diff --git a/env.yml b/env.yml index 79c9bd6..58b16b1 100644 --- a/env.yml +++ b/env.yml @@ -59,6 +59,8 @@ ports: searxng: 8083 synapse: 8008 syncthing_discosrv: 8443 + # Public port, forwarded to 22067 by nftables + syncthing_relaysrv: 143 syncthing_webui: 8384 syncthing_tcp: 5432 syncthing_udp: 22000 @@ -78,6 +80,7 @@ users: synapse_postgres: 70 syncthing: 1001 syncthing_discosrv: 1002 + syncthing_relaysrv: 1003 vaultwarden: 1000 diff --git a/roles/nftables/templates/nftables.conf b/roles/nftables/templates/nftables.conf index faefd77..ab79445 100755 --- a/roles/nftables/templates/nftables.conf +++ b/roles/nftables/templates/nftables.conf @@ -2,6 +2,14 @@ flush ruleset +# Forward Syncthing relay traffic from port {{ ports['syncthing_relaysrv'] }} to 22067 +table inet nat { + chain prerouting { + type nat hook prerouting priority dstnat; + iif eth0 tcp dport {{ ports['syncthing_relaysrv'] }} redirect to :22067 + } +} + table inet filter { chain input { type filter hook input priority 0; policy drop; @@ -22,7 +30,7 @@ table inet filter { tcp dport 995 limit rate 15/minute accept # Syncthing - tcp dport {{ ports['syncthing_tcp'] }} limit rate 5/second accept + tcp dport { {{ ports['syncthing_tcp'] }}, 22067 } limit rate 5/second accept udp dport {{ ports['syncthing_udp'] }} limit rate 5/second accept # Coturn diff --git a/roles/syncthing/templates/docker-compose.yaml b/roles/syncthing/templates/docker-compose.yaml index ae84f3b..c57d872 100644 --- a/roles/syncthing/templates/docker-compose.yaml +++ b/roles/syncthing/templates/docker-compose.yaml @@ -18,11 +18,8 @@ services: image: syncthing/discosrv:latest container_name: syncthing-discosrv restart: always - entrypoint: - - "/bin/entrypoint.sh" - - "/bin/stdiscosrv" + command: - "-http" - - "-debug" environment: - PUID={{ users['syncthing_discosrv'] }} - PGID={{ users['syncthing_discosrv'] }} @@ -30,6 +27,27 @@ services: - discosrv ports: - 127.0.0.1:{{ ports['syncthing_discosrv'] }}:8443 + + strelaysrv: + image: syncthing/relaysrv:latest + container_name: syncthing-relaysrv + restart: always + command: + - '-ext-address=:{{ ports["syncthing_relaysrv"] }}' + - '-pools=' + environment: + - PUID={{ users['syncthing_relaysrv'] }} + - PGID={{ users['syncthing_relaysrv'] }} + networks: + - relaysrv + ports: + - 22067:22067 + volumes: + - strelaysrv:/var/strelaysrv networks: discosrv: + relaysrv: + +volumes: + strelaysrv: