From 249f37b8607871d98119c7ab3640962d0cc3bc5a Mon Sep 17 00:00:00 2001
From: Viyurz <128215328+Viyurz@users.noreply.github.com>
Date: Fri, 1 Dec 2023 12:33:10 +0000
Subject: [PATCH] Added Syncthing

---
 nftables.conf                 |  7 +++++--
 nginx-rp/nginx.conf           |  2 --
 nginx-rp/reverse-proxy.conf   |  2 ++
 ports.txt                     |  4 ++++
 syncthing/docker-compose.yaml | 30 ++++++++++++++++++++++++++++++
 5 files changed, 41 insertions(+), 4 deletions(-)
 create mode 100644 syncthing/docker-compose.yaml

diff --git a/nftables.conf b/nftables.conf
index 873094b..0fc4bfc 100755
--- a/nftables.conf
+++ b/nftables.conf
@@ -11,8 +11,9 @@ table inet filter {
 		ct state invalid drop
 		ct state { established, related } accept
 
-		# HTTP
-		tcp dport { http, https } limit rate 5/second accept
+		# HTTP & Syncthing Relay
+		tcp dport { http, https, 5432, 22000 } limit rate 5/second accept
+		udp dport 22000 limit rate 5/second accept
 
 		# SSH
 		tcp dport 995 limit rate 15/minute accept
@@ -24,6 +25,8 @@ table inet filter {
 
 	chain forward {
 		type filter hook forward priority 0; policy accept;
+
+		iif eth0 drop
 	}
 	
 	chain output {
diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf
index 5861456..2a8fc34 100644
--- a/nginx-rp/nginx.conf
+++ b/nginx-rp/nginx.conf
@@ -74,8 +74,6 @@ http {
 
 	proxy_set_header Host $host;
 	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Client-Port $remote_port;
-	proxy_set_header X-SSL-Cert $ssl_client_cert;
 	proxy_set_header X-Forwarded-Port $server_port;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
diff --git a/nginx-rp/reverse-proxy.conf b/nginx-rp/reverse-proxy.conf
index 3fdbbf8..426399a 100644
--- a/nginx-rp/reverse-proxy.conf
+++ b/nginx-rp/reverse-proxy.conf
@@ -127,6 +127,8 @@ server {
 	location / {
 		proxy_pass http://stdisco.viyurz.fr;
 		
+		proxy_set_header X-Client-Port $remote_port;
+		proxy_set_header X-SSL-Cert $ssl_client_cert;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection $http_connection;
 	}
diff --git a/ports.txt b/ports.txt
index a6941c3..757c3b2 100644
--- a/ports.txt
+++ b/ports.txt
@@ -1,8 +1,12 @@
 80/443 -> NGINX reverse proxy
 995 -> SSH
+5432 -> Syncthing
 8008 -> Synapse
 8080 -> Nextcloud AIO
 8081 -> Vaultwarden
 8082 -> nginx-www
 8083 -> SearXNG
+8384 -> Syncthing Web UI
+8443 -> stdisco
 11000 -> Nextcloud
+22000 -> Syncthing
diff --git a/syncthing/docker-compose.yaml b/syncthing/docker-compose.yaml
new file mode 100644
index 0000000..4c1b91a
--- /dev/null
+++ b/syncthing/docker-compose.yaml
@@ -0,0 +1,30 @@
+services:
+  syncthing:
+    image: syncthing/syncthing:latest
+    container_name: syncthing
+    restart: always
+    environment:
+      - PUID=1003
+      - PGID=1003
+    ports:
+      - "[::1]:8384:8384" # Web UI
+      - 22000:22000/tcp # TCP file transfers
+      - 22000:22000/udp # QUIC file transfers
+      - 5432:22000/tcp
+    volumes:
+      - /mnt/syncthing:/var/syncthing
+
+  stdiscosrv:
+    image: syncthing/discosrv:latest
+    container_name: stdiscosrv
+    restart: always
+    entrypoint:
+      - "/bin/entrypoint.sh"
+      - "/bin/stdiscosrv"
+      - "-http"
+      - "-debug"
+    environment:
+      - PUID=1002
+      - PGID=1002
+    ports:
+      - "[::1]:8443:8443"