Syncthing jail

Setup for Syncthing service jail with iocage.

On FreeNAS

Create jail:

iocage create --release 11.1-RELEASE --name syncthing \ boot="on" vnet=on \ allow_raw_sockets="1" \ ip4_addr="vnet1|172.20.40.33/24" \ interfaces="vnet1:bridge1" \ defaultrouter="172.20.40.1" \ resolver="search ramsden.network;nameserver 172.20.40.1;nameserver 8.8.8.8"

Create user Syncthing on FreeNAS with ID 983, nologin to match the user in the jail.

On Freenas create datasets:

  • Datasets
    • Syncthing Data
      • tank/data/syncthing

Nullfs mount datasets in jail:

Syncthing data:

iocage exec syncthing 'mkdir -p /mnt/syncthing/data' iocage fstab --add syncthing '/mnt/tank/data/syncthing/sync /mnt/syncthing/data nullfs rw 0 0'

Start jail and enter.

iocage start syncthing iocage console syncthing

Jail

In the jail, update all packages and install syncthing.

pkg update && pkg upgrade pkg install syncthing

Enable the service on boot.

sysrc 'syncthing_enable=YES' sysrc 'syncthing_user=syncthing' && sysrc 'syncthing_group=syncthing' sysrc 'syncthing_dir=/var/db/syncthing'

Start the syncthing service.

service syncthing start

Configure

Start syncthing as an initial test:

service syncthing restart

Edit /var/db/syncthing/config.xml and change the IP address which the GUI will be accessible from. This will enable accessing the GUI from a remote computer:

Before:

<gui enabled="true" tls="false"> <address>127.0.0.1:8384</address>; <apikey>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</apikey>; </gui>

After:

<gui enabled="true" tls="false"> <address>0.0.0.0:8384</address>; <apikey>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</apikey>; </gui>

Restart the service for changes to apply:

service syncthing restart

Finally, access the GUI by pointing a browser to the server's address and port, ie http://SERVER_URL:8384.

results matching ""

    No results matching ""