From a276fa89702d4a1cb41d99680c11092f4c32c2c8 Mon Sep 17 00:00:00 2001 From: Fabio Scotto di Santolo Date: Mon, 20 Apr 2026 14:20:53 +0200 Subject: [PATCH] Add Syncthing to server container stack --- AGENTS.md | 1 + README.md | 5 +++- ansible/inventory/group_vars/server.yml | 24 +++++++++++++++++++ .../templates/server/docker-compose.yml.j2 | 17 +++++++++++++ 4 files changed, 46 insertions(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index 986ffca..e92b3e5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -41,6 +41,7 @@ Ansible-driven personal infrastructure repo for Void desktops, Linux workstation - Waybar JSON: `python3 -m json.tool dotfiles/desktop/.config/waybar/config-sway.jsonc >/dev/null` - Mail bootstrap: `sh -n scripts/bootstrap_mail.sh` and `shellcheck scripts/bootstrap_mail.sh` - Windows bootstrap parse: `pwsh -NoProfile -Command "[void][System.Management.Automation.Language.Parser]::ParseFile('scripts/bootstrap_windows_workstation.ps1', [ref]$null, [ref]$null)"` + - Server compose render: `docker compose -f /opt/docker/server/docker-compose.yml config` ## Conventions - Use FQCN Ansible modules. diff --git a/README.md b/README.md index e65d922..52ad8fa 100644 --- a/README.md +++ b/README.md @@ -194,8 +194,9 @@ Lo stato attuale del profilo server include: - installazione pacchetti base Ubuntu via apt - installazione e configurazione di Docker dal repository ufficiale - abilitazione dei servizi systemd dichiarati in inventory/group vars -- copia dei dotfiles server e rendering dei template server +- copia dei dotfiles server e rendering dei template server, incluso il `docker-compose.yml` dello stack servizi - attivazione del firewall UFW con regola SSH esplicita +- apertura delle porte Syncthing `22000/tcp`, `22000/udp` e `21027/udp`, lasciando la GUI non esposta direttamente su UFW Utente del profilo server: @@ -294,6 +295,7 @@ Questo significa che, allo stato attuale: - la workstation Fedora (`deadalus-fedora`) usa lo stesso principio di composizione a gruppi con il ramo Fedora dedicato e con `gsettings` host-specifici dichiarati in inventory - il ramo Windows + WSL e predisposto con bootstrap PowerShell e play Windows/WSL dedicati - il server Ubuntu (`prometheus`) e gestito con pacchetti, servizi, dotfiles server e firewall +- lo stack container server include `navidrome`, `postgres`, `gitea`, `nginx-proxy-manager` e `syncthing`, con GUI Syncthing raggiungibile tramite la rete Docker `web` # Dotfiles @@ -400,6 +402,7 @@ ansible-playbook ansible/site.yml --limit --tags , --check -- ansible-playbook ansible/site.yml --limit --start-at-task "" --check --diff ansible-lint ansible/roles/ yamllint ansible/path/to/file.yml +docker compose -f /opt/docker/server/docker-compose.yml config ``` ## Tag supportati dal playbook diff --git a/ansible/inventory/group_vars/server.yml b/ansible/inventory/group_vars/server.yml index d4da695..0f98319 100644 --- a/ansible/inventory/group_vars/server.yml +++ b/ansible/inventory/group_vars/server.yml @@ -80,10 +80,34 @@ server_directories: owner: root group: root mode: "0755" + - path: /opt/syncthing/config + owner: root + group: root + mode: "0755" + - path: /srv/syncthing + owner: root + group: root + mode: "0755" + - path: /srv/syncthing/data + owner: root + group: root + mode: "0755" server_ufw_rules: - rule: allow name: OpenSSH + - rule: allow + port: "22000" + proto: tcp + comment: Syncthing sync traffic + - rule: allow + port: "22000" + proto: udp + comment: Syncthing QUIC sync traffic + - rule: allow + port: "21027" + proto: udp + comment: Syncthing local discovery server_sshd_settings: PermitRootLogin: "no" diff --git a/ansible/templates/server/docker-compose.yml.j2 b/ansible/templates/server/docker-compose.yml.j2 index 9372740..ea2b8e4 100644 --- a/ansible/templates/server/docker-compose.yml.j2 +++ b/ansible/templates/server/docker-compose.yml.j2 @@ -68,6 +68,23 @@ services: - "3000:3000" - "127.0.0.1:222:22" + syncthing: + image: syncthing/syncthing:2 + container_name: syncthing + hostname: syncthing + restart: unless-stopped + expose: + - "8384" + volumes: + - "/opt/syncthing/config:/var/syncthing" + - "/srv/syncthing/data:/data" + ports: + - "22000:22000/tcp" + - "22000:22000/udp" + - "21027:21027/udp" + networks: + - web + networks: web: external: false