Frank ℤisko - Debian: Syncthing-Setup

Fehler, Verbesserungen oder Anmerkungen können mir gern per Email geschickt werden.
Vorraussetzungen

Halbwegs sicherer Umgang mit einer Linux Konsole / Terminal.
Setup

apt install curl apt-transport-https apache2-utils
#OLD: curl -s https://syncthing.net/release-key.txt | apt-key add -
curl https://syncthing.net/release-key.txt | gpg --dearmor > /usr/share/keyrings/apt-syncthing-key.gpg
echo "deb [signed-by=/usr/share/keyrings/apt-syncthing-key.gpg] https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list

apt update
apt install syncthing

# Usefull variables.
APPNAME=syncthing
SYSUSER=frank
# TODO: Parse home folder from /etc/passwd
SYSUSERHOME=/home/${SYSUSER}

# Init config.
su -c "syncthing -generate=${SYSUSERHOME}/.config/syncthing/" ${SYSUSER}

# Enable web gui connection via TLS.
sed -i "s|<gui.*>|<gui enabled=\"true\" tls=\"true\" debugging=\"false\">|" ${SYSUSERHOME}/.config/syncthing/config.xml

# Create app user.
APPUSER="${SYSUSER}-${HOSTNAME}-syncthing"
APPPWD=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 ; echo '')
PWDHASH=$(htpasswd -nbBC 12 ${APPUSER} ${APPPWD} | cut -d ":" -f2)

# Write app user into config.
sed -i "s|<address>.*:8384</address>|<address>0.0.0.0:8384</address><user>${APPUSER}</user><password>${PWDHASH}</password>|" ${SYSUSERHOME}/.config/syncthing/config.xml

# Log app user into file.
LOGIN_INFO_FILE=${SYSUSERHOME}/.app-${APPNAME}-admin.txt
cat > ${LOGIN_INFO_FILE} <<__EOF__
${APPNAME} user
Username: ${APPUSER}
Password: ${APPPWD}
__EOF__
chown ${SYSUSER}:${SYSUSER} ${SYSUSERHOME}/.app-${APPNAME}-admin.txt

# Bash output and var clearing.
echo " "
echo -e "\033[0;33mCreated ${APPNAME} user.\033[0m"
echo -e "    Username: \033[0;36m${USERSNAME}\033[0m"
echo -e "    Password: \033[0;36m${USERSPWD}\033[0m"
echo -e "    Saved in: \033[0;36m${LOGIN_INFO_FILE}\033[0m"
APPUSER=""
APPPWD=""
PWDHASH=""

# Some more configs.
SEDFILE=${SYSUSERHOME}/.config/syncthing/config.xml

# Go into the dark.
SEDVAR='s|<theme>.*</theme>|<theme>black</theme>|'
sed -i ${SEDVAR} ${SEDFILE}

# Syncthing device name.
SEDVAR="s|name=\".*\"|name=\"${SYSUSER}-${HOSTNAME}\"|"
sed -i ${SEDVAR} ${SEDFILE}

# Change default folder path.
DEFAULTFOLDERPATH=${SYSUSERHOME}/SyncSyncthing
SEDVAR="s|~|~/SyncSyncthing|"
sed -i ${SEDVAR} ${SEDFILE}

# Change default folder.
SEDVAR="s|${SYSUSERHOME}/Sync|${DEFAULTFOLDERPATH}/default|"
sed -i ${SEDVAR} ${SEDFILE}

# Change default folder id.
DEFAULTFOLDERID="default-$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 5 ; echo '')-$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 5 ; echo '')"
SEDVAR="s|id=\"default\"|id=\"${DEFAULTFOLDERID}\"|"
sed -i ${SEDVAR} ${SEDFILE}

# Disable reports.
SEDVAR="s|<crashReportingEnabled>.*</crashReportingEnabled>|<crashReportingEnabled>false</crashReportingEnabled>|"
sed -i ${SEDVAR} ${SEDFILE}
SEDVAR="s|<urAccepted>.*</urAccepted>|<urAccepted>-1</urAccepted>|"
sed -i ${SEDVAR} ${SEDFILE}

# Systemd service file
cat > /etc/systemd/system/syncthing@.service <<__EOF__
[Unit]
Description=Syncthing - Open Source Continuous File Synchronization for %I
Documentation=man:syncthing(1)
After=network.target

[Service]
User=%i
ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0
Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4

# Hardening
ProtectSystem=full
PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target
__EOF__

systemctl daemon-reload 
systemctl enable syncthing@frank
systemctl start syncthing@frank
systemctl status syncthing@frank
Vorraussetzungen

Setup

Quellen
