Syncthing jail

Setup for Syncthing service jail with iocage.

On FreeNAS

Create jail:

iocage create --release 11.1-RELEASE --name syncthing \
          boot="on" vnet=on bpf=on \
          allow_raw_sockets="1" \
          ip4_addr="vnet1|172.20.40.33/24" \
          interfaces="vnet1:bridge1" \
          defaultrouter="172.20.40.1" \
          resolver="search ramsden.network;nameserver 172.20.40.1;nameserver 8.8.8.8"

Create user Syncthing on FreeNAS with ID 983, nologin to match the user in the jail.

On Freenas create datasets:

  • Datasets

    • Syncthing Data

      • tank/data/syncthing

Nullfs mount datasets in jail:

Syncthing data:

iocage exec syncthing 'mkdir -p /mnt/syncthing/data'
iocage fstab --add syncthing '/mnt/tank/data/syncthing/sync /mnt/syncthing/data nullfs rw 0 0'

Start jail and enter.

iocage start syncthing
iocage console syncthing

Jail

In the jail, update all packages and install syncthing.

pkg update && pkg upgrade
pkg install syncthing ca_root_nss

Enable the service on boot.

sysrc 'syncthing_enable=YES'
sysrc 'syncthing_user=syncthing' && sysrc 'syncthing_group=syncthing'
sysrc 'syncthing_home=/var/db/syncthing'

Start the syncthing service.

service syncthing start

Configure

Start syncthing as an initial test:

service syncthing restart

Edit /var/db/syncthing/config.xml and change the IP address which the GUI will be accessible from. This will enable accessing the GUI from a remote computer:

Before:

<gui enabled="true" tls="false">
 <address>127.0.0.1:8384</address>;
 <apikey>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</apikey>;
</gui>

After:

<gui enabled="true" tls="false">
 <address>0.0.0.0:8384</address>;
 <apikey>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</apikey>;
</gui>

Restart the service for changes to apply:

service syncthing restart

Finally, access the GUI by pointing a browser to the server's address and port, ie http://SERVER_URL:8384.

Last updated