README.md

@@ -18,7 +18,6 @@ This project was largely inspired by his own [infra](https://github.com/notthebe
 * MediaWiki farm
 * Navidrome music server
 * SFTP (not really a service, included in sshd)
-* Syncthing
 * Firewall (UFW)
 
 ## Miscellaneous features
@@ -32,9 +31,6 @@ This project was largely inspired by his own [infra](https://github.com/notthebe
 
 Install ansible. [Install guide](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
 
-Install python-hashlib. This is necessary for syncthing because for some reason
-it can't compute hashes for bcrypt.
-
 
 Clone the repo:
 ```

group_vars/all/vars.yml

@@ -201,9 +201,6 @@ registration_shared_secret: "secret"
 macaroon_secret_key: "secret"
 form_secret: "secret"
 
-# Syncthing secrets
-syncthing_gui_pass: ""
-
 # Coturn secrets
 coturn_secret_key: "secret"
 
@@ -271,10 +268,7 @@ enable_navidrome: yes
 enable_website: yes
 
 # SFTP read-only user
-enable_sftpr: no
+enable_sftpr: yes
-
-# Syncthing
-enable_syncthing: yes
 
 # Mailserver (local only)
 enable_mail: yes

roles/backup/templates/lbk.sh.j2

@@ -22,11 +22,34 @@ then
 	exit
 fi
 
-mkdir -p /mnt/disk_b/bkd/
+if [ ! -f /mnt/disk_b/bk-0.tgz ]
-rsync -avxP --delete \
+then
+	echo "No full archive: preparing to perform complete backup."
+	sleep 5
+	echo "Performing complete backup."
+
+	tar -czv \
 	--exclude={{ dataroot }}/navidrome/cache \
 	--exclude={{ dataroot }}/synapse/media_store \
-	/mnt/disk/ /mnt/disk_b/bkd/
+	-f /mnt/disk_b/bk-0.tgz -g /mnt/disk_b/bk.snar /mnt/disk \
+
+	echo "Backup finished."
+	tput bel
+else
+	LABEL=$(date +"%Y_%m_%d")
+	echo "Preparing to perform incremental backup: $LABEL"
+	sleep 5.
+	echo "Performing incremental backup."
+	cp /mnt/disk_b/bk.snar "/mnt/disk_b/bk-$LABEL.snar"
+
+	tar -czv \
+	--exclude={{ dataroot }}/navidrome/cache \
+	--exclude={{ dataroot }}/synapse/media_store \
+	-f "/mnt/disk_b/bk-$LABEL.tgz" -g "/mnt/disk_b/bk-$LABEL.snar" /mnt/disk \
+
+	echo "Backup finished."
+	tput bel
+fi
 
 echo "Preparing to unmount backup disk."
 sleep 5

roles/firewall/tasks/main.yml

@@ -15,14 +15,6 @@
     state: enabled
   when: enable_synapse
 
-- name: Allow Syncthing port
-  community.general.ufw:
-    rule: allow
-    port: 22000
-    proto: any
-    state: enabled
-  when: enable_syncthing
-
 - name: Allow http/https ports
   community.general.ufw:
     rule: allow

roles/services/syncthing/defaults/main.yaml

@@ -1,48 +0,0 @@
-syncthing_user: syncthing
-# group for file management
-syncthing_group: vault
-syncthing_guiaddress: 127.0.0.1:8080
-syncthing_listen: tcp://0.0.0.0:22000
-syncthing_localannounce: true
-syncthing_globalannounce: true
-syncthing_home: "/home/{{ syncthing_user }}"
-syncthing_gui_user: "{{ syncthing_user }}"
-
-# Paths for Syncthing folders
-vault_path: "/mnt/disk/uv"
-archive_path: "/mnt/disk/uva"
-
-# Put this in the vault in cleartext: the playbook hashes it
-syncthing_gui_pass: ""
-
-# 22 chars for bcrypt
-syncthing_gui_salt: "{{ lookup('password', '/dev/null chars=ascii_letters,digit length=22', seed=inventory_hostname) }}"
-
-# Put this in host-vars or group-vars
-# Follows conventions of Syncthing's REST API: see https://docs.syncthing.net/dev/rest.html
-# But write in YAML.
-syncthing_devices: []
-#  - name: "Example Device"
-#    deviceID: "AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA-AAAAAAA"
-#  - name: "Main Device"
-#    deviceID: "BBBBBBB-BBBBBBB-BBBBBBB-BBBBBBB-BBBBBBB-BBBBBBB-BBBBBBB-BBBBBBB"
-#    introducer: true
-
-# Also follows REST API convention
-syncthing_folders: []
-#  - label: "Example Folder"
-#    id: "example"
-#    path: "{{ syncthing_home }}/example/"
-
-# Settings to add to all folders if not specified otherwise
-# Separated into default folder settings, and default device settings
-# Follows REST API convention
-syncthing_defaults: {}
-#  folder:
-#    devices: "{{ syncthing_devices }}"
-#    versioning:
-#      type: "staggered"
-#      params:
-#        cleanoutDays: "60"
-#        maxAge: "31536000"
-#  device: {}

roles/services/syncthing/handlers/main.yaml

@@ -1,4 +0,0 @@
-- name: Restart syncthing
-  systemd:
-    name: syncthing@syncthing
-    state: restarted

roles/services/syncthing/tasks/main.yml

@@ -1,132 +0,0 @@
-- name: Install packages for syncthing
-  community.general.pacman:
-    name:
-      - syncthing
-      - python-lxml
-    state: present
-
-- name: Create file management group
-  group:
-    name: "{{ syncthing_group }}"
-
-- name: Add unpriviledged user to file management group
-  user:
-    name: "{{ username }}"
-    append: yes
-    groups: "{{ syncthing_group }}"
-
-- name: Create syncthing user
-  user:
-    name: "{{ syncthing_user }}"
-    home: "{{ syncthing_home }}"
-    group: "{{ syncthing_group }}"
-
-- name: Enable syncthing service
-  systemd:
-    name: syncthing@syncthing
-    enabled: yes
-    state: started
-
-- name: Wait for configuration file to be created
-  wait_for:
-    path: "{{ syncthing_home }}/.config/syncthing/config.xml"
-
-- name: Configure globalannounce
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/options/globalAnnounceEnabled"
-    value: "{{ syncthing_globalannounce | lower}}"
-  notify:
-    - Restart syncthing
-
-- name: Configure localannounce
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/options/localAnnounceEnabled"
-    value: "{{ syncthing_localannounce | lower}}"
-  notify:
-    - Restart syncthing
-
-- name: Configure listen address
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/options/listenAddress"
-    value: "{{ syncthing_listen }}"
-  notify:
-    - Restart syncthing
-
-- name: Configure gui address
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/gui/address"
-    value: "{{ syncthing_guiaddress }}"
-  notify:
-    - Restart syncthing
-
-- name: Configure gui user
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/gui/user"
-    value: "{{ syncthing_gui_user }}"
-  notify:
-    - Restart syncthing
-
-- name: Configure gui password
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/gui/password"
-    value: "{{ syncthing_gui_pass | password_hash('bcrypt', syncthing_gui_salt) }}"
-  notify:
-    - Restart syncthing
-
-- name: Warn if gui password is empty
-  fail:
-    msg: "Syncthing has no configured password!"
-  when: syncthing_gui_pass is not defined or syncthing_gui_pass == ''
-
-- name: Get API key
-  xml:
-    file: "{{ syncthing_home }}/.config/syncthing/config.xml"
-    xpath: "/configuration/gui/apikey"
-    content: text
-  register: api_key
-
-- meta: flush_handlers
-
-- name: Delete default Syncthing folder
-  uri:
-    url: "http://{{ syncthing_guiaddress }}/rest/config/folders/default"
-    method: DELETE
-    return_content: yes
-    headers:
-      X-API-Key: "{{ api_key.matches[0].apikey }}"
-
-- name: Add known syncthing devices
-  uri:
-    url: "http://{{ syncthing_guiaddress }}/rest/config/devices"
-    method: PUT
-    return_content: yes
-    body_format: json
-    headers:
-      X-API-Key: "{{ api_key.matches[0].apikey }}"
-    body: "{{ syncthing_devices }}"
-
-- name: Set default folder settings
-  uri:
-    url: "http://{{ syncthing_guiaddress }}/rest/config/defaults/folder"
-    method: PATCH
-    return_content: yes
-    body_format: json
-    body: "{{ syncthing_defaults.folder }}"
-    headers:
-      X-API-Key: "{{ api_key.matches[0].apikey }}"
-
-- name: Add syncthing folders
-  uri:
-    url: "http://{{ syncthing_guiaddress }}/rest/config/folders"
-    method: PUT
-    return_content: yes
-    body_format: json
-    headers:
-      X-API-Key: "{{ api_key.matches[0].apikey }}"
-    body: "{{ syncthing_folders }}"

run.yml

@@ -65,11 +65,6 @@
         - mail
       when: enable_mail
 
-    - role: services/syncthing
-      tags:
-        - syncthing
-      when: enable_syncthing
-
     # Main SSL certificate (with Let's Encrypt)
     - role: networking/ssl
       tags: