2025.04.10_11:30

LXC-Debian/PVE01_LXC_Debian_Syncthing.sh

@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Check if user is root
+#
+if [ $(id -u) != "0" ]; then
+	echo "Error: You must be root to run this script, please use the root user to install the software."
+	exit 1
+fi
+
+if [ ! -f /etc/debian_version ]; then 
+	echo "Unsupported Linux Distribution. Prepared for Debian"
+	exit 1
+fi
+################################################################################
+#
+# Hostname: syncthing.dmz.lan
+#
+# IP: 192.168.50.14/24
+#
+# Url: https://192.168.50.14:8384
+#
+# Url: https://syncthing.vmnetz.lan64.de/
+#
+# OS: Debain 12
+#
+# Container ID: 105
+#
+# Node: PVE01
+#
+################################################################################
+#
+#
+#
+################################################################################
+#
+# echo 'mp0: /storage01/fileserver/syncthing,mp=/srv/syncthing' >> /etc/pve/nodes/pve01/lxc/105.conf
+#
+################################################################################
+apt install -y gnupg
+
+curl -s -o /usr/share/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg
+echo "deb [signed-by=/usr/share/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | tee /etc/apt/sources.list.d/syncthing.list
+
+# Bevorzugung von Syncthing-Paketen ("Pinning")
+printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" | tee /etc/apt/preferences.d/syncthing
+
+
+echo -e '\033[33m------ADDUSER Syncthing------\033[33m'
+echo -e "\033[0m"
+adduser --disabled-login syncthing
+
+# Make synthing home directory accessable for all other users:
+chmod 2770 /home/syncthing/
+
+su -l syncthing -c 'echo "umask 007" >> /home/syncthing/.profile'
+su -l syncthing -c 'echo "umask 007" >> /home/syncthing/https://syncthing.vmnetz.lan64.de/.bash_profile'
+
+
+echo -e '\033[33m------Update and install Syncthing------\033[33m'
+echo -e "\033[0m"
+apt update && apt install -y syncthing
+
+mv /lib/systemd/system/syncthing@.service /lib/systemd/system/syncthing@.service.default
+
+cat > /lib/systemd/system/syncthing@.service <<"EOF"
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization for %I
+Documentation=man:syncthing(1)
+After=network.target
+StartLimitIntervalSec=60
+StartLimitBurst=4
+
+[Service]
+User=%i
+#ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0
+ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0 -home="/home/syncthing/.config/syncthing" -gui-address="192.168.50.14:8384"
+Restart=on-failure
+RestartSec=1
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+
+# Hardening
+ProtectSystem=full
+PrivateTmp=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+
+# Elevated permissions to sync ownership (disabled by default),
+# see https://docs.syncthing.net/advanced/folder-sync-ownership
+#AmbientCapabilities=CAP_CHOWN CAP_FOWNER
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload && systemctl enable syncthing@syncthing.service
+
+#systemctl status syncthing@syncthing.service
+
+cp /home/syncthing/.config/syncthing/config.xml /home/syncthing/.config/syncthing/config.default
+
+systemctl start syncthing@syncthing.service
+
+
+apt autoremove && apt autoclean && apt clean