Differences between revisions 9 and 28 (spanning 19 versions)
Revision 9 as of 2021-02-20 11:39:14
Size: 1838
Comment:
Revision 28 as of 2021-02-25 20:25:56
Size: 4081
Comment:
Deletions are marked like this. Additions are marked like this.
Line 4: Line 4:
 * Easy easy and simple configuration  * Easy and simple configuration
Line 6: Line 6:
 * File ignore patterns
Line 26: Line 27:
For each user that is going to synchronize against this system, create a directory for them in `/srv/home` and add the correct permissions. For each user that is going to synchronize against this system, create a directory for them in `/srv/home` and give it the correct ownership.
Line 40: Line 41:
When the syncthing service has starts, it creates a set of config files in the users home directory. Edit `/home/kale/.config/syncthing/config.xml`and look for this section. Change When the syncthing service starts, it creates a set of config files in the users home directory. Edit `/home/kale/.config/syncthing/config.xml` and look for the section below. Change the address, so the service listens on all interfaces `<address>0.0.0.0:8384</address>`, instead of just localhost. Notice that when you make this change, your syncthing service is public. Everyone can change it.
Line 42: Line 43:
{{{
<gui enabled="true" tls="true" debugging="false">
    <address>0.0.0.0:8384</address>
    <user>kale</user>
    <password>$2a$10$tFQJQW18N2CV3LMf8g8BE.tu3kk3JvT/PySWukxbt3tZPXYsr4o0m</password>
    <
apikey>someapikey</apikey>
{{{#!highlight xml
<gui enabled="true" tls="false" debugging="false">
    <address>127.0.0.1:8384</address>
    <apikey>apikey</apikey>
Line 52: Line 51:
Restart the service for the specific user.
{{{
systemctl restart syncthing@kale.service
}}}
Line 53: Line 56:
=== GUI ===
Line 54: Line 58:
It should now be possible to connect to the syncthing GUI on https://syncthing:8384 and configure it.

=== Credentials ===

Start by setting up a username, a password and force https. This is done in the settings dialog in the GUI tab. Your installation should now be secure.

{{attachment:syncthing-settings-gui.png||align="top"}}

== Transfer speed ==

When transferring files, the default behavior of syncthing is to flush for every file transferred. This makes transfer of many small files very slow. The version of syncthing provided in Debian Buster does not have an option to disable syncthings use of the fsync call. In newer versions of syncthing, this can be found in `~/.config/syncthing/config.xml` as `<disableFsync>false</disableFsync>`. Changing that option to `true` will make syncthing transfer files much faster, on the expense of risking data loss. Currently the version of syncthing in Debian Bullseye does have this functionality implemented.

=== Eat my data ===
A library called libeatmydata has been created to stop applications like syncthing from using fsync, by replacing the fsync library call.

{{{
apt-get install eatmydata
}}}

Now change the init script for the syncthing service in `/etc/systemd/system/multi-user.target.wants/syncthing@kale.service`. Add `/usr/bin/eatmydata` in then the ExecStart variable, and eatmydata will take care of the fsync call.
{{{#!highlight systemd
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target

[Service]
User=%i
ExecStart=/usr/bin/eatmydata /usr/bin/syncthing -no-browser -no-restart -logflags=0
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
Line 66: Line 112:
* https://theselfhostingblog.com/posts/how-to-set-up-a-headless-syncthing-network/  * https://theselfhostingblog.com/posts/how-to-set-up-a-headless-syncthing-network/
 * https://docs.syncthing.net/advanced/folder-disable-fsync.html

Syncthing

Syncthing is a modern file synchronization tool. It synchronizes files between various devices and operating systems. It is a great tool for automatic backup of personal files and smartphones. It has several usefull features:

  • Easy and simple configuration
  • File versioning
  • File ignore patterns

For this setup we will use GlusterFS as the file store backend.

Software

Start by installing syncthing

apt-get install syncthing

Filesystem

Configure your system as a GlusterFS client, so you have the following in your fstab.

/etc/glusterfs/home.vol /srv/home glusterfs defaults,_netdev,rw 0 0

Configuration

For each user that is going to synchronize against this system, create a directory for them in /srv/home and give it the correct ownership.

mkdir /srv/home/kale
chown -R kale:kale /srv/home/kale

For each user add the syncthing service to default runlevel and start it.

systemctl enable syncthing@kale.service
systemctl start syncthing@kale.service

When the syncthing service starts, it creates a set of config files in the users home directory. Edit /home/kale/.config/syncthing/config.xml and look for the section below. Change the address, so the service listens on all interfaces <address>0.0.0.0:8384</address>, instead of just localhost. Notice that when you make this change, your syncthing service is public. Everyone can change it.

   1 <gui enabled="true" tls="false" debugging="false">
   2     <address>127.0.0.1:8384</address>
   3     <apikey>apikey</apikey>
   4     <theme>default</theme>
   5 </gui>

Restart the service for the specific user.

systemctl restart syncthing@kale.service

GUI

It should now be possible to connect to the syncthing GUI on https://syncthing:8384 and configure it.

Credentials

Start by setting up a username, a password and force https. This is done in the settings dialog in the GUI tab. Your installation should now be secure.

syncthing-settings-gui.png

Transfer speed

When transferring files, the default behavior of syncthing is to flush for every file transferred. This makes transfer of many small files very slow. The version of syncthing provided in Debian Buster does not have an option to disable syncthings use of the fsync call. In newer versions of syncthing, this can be found in ~/.config/syncthing/config.xml as <disableFsync>false</disableFsync>. Changing that option to true will make syncthing transfer files much faster, on the expense of risking data loss. Currently the version of syncthing in Debian Bullseye does have this functionality implemented.

Eat my data

A library called libeatmydata has been created to stop applications like syncthing from using fsync, by replacing the fsync library call.

apt-get install eatmydata

Now change the init script for the syncthing service in /etc/systemd/system/multi-user.target.wants/syncthing@kale.service. Add /usr/bin/eatmydata in then the ExecStart variable, and eatmydata will take care of the fsync call.

Syntax highlighting not supported for 'systemd', see HelpOnParsers.
   1 [Unit]
   2 Description=Syncthing - Open Source Continuous File Synchronization for %I
   3 Documentation=man:syncthing(1)
   4 After=network.target
   5 
   6 [Service]
   7 User=%i
   8 ExecStart=/usr/bin/eatmydata /usr/bin/syncthing -no-browser -no-restart -logflags=0
   9 Restart=on-failure
  10 SuccessExitStatus=3 4
  11 RestartForceExitStatus=3 4
  12 
  13 # Hardening
  14 ProtectSystem=full
  15 PrivateTmp=true
  16 SystemCallArchitectures=native
  17 MemoryDenyWriteExecute=true
  18 NoNewPrivileges=true
  19 
  20 [Install]
  21 WantedBy=multi-user.target

Instances

References

None: Syncthing (last edited 2022-02-12 09:39:51 by Kristian Kallenberg)