++++++ 5 files changed, 52 insertions(+), 3 deletions(-) create mode 100644 services/nginx/etc/nginx/templates/services/syncthing.conf.template diff --git a/compose.yaml b/compose.yaml index 3149e8c..64827b3 100644 --- a/compose.yaml +++ b/compose.yaml @@ -13,6 +13,7 @@ services: networks: - cgit - radicale + - syncthing ports: - ${HOST__HTTP_PORT:?}:80 - ${HOST__HTTPS_PORT:?}:443 @@ -23,6 +24,7 @@ services: depends_on: - cgit - radicale + - syncthing cgit: build: @@ -70,9 +72,22 @@ services: - ${HOST__RADICALE_USERS_DIR:?}:/etc/radicale/users:ro - radicale_data:/data + syncthing: + build: + dockerfile_inline: | + FROM syncthing/syncthing:2.0.14 + networks: + - syncthing + volumes: + - ${HOST__SYNC_DIR:?}:/var/syncthing + healthcheck: + test: curl -fkLsS -m 2 127.0.0.1:8384/rest/noauth/health | grep -o --color=never OK || exit 1 + start_period: 5s + networks: cgit: radicale: + syncthing: volumes: radicale_data: diff --git a/example.env b/example.env index 0ce131f..df92ee9 100644 --- a/example.env +++ b/example.env @@ -6,8 +6,7 @@ HOST__HTTP_PORT=80 HOST__HTTPS_PORT=443 # Directory containing the TLS certificate/key pair named -# `server.crt`/`server.key` as well as a `.htpasswd` file with the encrypted -# credentials to access logseq +# `server.crt`/`server.key` HOST__SECRET_DIR=/home/USER/.local/net_services/certs # Directory containing Git repositories @@ -21,3 +20,6 @@ HOST__CGIT_ABOUT_DIR=/home/USER/.local/net_services/cgit/about # Directory containing the `.htpasswd` file with the encrypted credentials of the # Radicale users. HOST__RADICALE_USERS_DIR=/home/USER/.local/net_services/radicale + +# Directory for Syncthing shared folders +HOST__SYNC_DIR=/home/USER/.local/net_services/syncthing diff --git a/readme.md b/readme.md index 345e719..39db06b 100644 --- a/readme.md +++ b/readme.md @@ -24,3 +24,14 @@ Sensitive data is not stored on the disk when containers start. It is copied int ``` htpasswd ${HOST__RADICALE_USERS_DIR}/.htpasswd username ``` + +1. Access the services + + You may have to adapt the URLs to the configured published ports. + + - https://git.localhost + - https://dav.localhost + - https://sync.localhost + + It is highly recommended to configure authentication for the Syncthing GUI + if it exposed to the network. diff --git a/services/nginx/etc/nginx/templates/default.conf.template b/services/nginx/etc/nginx/templates/default.conf.template index 306a074..f90b61a 100644 --- a/services/nginx/etc/nginx/templates/default.conf.template +++ b/services/nginx/etc/nginx/templates/default.conf.template @@ -5,7 +5,8 @@ server { server_name ${NGINX__HOST} www.${NGINX__HOST} dav.${NGINX__HOST} - git.${NGINX__HOST}; + git.${NGINX__HOST} + sync.${NGINX__HOST}; # Prevent nginx HTTP Server Detection server_tokens off; diff --git a/services/nginx/etc/nginx/templates/services/syncthing.conf.template b/services/nginx/etc/nginx/templates/services/syncthing.conf.template new file mode 100644 index 0000000..31c90bb --- /dev/null +++ b/services/nginx/etc/nginx/templates/services/syncthing.conf.template @@ -0,0 +1,20 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + server_name sync.${NGINX__HOST}; + + ssl_certificate /run/secrets/server.crt; + ssl_certificate_key /run/secrets/server.key; + + location / { + proxy_pass http://syncthing:8384; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_read_timeout 600s; + proxy_send_timeout 600s; + } +} -- cgit v1.2.3