Added Syncthing

2023-12-01 12:33:10 +00:00 · 2023-12-01 12:33:10 +00:00 · 249f37b860
commit 249f37b860
parent 97af5ecee2
5 changed files with 41 additions and 4 deletions
--- a/nftables.conf
+++ b/nftables.conf
@ -11,8 +11,9 @@ table inet filter {
 		ct state invalid drop
 		ct state { established, related } accept

-		# HTTP
-		tcp dport { http, https } limit rate 5/second accept
+		# HTTP & Syncthing Relay
+		tcp dport { http, https, 5432, 22000 } limit rate 5/second accept
+		udp dport 22000 limit rate 5/second accept

 		# SSH
 		tcp dport 995 limit rate 15/minute accept
@ -24,6 +25,8 @@ table inet filter {

 	chain forward {
 		type filter hook forward priority 0; policy accept;
+
+		iif eth0 drop
 	}
 	
 	chain output {
--- a/nginx-rp/nginx.conf
+++ b/nginx-rp/nginx.conf
@ -74,8 +74,6 @@ http {

 	proxy_set_header Host $host;
 	proxy_set_header X-Real-IP $remote_addr;
-	proxy_set_header X-Client-Port $remote_port;
-	proxy_set_header X-SSL-Cert $ssl_client_cert;
 	proxy_set_header X-Forwarded-Port $server_port;
 	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 	proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
--- a/nginx-rp/reverse-proxy.conf
+++ b/nginx-rp/reverse-proxy.conf
@ -127,6 +127,8 @@ server {
 	location / {
 		proxy_pass http://stdisco.viyurz.fr;
 		
+		proxy_set_header X-Client-Port $remote_port;
+		proxy_set_header X-SSL-Cert $ssl_client_cert;
 		proxy_set_header Upgrade $http_upgrade;
 		proxy_set_header Connection $http_connection;
 	}
--- a/ports.txt
+++ b/ports.txt
@ -1,8 +1,12 @@
 80/443 -> NGINX reverse proxy
 995 -> SSH
+5432 -> Syncthing
 8008 -> Synapse
 8080 -> Nextcloud AIO
 8081 -> Vaultwarden
 8082 -> nginx-www
 8083 -> SearXNG
+8384 -> Syncthing Web UI
+8443 -> stdisco
 11000 -> Nextcloud
+22000 -> Syncthing
--- a/syncthing/docker-compose.yaml
+++ b/syncthing/docker-compose.yaml
@ -0,0 +1,30 @@
+services:
+  syncthing:
+    image: syncthing/syncthing:latest
+    container_name: syncthing
+    restart: always
+    environment:
+      - PUID=1003
+      - PGID=1003
+    ports:
+      - "[::1]:8384:8384" # Web UI
+      - 22000:22000/tcp # TCP file transfers
+      - 22000:22000/udp # QUIC file transfers
+      - 5432:22000/tcp
+    volumes:
+      - /mnt/syncthing:/var/syncthing
+
+  stdiscosrv:
+    image: syncthing/discosrv:latest
+    container_name: stdiscosrv
+    restart: always
+    entrypoint:
+      - "/bin/entrypoint.sh"
+      - "/bin/stdiscosrv"
+      - "-http"
+      - "-debug"
+    environment:
+      - PUID=1002
+      - PGID=1002
+    ports:
+      - "[::1]:8443:8443"